Re^4: Use CGI to run a Perl script via web server (updated)

Surely I will look into the security aspect, but at this moment the code fails because 'use CGI' cannot be clubbed with other things like 'use Net::LDAP' or 'IPC:System::Simple'. If I disable them I could execute it.

But disabling them will take away the entire purpose of the script i.e. automated user management.

 
#!/usr/bin/perl
use strict;
use CGI;
use CGI::Carp;
#create CGI query object to get the SSO from URL
my $query = CGI->new;
my $sso = $query->param("sso");
$sso = shift;

print "Content-type:text/html\r\n\r\n";
print "<html>";
print "<head>";
print "<title>Application Management Sysyem</title>";
print "</head>";

if($sso eq "") 
{
   print "<h1>\n\nERROR: SSO is EMPTY!</h1>\n\n";
 }

else
{
use Proc::Background;
print "<body>";
print "<h2>You have entered $sso</h2>";
print "</body>";
print "</html>";
}
[download]

I really appreciate help.

Comment on Re^4: Use CGI to run a Perl script via web server (updated) Download Code

Replies are listed 'Best First'.
Re^5: Use CGI to run a Perl script via web server (updated) by Corion (Patriarch) on May 25, 2017 at 20:10 UTC
`my $sso = $query->param("sso"); $sso = shift;` [download] These two lines in sequence don't make sense. Either you read `$sso` from a CGI parameter, or you read it from the command line. If you read it from a CGI parameter, you will be setting it to `undef` right afterwards with the above code. That doesn't make sense.	[reply] [d/l] [select]
Re^5: Use CGI to run a Perl script via web server (updated) by Anonymous Monk on May 25, 2017 at 20:27 UTC
the code fails What does that mean?	[reply]
Re^6: Use CGI to run a Perl script via web server (updated) by suvajit123 (Initiate) on May 26, 2017 at 06:28 UTC
The code fails with 500: Internal Server Error. But if I don't use IPC::System::Simple and Net::LDAP, then it works fine. About reading the variable $sso, it is reading from CGI but unless used a shift flag it cannot be parsed into the Perl api further. I hope this could have been done by METHODS "GET" or "POST" as well, but unfortunately I am not sure how to use those in this scenario. As always, thanks for the insights.	[reply]
Re^7: Use CGI to run a Perl script via web server (updated) by poj (Abbot) on May 26, 2017 at 06:37 UTC
Try this simple form entry CGI. If this works add your real code into the subroutines #!/usr/bin/perl use strict; use CGI; use CGI::Carp 'fatalsToBrowser'; # remove when finished testing use Net::LDAP; use IPC::System::Simple qw(system capture); # input # create CGI query object to get the SSO from URL my $q = new CGI; my $sso = $q->param( "sso" ); $sso =~ s/[^0-9]//g; # remove non digit # process my $msg; if ($sso){ # check LDPA my @entries = search_LDAP($sso); if (@entries == 1){ $msg = process_sso($sso,$entries[0]); } else { $msg = qq!<h2 style="color:red">ERROR: Wrong SSO [$sso] or User do +es not exist in OneAD LDAP </h2>!; } } else { $msg = q!<h2 style="color:red">ERROR : parameter sso is empty</h2>!; } # html page print $q->header(),$q->start_html('Application Management System'); print $msg; print qq!<hr/><form action="" method="post"> SSO : <input type="text" name="sso" value="$sso"/> <input type="submit"/> </form>!; print $q->end_html; sub search_LDAP { my $sso = shift; return ('test') } sub process_sso { my ($sso,$usr) = @_; my $msg = "<h2>Processing SSO $sso</h2>"; return $msg; } [download] poj	[reply] [d/l]


Perl-Sensitive Sunglasses
	PerlMonks