login problems with DM CGI in Developer Help

ID:269411
 
Jun 21 2005, 8:56 am
I click login on my DM site and I log in, but it won't tell me I am logged in. It works fine on my computer, but it's not doing somehting right on the server.
See for yourself:
http://www.hyperbyond.com/eChat/
#1 Jun 21 2005, 9:01 am
You must be doing something wrong in the code. Show us the code.
#2 Jun 21 2005, 9:55 am
In response to Crashed (#1)
It's Nadrew's, so:

#include <dantom\cgi\CGI.dme>
#include <dantom\htmllib\htmllib.dme>
#define NEWS_FILE "data/news.dat"   //Where news gets stored.
#define PAGE_FILE "data/pages.dat"  //Where your dynamic pages get stored.
#define PAGE_ADMIN "Nadrew"     //Who can edit the system?


//When the page loads:
world/New()
    ..()
    CreateFiles()   //Insure it's gonna work properly.

proc
    CreateFiles()   //Makes sure all of the required files exist and have the proper directories.
        var/savefile/news = new(NEWS_FILE)
        var/savefile/pages = new(PAGE_FILE)
        if(!news.dir.Find("news"))
            news.dir.Add("news")
            news.cd = "news"
            news["content"] << "Default news post."
            var/day = "[text2num(time2text(world.realtime,"DD"))]\th"
            news["date"] << time2text(world.realtime,"Month [day] YYYY at hh:mm")
            news["title"] << "Default news title."
            news["author"] << PAGE_ADMIN
            news.cd = "/"
        if(!pages.dir.Find("home"))
            pages.dir.Add("home")
        pages.cd = "home"
        pages["page_title"] = "Home"
        pages["page_content"] << LoadNews(news)

    LoadPage(page_name)
        var/return_page
        var/savefile/F = new(PAGE_FILE)
        F.cd = "pages"
        for(var/D in F.dir)
        if(!F.dir.Find(page_name))
            return_page = "Page Not Found"  //Oops, page doesn't exist.

        else
            F.cd = page_name    //Navigate to the page's section of the file.
            return_page = \
            {"
            <b>[F["page_title"]]</b><p>
            [F["page_content"]]</b>"}

        F.cd = "/"  //Return to the home directory.

        return return_page


    AddPage(page_name,page_title,page_content)
        var/savefile/F = new(PAGE_FILE)
        var/return_data
    //  F.cd = "pages"
        if(F.dir.Find(page_name))
            return_data = "Page already exists."    //No overridding pages!

        else
            if(!page_title)
                page_title = "Untitled"     //Default page title if nothing is entered.
            if(!page_content)
                page_content = "Nothing here!"
            F.dir.Add(page_name)    //Add the page to the file.
            F.cd = page_name    //And navigate to it.
            F["page_title"] << page_title   //Then, input the data.
            F["page_content"] << page_content
            return_data = "Page added."
        F.cd = "/"
        return return_data
    EditPage(page_name,page_title,page_content)
        var/savefile/F = new(PAGE_FILE)
        var/return_data
        F.cd = "pages"
        if(!F.dir.Find(page_name))
            return_data += "Page not found."
        else
            F.cd = page_name
            F["page_title"] << page_title
            F["page_content"] << page_content
            return_data = "Page edited."
        return return_data
    RemovePage(page_name)
        var/savefile/F = new(PAGE_FILE)
        var/return_data
        F.cd = "pages"
        if(!F.dir.Find(page_name))
            return_data = "Page not found."
        else
            F.dir.Remove(page_name)
            return_data = "Page removed."
        F.cd = "/"
        return return_data

    AddNews(title,content,author,date)
        var/savefile/F = new(NEWS_FILE)
        F.cd = "news"
        F["title"] << title
        F["content"] << content
        F["author"] << author
        F["date"] << date
        F.cd = "/"
        return "News posted."
        //Since the news for the site is only a single-post system, this is basic.

    LoadNews(savefile/news_file)
        if(!news_file)
            news_file = new(NEWS_FILE)
        news_file.cd = "news"
        return \
        {"
        <table border=1 align=center cellspacing=0 width=75%>
            <tr>
                <td align=center valign=top>
                    News by [news_file["author"]] on ([news_file["date"]]) - <b>[news_file["title"]]</b></td></tr>
            <tr>
                <td align=center valign=top>
                    [news_file["content"]]
                </td>
            </tr>
        </table>"}
#define DEBUG

//Now for the place where data comes to be parsed.

CGI
    Topic(href,href_list[])     //We're only gonna use href_list, which is params2list(href).
        var
            content
            list/navigation = list()
            navigation_menu
        //Build the navigation menu
        var/savefile/pages = new(PAGE_FILE)
        for(var/P in pages.dir)
            pages.cd = P
            if(P == "home")
                pages["page_title"] << "Home"
                pages["page_content"] = LoadNews(new(NEWS_FILE))
            navigation.Add(pages["page_title"])
            navigation[pages["page_title"]] = P
            pages.cd = ".."
        var/tmp/cur_nav = 1
        for(var/N in navigation)
            navigation_menu += "<a href=?page=[navigation[N]]>[N]</a>[cur_nav < navigation.len?" - ":""]"
            cur_nav++
        if(usr.ckey == ckey(PAGE_ADMIN))
            navigation_menu += " - <a href=?page=admin_panel>Admin Panel</a>"
        if(!href)   //If there's nothing passed to the URL at all.
            //Load news:
            content += "<b>Home</b><p>[LoadNews()]"

        else
            if(href == "login")
                var/CGI/C = new()
                C.Login("http://www.hyperbyond.com/eChat")
            else if(href == "logout")
                var/CGI/C = new()
                C.Logout("http://www.hyperbyond.com/eChat")

            else if(href_list["page"])
                var/page = href_list["page"]
                //Don't expect comments for the admin area ;)
                if(page == "admin_panel")
                    if(usr.ckey != ckey(PAGE_ADMIN))
                        content += "Unauthorized access for [usr.key]."
                    else
                        content += "<a href=?page=admin_panel&action=post_news>Post News</a> - <a href=?page=admin_panel&action=page_control>Page Control</a><p>"
                        if(href_list["action"])
                            var/action = href_list["action"]
                            switch(action)
                                if("post_news")
                                    var
                                        news_title = href_list["news_title"]
                                        news_content = href_list["news_content"]
                                    if(!news_title || !news_content)
                                        content += \
                                        {"
                                        <form action=?>
                                        <input type=hidden name=page value=admin_panel>
                                        <input type=hidden name=action value=post_news>
                                        News Title: <input type=text name=news_title><br>
                                        Content:<br>
                                        <textarea rows=10 cols=20 name=news_content></textarea><br>
                                        <input type=submit value=Post></form>"}
                                    else
                                        var/day = "[text2num(time2text(world.realtime,"DD"))]\th"
                                        content += AddNews(news_title,news_content,usr.key,time2text(world.realtime,"Month [day] YYYY at hh:mm"))
                                if("page_control")
                                    for(var/P in pages.dir)
                                        if(P == "home" || P == "admin_panel")
                                            continue
                                        pages.cd = P
                                        content += "<a href=?page=[P]>[pages["page_title"]]</a> - <a href=?page=admin_panel&action=page_control&mode=edit&to=[P]>Edit</a> - <a href=?page=admin_panel&action=page_control&mode=remove&to=[P]>Remove</a><br>"
                                        pages.cd = ".."
                                    content += "<br><a href=?page=admin_panel&action=page_control&mode=add>Add Page</a>"
                                    content += "<hr>"
                                    if(href_list["mode"])
                                        var/mode = href_list["mode"]
                                        switch(mode)
                                            if("edit")
                                                if(href_list["to"])
                                                    var
                                                        page_title = href_list["title"]
                                                        page_content = href_list["content"]
                                                    if(!page_title || !page_content)
                                                        pages.cd = href_list["to"]
                                                        content += \
                                                        {"
                                                        <form action=?>
                                                        <input type=hidden name=page value=admin_panel>
                                                        <input type=hidden name=action value=page_control>
                                                        <input type=hidden name=mode value=edit>
                                                        <input type=hidden name=to value=[href_list["to"]]>
                                                        Page Title: <input type=text value=\"[pages["page_title"]]\" name=title><br>
                                                        Page Content:<br>
                                                        <textarea rows=10 cols=80 name=content>[pages["page_content"]]</textarea><br>
                                                        <input type=submit value=Edit></form>"}
                                                    else
                                                        content += EditPage(href_list["to"],page_title,page_content)
                                            if("remove")
                                                if(href_list["to"])
                                                    if(!href_list["confirm"])
                                                        content += "<b>Are you sure about removing [href_list["to"]]? <a href=?page=admin_panel&action=page_control&mode=remove&to=[href_list["to"]]&confirm=1>Yes</a> - <a href=?page=admin_panel>No</a></b>"
                                                    else
                                                        content += RemovePage(href_list["to"])
                                            if("add")
                                                var
                                                    page_name = href_list["page_name"]
                                                    page_title = href_list["page_title"]
                                                    page_content = href_list["page_content"]
                                                if(!page_name || !page_title || !page_content)
                                                    content += \
                                                    {"
                                                    <form action=?>
                                                    <input type=hidden name=page value=admin_panel>
                                                    <input type=hidden name=action value=page_control>
                                                    <input type=hidden name=mode value=add>
                                                    Page Name (Interal Use): <input type=text name=page_name><br>
                                                    Page Title (Shown in Navigation Menu): <input type=text name=page_title><br>
                                                    Page Content:<br>
                                                    <textarea rows=20 cols=80 name=page_content></textarea><br>
                                                    <input type=submit value=Add></form>"}
                                                else
                                                    content += AddPage(page_name,page_title,page_content)

                else
                    content += LoadPage(page)   //Load the page using the proc defined earlier.
        //usr << browse_rsc('logo.png')
//      usr << browse_rsc('background.png')
        usr << browse_rsc('echat.css')
        usr << browse(\
        {"<HTML>
        <head>
        <title>-(eChat)- Version 2.0</title>
        &lt;link href=echat.css rel=stylesheet&gt;
        </head>
        <body background=background.png text=white>
        <table border=1 cellspacing=0 align=center width=100% height=100%>
            <tr>
                <td align=right height=128><img src=http://games.byond.com/banners/3552.gif></td></tr>
            <tr>
                <td align=center valign=top height=10>[navigation_menu]</td>
            </tr>
            <tr><td align=center valign=top height=100%>[content]</td></tr>
            <tr>
                <td align=center valign=top height=8><small>©2005 Hyper BYOND, All Rights Reserved.</small></td></tr>
                <td align=center valign=top height=8><small>Logged in as: [usr.key] - [usr.ckey == "guest"?"<a href=?login>Login</a>":"<a href=?logout>Logout</a>"]
            </table></body></html>"})
#3 Jun 21 2005, 12:19 pm
You may have a permission problem with your installation. Can you try the test program in ID:282125 and see what it says?
#4 Jun 21 2005, 12:36 pm
In response to Mike H (#3)
Hi, guest!
login


I seem to be running as user:
nobody

HOME directory: /nonexistent

.byond:

.byond contents:

.byond/cfg contents:


O_O Looks like I did something wrong... Am I supposed to run it with DreamDaemon or something?
#5 Jun 21 2005, 12:41 pm
In response to King Gunnerblast (#4)
Nope, you just need to 'chown' the .dmb file to a proper user ('nobody' has no permissions!) and make sure it's chmodded to 755. Also might want to change the owner stuff to not be me ;).
#6 Jun 21 2005, 12:44 pm
In response to Nadrew (#5)
yeah I know. I'll try and CHOWN it. It's already 755ed.

EDIT: I tried chown -R root index.dmb, but it didn't seem to work.
#7 Jun 21 2005, 1:06 pm
In response to King Gunnerblast (#6)
I also triend ./index.dmb, and it executed fine. I really don't understand why it will not work outside of the server.
#8 Jun 21 2005, 2:02 pm
In response to Nadrew (#5)
Nadrew wrote:
Nope, you just need to 'chown' the .dmb file to a proper user ('nobody' has no permissions!) and make sure it's chmodded to 755. Also might want to change the owner stuff to not be me ;).

chown won't help anything. In fact, it could make things worse if suEXEC is being used.

The basic problem here is that Apache is configured to run your CGI as the user 'nobody' but 'nobody' has no real home directory. DM CGI needs a writable home directory in order to store login information. Depending on how much control you have over your server environment, there are a few things you can do about it. If you have administrative access to the server, you can change your Apache configuration to run CGI scripts as a more appropriate user - but often this gets a little hair with all the necessary security checks. Or you could give the user 'nobody' a real home directory that it has write access to.

But probably the easiest thing to do would be to create a wrapper script that fakes a different home directory that you have access to. Where this might be is completely dependent on how the server is setup, so I can't even begin to speculate. The one place that you can almost certainly use is /tmp. Only problem is that /tmp is usually readable by anyone else on the system. If you're on shared hosting, that may or may not be desirable.

Anyway, here's a script you could use as a wrapper for the actual dmb:

#!/bin/sh
export HOME=/tmp/dmcgi
mkdir $HOME
exec ./index.dmb


Save that as index.cgi and make sure you chmod 755 index.cgi as well. If you know there's a directory outside of /tmp that you have write access to, I'd urge you to change the HOME setting to avoid having it readable by everyone else on the machine.
#9 Jun 22 2005, 4:39 am
In response to Mike H (#8)
#10 Jun 22 2005, 12:04 pm
In response to Mike H (#8)
Ok here's what I got:



Hi, guest!<p>login
<p>
<pre> I seem to be running as user: nobody HOME directory: /var/www/dmcgi .byond: drwx------ 5 root root 4096 Jun 22 07:35 /var/www/dmcgi/.byond .byond contents: .byond/cfg contents: </pre>



PS- The login still won't work. =(
#11 Jun 22 2005, 12:23 pm
In response to King Gunnerblast (#10)
Here's your problem:

King Gunnerblast wrote:
.byond:
drwx------ 5 root root 4096 Jun 22 07:35 /var/www/dmcgi/.byond

/var/www/dmcgi and everything below it needs to be owned by 'nobody'. That's easy to do:

chown -R nobody /var/www/dmcgi


as root (I assume you must have root access on the machine).
#12 Jun 22 2005, 12:45 pm
In response to Mike H (#11)
#13 Jun 22 2005, 1:19 pm
In response to King Gunnerblast (#12)
King Gunnerblast wrote:
http://hyperbyond.com/dmcgi/index.cgi works when I log in, while http://hyperbyond.com/dmcgi/index.dmb does not.

And that's exactly what we expect. The dmb uses "nobody"'s default home directory, which doesn't exist. It doesn't work when called directly. The cgi resets that to a different location which does exist and only then calls the dmb. That's why it works. The cgi should be the only version accessible from the web.
#14 Jun 22 2005, 1:48 pm
In response to Mike H (#13)
Thank you. It works now. =)
#15 Jun 22 2005, 1:59 pm
In response to King Gunnerblast (#14)
Another thing you might try is giving the 'nobody' user a home directory, that way you won't need to use the wrapper, you can just upload your DMCGI and run it right away.