[Tutor] Error in cgi script having health effects on blood presure readings

Kirk Bailey idiot1@netzero.net
Sat, 17 Aug 2002 00:35:40 -0400


MY blood pressure, as I get frustrated.

Folks, I am getting an error which is driving me a little nutz-er.
I was asked to build a method whereby a user can inspect the membership
roster of a list he is the owner of. OK, but it has to be secure, so a
simple ssi include is out. I wrote a form script to build a web page
with form and the domain name read in from the cf file- it works fine,
the URL is it's output.

The SECOND script checks for identity and password, and displays results
IF everything checks out. Alas, it bombs.

Here is the url for the form page:
http://www.tinylist.org/cgi-bin/TLmembershipform.py

BEWARE WORD WRAP!

THE URL:
http://www.tinylist.org/cgi-bin/TLmemberlister.py?Owner=highprimate%40howlermonkey.net&password=fubar&listname=testlist3&Submit=SUBMIT

RESULTS

THE CURENT ERROR
Traceback (innermost last):
  File "/www/www.tinylist.org/cgi-bin/TLmemberlister.py", line 125, in ?
    mylist = form.getvalue("listname","")               # listname,
  File "/usr/local/lib/python1.5/cgi.py", line 888, in __getattr__
    raise AttributeError, name
AttributeError: getvalue


THE SCRIPT
Listing of file TLmemberlister.py in
directory:/www/www.tinylist.org/cgi-bin

#!/usr/local/bin/python
#
# This is TLmemberviewer V:1.3.0 COPYRIGHT 2002 by Kirk D Bailey
#
# It is part of the TinyList MLM suite, released under the GNU GPL.
# which suite is also COPYRIGHT 2002 by Kirk D Bailey.
# Please referr to enclosed GNU license in a seperate file.
#
# Being modular makes for MORE CHOICES AVAILABLE TO YOU!
#10#############################################################################
###
#           Python can be studied and aquired at http://www.python.org/
!!!
#########1#########2#########3#########4#########5#########6#########7#########8
# that line is 80 char across, try to stay within it if you can.
#
# ADMIN AND LEGAL STUFF:
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#20
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
USA.
# You should have received a copy of the GNU General Public License
#30 along with this program; if not, write to:
#
#    Free Software Foundation, Inc.
#    59 Temple Place - Suite 330
#    Boston, MA  02111-1307 USA.
#
# and request one; be cool and include a business sized SASE.
#
# Also, the GNU GPL may be viewed online at
# http://www.gnu.org/licenses/gpl.html
#40############################################################################
#
# "The tyrant's foe, the people's friend, a free press." -Dr Benjamin
Franklin.
#
# Think about that last line- this software is your Ezine engine.
###############################################################################
#
#  OWNERSHIP AND PERMISSION ISSUES
#  make sure this script runs as a TRUSTED USER-
#  and NOT as root!!! You set that up in the Sendmail Config file
(sendmail.cf).
#50  Make sure that a NON-priviliged user OWNS
#  this script, and that it runs as that identity!
#  Generally, this is accomplished by making sure it is owned by that
user.
#  Permission on all scripts must be 755, files as 666, and listdir as
744.
#  The image files must NOT be placed in the cgi-bin, but in the web
directory!
###############################################################################
#
#  SPAM
#  Spam SUCKS. It also ROBS everyone it touches, each system it passes
through.
#  Fight spam. DO NOT host open lists all the world may post to.
#60  TinyList CANNOT do so as written, PLEASE do not defeat this.
#
###############################################################################
#
#
import os, sys, string, cgi     # MUST be invoked!
#
#           CONFIGURATION SECTION
#           =====================
#
#70
# NOTE that this script is SUPPOSED to be installed in the web cgi-bin!
# and the lists dir is immediately under this dir!
#
# ok, where am I? I just woke up!
fullpathtoscript = os.path.split(os.path.abspath(sys.argv[0]))
#
# ok, now my config file is supposed to be RIGHT HERE with me!
# So let's read the thing!
f1=open("tinylist.cf",'r')
#80
# Tell me little file, who am I?
webdomain=string.strip(f1.readline())
f1.close()
#
# knowing where I am, I know that my lists are ONE FLOOR DOWN!
path=fullpathtoscript[0]
# ALL TinyList scripts MUST live in the web cgi-bin, and
# ALL global and list files are directly off the web cgi-bin dir in
'/lists'.
# that dir should be owned by the same owner and group as this script,
and
#90 should be chmod 766. DIR 'list' must be 766, with all Scripts 755.
#
#
#
#
#
#
#
#
# data arrives as 'QUERY_STRING'=(listname value) using
#100 the GET method, but cgi module handles this nicely,
# parsing it out into keywords and vlaues in a dictionary!
#
#
#
print "Content-type: text/html\n\n"             # HTML is following
print '<html><head>'
print '<META HTTP-EQUIV="Pragma" CONTENT="no-cache">'
print '<TITLE>TinyList membership listing Utility.</TITLE>'
print '<STYLE TYPE="text/css">'
#110
print '<!--  A { text-decoration: none; }  A:visited, A:hover, A:active 
text-de
coration:none; } // -->'
print '</STYLE>'
print "</head>"
print '<body bgcolor="FFFFFF" text="000000" ><blockquote>'
print '<P><br><font color="FF0000"><font  size="5"><font face="Century
Gothic Li
ght">&nbsp;&nbsp;TinyList</font></font></font><p>'
print '<hr width=50%><P>'
#
form=cgi.FieldStorage()                         # recover the form's
data,
if not (form.has_key("Owner")):			# debug code insues
        print "Key 'owner' not found!"          #120
if not (form.has_key("password")):
        print "key 'password' not found!"
if not (form.has_key("listname")):
        print "key 'listname' not found!"
mylist = form.getvalue("listname","")           # listname,
print 'listname='+mylist+'<P>'
myowner = form.getvalue("Owner","")             # owner,
print 'owner='+myowner+'<P>'
mypassword = form.getvalue("password","")       # and password.
print 'password='+mypassword+'<P>'              #130 end debug code
f1=open('/lists/' + listname + '.owner','r')    # read the
(listname).owner file
,
trueowner=string.srip(f1.readline())            # read the owner id
trueword=string.strip(f1.readline())            # read THE PASSWORD
f1.close()                                      # Close the file.
if myowner == trueowner :                       # if the owner matches
up, test the password;
        if mypassword==trueword:                        # if the
password also matches,
                f1=open('/lists/'+ mylist,'r') #proceed to access the
member roster.
                members=f1.readlines()            # read them in,
                f1.close                          # and close the file.
                for i in members:               #130
                        print i + '<br>'
        else:
                print 'Sorry, wrong password.'
else:
        print 'Sorry, wrong owner id.'
#
print '<P><hr width=50%></body></html>'                 # close the
page, and en
d.
#
#
#140
#

ns#
ns#

-- 

end

Respectfully,
             Kirk D Bailey


+---------------------"Thou Art Free." -Eris-----------------------+
| http://www.howlermonkey.net  mailto:highprimate@howlermonkey.net |
| KILL spam dead!      http://www.scambusters.org/stopspam/#Pledge |
| http://www.tinylist.org  +--------+   mailto:grumpy@tinylist.org |
+------------------Thinking| NORMAL |Thinking----------------------+
                           +--------+
-------------------------------------------
Introducing NetZero Long Distance
Unlimited Long Distance only $29.95/ month!
Sign Up Today! www.netzerolongdistance.com