Squirrely1 Posted May 10, 2008 Posted May 10, 2008 Pardon me for seeming like such a newb - which I am when it comes to networking. I have two questions: 1. Would the following code create the correct address for a remote browser to navigate to "c:\squirrely\business.html" on my machine running Manadar's server as is? #include <Inet.au3> $PublicIP = _GetIP() $strAddress = "http://" & $PublicIP & "/squirrely/business.html" MsgBox(0, "Html address", "The address is: " & $strAddress) 2. How secure is this server ? Das Häschen benutzt Radar
jvanegmond Posted May 10, 2008 Author Posted May 10, 2008 (edited) Pardon me for seeming like such a newb - which I am when it comes to networking. I have two questions: 1. Would the following code create the correct address for a remote browser to navigate to "c:\squirrely\business.html" on my machine running Manadar's server as is? #include <Inet.au3> $PublicIP = _GetIP() $strAddress = "http://" & $PublicIP & "/squirrely/business.html" MsgBox(0, "Html address", "The address is: " & $strAddress) 2. How secure is this server ? I can strongly recommend you not to use this server as-is as a server to host your webpages on. That aside, this is pretty secure. There are no obvious exploits like remote code execution or anything. Also, depending on your router settings, the address is correct. You may also want to navigate to: http://" & $PublicIP & "/business.html Edited May 10, 2008 by Manadar github.com/jvanegmond
Squirrely1 Posted May 11, 2008 Posted May 11, 2008 (edited) Thanks Manadar ! What I was thinking of is a way to get files to relatives in other cities, that I could send them the address of the file on my machine, and while the public address is still good, they could get them directly from my machine instead of my having to bother with some file-hosting service. Also, I was thinking maybe there is a way I could use it once a month to maintain my niece's computer who lives in another town - she's only 14 and never defrags or cleans up her system. I don't have a router, I just use an old dialup connection. I was thinking that perhaps because I have two hard-drive volumes, C: and D:, that I might have to specify a computer name in that address - something like @ComputerName Edited May 11, 2008 by Squirrely1 Das Häschen benutzt Radar
jvanegmond Posted May 11, 2008 Author Posted May 11, 2008 All very possible. You can write your own additions for this easily, ofcourse. That is what I build it for. github.com/jvanegmond
Xwolf Posted November 20, 2008 Posted November 20, 2008 It's great!!! I have tested it and worked successfully
Xwolf Posted November 20, 2008 Posted November 20, 2008 By the way, Manadar Please give some more examples, which is helpful for me to understand your code.
trancexx Posted November 20, 2008 Posted November 20, 2008 Since this is up, will use the opportunity to point to two flaws. First one is while receiving request. Code says that request is over when @CRLF & @CRLF is reached. Other servers will also consider the combination @CRLF & @LF to be the end. (Or StringRight($requestBuffer, 4) = @CRLF & @LF) The other flaw is function socketToIPX(). There is If...Then (parentheses) problem. Other than that, great! ♡♡♡ . eMyvnE
toonboon Posted November 20, 2008 Posted November 20, 2008 I get this error that it isn't able to create a connection on port 80.. what's this? [right]~What can I say, I'm a Simplistic person[/right]
Apzo Posted November 20, 2008 Posted November 20, 2008 @ line 16, you should tryDim $sIP = @IPAddress1instead of @IPAddress2Or, if your computer is running a web server yet (IIS ?), then disable it or use another port at line 17.If you modifiy the listening port, your URL will look like :http://YOUR_IP_HERE:LISTENING_PORT/Have fun this with great project Apzo.I get this error that it isn't able to create a connection on port 80.. what's this? All the pop3 functions.Rsync your files on your USB key (or anywhere else)
toonboon Posted November 20, 2008 Posted November 20, 2008 I managed to fix it by closing my other web server xD thanks man ;-) [right]~What can I say, I'm a Simplistic person[/right]
jvanegmond Posted November 20, 2008 Author Posted November 20, 2008 Since this is up, will use the opportunity to point to two flaws. First one is while receiving request. Code says that request is over when @CRLF & @CRLF is reached. Other servers will also consider the combination @CRLF & @LF to be the end. (Or StringRight($requestBuffer, 4) = @CRLF & @LF) The other flaw is function socketToIPX(). There is If...Then (parentheses) problem. Other than that, great!I hope you're not talking about my code.. This defines whether or not the request has ended: If StringInStr(StringStripCR($sBuffer[$x]),@LF&@LF) Then which basically allows for @CRLF & @CRLF. @LF & @CRLF, @CRLF & @LF and @LF & @LF. Second of all, I don't use SocketToIP .. =P github.com/jvanegmond
trancexx Posted November 20, 2008 Posted November 20, 2008 I hope you're not talking about my code.. This defines whether or not the request has ended: If StringInStr(StringStripCR($sBuffer[$x]),@LF&@LF) Then which basically allows for @CRLF & @CRLF. @LF & @CRLF, @CRLF & @LF and @LF & @LF. Second of all, I don't use SocketToIP .. =PThen what a hell I'm talking about???? wtf... ahhh... going back for some additional dl ♡♡♡ . eMyvnE
trancexx Posted November 20, 2008 Posted November 20, 2008 Anyway... nice day today, right? Birds and everything. HTTP this, HTTP that. Sorry about that. Some other server was commented. ♡♡♡ . eMyvnE
jvanegmond Posted November 20, 2008 Author Posted November 20, 2008 (edited) HTTP this, HTTP that. Sorry about that. Some other server was commented.Haha, no problem. I am glad we have it all sorted out ... 8) By the way, Manadar Please give some more examples, which is helpful for me to understand your code. I've done a line-by-line comment on this code. I hope it'll help you understand it better. Sorry I haven't documented the functions just as extensive. I couldn't really explain the POST functions in as much detail. If you have any specific questions or requests, just ask me. expandcollapse popup#cs Resources: Internet Assigned Number Authority - all Content-Types: http://www.iana.org/assignments/media-types/ World Wide Web Consortium - An overview of the HTTP protocol: http://www.w3.org/Protocols/ Credits: Manadar for starting on the webserver. Alek for adding POST and some fixes Creator for providing the "application/octet-stream" MIME type. #ce ; // OPTIONS HERE // Dim $sRootDir = @ScriptDir & "\www\" ; The absolute path to the root directory of the server. Dim $sIP = @IPAddress1 ; ip address as defined by AutoIt Dim $iPort = 80 ; the listening port Dim $iMaxUsers = 15 ; Maximum number of users who can simultaneously get/post ; // END OF OPTIONS // Dim $aSocket[$iMaxUsers] ; Creates an array to store all the possible users Dim $sBuffer[$iMaxUsers] ; All these users have buffers when sending/receiving, so we need a place to store those For $x = 0 to UBound($aSocket)-1 ; Fills the entire socket array with -1 integers, so that the server knows they are empty. $aSocket[$x] = -1 Next TCPStartup() ; AutoIt needs to initialize the TCP functions $iMainSocket = TCPListen($sIP,$iPort) ;create main listening socket If @error Then ; if you fail creating a socket, exit the application MsgBox(0x20, "AutoIt Webserver", "Unable to create a socket on port " & $iPort & ".") ; notifies the user that the HTTP server will not run Exit ; if your server is part of a GUI that has nothing to do with the server, you'll need to remove the Exit keyword and notify the user that the HTTP server will not work. EndIf ConsoleWrite( "Server created on http://" & $sIP & "/" & @CRLF) ;; If you're in SciTE, While 1 $iNewSocket = TCPAccept($iMainSocket) ;; Tries to accept incoming connections If $iNewSocket >= 0 Then ; Verifies that there actually is an incoming connection For $x = 0 to UBound($aSocket)-1 ;; Attempts to store the incoming connection If $aSocket[$x] = -1 Then $aSocket[$x] = $iNewSocket ;store the new socket ExitLoop EndIf Next EndIf For $x = 0 to UBound($aSocket)-1 ; A big loop to receive data from everyone connected If $aSocket[$x] = -1 Then ContinueLoop ;; if the socket is empty, it will continue to the next iteration, doing nothing $sNewData = TCPRecv($aSocket[$x],1024) ; Receives a whole lot of data if possible If @error Then ;; Client has disconnected $aSocket[$x] = -1 ; Socket is freed so that a new user may join ContinueLoop ; Go to the next iteration of the loop, not really needed but looks oh so good ElseIf $sNewData Then ; data received $sBuffer[$x] &= $sNewData ;store it in the buffer If StringInStr(StringStripCR($sBuffer[$x]),@LF&@LF) Then ; if the request has ended .. $sFirstLine = StringLeft($sBuffer[$x],StringInStr($sBuffer[$x],@LF)) ;; helps to get the type of the request $sRequestType = StringLeft($sFirstLine,StringInStr($sFirstLine," ")-1) ;; gets the type of the request If $sRequestType = "GET" Then ;; user wants to download a file or whatever .. $sRequest = StringTrimRight(StringTrimLeft($sFirstLine,4),11) ;; let's see what file he actually wants If $sRequest = "/" Then ;; user has requested the root $sRequest = "/index.html" ;; instead of root we'll give him the index page :) EndIf $sRequest = StringReplace($sRequest,"/","\") ; convert HTTP slashes to windows slashes, not really required because windows accepts both If FileExists($sRootDir & "\" & $sRequest) Then ;; makes sure the file that the user wants exists :D $sFileType = StringRight($sRequest,4) ;; determines the file type, so that we may choose what mine type to use Switch $sFileType Case "html", ".htm" ;; in case of normal HTML files _SendFile($sRootDir & "\" & $sRequest, "text/html", $aSocket[$x]) Case ".css" ;; in case of style sheets _SendFile($sRootDir & "\" & $sRequest, "text/css", $aSocket[$x]) Case ".jpg", "jpeg" ;; for common images _SendFile($sRootDir & "\" & $sRequest, "image/jpeg", $aSocket[$x]) Case ".png" ;; another common image format _SendFile($sRootDir & "\" & $sRequest, "image/png", $aSocket[$x]) Case Else ; this is for .exe, .zip, or anything else that is not supported is downloaded to the client using a application/octet-stream _SendFile($sRootDir & "\" & $sRequest, "application/octet-stream", $aSocket[$x]) EndSwitch Else _SendError($aSocket[$x]) ;; File does not exist, so we'll send back an error.. EndIf ElseIf $sRequestType = "POST" Then ;; user has come to us with data, we need to parse that data and based on that do something special $aPOST = _Get_Post($sBuffer[$x]) ;; parses the post data $sName = _POST("Name",$aPOST) ; Like PHPs _POST, but it requires the second parameter to be the return value from _Get_Post $sComment = _POST("Comment",$aPOST) ;; Gets the comment _POST_ConvertString($sName) ;; Needs to convert the POST HTTP string into a normal string _POST_ConvertString($sComment) ;; same .. FileWrite($sRootDir & "\index.html", FileRead($sRootDir & "\index.html") & "<br />" & $sName & " made comment: " & $sComment) ;Ofcourse, in real situations you have to prevent people to use HTML/PHP/Javascript etc. in their comments. ;; The last line adds whatever Name:Comment said in the root file .. this creates some sort of chatty effect _SendFile($sRootDir & "\index.html", "text/html", $aSocket[$x]) ; Sends back the new file we just created EndIf $sBuffer[$x] = "" ;; clears the buffer because we just used to buffer and did some actions based on them TCPCloseSocket($aSocket[$x]) ;; we have defined connection: close, so we close the connection $aSocket[$x] = -1 ;; reset the socket so that we may accept new clients EndIf EndIf Next Sleep(10) WEnd Func _POST_ConvertString(ByRef $sString) ;; converts any characters like %20 into space 8) $sString = StringReplace($sString, '+', ' ') StringReplace($sString, '%', '') For $t = 0 To @extended $Find_Char = StringLeft( StringTrimLeft($sString, StringInStr($sString, '%')) ,2) $sString = StringReplace($sString, '%' & $Find_Char, Chr(Dec($Find_Char))) Next EndFunc Func _SendHTML($sHTML,$sSocket) ;; sends HTML data back to the client on X socket Local $iLen, $sPacket, $sSplit $iLen = StringLen($sHTML) $sPacket = Binary("HTTP/1.1 200 OK" & @CRLF & _ "Server: ManadarX/1.0 (" & @OSVersion & ") AutoIt " & @AutoItVersion & @CRLF & _ "Connection: close" & @CRLF & _ "Content-Lenght: " & $iLen & @CRLF & _ "Content-Type: text/html" & @CRLF & _ @CRLF & _ $sHTML) $sSplit = StringSplit($sPacket,"") $sPacket = "" For $i = 1 to $sSplit[0] If Asc($sSplit[$i]) <> 0 Then ; Just make sure we don't send any null bytes, because they show up as ???? in your browser. $sPacket = $sPacket & $sSplit[$i] EndIf Next TCPSend($sSocket,$sPacket) EndFunc Func _SendFile($sAddress, $sType, $sSocket) ;; Sends a file back to the client on X socket, with X mime-type Local $hFile, $sImgBuffer, $sPacket, $a $hFile = FileOpen($sAddress,16) $sImgBuffer = FileRead($hFile) FileClose($hFile) $sPacket = Binary("HTTP/1.1 200 OK" & @CRLF & _ "Server: ManadarX/1.3.26 (" & @OSVersion & ") AutoIt " & @AutoItVersion & @CRLF & _ "Connection: close" & @CRLF & _ "Content-Type: " & $sType & @CRLF & _ @CRLF) TCPSend($sSocket,$sPacket) While BinaryLen($sImgbuffer) ;LarryDaLooza's idea to send in chunks to reduce stress on the application $a = TCPSend($sSocket,$sImgbuffer) $sImgbuffer = BinaryMid($sImgbuffer,$a+1,BinaryLen($sImgbuffer)-$a) WEnd $sPacket = Binary(@CRLF & _ @CRLF) TCPSend($sSocket,$sPacket) TCPCloseSocket($sSocket) EndFunc Func _SendError($sSocket) ;; Sends back a basic 404 error _SendHTML("404 Error: " & @CRLF & @CRLF & "The file you requested could not be found.", $sSocket) EndFunc Func _Get_Post($s_Buffer) ;; parses incoming POST data Local $sTempPost, $sLen, $sPostData, $sTemp ;Get the lenght of the data in the POST $sTempPost = StringTrimLeft($s_Buffer,StringInStr($s_Buffer,"Content-Length:")) $sLen = StringTrimLeft($sTempPost,StringInStr($sTempPost,": ")) ;Create the base struck $sPostData = StringSplit(StringRight($s_Buffer,$sLen),"&") Local $sReturn[$sPostData[0]+1][2] For $t = 1 To $sPostData[0] $sTemp = StringSplit($sPostData[$t],"=") If $sTemp[0] >= 2 Then $sReturn[$t][0] = $sTemp[1] $sReturn[$t][1] = $sTemp[2] EndIf Next Return $sReturn EndFunc Func _POST($sName,$sArray) ;; Returns a POST variable based on their name and not their array index. This function basically makes up for the lack of associative arrays in Au3 For $i = 1 to UBound($sArray)-1 If $sArray[$i][0] = $sName Then Return $sArray[$i][1] EndIf Next Return "" EndFunc Edited November 20, 2008 by Manadar github.com/jvanegmond
james3mg Posted November 20, 2008 Posted November 20, 2008 (edited) @Manadar- see the PM I sent you about a possible security flaw that I decided would be stupid to post publically.If I'm wrong, I'll update here so I don't scare the readers of this thread Edited November 20, 2008 by james3mg "There are 10 types of people in this world - those who can read binary, and those who can't.""We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true." ~Robert Wilensky0101101 1001010 1100001 1101101 1100101 1110011 0110011 1001101 10001110000101 0000111 0001000 0001110 0001101 0010010 1010110 0100001 1101110
WeMartiansAreFriendly Posted November 20, 2008 Posted November 20, 2008 (edited) Nice Manadar.Sorry to bother you, I was wondering if you could use these UDFs as a part in your webserver?http://www.autoitscript.com/forum/index.php?showtopic=74325http://www.autoitscript.com/forum/index.php?showtopic=78602 Edited November 20, 2008 by Kastout Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()
jvanegmond Posted November 20, 2008 Author Posted November 20, 2008 Nice Manadar.Sorry to bother you, I was wondering if you could use these UDFs as a part in your webserver?http://www.autoitscript.com/forum/index.php?showtopic=74325http://www.autoitscript.com/forum/index.php?showtopic=78602Thanks for the suggestion, but no."On event driven" TCP in my personal opinion is only useful when dealing with other things at the same time , such as GUI. The other isn't an UDF, but isn't required either way.AutoIt has native functionality for TCP, no extra UDFs required, and I intend to use it that way. github.com/jvanegmond
WeMartiansAreFriendly Posted November 20, 2008 Posted November 20, 2008 Thanks for the suggestion, but no."On event driven" TCP in my personal opinion is only useful when dealing with other things at the same time , such as GUI. The other isn't an UDF, but isn't required either way.AutoIt has native functionality for TCP, no extra UDFs required, and I intend to use it that way. That's nice too know. Keep it simple. Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()
jvanegmond Posted November 20, 2008 Author Posted November 20, 2008 @Manadar- see the PM I sent you about a possible security flaw that I decided would be stupid to post publically.If I'm wrong, I'll update here so I don't scare the readers of this thread I've updated the source code fixing the security flaw you pointed out in your PM along with some other things that I've fixed previously. Added some mime-types and updated with extensive comments.All in all, it's worth downloading again.Thanks so much for finding the security hole, james! I'm glad you found it before anyone got hurt. github.com/jvanegmond
JRowe Posted November 21, 2008 Posted November 21, 2008 Good script, Manadar. Hows it hold up, performance wise? Have you done any stress tests? [center]However, like ninjas, cyber warriors operate in silence.AutoIt Chat Engine (+Chatbot) , Link Grammar for AutoIt , Simple Speech RecognitionArtificial Neural Networks UDF , Bayesian Networks UDF , Pattern Matching UDFTransparent PNG GUI Elements , Au3Irrlicht 2Advanced Mouse Events MonitorGrammar Database GeneratorTransitions & Tweening UDFPoker Hand Evaluator[/center]
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now