Sometimes it can be useful with a simple CGI to show the contents of a directory, or run a command with some parameters.
If you are a programmer you probably will think at a elegant and practical solutions in Java, Ruby or PHP, but for a system administrator may be convenient to make a simple bash program, a language he’s using everyday.
Let’s see how to use the bash we use usually on the terminal in a CGI program.
All these examples must be put in a file with execution permission (by the webserver) and put on your CGI directory, in Apache this is the directory indicate with the directive ScriptAlias.
Basic Cgi
One important thing to remember is that we need to identify the MIME type of the page, that is the type of data that we transmit for example it could be text/plain, text/html or application/xml.
Otherwise we will have an error on the webserver with a message such as “Malformed header”.
#!/bin/bash echo "Content-Type: text/plain" echo echo "Today is:" date |
The MIME is identified with the 2 echo the first set the content-type and the second it’s needed to send a blank line, that second line it’s required or you’ll get an error from the webserver.
Same example but in html:
#!/bin/bash
echo "Content-Type: text/html"
echo
echo "<HTML><BODY>"
echo "<CENTER>Today is:</CENTER>"
echo "<CENTER><B>"
date
echo "</B></CENTER>"
echo "</BODY></HTML>"
Getting parameters from GET and POST methods
The easiest way to get parameters for your simple CGI is to use GET or POST method, and parse them with bashlib
bashlib is a shell script that makes CGI programming in the bash shell easier, or at least more tolerable. It contains a few functions that get called automatically and place form elements (from POSTs and GETs) and cookies in your environment. It also contains complete documentation on how to use these variables and how to set cookies manually.
With bashlib to get a specific parameter just write
... YourVariable=`param username` ... |
So if your CGI is called like: http://yourserver.com/bash.cgi?name=joe&surname=smith you can use the following code to get the 2 parameters.
#!/bin/bash # this sources bashlib into your current environment . /usr/local/lib/bashlib echo "Content-type: text/plain" echo "" name=`param name` # name = joe surname=`param surname` # surname = smith echo "Hello $name $surname"
Example with bashlib
#!/bin/bash # this sources bashlib into your current environment . /usr/local/lib/bashlib echo "Content-type: text/html" echo "" # OK, so we've sent the header... now send some content echo "<html><title>Crack This Server</title><body>" # print a "hello" if the username is filled out username=`param username` if [ -n "x$username" != "x" ] ; then echo "<h1>Hello, $username</h1> fi echo "<h2>Users on `/bin/hostname`</h2>" echo "<ul>" # for each user in the passwd file, print their login and full name # bold them if they are the current user for user in $(cat /etc/passwd | awk -F: '{print $1 "\t" $5}') ; do echo "<li>" if [ "$username" = "$user" ] ; then echo "<strong>$user</strong>" else echo "$user" fi echo "</li>" done echo "</ul>" echo "</body></html>" |
This is a small introduction to make you start writing some simple CGI.
And if you think that you can do with bash just little things, look at this project: http://nanoblogger.sourceforge.net/
References:
Apache: CGI scritti in Bash (italian)
Bash Libraries
http://bashlib.sourceforge.net/
Bash CGI Reference Material
http://www.yolinux.com/TUTORIALS/LinuxTutorialCgiShellScript.html
http://www.ffnn.nl/pages/articles/linux/cgi-scripting-tips-for-bash-or-sh.php
http://www.acmesystems.it/?id=165
http://wiki.flexion.org/BashCGI.html
Popular Posts:
- None Found
Very cool, though I’ll need to do some more test for security sake (doesn’t seem to allow pipes, semicolons or characters to be executed even when used in grep and cat, so it look *pretty* secure.
I did notice 2 errors though
1) The semicolon on line 15 (echo Hello user) should be a quotation mark
2) If you want the browser to INTERPRET the html (instead of just displaying it), replace < with .
gah, comment thing ate my characters:
Very cool, though I’ll need to do some more test for security sake (doesn’t seem to allow pipes, semicolons or <, > characters to be executed even when used in grep and cat, so it look *pretty* secure.
I did notice 2 errors though
1) The semicolon on line 15 (echo Hello user) should be a quotation mark
2) If you want the browser to INTERPRET the html (instead of just displaying it), replace < with < and > with >
Excellent intro!
Thank you,
Ricky
The article might have been comprehensible to me if, someplace (near the beginning??), the author had spelled out or explained what CGI means.
Funny! This churns up many memories.
More than 15 years ago I was writing bash CGI scripts, storing data in little chunks in the filesystem. Didn’t have PHP and MySQL back then.
Long before bashlib, there was uncgi, a C program that turned GET/POST into environment variables that were handed to bash:
http://www.midwinter.com/~koreth/uncgi.html
Actually, since I was doing this on a Sun SPARC-20, I suspect it was ancient /bin/sh Bourne Shell, not bash. Or ksh or csh. Whatever was on the machine. It didn’t even have Perl.
I wrote a “caption contest” and, long before anybody used the word “blog,” a web log tool for Minneapolis weatherman Paul Douglas to update his online weather column for startribune.com.
For a contest, Garrison Keillor wrote a short story with gaping holes that I turned into a madlibs-like Web form.
Keillor faxed in his story about three hours before the deadline, but I was able get it online in time. If I ever meet Steven Grimm (author of uncgi) I owe him a beer.
Linux Scanner Server is based on a shell script and CGI:
http://scannerserver.online02.com
When I discovered that it used shell scripting I fixed several bugs and released a patch for it:
http://jhansonxi.blogspot.com/2010/10/patch-for-li nux-scanner-server-v12.html
Shell scripting has its uses but using it for text handling is annoying.
LSS is using sh (Dash on Ubuntu).