help with javascript

[netmaestro]

I'm a complete noob when it comes to Javascript. I've never used it before, so please forgive what is sure to be a stupid question:

I have a (tested working) cgi program called cgitest.exe at the same folder level as my htdocs folder on an Apache 5.2 server. The address of the script is "../cgi-bin/cgitest.exe". What I want to do is have my index.html contain no more code than necessary to have the cgitest.exe output a page. Some way to immediately call the cgi program from js without pushing a button or submitting a form. So far I'm failing. Can someone help?

[idle]

I don't know but maybe using XMLHttpRequest()
would do the trick

http://www.w3.org/TR/XMLHttpRequest/

[Blood]

I don't know but maybe using XMLHttpRequest()
would do the trick

http://www.w3.org/TR/XMLHttpRequest/

Yes! It's otherwise known as Ajax. I've found the best easiest way is to use jQuery to perform Ajax requests otherwise you'll be continually reinventing your own Ajax helper object.

http://api.jquery.com/category/ajax/

[Mistrel]

Why torture yourself with JavaScript? Use a server side language like PHP!

[LuCiFeR[SD]]

Code: Select all

<?php echo system('../cgi-bin/cgitest.exe'); ?>

or

Code: Select all

<!--#include virtual="../cgi-bin/cgitest.exe"-->

should do the trick.

[Blood]

Why torture yourself with JavaScript? Use a server side language like PHP!

I think you've got them two around the wrong way!

[LuCiFeR[SD]]

Hehehe They both have their strengths and weaknesses. both compliment each other very well, but both can equally torture the mind LOL

[netmaestro]

@LuCiFeR[SD]: I finally got it to work. I installed PHP5 on my Apache server and tried your code. It failed. But after googling for a while I came up with a thread where someone asked exactly the same question and the answer they got from a php expert was:

Code: Select all

<?php echo @stripslashes( @join( @file( "http://lloydsplace.com/cgi-bin/cgitest.exe" ),"" ) ) ?>

I tried that and it works perfectly. No idea why the shorter version didn't work. So now if someone calls up lloydsplace.com they should get told what their IP address is, which is what the Purebasic-coded CGI program outputs. Of course that will change soon to something else.

Thanks for the help, I'm off and running now!

[idle]

php is much better for that.

[TomS]

System() allows to execute any programm on the server and is therefore deactivated by default.
Good Example:
Someone uses system('ls." ".$_GET[dir]');
So http://website.tld/list.php?dir=pictures would list the content of the pictures-directory.
But you could call http://website.tld/list.php?dir=picture ... 20pictures (<- That won't actually work, because I mixed up unix and windows commands, but you get the idea).
It's a bit like a SQL-Injection. Two commands at once. And your pictures are gone.

[netmaestro]

Holy crap, I'm glad it didn't work then! I know less than nothing about this stuff..

[LuCiFeR[SD]]

System() allows to execute any programm on the server and is therefore deactivated by default.
Good Example:
Someone uses system('ls." ".$_GET[dir]');
So http://website.tld/list.php?dir=pictures would list the content of the pictures-directory.
But you could call http://website.tld/list.php?dir=picture ... 20pictures (<- That won't actually work, because I mixed up unix and windows commands, but you get the idea).
It's a bit like a SQL-Injection. Two commands at once. And your pictures are gone.

Good point! That had actually slipped my mind!!! Just goes to prove my memory is getting bad hehe

@netmaestro, Glad I kind of pointed you in the right direction but the main thing is, you found the correct solution! Funny, I've not coded in PHP for a couple of months and it is AMAZING how quickly I seem to be forgetting the simplest of things these days

[TomS]

Well, normally you wouldn't use the system-command, would you? And calling an cgi-script is also not something every php-programmer does everyday. That's why we use php. To not use perl and other stuff

[Mistrel]

I like to use NetBeans for large PHP projects. It's not perfect but it's a heck of a lot better than working from a text editor.

Considering that you're new to web development, have a look at the MVC design pattern:

http://en.wikipedia.org/wiki/Model%E2%8 ... Controller

Model–View–Controller (MVC) is a software architecture,[1] currently considered an architectural pattern used in software engineering. The pattern isolates "domain logic" (the application logic for the user) from the user interface (input and presentation), permitting independent development, testing and maintenance of each (separation of concerns).

[Nituvious]

You can use ereg_replace to remove any possibility for directory transversal. I wrote this function for my website, maybe it will be useful to you? It uses Include() though, you should beable to just modify it to fit your needs.

Code: Select all

<?PHP 
	// PHP 5
	function displayPage($page) {
		$pageID = $_GET["page"]; // get ?page= content
		// We need to take care of Directory tranversing
		$pageNewIDLower = strtolower($pageID);
		$pageNewID = ereg_replace("[^A-Za-z0-9]","",$pageNewIDLower); // <-- if page contains an illegal 
		// character it will be removed. If the file uses an underscore, then it will be treated as if its 
		// not found. If an underscore is needed just add it into the ereg_replace
		if (strstr($pageNewID,"../") || strstr($pageNewID,"%") != true) { // reduntant, but just to make sure
			// this function looks for .txt extensions inside of a directory called pages.
			// simply change the extension and directory to which ever you need
			if (file_exists("pages/$pageNewID.txt") == true) {
				@include("pages/$pageNewID.txt");
			}
			else {
				//@include("pages/home.txt");
				echo "page not found";
			}
		}
		else {
			@include("pages/home.txt");
		}
	}
?>

I bet some of the php guru's think my code is ugly. But it gets the job done for my small site Feel free to use and modify this if you want.