cgi用户登录验证源码和例子

/* cgicTempDir is the only setting you are likely to need to change in this file. */ /* Used only in Unix environments, in conjunction with mkstemp(). Elsewhere (Windows), temporary files go where the tmpnam() function suggests. If this behavior does not work for you, modify the getTempFileName() function to suit your needs. */ #ifdef WIN32 #define cgicTempDir "c:\tmp" #else #define cgicTempDir "/tmp" #endif // WIN32 #if CGICDEBUG #define CGICDEBUGSTART \ { \ FILE *dout; \ dout = fopen("/home/boutell/public_html/debug", "a"); \ #define CGICDEBUGEND \ fclose(dout); \ } #else /* CGICDEBUG */ #define CGICDEBUGSTART #define CGICDEBUGEND #endif /* CGICDEBUG */ #include <stdio.h> #include <string.h> #include <ctype.h> #include <stdlib.h> #include <time.h> #include <sys/types.h> #include <sys/stat.h> #ifdef WIN32 #include <io.h> /* cgic 2.01 */ #include <fcntl.h> #else #include <unistd.h> #endif /* WIN32 */ #include "cgic.h" #define cgiStrEq(a, b) (!strcmp((a), (b))) char *cgiServerSoftware; char *cgiServerName; char *cgiGatewayInterface; char *cgiServerProtocol; char *cgiServerPort; char *cgiRequestMethod; char *cgiPathInfo; char *cgiPathTranslated; char *cgiScriptName; char *cgiQueryString; char *cgiRemoteHost; char *cgiRemoteAddr; char *cgiAuthType; char *cgiRemoteUser; char *cgiRemoteIdent; char cgiContentTypeData[1024]; char *cgiContentType = cgiContentTypeData; char *cgiMultipartBoundary; char *cgiCookie; int cgiContentLength; char *cgiAccept; char *cgiUserAgent; char *cgiReferrer; FILE *cgiIn; FILE *cgiOut; /* True if CGI environment was restored from a file. */ static int cgiRestored = 0; static void cgiGetenv(char **s, char *var); typedef enum { cgiParseSuccess, cgiParseMemory, cgiParseIO } cgiParseResultType; /* One form entry, consisting of an attribute-value pair, and an optional filename and content type. All of these are guaranteed to be valid null-terminated strings, which will be of length zero in the event that the field is not present, with the exception of tfileName which will be null when 'in' is null. DO NOT MODIFY THESE VALUES. Make local copies if modifications are desired. */ typedef struct cgiFormEntryStruct { char *attr; /* value is populated for regular form fields only. For file uploads, it points to an empty string, and file upload data should be read from the file tfileName. */ char *value; /* When fileName is not an empty string, tfileName is not null, and 'value' points to an empty string. */ /* Valid for both files and regular fields; does not include terminating null of regular fields. */ int valueLength; char *fileName; char *contentType; /* Temporary file name for working storage of file uploads. */ char *tfileName; struct cgiFormEntryStruct *next; } cgiFormEntry; /* The first form entry. */ static cgiFormEntry *cgiFormEntryFirst; static cgiParseResultType cgiParseGetFormInput(); static cgiParseResultType cgiParsePostFormInput(); static cgiParseResultType cgiParsePostMultipartInput(); static cgiParseResultType cgiParseFormInput(char *data, int length); static void cgiSetupConstants(); static void cgiFreeResources(); static int cgiStrEqNc(char *s1, char *s2); static int cgiStrBeginsNc(char *s1, char *s2); #ifdef UNIT_TEST static int unitTest(); #endif int main(int argc, char *argv[]) { int result; char *cgiContentLengthString; char *e; cgiSetupConstants(); cgiGetenv(&cgiServerSoftware, "SERVER_SOFTWARE"); cgiGetenv(&cgiServerName, "SERVER_NAME"); cgiGetenv(&cgiGatewayInterface, "GATEWAY_INTERFACE"); cgiGetenv(&cgiServerProtocol, "SERVER_PROTOCOL"); cgiGetenv(&cgiServerPort, "SERVER_PORT"); cgiGetenv(&cgiRequestMethod, "REQUEST_METHOD"); cgiGetenv(&cgiPathInfo, "PATH_INFO"); cgiGetenv(&cgiPathTranslated, "PATH_TRANSLATED"); cgiGetenv(&cgiScriptName, "SCRIPT_NAME"); cgiGetenv(&cgiQueryString, "QUERY_STRING"); cgiGetenv(&cgiRemoteHost, "REMOTE_HOST"); cgiGetenv(&cgiRemoteAddr, "REMOTE_ADDR"); cgiGetenv(&cgiAuthType, "AUTH_TYPE"); cgiGetenv(&cgiRemoteUser, "REMOTE_USER"); cgiGetenv(&cgiRemoteIdent, "REMOTE_IDENT"); /* 2.0: the content type string needs to be parsed and modified, so copy it to a buffer. */ e = getenv("CONTENT_TYPE"); if (e) { if (strlen(e) < sizeof(cgiContentTypeData)) { strcpy(cgiContentType, e); } else { /* Truncate safely in the event of what is almost certainly a hack attempt */ strncpy(cgiContentType, e, sizeof(cgiContentTypeData)); cgiContentType[sizeof(cgiContentTypeData) - 1] = '\0'; } } else { cgiContentType[0] = '\0'; } /* Never null */ cgiMultipartBoundary = ""; /* 2.0: parse semicolon-separated additional parameters of the content type. The one we're interested in is 'boundary'. We discard the rest to make cgiContentType more useful to the typical programmer. */ if (strchr(cgiContentType, ';')) { char *sat = strchr(cgiContentType, ';'); while (sat) { *sat = '\0'; sat++; while (isspace(*sat)) { sat++; } if (cgiStrBeginsNc(sat, "boundary=")) { char *s; cgiMultipartBoundary = sat + strlen("boundary="); s = cgiMultipartBoundary; while ((*s) && (!isspace(*s))) { s++; } *s = '\0'; break; } else { sat = strchr(sat, ';'); } } } cgiGetenv(&cgiContentLengthString, "CONTENT_LENGTH"); cgiContentLength = atoi(cgiContentLengthString); cgiGetenv(&cgiAccept, "HTTP_ACCEPT"); cgiGetenv(&cgiUserAgent, "HTTP_USER_AGENT"); cgiGetenv(&cgiReferrer, "HTTP_REFERER"); cgiGetenv(&cgiCookie, "HTTP_COOKIE"); #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "%d\n", cgiContentLength); fprintf(dout, "%s\n", cgiRequestMethod); fprintf(dout, "%s\n", cgiContentType); CGICDEBUGEND #endif /* CGICDEBUG */ #ifdef WIN32 /* 1.07: Must set stdin and stdout to binary mode */ /* 2.0: this is particularly crucial now and must not be removed */ _setmode( _fileno( stdin ), _O_BINARY ); _setmode( _fileno( stdout ), _O_BINARY ); #endif /* WIN32 */ cgiFormEntryFirst = 0; cgiIn = stdin; cgiOut = stdout; cgiRestored = 0; /* These five lines keep compilers from producing warnings that argc and argv are unused. They have no actual function. */ if (argc) { if (argv[0]) { cgiRestored = 0; } } if (cgiStrEqNc(cgiRequestMethod, "post")) { #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "POST recognized\n"); CGICDEBUGEND #endif /* CGICDEBUG */ if (cgiStrEqNc(cgiContentType, "application/x-www-form-urlencoded")) { #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "Calling PostFormInput\n"); CGICDEBUGEND #endif /* CGICDEBUG */ if (cgiParsePostFormInput() != cgiParseSuccess) { #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "PostFormInput failed\n"); CGICDEBUGEND #endif /* CGICDEBUG */ cgiHeaderStatus(500, "Error reading form data"); cgiFreeResources(); return -1; } #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "PostFormInput succeeded\n"); CGICDEBUGEND #endif /* CGICDEBUG */ } else if (cgiStrEqNc(cgiContentType, "multipart/form-data")) { #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "Calling PostMultipartInput\n"); CGICDEBUGEND #endif /* CGICDEBUG */ if (cgiParsePostMultipartInput() != cgiParseSuccess) { #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "PostMultipartInput failed\n"); CGICDEBUGEND #endif /* CGICDEBUG */ cgiHeaderStatus(500, "Error reading form data"); cgiFreeResources(); return -1; } #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "PostMultipartInput succeeded\n"); CGICDEBUGEND #endif /* CGICDEBUG */ } } else if (cgiStrEqNc(cgiRequestMethod, "get")) { /* The spec says this should be taken care of by the server, but... it isn't */ cgiContentLength = strlen(cgiQueryString); if (cgiParseGetFormInput() != cgiParseSuccess) { #ifdef CGICDEBUG CGICDEBUGSTART fprintf(dout, "GetFormInput failed\n"); CGICDEBUGEND #endif /* CGICDEBUG */ cgiHeaderStatus(500, "Error reading form data"); cgiFreeResources(); retur