DBasics Software Company - CGI Security Script

Site Administrator's Security Script

There will be in the course of your site's development that you will want to place site maintenance scripts online, such as the errors.cgi script that reads your error logs and such.

Well you might not want just anyone to be able to run these scripts so you can utilize your existing WWWBoard passwd.txt file in protecting who has access to your maintenance scripts.

Click Here to Download the Source Code.

Step 2 - Change The Variables

This is the same file Used In Matt's Script's WWWBoard. If you are running the WWWBoard, point the path to the same password file.

$passfile="/home/usr/dbasic/scripts/passwd.txt";

This is file that will record your IP address when you successfully logon (enter username and password). You should create this text file and chmod 777 to use.

$logfile ="/home/usr/dbasic/scripts/logon.txt";

Step 3 - Place Snippet Into Sensitive Scripts

Place this snippet at the top of all your site's maintenance scripts that you don't want others to have access in running. A good example of using this script would be at the top of the errors.cgi script or your WWWADMIN.CGI script


# Place This Snippet At Top of Sensite Scripts
$logfile ="/home/usr/http/dbasics/logon.txt";
open(FILE,"$logfile") || die $!;
$logon=<FILE>;
close(FILE);
if ($ENV{'REMOTE_HOST'} ne $logon) { exit; }
# End of Snippet

Step 4 - Steps To Use

After you've placed the logon.cgi script on your server and have placed the snippet in Step 2 in your maintenance scripts, you run the logon.cgi script from your browser.

The logon.cgi will verify your access through use of the passwd.txt file and log in your REMOTE_HOST IP Address into the logon.txt file. Then whenever you run any of the maintenance scripts containing the snippet of code in Step 2, it will verify that the REMOTE_HOST running the script is the same person that was verified and logged in through the logon.cgi script. If the person is not authorized, it will just return a SERVER ERROR letting them think that the script doesn't work when in reality they didn't have access.

Then when you leave your site, run the logon.cgi script again leaving all the fields blank which will overwrite your logon.txt file with a null value thereby eliminating the possibility that someone who may get your IP address identification after you log off could run your scripts.