Powerful HTTP Server in Pure AutoIt

[Squirrely1]

Pardon me for seeming like such a newb - which I am when it comes to networking.

I have two questions:

1. Would the following code create the correct address for a remote browser to navigate to

"c:\squirrely\business.html" on my machine running Manadar's server as is?

#include <Inet.au3>
$PublicIP = _GetIP()
$strAddress = "http://" & $PublicIP & "/squirrely/business.html"
MsgBox(0, "Html address", "The address is: " & $strAddress)

2. How secure is this server ?

[jvanegmond]

Pardon me for seeming like such a newb - which I am when it comes to networking.

I have two questions:

1. Would the following code create the correct address for a remote browser to navigate to

"c:\squirrely\business.html" on my machine running Manadar's server as is?

#include <Inet.au3>
$PublicIP = _GetIP()
$strAddress = "http://" & $PublicIP & "/squirrely/business.html"
MsgBox(0, "Html address", "The address is: " & $strAddress)

2. How secure is this server ?

I can strongly recommend you not to use this server as-is as a server to host your webpages on. That aside, this is pretty secure. There are no obvious exploits like remote code execution or anything.

Also, depending on your router settings, the address is correct. You may also want to navigate to: http://" & $PublicIP & "/business.html

Edited May 10, 2008 by Manadar

[Squirrely1]

Thanks Manadar !

What I was thinking of is a way to get files to relatives in other cities, that I could send them the address of the file on my machine, and while the public address is still good, they could get them directly from my machine instead of my having to bother with some file-hosting service.

Also, I was thinking maybe there is a way I could use it once a month to maintain my niece's computer who lives in another town - she's only 14 and never defrags or cleans up her system.

I don't have a router, I just use an old dialup connection. I was thinking that perhaps because I have two hard-drive volumes, C: and D:, that I might have to specify a computer name in that address - something like @ComputerName

Edited May 11, 2008 by Squirrely1

[jvanegmond]

All very possible. You can write your own additions for this easily, ofcourse. That is what I build it for.

[Xwolf]

It's great!!!

I have tested it and worked successfully

[Xwolf]

By the way, Manadar

Please give some more examples,

which is helpful for me to understand your code.

[trancexx]

Since this is up, will use the opportunity to point to two flaws.

First one is while receiving request. Code says that request is over when @CRLF & @CRLF is reached.

Other servers will also consider the combination @CRLF & @LF to be the end. (Or StringRight($requestBuffer, 4) = @CRLF & @LF)

The other flaw is function socketToIPX(). There is If...Then (parentheses) problem.

Other than that, great!

[toonboon]

I get this error that it isn't able to create a connection on port 80.. what's this?

[Apzo]

@ line 16, you should try

Dim $sIP = @IPAddress1

instead of @IPAddress2

Or, if your computer is running a web server yet (IIS ?), then disable it or use another port at line 17.

If you modifiy the listening port, your URL will look like :

http://YOUR_IP_HERE:LISTENING_PORT/

Have fun this with great project

Apzo.

I get this error that it isn't able to create a connection on port 80.. what's this?

[toonboon]

I managed to fix it by closing my other web server xD thanks man ;-)

[jvanegmond]

Since this is up, will use the opportunity to point to two flaws.

First one is while receiving request. Code says that request is over when @CRLF & @CRLF is reached.

Other servers will also consider the combination @CRLF & @LF to be the end. (Or StringRight($requestBuffer, 4) = @CRLF & @LF)

The other flaw is function socketToIPX(). There is If...Then (parentheses) problem.

Other than that, great!

I hope you're not talking about my code..

This defines whether or not the request has ended:

If StringInStr(StringStripCR($sBuffer[$x]),@LF&@LF) Then

which basically allows for @CRLF & @CRLF. @LF & @CRLF, @CRLF & @LF and @LF & @LF.

Second of all, I don't use SocketToIP .. =P

[trancexx]

I hope you're not talking about my code..

This defines whether or not the request has ended:

If StringInStr(StringStripCR($sBuffer[$x]),@LF&@LF) Then

which basically allows for @CRLF & @CRLF. @LF & @CRLF, @CRLF & @LF and @LF & @LF.

Second of all, I don't use SocketToIP .. =P

Then what a hell I'm talking about???? wtf...

ahhh... going back for some additional dl

[trancexx]

Anyway... nice day today, right?

Birds and everything.

HTTP this, HTTP that.

Sorry about that. Some other server was commented.

[jvanegmond]

HTTP this, HTTP that.

Sorry about that. Some other server was commented.

Haha, no problem. I am glad we have it all sorted out ... 8)

By the way, Manadar

Please give some more examples,

which is helpful for me to understand your code.

I've done a line-by-line comment on this code. I hope it'll help you understand it better.

Sorry I haven't documented the functions just as extensive. I couldn't really explain the POST functions in as much detail. If you have any specific questions or requests, just ask me.

expandcollapse popup

#cs 
Resources:
    Internet Assigned Number Authority - all Content-Types: http://www.iana.org/assignments/media-types/
    World Wide Web Consortium - An overview of the HTTP protocol: http://www.w3.org/Protocols/
    
Credits:
    Manadar for starting on the webserver.
    Alek for adding POST and some fixes
    Creator for providing the "application/octet-stream" MIME type.
#ce

; // OPTIONS HERE //
Dim $sRootDir = @ScriptDir & "\www\" ; The absolute path to the root directory of the server.
Dim $sIP = @IPAddress1 ; ip address as defined by AutoIt
Dim $iPort = 80 ; the listening port
Dim $iMaxUsers = 15 ; Maximum number of users who can simultaneously get/post
; // END OF OPTIONS //

Dim $aSocket[$iMaxUsers] ; Creates an array to store all the possible users
Dim $sBuffer[$iMaxUsers] ; All these users have buffers when sending/receiving, so we need a place to store those

For $x = 0 to UBound($aSocket)-1 ; Fills the entire socket array with -1 integers, so that the server knows they are empty.
    $aSocket[$x] = -1
Next

TCPStartup() ; AutoIt needs to initialize the TCP functions

$iMainSocket = TCPListen($sIP,$iPort) ;create main listening socket
If @error Then ; if you fail creating a socket, exit the application
    MsgBox(0x20, "AutoIt Webserver", "Unable to create a socket on port " & $iPort & ".") ; notifies the user that the HTTP server will not run
    Exit ; if your server is part of a GUI that has nothing to do with the server, you'll need to remove the Exit keyword and notify the user that the HTTP server will not work.
EndIf

ConsoleWrite( "Server created on http://" & $sIP & "/" & @CRLF) ;; If you're in SciTE,

While 1
    $iNewSocket = TCPAccept($iMainSocket) ;; Tries to accept incoming connections
    
    If $iNewSocket >= 0 Then ; Verifies that there actually is an incoming connection
        For $x = 0 to UBound($aSocket)-1 ;; Attempts to store the incoming connection
            If $aSocket[$x] = -1 Then
                $aSocket[$x] = $iNewSocket ;store the new socket
                ExitLoop
            EndIf
        Next
    EndIf

    For $x = 0 to UBound($aSocket)-1 ; A big loop to receive data from everyone connected
        If $aSocket[$x] = -1 Then ContinueLoop ;; if the socket is empty, it will continue to the next iteration, doing nothing
        $sNewData = TCPRecv($aSocket[$x],1024) ; Receives a whole lot of data if possible
        If @error Then ;; Client has disconnected
            $aSocket[$x] = -1 ; Socket is freed so that a new user may join
            ContinueLoop ; Go to the next iteration of the loop, not really needed but looks oh so good
        ElseIf $sNewData Then ; data received
            $sBuffer[$x] &= $sNewData ;store it in the buffer
            If StringInStr(StringStripCR($sBuffer[$x]),@LF&@LF) Then ; if the request has ended .. 
                $sFirstLine = StringLeft($sBuffer[$x],StringInStr($sBuffer[$x],@LF)) ;; helps to get the type of the request
                $sRequestType = StringLeft($sFirstLine,StringInStr($sFirstLine," ")-1) ;; gets the type of the request
                If $sRequestType = "GET" Then ;; user wants to download a file or whatever .. 
                    $sRequest = StringTrimRight(StringTrimLeft($sFirstLine,4),11) ;; let's see what file he actually wants
                    If $sRequest = "/" Then ;; user has requested the root
                        $sRequest = "/index.html" ;; instead of root we'll give him the index page :)
                    EndIf
                    $sRequest = StringReplace($sRequest,"/","\") ; convert HTTP slashes to windows slashes, not really required because windows accepts both
                    If FileExists($sRootDir & "\" & $sRequest) Then ;; makes sure the file that the user wants exists :D
                        $sFileType = StringRight($sRequest,4) ;; determines the file type, so that we may choose what mine type to use
                        Switch $sFileType
                            Case "html", ".htm" ;; in case of normal HTML files
                                _SendFile($sRootDir & "\" & $sRequest, "text/html", $aSocket[$x])
                            Case ".css" ;; in case of style sheets
                                _SendFile($sRootDir & "\" & $sRequest, "text/css", $aSocket[$x])
                            Case ".jpg", "jpeg" ;; for common images
                                _SendFile($sRootDir & "\" & $sRequest, "image/jpeg", $aSocket[$x])
                            Case ".png" ;; another common image format
                                _SendFile($sRootDir & "\" & $sRequest, "image/png", $aSocket[$x])
                            Case Else ; this is for .exe, .zip, or anything else that is not supported is downloaded to the client using a application/octet-stream
                                _SendFile($sRootDir & "\" & $sRequest, "application/octet-stream", $aSocket[$x])
                        EndSwitch
                    Else
                        _SendError($aSocket[$x]) ;; File does not exist, so we'll send back an error..
                    EndIf
                ElseIf $sRequestType = "POST" Then ;; user has come to us with data, we need to parse that data and based on that do something special
                    
                    $aPOST = _Get_Post($sBuffer[$x]) ;; parses the post data
                    
                    $sName = _POST("Name",$aPOST) ; Like PHPs _POST, but it requires the second parameter to be the return value from _Get_Post
                    $sComment = _POST("Comment",$aPOST) ;; Gets the comment
                    
                    _POST_ConvertString($sName) ;; Needs to convert the POST HTTP string into a normal string
                    _POST_ConvertString($sComment) ;; same ..
                    
                    FileWrite($sRootDir & "\index.html", FileRead($sRootDir & "\index.html") & "<br />" & $sName & " made comment: " & $sComment) ;Ofcourse, in real situations you have to prevent people to use HTML/PHP/Javascript etc. in their comments.
                    ;; The last line adds whatever Name:Comment said in the root file .. this creates some sort of chatty effect
                   
                    _SendFile($sRootDir & "\index.html", "text/html", $aSocket[$x]) ; Sends back the new file we just created
                EndIf
                
                $sBuffer[$x] = "" ;; clears the buffer because we just used to buffer and did some actions based on them
                TCPCloseSocket($aSocket[$x]) ;; we have defined connection: close, so we close the connection
                $aSocket[$x] = -1 ;; reset the socket so that we may accept new clients
                
            EndIf
        EndIf
    Next
    
    Sleep(10)
WEnd

Func _POST_ConvertString(ByRef $sString) ;; converts any characters like %20 into space 8)
    $sString = StringReplace($sString, '+', ' ')
    StringReplace($sString, '%', '')
    For $t = 0 To @extended
        $Find_Char = StringLeft( StringTrimLeft($sString, StringInStr($sString, '%')) ,2)
        $sString = StringReplace($sString, '%' & $Find_Char, Chr(Dec($Find_Char)))
    Next
EndFunc

Func _SendHTML($sHTML,$sSocket) ;; sends HTML data back to the client on X socket
    Local $iLen, $sPacket, $sSplit
    
    $iLen = StringLen($sHTML)
    $sPacket = Binary("HTTP/1.1 200 OK" & @CRLF & _
    "Server: ManadarX/1.0 (" & @OSVersion & ") AutoIt " & @AutoItVersion & @CRLF & _
    "Connection: close" & @CRLF & _
    "Content-Lenght: " & $iLen & @CRLF & _
    "Content-Type: text/html" & @CRLF & _
    @CRLF & _
    $sHTML)
    $sSplit = StringSplit($sPacket,"")
    $sPacket = ""
    For $i = 1 to $sSplit[0]
        If Asc($sSplit[$i]) <> 0 Then ; Just make sure we don't send any null bytes, because they show up as ???? in your browser.
            $sPacket = $sPacket & $sSplit[$i]
        EndIf
    Next
    TCPSend($sSocket,$sPacket)
EndFunc

Func _SendFile($sAddress, $sType, $sSocket) ;; Sends a file back to the client on X socket, with X mime-type
    Local $hFile, $sImgBuffer, $sPacket, $a
    
    $hFile = FileOpen($sAddress,16)
    $sImgBuffer = FileRead($hFile)
    FileClose($hFile)
   
    $sPacket = Binary("HTTP/1.1 200 OK" & @CRLF & _
    "Server: ManadarX/1.3.26 (" & @OSVersion & ") AutoIt " & @AutoItVersion & @CRLF & _
    "Connection: close" & @CRLF & _
    "Content-Type: " & $sType & @CRLF & _
    @CRLF)
    TCPSend($sSocket,$sPacket)
   
    While BinaryLen($sImgbuffer) ;LarryDaLooza's idea to send in chunks to reduce stress on the application
        $a = TCPSend($sSocket,$sImgbuffer)
        $sImgbuffer = BinaryMid($sImgbuffer,$a+1,BinaryLen($sImgbuffer)-$a)
    WEnd
   
    $sPacket = Binary(@CRLF & _
    @CRLF)
    TCPSend($sSocket,$sPacket)
    TCPCloseSocket($sSocket)
EndFunc

Func _SendError($sSocket) ;; Sends back a basic 404 error
    _SendHTML("404 Error: " & @CRLF & @CRLF & "The file you requested could not be found.", $sSocket)
EndFunc

Func _Get_Post($s_Buffer) ;; parses incoming POST data
    Local $sTempPost, $sLen, $sPostData, $sTemp
    
    ;Get the lenght of the data in the POST
    $sTempPost = StringTrimLeft($s_Buffer,StringInStr($s_Buffer,"Content-Length:"))
    $sLen = StringTrimLeft($sTempPost,StringInStr($sTempPost,": "))
   
    ;Create the base struck
    $sPostData = StringSplit(StringRight($s_Buffer,$sLen),"&")
    
    Local $sReturn[$sPostData[0]+1][2]
    
    For $t = 1 To $sPostData[0]
        $sTemp = StringSplit($sPostData[$t],"=")
        If $sTemp[0] >= 2 Then
            $sReturn[$t][0] = $sTemp[1]
            $sReturn[$t][1] = $sTemp[2]
        EndIf
    Next
   
    Return $sReturn
EndFunc

Func _POST($sName,$sArray) ;; Returns a POST variable based on their name and not their array index. This function basically makes up for the lack of associative arrays in Au3
    For $i = 1 to UBound($sArray)-1
        If $sArray[$i][0] = $sName Then
            Return $sArray[$i][1]
        EndIf
    Next
    Return ""
EndFunc

Edited November 20, 2008 by Manadar

[james3mg]

@Manadar- see the PM I sent you about a possible security flaw that I decided would be stupid to post publically.

If I'm wrong, I'll update here so I don't scare the readers of this thread

Edited November 20, 2008 by james3mg

[WeMartiansAreFriendly]

Nice Manadar.

Sorry to bother you, I was wondering if you could use these UDFs as a part in your webserver?

http://www.autoitscript.com/forum/index.php?showtopic=74325

http://www.autoitscript.com/forum/index.php?showtopic=78602

Edited November 20, 2008 by Kastout

[jvanegmond]

Nice Manadar.

Sorry to bother you, I was wondering if you could use these UDFs as a part in your webserver?

http://www.autoitscript.com/forum/index.php?showtopic=74325

http://www.autoitscript.com/forum/index.php?showtopic=78602

Thanks for the suggestion, but no.

"On event driven" TCP in my personal opinion is only useful when dealing with other things at the same time , such as GUI. The other isn't an UDF, but isn't required either way.

AutoIt has native functionality for TCP, no extra UDFs required, and I intend to use it that way.

[WeMartiansAreFriendly]

Thanks for the suggestion, but no.

"On event driven" TCP in my personal opinion is only useful when dealing with other things at the same time , such as GUI. The other isn't an UDF, but isn't required either way.

AutoIt has native functionality for TCP, no extra UDFs required, and I intend to use it that way.

That's nice too know. Keep it simple.

[jvanegmond]

@Manadar- see the PM I sent you about a possible security flaw that I decided would be stupid to post publically.

If I'm wrong, I'll update here so I don't scare the readers of this thread

I've updated the source code fixing the security flaw you pointed out in your PM along with some other things that I've fixed previously. Added some mime-types and updated with extensive comments.

All in all, it's worth downloading again.

Thanks so much for finding the security hole, james! I'm glad you found it before anyone got hurt.

[JRowe]

Good script, Manadar. Hows it hold up, performance wise? Have you done any stress tests?