the DtTvB's AutoIt Web Server

[piccaso]

it uses openssl so simply use it direct.

do you have any idea how simple that would be?

You probably dont know the openssl api

1. base64 decoding does not work properly

2. passwords should be hashed (non reversible), to avoid instant access for passwd-file-stealer.

use md5 or crypt and compare the given passwd after hashing it with the same algo to the saved one.

and save the passwd-file outside the webroot.

yep, base64 is broken because of the unicode changes in autoit...

it is very common to store the password file unencrypted on windows, and it doesent matter where its stored because if the web server can access it then any cgi/whatever can too....

But i agree, hashing would be a good idea

1. Server hangs when submitting a form using POST and php-cgi.exe. Server wont proccess anything further after the post submission until its restarted.

Autoit doesent support binary pipes, this may be fixed with some maniac use of DllCall...

2.folderIndex "index.html" in server.conf ........can this be a list?, eg. folderIndex "index.html,index.htm,index.php" because ie7 doesn't list the folder tree, ffox does.

eww ie7

We can start the server and start a gui that uses _IE.au3 to embedd a browser using com....if php files could be embedded in the built exe and prevent viewing source code.....we'd be running php apps as exe's......that'd be very cool!

btw, when using php, php doesn't need to be installed as such, alls required is point to location of php-cgi.exe. php4ts.dll needs to be in the same folder.

I'm using the minimal php that comes with windbinder.

do you know about pcc ?

it builds on windows too...

it makes normal exe's, dll's, microserver's...

but if you compile in all required runtime's (rather than distributing dll's) you end up with an > 3mb file

An alternative i've been utilising and the reason that got me reading this post is shttpd (50kb) c source is freely available.

Last time i checked (over a year ago) shttpd was so buggy i didnt want to use it.

but maybe its good today

as far as i remember it provides a sdk to make your own websrevers.

maybe this could be turned into a dll/plugin for autoit...

[Will66]

do you know about pcc ?

it builds on windows too...

it makes normal exe's, dll's, microserver's...

but if you compile in all required runtime's (rather than distributing dll's) you end up with an > 3mb file

Last time i checked (over a year ago) shttpd was so buggy i didnt want to use it.

but maybe its good today

as far as i remember it provides a sdk to make your own websrevers.

maybe this could be turned into a dll/plugin for autoit...

no i don't know about pcc?

[Apzo]

http://www.roadsend.com/home/index.php

I tried, not realy easy to understand. Still trying to

BEWARE : the installer resets the %PATH environment variable, be sure to save it before !!

Edited June 8, 2007 by Apzo

[Raik]

do you have any idea how simple that would be?

You probably dont know the openssl api

is it possible? then it doesent matter if it is complicated.

yep, base64 is broken because of the unicode changes in autoit...

this one works with the new autoit too.

it doesent matter where its stored because if the web server can access it then any cgi/whatever can too....

it does matter where it is stored, because if it is stored inside the public_html folder, everybody, who knows about this, will be able, to download it.

if somebody writes a vulnerable script and does not tread every input from the user as untrustable (checking length, allowed chars, etc.), this will be outside of our reach.

[piccaso]

is it possible? then it doesent matter if it is complicated.

Well at least is complicated.

There are some functions which need callback but i dont know if they are critical.

everytime i look at the partly documentet api i allways go back to stunnel

it does matter where it is stored, because if it is stored inside the public_html folder, everybody, who knows about this, will be able, to download it.

im not sure on how authentication is implemented in this server but i assumed the server wont let you download it.

if somebody writes a vulnerable script and does not tread every input from the user as untrustable (checking length, allowed chars, etc.), this will be outside of our reach.

Yes php acts that way when configured right but everyithing between <?au3 ?> tags has the same access rights and even the same module name as the server.

are you interested in continuing the development on this server?

[sshrum]

Nice.

Got it working on my system.

Had a thought...(2 actually):

Why not envset() the query string values:

; environment-ize the query string entries [sshrum]
$sReserved = "REMOTE_ADDR|SERVER_NAME|SERVER_SOFTWARE|SERVER_PORT|SERVER_PROTOCOL|QUERY_STRING|REQUEST_URI|SCR
IPT_NAME"
if $queryString <> "" Then
    $aArguments = StringSplit($queryString, "&")
    for $i = 1 to $aArguments[0]
        $aArgument = StringSplit($aArguments[$i], "=")
    ; dis-allow reserved
        if not stringinstr($sReserved, $aArgument[1]) then
            if $aArgument[0] = 2 then
                envset ($aArgument[1],$aArgument[2])
            Else
                envset ($aArgument[1],"")
            EndIf
        EndIf                   
    next
endif 
;-- sshrum stop

...and why not set up the preprocess call to handle script calls to other engines: perl, php, etc.?

[sshrum]

Do'h...found the newer version: sweet...autoit, php, perl, and python.

Idea: How about error logging?

[sshrum]

Idea for the function lib:

Func _GetQueryValue($sLookup="")
    $aQuery = stringsplit(envGet('QUERY_STRING'),"&")
    for $i = $aQuery[0] to 1 step -1
        if stringinstr($aQuery[$i],"=") Then
            $sKey = stringleft($aQuery[$i], stringinstr($aQuery[$i], "=") - 1)
            if $sLookup = $sKey Then
                return stringtrimleft($aQuery[$i], stringlen($sKey)+1)
            EndIf
        EndIf
    Next
    return ""
EndFunc

Takes the last instance of a repeated key as the current (http://www.foo.com?page=q&foo=bar&page=t===); _GetQueryValue('page') will return 't===' as is how Apache deals with repeated keys. Also allows for additional '=' char in values.

[sshrum]

Just an FYI...

I like to keep my \public_html outside of the server folder like this:

\www

-+ \public_html

-+ \server-1.2

----+ \server

-+ \server-1.3

----+ \ server

-+ \...

...so in my server.conf I'd like to list my DOCUMENT_ROOT as '\..\..\public_html'

This way I can have multiple server code projects to deal with the same content.

I just noticed that fileGetLongName() doesn't resolve the full pathname for this type of folder ref.

[shadesdude]

I've been lurking around the forums for a while now and I think I made something post worthy.

I combined the web server with a few Itunes control scraps laying around and created a web service to control it =D.

This pack comes fully setup all you need to do is run the server.exe and you have web control of your music. Simply navigate to either 127.0.0.1 on the computer that it is running or visit it from another computer. Haha and if you don't trust me just grab the index.aux file out of the Http folder and use it with your own server. If you don't want to use it as the index page add "& envGet('SCRIPT_NAME')" to each of the lines that start with "consoleWrite ('<a href="' &"

Credits to SolidSnake for the idea and some of the com controls and of course to all the guys working on the WebServer.

http://files.filefront.com/ItunesServerzip...;/fileinfo.html

Sample page (may go down depending on how hard I get hit)

[Will66]

hoping someone will help me out with this as i don't really understand networking stuff and i don't want to mess with the original script without knowing what i'm effecting.

Can someone please give me an example of how to combine server.au3 with an embedded web browser using one of the options for embedding IE into a gui eg:

$oIE = ObjCreate("Shell.Explorer.2") or <IE.au3>.

I'm wanting that when i run server.au3 a gui opens which contains embedded browser and loads the index page from localhost:

#include <GUIConstants.au3>
#include <IE.au3>
_IEErrorHandlerRegister ()
$oIE = _IECreateEmbedded ()
GUICreate("Embedded Web control Test", 640, 580, _
        (@DesktopWidth - 640) / 2, (@DesktopHeight - 580) / 2, _
        $WS_OVERLAPPEDWINDOW + $WS_VISIBLE + $WS_CLIPSIBLINGS)
$GUIActiveX = GUICtrlCreateObj($oIE, 10, 40, 600, 360)

_IENavigate ($oIE, "127.0.0.1") //localhost

_IEAction($oIE,"refresh")
GUISetState()       ;Show GUI

The code for server.au3 is from here the svn

How can I incorporate this as a single service please?....i.e 1 trayicon, 1 service

[piccaso]

The tricky part is combining the main gui loop with the servers main loop...

but i wouldn't do that if i where you.

but you could make a separate process and do some ipc stuff...

check out CoProc from my sig. if you need an example on ipc or search the forums for WM_COPYDATA

[Will66]

The tricky part is combining the main gui loop with the servers main loop...

but i wouldn't do that if i where you.

but you could make a separate process and do some ipc stuff...

check out CoProc from my sig. if you need an example on ipc or search the forums for WM_COPYDATA

Thanx for the info piccaso, i'll check it out.

I did manage to incorporate the gui with the server but its pretty hacked up by hiding the servers tray icon/menu and adding the TCPShutdown() call to the browser guis exit function using on event mode....it worked but i knew its not good,

Cheers

[Raik]

im not sure on how authentication is implemented in this server but i assumed the server wont let you download it.

i feel not like an ostrich ...

as long, as i dont KNOW, i will feel mutch better, if it is outside the folder, witch the server will provide for webaccess.

Yes php acts that way when configured right but everyithing between <?au3 ?> tags has the same access rights and even the same module name as the server.

php too has the same rights as the server, but as long as you not implement access outside the webroot via php, nobody will be able, to gain it.

Edited July 4, 2007 by Raik

[AzKay]

Cant get it working with PHP. Im getting "No input file specified.", When I go to a php file.

[Will66]

make sure there are no spaces in your path to php. If your using php4 then use php-cgi.exe, php5 use php.exe.

My problem is images are not showing eg:

http://localhost/leftbg.gif

And

http://localhost/images/leftbg.gif

The paths are right, but all i get is the red X

[Will66]

make sure there are no spaces in your path to php. If your using php4 then use php-cgi.exe, php5 use php.exe.

My problem is images are not showing eg:

http://localhost/leftbg.gif

And

http://localhost/images/leftbg.gif

The paths are right, but all i get is the red X

bump

[Will66]

images display for anyone else? ^^ Am I the only one?

[Will66]

TWIMC

Maybe if i bump long enough ^^^, someone might be kind enough to relay to me whether images are displaying ok for them.

Viewing the source code of a served html page shows the correct code eg: <img scr="some.gif">

However the image is not displaying, which leads me to suggest the images are not mapped properly (http://localhost/some.gif) to the actual file location.

All the settings in server config file are correct and there are no permission issues.

Regards

[Will66]

TWIMC

Maybe if i bump long enough ^^^, someone might be kind enough to relay to me whether images are displaying ok for them.

Viewing the source code of a served html page shows the correct code eg: <img scr="some.gif">

However the image is not displaying, which leads me to suggest the images are not mapped properly (http://localhost/some.gif) to the actual file location.

All the settings in server config file are correct and there are no permission issues.

Regards

Seems to be a security issue?

I've tested at work on xp pro and images show fine(btw,i'm not the administrator).

When i compile on my machine at home(xp home,btw,i AM the administrator) and run I get security alert and click to unblock.

Images still not showing via running compiled or uncompiled running through scite.

Any ideas...please?