WillMaster Possibillites Logo EzineSeek Award
Viewing Files in Your CGI Directory
by
William "Will" Bontrager

Permission is granted to reprint this article in its entirety, provided no reprints are sent in conjunction with unsolicited bulk email, provided no fee or other value is exchanged, provided no changes are made to the article, and provided the author's name, signature lines, and copyright line are printed with the article; except you may change the article's title.

If you should find yourself wanting to monitor a log file or database in your CGI directory, yet don't want to download the file every time just to view it, this article contains an answer.

This can also be a solution in situations where you have a client who can't use FTP yet wants to view data files in the CGI directory.

On most servers, only CGI scripts may be accessed in the CGI directory. Other files are forbidden to browsers. This ten-line Perl program, however, will display any plain text file in the CGI directory (including Perl CGI programs): 

#!/usr/bin/perl
use strict;
my $File = 'data.txt';
print "Content-Type: text/html\n\n<html><body><pre>";
open R,"<$File";
my $p = join '',<R>;
close R;
$p =~ s/\</\<\;/g;
$p =~ s/\>/\>\;/g;
print "$p</pre></body></html>";

Ensure the first line points to Perl on your server and the third line specifies the file you want to view. If the file is in a directory other than where the program is installed, the directory path must also be specified.

Name the script whatever you want, so long as it has the file extension your server expects for CGI programs. Upload the script, set permissions to 0755, and type the script's URL into your browser. Example: 

http://domain.com/cgi-bin/script.cgi

Bookmark the URL and you can use your browser to view the file whenever you desire.

Admittedly, the above program is limited in that it will display only one specific file. It is, however, secure. If anyone should happen upon your URL, the only file they can view is the one the script will display.

If you have only a few files for display in your browser, you may wish to upload a copy of the above program for each file (just change the third line of the scripts). However, if you have numerous files for display or would rather have a more sophisticated program, you'll find a solution below.

Because the next program will display files that you name in the program's URL, two security issues are addressed:

  1. A password is required to view a file. When a file is requested, the password must be sent with the request. The page is displayed only if the sent password matches the password specified in the script. Without this feature, anyone having the URL to your script could view any file in your CGI directory.
     
  2. Only files in the directory and sub-directories where the program is installed may be viewed. If the URL to your script is obtained and your password found out, this feature prevents viewing files in other locations, some of which might contain sensitive information.

Here is the script: 

#!/usr/bin/perl
use strict;
my $Password = 'myPW';
my($PW,$File) = split /\=/,$ENV{QUERY_STRING},2;
print "Content-Type: text/html\n\n<html><body>\n";
if($File) { &PrintFile; }
else { &PrintInstructions; }
print '</body></html>';

sub PrintFile
{
	unless($PW eq $Password)
	{
		print '<h4>Boo!</h4>';
		&PrintInstructions;
		return;
	}
	my $currentdir = $ENV{SCRIPT_FILENAME};
	$currentdir =~ s!^(.*)/.*?$!$1!;
	if($currentdir =~ /\w/) { $currentdir .= '/'; }
	else { $currentdir = ''; }
	$File =~ s!^[./]+!!;
	$File = "$currentdir$File";
	unless(open R,"<$File")
	{
		print "<h4>Couldn't open file $File</h4>";
		&PrintInstructions;
		return;
	}
	my $p = join '',<R>;
	close R;
	$p =~ s/\</\<\;/g;
	$p =~ s/\>/\>\;/g;
	print "<pre>$p</pre>\n";
} # sub PrintFile

sub PrintInstructions
{
	print <<END_OF_INSTRUCTIONS;
<center><h3>I N S T R U C T I O N S</h3></center>
<p>Type the URL of the script into your browser, 
followed by ?PASSWORD=FILENAME</p>
<p>Replace PASSWORD with the password you specified 
in the script. Replace FILENAME with the file name 
of the file you want to view. If the file is in a 
directory other than where the script resides, the 
file name must include the directory path relative 
to the script.</p>
<p>For example, if your password was "myPW" and 
your file was "data.txt," the URL would be:</p>
<pre>
http://domain.com/cgi-bin/script.cgi?myPW=data.txt
</pre>
END_OF_INSTRUCTIONS
} # sub PrintInstructions

# END OF SCRIPT

Ensure the first line points to Perl on your server and the third line specifies your password.

Give the script any acceptable file name and upload it. Set permissions to 0755. Then type the program's URL into your browser.

The program will present instructions.

There you have it, a nice little utility that can be invaluable in certain situations. You may want to save this article or remember WillMaster.com as the source for this and many other programs.

Copyright 2001 William Bontrager
Programmer/Publisher, "WillMaster Possibilities" ezine
http://willmaster.com/possibilities/
subscribe-possibilities@willmaster.com
Business Home Page: http://willmaster.com/