Slash

At 02:34 PM 8/27/2001 -0400, you wrote:
>Hi,
>
>Am writing a plugin and making good progress.
>
>I just need to allow an administrator to select a user on the system.  Any
>good way to do that, reinventing little if any code and templates?


  If I were you, I'd use a user param.

  (I just figured this out last week for my bookiejoint site):

  # name of param that we'll use for the example - usredtallow

  # check whether they have the param set, if not, redirect them
redirect('/users.pl') if !defined $user->{'usredtallow'}


  # code to *set* the param, we'll set it with the current time.

   my $slashdb = getCurrentDB();
   my $user = getCurrentUser();
   my $time= $slashdb->getTime();
   my $users_table = {
             usredtallow => $time,
   };
   $slashdb->setUser($user->{uid},$users_table);


so either set it by hand for the user in the table users_param
or create some code that will let you dynamically set it for a
given user.
then add some similar code that checks whether the user
has that param defined. if not, don't let them do whatever it is
you want to protect.

I don't know if this is the "proper" way to be using user params.
This is only what I just figured out. Slashguys - please comment on this
to let me know if it's right or wrong or how it could be improved.

  Shane

Has anyone tried to come up with a system and/or code to let people download
files from a slash-site, but render the source of the file unreadable?

ie so if you had a bunch of files available for download, someone couldn't 
wget -R
the whole thing and leech it, but instead would have to click on each file, 
which
would run a perl script, determine current download load, and either deny the
request or let it go through - something like a file-push?

I'm in need of such a beast. Any suggestions appreciated.

  Shane

shane@... wrote:
> Has anyone tried to come up with a system and/or code to let people download
> files from a slash-site, but render the source of the file unreadable?
> 
> ie so if you had a bunch of files available for download, someone couldn't
> wget -R
> the whole thing and leech it, but instead would have to click on each file,
> which
> would run a perl script, determine current download load, and either deny the
> request or let it go through - something like a file-push?
> 
> I'm in need of such a beast. Any suggestions appreciated.

Have the files somewhere not in Apache's DocumentRoot and let your
download.pl just read in the file and print it out again. This sure
works for plaintext files but should work for binaries (mp3?) too.

If you don't mind users getting the same files again and again (i.e.
bookmarking them) just return a link to the file and put the files in a
dir together with a index.html showing <title>feeling
clever?</title><h2>not clever enough</h2>. This prevents Apache from
showing a dir listing.

Markus.

At 11:30 -0400 2001.08.28, shane wrote:
>Has anyone tried to come up with a system and/or code to let people download
>files from a slash-site, but render the source of the file unreadable?

I am planning this for an image gallery plugin (is that what you want it
for?).  That is, if I do my own instead of using yours.

Basically, have perl code can read in the file, and then send it to the
browser directly (setting the proper HTTP header, esp. MIME type).  The URL
to this could be, for example:

	http://site/plugin.pl?op=download&file=foo.jpg

However, you might want to mix it up a lot more.  For example:

	http://site/plugin.pl?op=download&file=foo.jpg&key=876FA3BD12

Key could be a few things.  It could be a random string inserted into the
DB for that file's record (see the routine used to create new passwords;
you could just use that).  Or for more protection, it could be that random
string crypt'ed with the user's password as salt:

	my $key = crypt($record->{key}, $user->{passwd});

Then $key is unique for each user and each file, so users cannot give the
URL to each other (well, they could, but chances are it won't work).
Actually, now that I think of it, if you just get two random characters as
the key, you can use that as the salt, and then crypt the user's password
with that salt:

	my $key = crypt($user->{passwd}, $record->{key});

Then it should be even more unique per user.

-- 
Chris Nandor                      pudge@...    http://pudge.net/
Open Source Development Network    pudge@...     http://osdn.com/

At 11:50 AM 8/28/2001 -0400, you wrote:
>At 11:30 -0400 2001.08.28, shane wrote:
> >Has anyone tried to come up with a system and/or code to let people download
> >files from a slash-site, but render the source of the file unreadable?
>
>I am planning this for an image gallery plugin (is that what you want it
>for?).

Yes, and no :)

I need to come up with something over the next week because
I offered to mirrors someone's files for them. But I need to keep
a cautious eye on how much/what's downloaded so that it doesn't
eat up my own bandwidth.

The yes part was that I definitely wanted to put this sort of
functionality into the galleria plugin eventually, as an option.

>   That is, if I do my own instead of using yours.

If you want to combo the effort, email me.


>Basically, have perl code can read in the file, and then send it to the
>browser directly (setting the proper HTTP header, esp. MIME type).  The URL
>to this could be, for example:
>
>         http://site/plugin.pl?op=download&file=foo.jpg
>
>However, you might want to mix it up a lot more.  For example:
>
>         http://site/plugin.pl?op=download&file=foo.jpg&key=876FA3BD12
>
>Key could be a few things.  It could be a random string inserted into the
>DB for that file's record (see the routine used to create new passwords;
>you could just use that).  Or for more protection, it could be that random
>string crypt'ed with the user's password as salt:
>
>         my $key = crypt($record->{key}, $user->{passwd});
>
>Then $key is unique for each user and each file, so users cannot give the
>URL to each other (well, they could, but chances are it won't work).
>Actually, now that I think of it, if you just get two random characters as
>the key, you can use that as the salt, and then crypt the user's password
>with that salt:
>
>         my $key = crypt($user->{passwd}, $record->{key});
>
>Then it should be even more unique per user.

that'll work. thanks for the advice guys. I've got my work cut out for me
now :)

  Shane

>   If I were you, I'd use a user param.

Well that may be a good idea for some things, but is not really what I was 
asking. :-)

I was using seclevs to allow users to do this.  Their seclev must be higher 
than the 'adminuserblockseclev' variable in order to do this (grant 
permission for a specific user to edit a specific block).

What I'm asking is for a good way to allow the (already authenticated) user 
to browse, search, and select a specific user from the database.

Seems like there really should be a plugin for this -- it could be useful in 
many other plugins.  I'll release it if I write a general purpose one.

Any other ideas?
Thanks

-- 
Like to travel?                        http://TravTalk.org
Micah Yoder Internet Development       http://yoderdev.com

Hi folks, 

I am just after a show of hands regarding who requires LDAP and what development is going on.
The following assumes that there are no LDAP facilities in slash or are being put into slash.


The problem:

I have several websites (or parts of websites) including a slash site which require
the same user database. My users of DiverseBooks.com don't quite realise that the
http://news.DiverseBooks.com slash site has a different user database to the 
http://www.DiverseBooks.com java servlet based site. They complain to me about
not being able to login in without realising that it is a different site. :-(

Since the software which makes up the site is quite varied (java progs and perl progs)
it seems that LDAP would be a good middleware between these apps and their user databases.
There is discussion of LDAP enabling my java programs so I can ignore them for now.

I would be happy if the LDAP database just contained username, email address, and password but 
no doubt more would be required.

First Possible Solution

At first I thought that I could use perl's Net::LDAP to create an (read only) LDAP server 
which gave out the information stored in Slash's own database. This had the advantage
of requiring no changes to slashcode. Unfortunately it appears that the perl LDAP code is
just for clients and not servers - please correct me if I am wrong. 

Second Possible Solution:

I set up OpenLDAP with the same database that slash uses. Unfortunately from a quick scan 
of the documents this also appears to be impossible.

Third Possible Solution:

I set up OpenLDAP with mirrored information as that stored in the database that slash uses. 
This involves initially dumping all the user info into LDIF files (I think) and using ldapadd
to import them and then figuring out how to refresh this periodically.

Fourth "ideal" solution:

I set up OpenLDAP with the same schema as required by slash and change slash to read and
write what user info it requires to LDAP instead of directly to database.

Comments folks?

Am I talking rubbish? I know roughly what LDAP does but don't have experience of it.


Alex McLintock



=====
Alex McLintock        alex@...    Open Source Consultancy in London
OpenWeb Analysts Ltd, http://www.OWAL.co.uk/ 
SF and Computing Book News and Reviews: http://news.diversebooks.com/
Get Your XML T-Shirt <t-shirt/> at http://www.inversity.co.uk/

____________________________________________________________
Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

alexmc@... wrote:
> I have several websites (or parts of websites) including a slash site which require
> the same user database. My users of DiverseBooks.com don't quite realise that the
> http://news.DiverseBooks.com slash site has a different user database to the
> http://www.DiverseBooks.com java servlet based site. They complain to me about
> not being able to login in without realising that it is a different site. :-(
> 
> Since the software which makes up the site is quite varied (java progs and perl progs)
> it seems that LDAP would be a good middleware between these apps and their user databases.
> There is discussion of LDAP enabling my java programs so I can ignore them for now.

Why don't you just use the Slash DB with your java programs? It's MySQL,
the schema is public, and it's even allowed to add another table in case
you need to save more info for your www-page than is assumed for plain
slash.

LDAP can be quite an PITA to setup and maintain securely.

Markus.

Greetings. I'm relatively new to the world of Linux (been in the fringes 
for a while, but just now getting seriously started). I have a 
dual-processor box with Red Hat 7.1 on it, and I'm slowly trudging my way 
through the instructions on installing Slashcode. Things have been 
proceeding more-or-less acceptably, until I get to the point of installing 
Apache via the mod_perl route as listed in the Slash Install document. I do 
the 'make test' step, and it fails thusly:

   cp t/conf/mod_perl_srm.conf t/conf/srm.conf
   ../apache/src/httpd -f `pwd`/t/conf/httpd.conf -X -d `pwd`/t &
   httpd listening on port 8529
   will write error_log to: t/logs/error_log
   letting apache warm up...\c
   done
   /usr/bin/perl t/TEST 0
   still waiting for server to warm up...............not ok
   server failed to start! (please examine t/logs/error_log) at t/TEST line 95.
   make: *** [run_tests] Error 9
   [root@... mod_perl]#

now, at this time, ps -A shows that httpd is in fact running, so the error 
message is slightly bogus. Time to look at the logs:

   [root@... mod_perl]# cd t/logs
   [root@... logs]# ls
   error_log  httpd.pid
   [root@... logs]# cat error_log
   [notice] Destruction->DESTROY called for $global_object
   [Wed Aug 29 09:20:10 2001] [warn] [notice] child_init for process 2615, 
report any problems to
      [no address given]

   [root@... logs]#

(Process 2615 is httpd.)

OK, WTF happened here? Looking at the TEST script tells me (I think) that 
the script was trying to retrieve test.html from the web server and 
couldn't do it. And, when I try to connect to the same port via a browser, 
I get "Connection closed by remote server."

Could this be directory related? Is there some magic directory that Apache 
is supposed to be installed in? (The command I used to start the 
mod_perl/based Apache install was:

    [root@... bin]# perl Makefile.PL APACHE_SRC=/home/phil/apache 
DO_HTTPD=1 USE_APACI=1 /
      PERL_MARK_WHERE=1 EVERYTHING=1 APACHE_PREFIX=/usr/bin/apache

)

So, could somebody help me figure out what I'm missing here?

Thanks in advance.

---

                                              ...phil

"For a list of all the ways technology has failed
     to improve the quality of life, press 3."

--- Phil Reed <preed@...> wrote: 
> Greetings. I'm relatively new to the world of Linux (been in the fringes 
> for a while, but just now getting seriously started). I have a 
> dual-processor box with Red Hat 7.1 on it, and I'm slowly trudging my way 
> through the instructions on installing Slashcode. Things have been 
> proceeding more-or-less acceptably, until I get to the point of installing 
> Apache via the mod_perl route as listed in the Slash Install document. I do 
> the 'make test' step, and it fails thusly:
> 
>    cp t/conf/mod_perl_srm.conf t/conf/srm.conf
>    ../apache/src/httpd -f `pwd`/t/conf/httpd.conf -X -d `pwd`/t &
>    httpd listening on port 8529
>    will write error_log to: t/logs/error_log
>    letting apache warm up...\c
>    done
>    /usr/bin/perl t/TEST 0
>    still waiting for server to warm up...............not ok
>    server failed to start! (please examine t/logs/error_log) at t/TEST line 95.
>    make: *** [run_tests] Error 9
>    [root@... mod_perl]#

I'm actually at the same stage with my test slash installation. When I installed my
live one (http://news.DiverseBooks.com) I think I just ignored this test and
it worked ok anyway.

One possibility is that you installed RedHat Linux with the ipchains 
firewalling stuff. The test starts httpd on an abnormal port (8529 I see)
and it may be that your ipchains is banning access to that.

Of course I could be wrong.




The setup of Apache is the biggest problem with the slashcode docs (which are in 
general quite good). setup of Apache is not easy and if you want anything out
of the ordinary then you need an expert handy IMHO.


Alex


=====
Alex McLintock        alex@...    Open Source Consultancy in London
OpenWeb Analysts Ltd, http://www.OWAL.co.uk/ 
SF and Computing Book News and Reviews: http://news.diversebooks.com/
Get Your XML T-Shirt <t-shirt/> at http://www.inversity.co.uk/

____________________________________________________________
Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

>
>
>
>
>One possibility is that you installed RedHat Linux with the ipchains 
>firewalling stuff. The test starts httpd on an abnormal port (8529 I see)
>and it may be that your ipchains is banning access to that.
>
This is where I'd look.  Try an

ipchains -F

to clear your firewall rules then re-run the test.  Depending on which 
firewall setup you choose on install and what your desired final 
configuration is, you may need to alter them more permanently (the 
ipchains -F will reset after a reboot).  Also, if you're really using 
the firewall rule set for security, make sure to get it back up quickly...

Vann

Thanks for the prompt reply (both you and Vann).



>I'm actually at the same stage with my test slash installation. When I 
>installed my
>live one (http://news.DiverseBooks.com) I think I just ignored this test and
>it worked ok anyway.
>
>One possibility is that you installed RedHat Linux with the ipchains
>firewalling stuff. The test starts httpd on an abnormal port (8529 I see)
>and it may be that your ipchains is banning access to that.

Yes, I did install IPchains. At Vann's suggestion, I flushed the chain rules.

make test gives the same error as before, but this time when I try to 
connect with a browser to the server (still at port 8529), I get a 
"Forbidden" error. So, in fact the ipchains was in the way, but there's 
something else going on.


>Of course I could be wrong.

You're doing OK so far. :-)


---

                                              ...phil

"For a list of all the ways technology has failed
     to improve the quality of life, press 3."

I would also be interested in anything that comes out of this.  I have some 
PHP based travel sites that I'd like to integrate more with TravTalk. I could 
perhaps use the same user database as Slash, except for the minor issue that 
my PHP programs use PostgreSQL ...

-- 
Like to travel?                        http://TravTalk.org
Micah Yoder Internet Development       http://yoderdev.com

Well, after the last problem seemed to go away (I went ahead and finished 
the Apache installation, and it seems to be working correctly), I've been 
madly installing and reinstalling Perl modules. I finally got to the point 
of installing Bundle::Slash, and after a couple of tries, I am now 
consistently getting this from CPAN:

    Bundle summary: The following items in bundle Bundle::Slash had 
installation problems:
      Bundle::CPAN DBI DBI::FAQ Bundle::DBD::mysql Apache::Cookie Template and
      the following items had problems during recursive bundle calls:
      Bundle::libnet DBD::mysql Mysql Net::Telnet

So much scrolls past that I couldn't begin to tell what in particular fails 
(can somebody tell me how to capture the output from CPAN?). How many of 
these are important?

Picking one that looks needed, I decided to force install DBD::mysql just 
to see what happens. It failed, apparently looking for something related to 
DBI. So, I force installed DBI, and *IT* fails, with

    make: *** No rule to make target `blib/arch/auto/DBI/Driver.xst', 
needed by `Perl.xsi'.  Stop.

Hmmm. Dig around. Maybe I should be installing Bundle::DBI? Well, it can't 
hurt. When I try that, it runs for a while and then I get the same failure. 
Hmm. Have I stumbled on a real bug?

So. Is this part really necessary for Slashcode? If so, then how did 
anybody else get it installed?


(And how the hell do you tell CPAN to quit trying to reinstall Perl? I'm 
already running the current version 5.6.1. Half my time yesterday was spent 
installing modules, then finally installing Perl 5.6.1 because stuff kept 
trying to install it, then discovering that reinstalling Perl wiped out all 
the modules so trying to get them reinstalled. Then stupid Data::Dumper 
kept on trying to recursively install Perl again. This is getting to be as 
bad as trying to figure out Microsoft service packs.)

Moderately frustrated,

---

                                              ...phil

"For a list of all the ways technology has failed
     to improve the quality of life, press 3."

--- Phil Reed <preed@...> wrote: 
 
> Picking one that looks needed, I decided to force install DBD::mysql just 
> to see what happens. It failed, apparently looking for something related to 
> DBI. So, I force installed DBI, and *IT* fails, with

You should really have installed DBI before the DBD like it said.

> Hmmm. Dig around. Maybe I should be installing Bundle::DBI? Well, it can't 
> hurt. When I try that, it runs for a while and then I get the same failure. 
> Hmm. Have I stumbled on a real bug?

Have you read the install document ? it explains this. 

> So. Is this part really necessary for Slashcode? If so, then how did 
> anybody else get it installed?

Apparently someone on this mailing list noticed recently that Bundle Slash doesn't
work. Install each individual perl module separately. If you think that CPAN.pm is not 
helping then don't use it. It is optional.

Sounds like you've messed up your perl installation. 

PS do you have multiple versions of perl on your machine? I bet that is why CPAN 
is repeatedly installing perl 5.6.1 - because it looks and finds an old version of perl.
Do a 

find / -name "perl" -exec ls -l {} \;

Goodluck.

Yep perl modules are a bit of a pain but they are FAR better than anything else I have
come across in any language or any platform. 


Alex


=====
Alex McLintock        alex@...    Open Source Consultancy in London
OpenWeb Analysts Ltd, http://www.OWAL.co.uk/ 
SF and Computing Book News and Reviews: http://news.diversebooks.com/
Get Your XML T-Shirt <t-shirt/> at http://www.inversity.co.uk/

____________________________________________________________
Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie