Excite for Web Servers Search Results

#!/bin/sh perl=/usr/local/bin/perl eval "exec $perl -x $0 $*" #!perl ## Copyright (c) 1996 Excite, Inc. ## ## This CGI script allows users to generate an Excite, Inc. database ## query page and result page. Naturally, there are plenty of security ## concerns associated with this scheme. ## ## This script appears as several different web pages, depending on ## its invocation. If invoked with a 'db=' argument, the ## script prints out the configuration information for a particular ## database and then allows the user to input a description of the ## database for the pages it will generate. If ## invoked with 'Generate=Generate', 'dbname=', ## 'describe=', and 'unprefix=' ## it will generate files for a database which has an existing database ## configuration file. ## Without any of these arguments, it displays a list of currently ## existing database.conf files, and allows the user to choose a database ## for which to generate pages. BEGIN { $root = "/usr/home/photius/excite"; die "Invalid root directory '$root'\n" unless -d $root; unshift(@INC, "$root/perllib"); } $| = 1; ## don't buffer output require 'os_functions.pl'; require 'architext.pl'; require 'architextConf.pl'; require 'architext_map.pl'; $query_banner = &Architext'queryBanner(); %form = &Architext'readFormArgs; $form{'db'} = $form{'dbname'} unless $form{'db'}; %attr = &ArchitextConf'readConfig("$root/Architext.conf", $form{'db'}); if (&Architext'remoteMode($root)) { $helppath = &Architext'helpPath(); } else { $helppath = $attr{'ArchitextURL'}; } $script_suffix = &Architext'scriptSuffix(); $scriptname = "AT-generate$script_suffix"; ## check for password, if one is specified in Architext.conf ## if it doesn't appear as a form arg, present password page $password = &Architext'password($attr{'ArchitextURL'}, $scriptname, $attr{'Password'}, %form) if $attr{'Password'}; $postpass = "" if ($attr{'Password'}); $getpass = "?$password=$attr{'Password'}" if $postpass; ## remind users where they need to move generated scripts if ($form{'moveinfo'}) { &Architext'printHeader($attr{'ArchitextURL'}, "About Moving Query Scripts"); $search = "AT-$form{'dbname'}search$script_suffix"; print < You have generated the appropriate script necessary to perform searches on this collection, but they must be moved to your cgi-bin directory before you can actually begin searching.

Copy $search $gather from $attr{'ConfigRoot'} to $attr{'CgiBin'}, and you will able to start searching on your collection.

EOF ; &Architext'Copyright($attr{'ArchitextURL'}); exit; } if ($form{'Dump'}) { &Architext'printHeader($attr{'ArchitextURL'}, "View $form{'Type'} logfile"); if (! -e $form{'File'}) { &Architext'exitError($attr{'ArchitextURL'}, "Couldn't find '$form{'File'}'"); } print "

Collection Status

\n"; &Architext'printStatus($form{'db'}, $root, $attr{'ConfigRoot'}, $attr{'ArchitextURL'}, $helppath, $attr{'CollectionRoot'}, $attr{'CgiBin'}); print "

\n"; print "\n

\n";
    open(LOG, "$form{'File'}");
    while () {
	print;
    }
    close(LOG);
    print "\n

"; $filestub = $form{'File'}; $filestub =~ s|\.\w{3,4}$||; print <Possible Actions:

EOF ; if (! ($form{'Type'} eq 'progress')) { print <
EOF ; } if (! ($form{'Type'} eq 'verbose')) { print <
EOF ; } if (! ($form{'Type'} eq 'error')) { print <
EOF ; } print <
EOF ; &Architext'Copyright($attr{'ArchitextURL'}); exit(0); } if ($form{'Status'}) { &Architext'printHeader($attr{'ArchitextURL'}, "View Indexing Logfiles: $form{'db'}"); print "

This page provides access to the three log files that the indexing process creates. \n"; print "

Collection Status

\n"; &Architext'printStatus($form{'db'}, $root, $attr{'ConfigRoot'}, $attr{'ArchitextURL'}, $helppath, $attr{'CollectionRoot'}, $attr{'CgiBin'}); print "\n"; $logname = "AT-$form{'db'}.log"; $progname = "AT-$form{'db'}.prog"; $errname = "AT-$form{'db'}.err"; $urlpath = "$root/collections"; print <

Logfiles:

Possible Actions:

EOF ; &Architext'Copyright($attr{'ArchitextURL'}); exit(0); } if ($form{'Generate'}) { if ($form{'qtemplate'}) { if ((! -e $form{'qtemplate'}) || (! -r $form{'qtemplate'})) { $tmessage = " The template file you specified, '$form{'qtemplate'}', is not readable or does not exist. Please try again."; $form{'qpage'} = ""; } } if ($form{'ExciteButton'} && ($form{'bltext'} && (! $form{'backlink'}))) { $tmessage = " If you provide linktext, you must provide a backlink URL as well."; $form{'qpage'} = ""; } if ($form{'ExciteButton'} && ((! $form{'bltext'}) && $form{'backlink'})) { $tmessage = " If you provide a backlink URL, you must also provide linktext."; $form{'qpage'} = ""; } if (length($form{'bltext'}) > 20) { $tmessage = "Please limit the linktext to 20 characters or fewer."; $form{'qpage'} = ""; } if ($form{'rtemplate'}) { if ((! -e $form{'rtemplate'}) || (! -r $form{'rtemplate'})) { $tmessage = " The template file you specified, '$form{'rtemplate'}', is not readable or does not exist. Please try again."; $form{'qpage'} = ""; } } if (! -d "$form{'unprefix'}") { $tmessage = " The path prefix you specified, '$form{'unprefix'}' does not exist, or is not a directory. Please try again."; $form{'qpage'} = ""; } if ($form{'qpage'} && $form{'unprefix'}) { ## Assuming all the relevant configuration options are specified ## as form arguments, this mode generates the pages. ## also checks for required elements ## Header again &Architext'printHeader($attr{'ArchitextURL'}, "Search Page Generation: $form{'dbname'}"); if (!$form{'dbname'}) { &Architext'exitError($attr{'ArchitextURL'}, "Index specified with no dbname."); } ## Can we read the db.conf file? $dbconfig = $root . "/collections/" . $form{'dbname'} . ".conf"; if (-e $dbconfig && ! -r $dbconfig) { &Architext'exitFileError($attr{'ArchitextURL'}, $dbconfig, "does not exist or is not readable."); } ## create the default html pages here. ## on the query.html page to produce the search$script_suffix script &simpleQueryPage(); &simpleSearchScript(); $simplepage = $form{'qpage'}; $simplepage .= ".html" unless $simplepage =~ /\.html$/; ## set up proper arguments for moving scripts to cgi-bin $form{'qname'} = $simplepage; $form{'qscript'} = "AT-$form{'dbname'}search$script_suffix"; $files = "$form{'qscript'}"; if ($form{'Move'}) { $exit = ©_search_file("$root/$form{'qscript'}", $attr{'CgiBin'}, $root, $form{'dbname'}) unless ($root eq $attr{'CgiBin'}); if (! $exit) { ## Let the user know the generation was successful. print "

Generation successful.

\n"; print "

\n"; &remove_files("$root/$form{'qscript'}") unless (($root eq $attr{'CgiBin'}) || (&os_name() =~ /NT/)); ## print "

Moving successful.

"; print <cgi scripts ($files) have been generated and installed in your cgi-bin directory, $attr{'CgiBin'}. EOF ; if (-e "$root/collections/$form{'dbname'}.last") { print <Since you have already created your indexes for this document collection, you can now Start Searching! EOF ; } print < Once you have tested $form{'qname'} to your liking, feel free to move it from the Excite administration directory ($attr{'ConfigRoot'}) into a directory better suited to your needs. EOF ; } else { $warn = &Architext'errorIcon($attr{'ArchitextURL'}); print <${warn}Problem moving '$files' from $root to $attr{'CgiBin'} -- $!

Your scripts have been generated, but they were not copied into your cgi-bin ($attr{'CgiBin'}) directory because an error was encountered (probably a permissions problem) while moving the files.

$warnIMPORTANT: Before you can do queries, you will either need to move the script that was just generated ($files) from $root into $attr{'CgiBin'}, or you can try to Generate the scripts again after investigating the problem. EOF ; } } else { $warn = &Architext'errorIcon($attr{'ArchitextURL'}); ## user's cgi-bin was not writeable, so we won't try to move ## the scripts there print < ${warn}Scripts generated, but not moved.

Your scripts have been generated, but were not copied into your cgi-bin directory ($attr{'CgiBin'}), because it is not writeable by the userid your Web server is running under.

$warnIMPORTANT: Before you can being making queries, you must copy the CGI scripts that were generated into your cgi-bin directory.

Copy $files from the directory $root to the cgi-bin directory, and you can begin making queries. EOF ; } print < SECURITY ISSUE: Remember that by making the query page available to users of your Web site, you are giving them easy access to all the pages on your site that have been indexed. If you have sensitive information that you do not wish to be available to every user of your Web site, consider leaving those files out of your indexes, or consider making the search page secure in order to restrict access to it.

Possible Actions: EOF ; if (! ((-e "$root/collections/$form{'dbname'}.last") || (-e "$root/collections/$form{'dbname'}.pid") || (-e "$root/collections/new/$form{'dbname'}.err"))) { print <
EOF ; } if ((-e "$root/collections/$form{'dbname'}.pid") || (-e "$root/collections/$form{'dbname'}.last") || (-e "$root/collections/new/$form{'dbname'}.err" )) { print <
EOF ; } print <
EOF ; &Architext'Copyright($attr{'ArchitextURL'}); exit(0); } else { ## required elements were not passed in. $message = "You didn't enter a value for a required field. Please try again."; $message = $tmessage if $tmessage; $form{'db'} = $form{'dbname'}; } } if ($form{'db'}) { ## Print out configuration options for an already-existing ## database so the user knows what will happen upon page generation ## Dump our standard header &Architext'printHeader($attr{'ArchitextURL'}, "Search Page Generation: $form{'db'}"); ## Check for the desired database.conf file. $dbconfig = $root . "/collections/" . $form{'db'} . ".conf"; if (! -r $dbconfig) { &Architext'exitFileError($attr{'ArchitextURL'}, $dbconfig, "does not exist"); } ## Read all the configuration information. ## %attr = &ArchitextConf'readConfig("$root/Architext.conf", $form{'db'}); ## advise the user if required fields were not passed in $warn = &Architext'errorIcon($attr{'ArchitextURL'}); print "$warn$message" if $message; print "

The collection you have chosen has "; print "the following characteristics:\n"; ## Print the form. ## This form is just a little list of the options. &Architext'collectionCharacteristics($form{'db'}, $helppath, %attr); &printForm($form{'db'}); if ($getpass) { $getpass .= "&"; } else { $getpass = "?"; } $getpass .= "db=$form{'db'}"; &Architext'Copyright($attr{'ArchitextURL'}); exit(0); } else { ## Print out the top-level screen: scan the root directory for ## db.conf files, and allow the user to initialize a new db.conf ## file. opendir(CONF, "$root/collections"); @dbconf = grep(/\.conf$/, readdir(CONF)); &Architext'printHeader($attr{'ArchitextURL'},"Search Page Generation"); if ($#dbconf > -1) { print < Choose a document collection for which to generate query and result pages.

Existing document collections:

$postpass
EOF ; } else { print < There are no document collections currently defined. Please click on the configure button to go to the collection configuration screen.
EOF ; } &Architext'Copyright($attr{'ArchitextURL'}); } ## Prints an input line for a form. sub printLineItem { local($name, $text) = @_; local($val); $text = $name unless $text; $val = eval "\$attr{$name}"; print qq(

$text: $val\n); } ## Prints out the Architext form. Uses dynamic scoping to ensure that ## the values in the %attr array are properly set. sub printForm { local($db) = shift; local ($size) = 30; print qq(

\n); if (($attr{'CgiBin'}) && (-w "$attr{'CgiBin'}")) { print qq(\n); } $pprefix = $form{'unprefix'} || $attr{'HtmlRoot'}; $qimage = $form{'qimage'} || "$attr{'ArchitextURL'}pictures/$query_banner"; $size = (length($pprefix)+10) unless ((length($attr{'HtmlRoot'})+10) < 30); $qlength = (length($qimage) + 10); print <

Optional Information

Enter Banner Image to appear at the top of query and result pages:

Enter a brief description of the contents of your database for use in the query page. The generated query page will appear in $attr{'ConfigRoot'}. $form{'describe'}

Allow internet-wide searches on excite on the generated search page. EOF ; if (&Architext'backlinkMode()) { $blval = $form{'backlink'} || "http://$ENV{'SERVER_NAME'}:$ENV{'SERVER_PORT'}$attr{'ArchitextURL'}AT-$form{'db'}query.html"; $blsize = length($blval); print <If you would like internet-wide excite searches to provide a link back to your site, fill in the blanks below:

Backlink:

Linktext:

Advanced Customization Information

Enter the name of a query template file:

Enter the name of a query-results template file:

Possible Actions:

Generate the query pages and scripts need to perform queries. $postpass

EOF ; } ## creates the script that actually performs the searches sub simpleSearchScript { local($scriptname, $preflag, $postflag); local($umapfile, %mappings); $preflag = $postflag = 0; $scriptname = "$root/AT-$form{'dbname'}search$script_suffix"; &remove_files($scriptname); open(SCRIPT, ">$scriptname") || &Architext'exitError($attr{'ArchitextURL'}, "Could not open '$scriptname' for writing"); ## standard header information if (&non_shell_invocation_ok($attr{'PerlRoot'})) { print SCRIPT "#!$attr{'PerlRoot'}\n\n"; } else { print SCRIPT "#!/bin/sh\n"; $aproot = $attr{'PerlRoot'}; $aproot =~ s/\\/\\\\/g; print SCRIPT "perl=$aproot\n"; print SCRIPT "eval \"exec \$perl -x \$0 \$*\"\n"; print SCRIPT "#!perl\n\n"; } $aroot = $root; $aroot =~ s/\\/\\\\/g; print SCRIPT "\$root = \"$aroot\";\n"; print SCRIPT "unshift(\@INC, \"\$root/perllib\");\n"; print SCRIPT "require 'architext_query.pl';\n"; print SCRIPT "require 'ctime.pl';\n"; ## insert db specific information here print SCRIPT "\$aurl = \"$attr{'ArchitextURL'}\";\n"; print SCRIPT "\$db = \"$form{'dbname'}\";\n"; $acroot = $attr{'CollectionRoot'}; $acroot =~ s/\\/\\\\/g; print SCRIPT "\$index = \"$acroot\";\n"; $ahroot = $attr{'HtmlRoot'}; $ahroot =~ s/\\/\\\\/g; print SCRIPT "\$hroot = \"$ahroot\";\n"; $aexec = $attr{'SearchExecutable'}; $aexec =~ s/\\/\\\\/g; print SCRIPT "\$binary = \"$aexec\";\n"; ##create the url edit option here by getting all the mappings $umapfile = "$root/collections/$form{'dbname'}.usr" if ($attr{'PublicHtml'}); %mappings = &ArchitextMap'getMappings($attr{'HtmlRoot'}, "$root/url.map", $umapfile); $urledit = &ArchitextMap'generateURLEdit(%mappings); print SCRIPT "\$urledit = '$urledit';\n\n"; $log_file = ", '$root/query.log'" if &Architext'logMode(); print SCRIPT "\%form = &ArchitextQuery'readFormArgs;\n"; print SCRIPT "&ArchitextQuery'directQuery(\$form{'search'} || '(no search)',\n"; print SCRIPT "\t\$form{'mode'} || 'concept', \$db, \$form{'source'} || 'local', \$form{'backlink'} || '*', \$form{'bltext'} || '*'$log_file);\n"; print SCRIPT "print \"Content-type: text/html\\n\\n\";\n"; ## insert standard template code open(TEMPLATE, "$root/AT-template.cgi") || &Architext'exitError($attr{'ArchitextURL'}, "Could not open '$root/AT-template.cgi'"); while ($tmpstr =

Generation successful.

Moving successful.

$pre_anchor$post_anchor

$pre_anchor$post_anchor