I'm currently trying to create a simple login in page to my actual local webpage that I'm running with on a virtual machine with Ubuntu.
I created the LoginPage.html
at the location /var/www/html
.
The HTML file then calls the login.cgi
file in the /usr/lib/cgi-bin/login.cgi
.
I get an Internal Server Error
. The logs basically only shows this:
"POST /cgi-bin/login.cgi HTTP/1.1" 500 799 "http://localhost/LoginPage.html" "Mozialla/5.0 (X11; Ubtuntu; Linux x86_64; rv:84.0) Geck/201000101 Firefox/84.0
The HTML file seems to be working as intended, but when I press login and get redirected to the CGI file, I get the error on the CGI file. I have tried to remove everything the in the CGI file to leave only a couple of lines but still get the error.
My other project-files in the cgi-bin
folder still work without an error.
<HTML>
<HEAD><TITLE>Login Page</TITLE></HEAD>
<BODY>
<CENTER>
<FORM method="POST" action="/cgi-bin/login.cgi">
<paragraph> Enter your login name: <input type="text" name="login">
<paragraph> Enter your password: <input type=password name="password">
<paragraph> <input type="submit" value="Connect">
</FORM>
</CENTER>
<HR>
</form>
</BODY>
</HTML>
#!/usr/bin/python3
import sys
import cgi
import os
import cgitb
sys.path.insert(0,'/usr/lib/project_name')
def header():
#print "Content-type: text/html\n"
print("<HEAD>")
print("<TITLE> title </TITLE>")
print("</HEAD>")
def Log():
print("<!DOCTYPE html>")
print("<HTML>")
print("<html lang=\"en\" xmlns=\"http://www.w3.org/1999/xhtml\">")
print(" <meta charset=\"utf-8\" />")
header()
print("BODY")
form = cgi.FieldStorage()
login = "login"
password = "test123"
if not (form):
header("Login Response")
print("<BODY>")
elsif (form.has_key("login") and form["login"].value == login and form.has_key("password") and form["password"].value == password):
header("Connected ...")
print("<BODY>")
print("<center><hr><H3>Welcome back,\" , form[\"login\"].value, \".</H3><hr></center>")
print("r\"\"\"<form><input type=\"hidden\" name=\"session\" value=\"%s\"></form>\"\"\" % (form[\"login\"].value)")
print("<H3><a href=\"/cgi-bin/projects.cgi\">Click here to start browsing</a></H3>")
else:
header("No success!")
print("<BODY>")
print("<H3>Please go back and enter a valid login.</H3>")
def footer():
print("</BODY>")
print("</HTML>")
print("Content-type:text/html\r\n\r\n")
cgitb.enable()
Log()
footer()
Edit:
Here is the content of error.log
after resolving the Internal Server Error
:
[Tue Feb 02 08:40:41.199152 2021] [cgi:error] [pid 10292:tid 140490049578752] [client 127.0.0.1:38888] AH01215: (2)No such file or directory: exec of '/usr/lib/cgi-bin/login.cgi' failed: /usr/lib/cgi-bin/login.cgi, referer: http://localhost/LoginPage.html [Tue Feb 02 08:40:41.199411 2021] [cgi:error] [pid 10292:tid 140490049578752] [client 127.0.0.1:38888] End of script output before headers: login.cgi, referer: http://localhost/LoginPage.html
No such file or directory: exec of '/usr/lib/cgi-bin/login.cgi' failed: /usr/lib/cgi-bin/login.cgi, referer: http://localhost/LoginPage.html
Make sure the CGI script and its parent directory have the right permissions:
chmod 755 /usr/lib/cgi-bin/ /usr/lib/cgi-bin/login.cgi
Also, it appears the CGI script may have windows line endings, so make sure you remove those as well, eg by running dos2unix login.cgi
(see this post for more details).
First, make at least the following changes to correct your syntax (which is what's causing the Internal Server Error
):
elsif
should be elif
header
function should take in an argument, ie def header(title)
form.has_key
, change it to use in
since has_key
is now deprecated, eg "password" in form
instead of form.has_key("password")
The corrected condition would look like this:
elif "login" in form and form["login"].value == login and "password" in form and form["password"].value == password:
As an aside, stick to HTML5 , which is supported by all the latest browsers, and the center
tag is now deprecated (its gone the way of the marquee
tag ). Use CSS instead .
Also, as a complete side note, these days, its uncommon to see ALL CAPS used for HTML tags. You have used that style in some places, but I suggest dropping it in favor of lowercase tag names .
In addition to the above, I recommend using f-strings for string formatting and also multi-line strings to simplify the logic a bit.
Below are some examples of how you can enhance your code.
Your header function may look like this using f-strings and multi-line strings as suggested. The title
argument is optional.
def header(title=""):
print(f"""
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title> {title} </title>
</head>
<body>
""")
Your footer function could look like this:
def footer():
print("""
</body>
</html>
""")
Finally, your HTML form could look like this, using text-align: center;
for the centering:
print(f"""
<hr>
<h3 style="text-align: center;">Welcome back { form["login"].value }</h3>
<hr>
<form>
<input type="hidden" name="session" value="{ form["login"].value }">
</form>
<h3>
<a href="/cgi-bin/projects.cgi">Click here to start browsing</a>
</h3>
""")
To beautify the HTML further, you can import textwrap
and then usetextwrap.dedent()
to remove the common leading spaces from the HTML (due to the indentation in Python), eg
print(textwrap.dedent(f"""
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title> {title} </title>
</head>
<body>
"""))
This gives two advantages:
A further enhancement is to make use of a HTML templating framework, such as Jinja2 . This will allow you to store the HTML into files and then render the HTML files by passing variables.
Then, your Python code would become a lot simpler. You would just render the template and pass the variables you want. For example, for you header, it could be like this:
template = env.get_template('header.html')
print(template.render(title='Connected ...'))
You will need to set up the Environment
like this first:
from jinja2 import Environment
env = Environment(
loader=PackageLoader('package', 'templates')
autoescape=select_autoescape(['html'])
)
And place your header.html
file in a directory called templates
.
You may also want to read about the seperation of concerns principle and the MVC architecture . Using templates like this is just one step closer to achieving MVC.
It looks like you are using a HTML hidden
field to store the username, and treating that as a session token. This is highly insecure and won't scale . Though, it may be sufficient for your purposes. A simple way to improve on it is to store it as a cookie using the Set-cookie
header , and make it HttpOnly
, eg
Set-cookie: session=value; HttpOnly
where value
could be some unique token (eg a uuid
).
This is much better than your current approach.
But, even better yet, you could implement security using a library like PyJWT
instead.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.