.

If not complete, you will receive Internal Server Error Then when you look into the server error log, you will see something like malformed header from script. Bad header or header terminated prematurely.
The error and access logs can be found by using the Locate command "locate httpd.conf", "locate error_log", or "locate access_log"; in my case "/etc/httpd/conf/httpd.conf", "/var/log/httpd/error_log" and "/var/log/httpd/access_log".

(2)File and Directory permission is very important.
Create scripts as the same user / group as the HTTPD server.
If not, be sure to change them later to whatever is in the
httpd.conf file under User / Group.
In my case, User Apache and Group Apache.

Next I have my test function. Test functions do not have prototypes. There are removed just before the last compile. If you put test function at the top of the function it will be auto prototyped.
I do debugging the old way with cout, printf(), and printing to a file. I do use Breakpoints, watches, and sometimes output to a terminal.
Debugging a CGI script is different than most programs. Let's look at the test function.

Create a directory like Docs -> Programming -> C_CGI and put the test function in it.
Our test function has 2 int and 2 char types. TM(int a,char *b, char *c, int d); If you look at the return >%d,%s,%s,%d< you will see there are no spaces. This is so I can see spaces. If you want the return from unencode (usern, usern+lensize, pasw); that in the int inputfile(char *pasw, int lensize, char *usern); function that has 2 char types and no int types you might do this TM(0,usern,pasw,0); But if you did this instead, TM(strlen(pasw),pasw, usern, strlen(usern)); you could get the length of each string as well. This might return something like "10,bob 123456, bob 123456 ,12" so we can see that all "the visible charters" are the same. But there is a space at the beginning and end of pasw (return from the FORM). This would account for the 2 different wright? So, I changed the password file to read "bob 123456" with the 2 spaces. Now, the function was "12, bob 123456 , bob 123456 , 12" But I still got "INVALID PASSWORD!". Why? Well, to find out I add a function to send the output to a file, and this is what I saw in the file. The first line is the usern from the FORM return, second line is pasw from the FORM. The thread is both usern and pasw from the password file (pasw.fle). It's obvious what's wrong now.

What I thought was a middle space is a "next line" instead. This is why in the function unencode() we see

The first line reads: if the src charter is a & then the dest character will be a \n (next line).
The next line reads: if the src charter is a & then the dest character will be a space.
The unencode() does not change the src it just creates the derc .If we used an "if" statement here then we would have ended up with a \n and a space and the disc output would have been 1 character longer then the src. But, we used the "else if" statement-when any one is true all the rest are not evaluated so the output of both the src dest are the same length. So we got a "next" line because it was first. So I commented out the first "else if" so we would get a space, not a "next" line.

Basically, there are 2 ways to pass data from a form to a cgi script, POST and GET. We are using POST. It is efficient, harder to capture, and is not limited to size. Here is the code sniplet that receives the data from the form, translates it, and stores it.

Line 1 The RAW output from the form look like this: "=bob&=123456" We decided to limit the name field to 20 and the password field to 20. (20 + 20 + 3 = 43)
Line 2. We also decided the minimum size of the name/password would be 4 (4+3=7). When you are done testing, change this to a higher number.
Line 3 is a char pointer to the environment string, length in charters. Everything that's returned by getenv() is a string. Line 8 converts the character string to a long stored in len line 6.
line 4 is an area of characters that holds the data returned from fgets(usern, lensize+1, stdin); in the function int inputfile(char *pasw, int lensize, char *usern); higher in the code. stdin == Standard Input (a buffer that filled by POST output). lensize+1 is long len passed to function inputfile(DecBuffer, len, RawBuffer); line 6 and 10 usern is char area RawBuffer[(3 * strsize) + 1]; also passed by inputfile(DecBuffer, len, RawBuffer);. Why is RawBuffer (Raw input) 3 times the DecBuffer ? Because the extended characters(some are #, $ %) are sent as character codes which start with a % and 2 numbers. Like %25 may be a # . If the user used nothing but extended characters the raw input would be 3 time the size of the decoded output. Line 5 is the area for the decoded output from function (some call functions modules) void unencode(char *src, char *last, char *dest);
Line 7 gets the length of the string in stdin and stores it in char pointer lenstr. Line 8 converts the string to a long int. So we can compare sizes in line 9 and 10. sscanf() is a highly used function.
Line 9 is important becouse "you should always compare the size of a string returned from a form". Why? The user has control of the form. All he needs to do is remove the html form line MAXLENGTH="20" and he can post the content of a book, overloading your server.
Line 10 sends the 2 buffers (by reference) and the length of the string to int inputfile(char *pasw, int lensize, char *usern);.
BY REFERENCE? There are 2 ways to send data "by copy" or "by reference". You can send a copy of the data. Then there are 2 copies of the data in memory. Or you can send a reference to the data.

Now let's look at this function.

This function puts (lensize + 1) of stdin into the buffer usern (RawBuffer). Then unencode() is passed the first char of usern (RawBuffer), and the first char of pasw (DecBuffer).
fgets()reads the stdin and then adds a '\0' (EOF, end of file) to the end of the buffer. That why RawBuffer[(3 * strsize) + 1]; is 3 * strsize "+ 1". usern+lensize points to the '\0'. If I am wrong, e-Mail me. I got this code off the Internet over 10 years ago and do not know for sure how it works anymore.

for(; src != last; src++, dest++)
Says as long as the src (RawBuffer) charter is not the EOF ('\0') last character; get the net src character and add 1 to the dest buffer.
if(*src == '+') *dest = ' ';
If the src charter is a + then make the dest character a space. If the src character is a +, the rest of the "else if" statement is not evaluated. This makes the "if, else if" loop faster then the "if statement". The rest is the same till you get to

If there is a % it will be followed by a 2 digit number representing an extended character. sscanf() gets the 2 and stores the character they represent in the address of int code (*dest = code). Then add src = src + src + src. Like if the string was %25bcdef. src would jump over %25 and now be b.
else *dest = *src; If it is none of the above, just copy the src into the dest. Now the (if, else if, else) statement ends with an else. So, it will jump to the top of and loop untill we get a '\0' then it will jump out of the (if, else if, else) statment without putting the '\0' into the character dest and execute the *dest = '\n'; adding a new line then *++dest = '\0'; add a '\0'. The ++ elements the dest (dest = dest + dest).
This is the end of transcoding. I hope you can see what I am trying to say. It is easier to do than explain.
Now we have a buffer with the transcoded string from the form.
Note -> In this code does not use many brackets, this is legel but not a good idea. if(*src == '+') { *dest = ' '; } is easy to read. Also pointers are the heart of C/C++ programs. If you learn how to use pointers your code will be faster and smaller.

j = readpasw(DecBuffer); is next.

NOTE -> about files usage. Have all the things done before opening a file then do what you have to do as fast as you can. Then close the file. A file should be open only as long as possible. Files are vulnerable when they are open. Be sure to close every file you open.
Be sure not to delete memory you did not allocate. Don't use "new, and delete" with "calloc, malloc, and free" in the same program. Use one set or the other but not both.

This one was pretty simple.
Next

This function works fine, but it could be better. Can you see how?
In a sense we have control of the web page that is being referenced. (../admin/index.html) What would happen if we forgot the maximum length was 80 when we write the index.html file? fgets() retrieves a line at a time.
So, it would read the first 80 characters and not the rest. Since we used sizeof(buffer) we would not overload our buffer. Also if we are writing the index.html file, we would already have lines 7,8,9,15, and 16. Why have them twice?
Now look at line 2. What is wrong with it?
tofile is already defined. In the globals " #define tofile "../admin/index.html" " So, it is unnecessary. This should generate a warning but not an error at compile time. Here is a rewrite of this function.

This function is faster, does not waste memory, and uses dynamic memory.

loge_file() is next.
This function is designed to write to one of two files. If correct name/password to access.log, if incorrect error.log .

This function acccepts an int mode of 1 or whatever. If it's 1 it writes to the access.log file. If it anything else it writes to the error.log file. Both enters username password and time to the second in the file. If you read this article up to here, you already know most of this. So I will cover what's new.
What's new? The time and file locking functions.
Let's start with time, if you have the time ! ).
time_t t is a struct defined in time.h, time(&t) stores the time, measured in seconds, since January 1, 1970 in the memory pointed to by t. ctime(&t) converts t to Current Time. It looks like the time(&t) is not needed. But if you comment it out, you will get a fully formatted time but it will be the wrong time. With it commented out I got "Wed Dec 31 18:00:13 1969" With it in I got "Sun Nov 9 16:27:56 2008". Well, that's all the time I have for time()
! ).

FILE LOCKS.
You could write a book on file locks and I am sure there are plenty.
When you read a file you don't need a file lock, in most cases, when you do, a shared lock will do. But when you are writing to a file you should lock the file. Or in some cases lock the part of the file you are using.
There are two types of file locks: "Full file lock" and "record locks". There are two ways to lock a file: "shared" and "exclusive". There are two ways to place a record lock: "advisory" or "mandatory", and are advisory by default. And one more you can use, a predefined function or create your own.
If the file you are writing to is used only by your script, as they are in our case, you can write your own. It might look like this.

Then before you write to a file you check to see if ttemp.tmp exists, if it does, wait; if not, write. You would put file_lock(1); before you open a file for write, and file_lock(2); after the you close the file. There are two advantages: 1, it always works. 2, you can lock more then 1 file at a time. The disadvantage is if your script crashes, the file will be locked.
Two of the file lock functions are fcntl and flock. Both were written with open() in mind. So to use then you will need to use fileno() to convert the int return of open() to a FILE pointer of fopen().
Open's prototype is "int open(const char *pathname, int flags);" and fopen's "FILE *fopen(const char *path, const char *mode);"
fcntl() has a struct. And the struct's prototype looks like this.

To use fcntl() first you create a struct that is a copy of fcntl's struct flock like this.

char *data = (char *) 0; is a NULL GLOBLE POINTER. Glober becouse it not in a function including the main(). This allows any function to use it including the main(). It is a NULL pointer becouse it does not point to a valid memory address. We have type-cast "(char *) 0" to 0. We will reference it latter. (pointer = variable). Globles and #defines are frand on today. It does not need to be a NULL pointer. A regular pointer would do. I chouse a NULL pointer so I could use it in eather the get_post() or get_get() but not both. "#define error 1"Sometimes you use #defines to make the code more readable, or ezer like #define pie 3.14179 .

This function is sent a string by reference (char *str) that it prints to the web browser through a vertual web page. "int nexit" is used to tell the function if to exit or not (if error exit else return). Becouse you can not compare an int to a char* I created an allus for error "#define error 1" So if you use "error" or 1 it will exit. Otherwise it will return to the calling function.

This function (modual) reads the environment variables "REQUEST_METHOD" to determen if the form used POST or GET. strcmp() function compares the two strings if there the same returns a 0. You could have strcmp(type,"POST") and it would work fine. But I like to compare pointers to pointers and strings to strings. I also compared POST first becouse I use it most. The line "else { return_message(error1,error);" So something will be returned to the browser.
Whot is wrong with this function?
You do not need to compare GET. If the line, in you form, read method="" you would stell get a return of GET. Becouse the server will defuilt to GET, so the return will be POST or GET. To test this put "return_message(type,error);" before line 8 and after line 6. Then change the method="" on the form to whotever. DON'T FORGET TO "CLEAR PRIVATE DATA" and REFRASH THE WEB PAGE (F5).
Set the form to read POST by adding <!-- before "<FORM action="http://www.issw.loc/cgi-bin/postget" method="GET">" and adding --> after. Then remove <!-- before "<FORM action="http://www.issw.loc/cgi-bin/postget" method="POST">" and remove --> after.
New compile and build the code (F9 then F11) then copy it to the cgi-bin directry. Make shere your network is running and the web server is running. Ofcourse you would change www.issw.loc to 127.0.0.1 or your address as in the hosts file.
So the rewrite look like this.

The next function is.

Line 8 returns the size of the string. The data does not terminated with a end-of-file character (\0). Ofcourse it is a character not an int. Line 9 test to see if there is anything in the "CONTENT_LENGTH" environment variables. If there is converts the string to an int. atoi() does not do error checking. So you do if(char_size != NULL). Line 11 chackes to see if it is too long or short. Line 13 allocates aneff memory for the data and a end-of-file character. Line 14 chackes if the memory was allocated or not. Line 15 uses fgets(): If you look up fgets() (man fgets) you will see the prototype "char *fgets(char *s, int size, FILE *stream);" the last arument is FILE *stream. Becouse it says FILE you may not know it will read any type of stream. A stream is a stream ofcourse unless the stream is MR. ED : ) . Line 16 adds a EOF character. If you put *data = '\0'; The return would be a blank becouse this put the EOF at the begining of the string but it does not flush the stream. The browser will not read after the EOF character. data = '\0'; will return a (NULL). "memset(data,'\0',strlen(data));" Line 17 is a test to see if it worked. Uncomment it and see the return. You shud see the RAW data from the form. If you do this function and get_method(); function works. When you look at the return in you web browser, look at the end of the string "SEND=SEND" If you buffer is too short there will not be a last D. When allocating memory for areas or stream buffers be shure there big aneff. When a buffer is too short all sort of odd thing happen. And when reading or writing to a buffer don't over read or over full a buffer. Line 18 send something to the browser if the function works. You may knotest I do not check returns. That is becouse the web browser will let you know if it worked or not. One final throught '\0' is not the same as "\0", '\0' is one character "\0" is a stream. The next function.

If it's not POST it's GET. Line 2 Character pointer that will recive the form return. Line 7 gets the content of the environment variables "QUERY_STRING" and puts it into querystring. Line 8 if "QUERY_STRING" is not empty then gets the length of the string, else return an error. Line 10 if the length is larger the the max_length, defined in the globle section above, return an error. The maxuam length of GET is 128 characters INCLUDING THE TERMINATER. So, at most you can send 127 characters. The terminater is add automaticly. Line 11 allocates the memory of the right size. Line 12 checks if the memory was allocated or not. Line 13 copys the string pointed to by querystring. You might ask yourself. If querystring only points to the first character of the string. Then how does strcpy() function know when to stop copying? It will copy tell it hits a NULL terminater and it will copy that terminating NULL byte as wall. My point is. If there is not a NULL terminater. strcpy() will overfull the buffer and most likly crash. But in this case there is a NULL terminater. when you are copping a string that does not have a terminater use strncpy(). It's prototype is "char *strncpy(char *dest, const char *src, size_t n);" size_t n = the number of characters you wount to copy, and then add the NULL terminater. Line 14 runs the function transcode() decusted next. Line 15 is a test function to check this function. You can use the test function to test the return from the transcode() function also. Jest change data to outp. Line 16 send a message to the browser.

transcode();

If you look at the unencode() function in the password program above. You will notiest this function is different. Even though thay do the same thing. I wounted to show there is more then one way to do the same thing. Also, this method show how to use pointer in a diffent way. C/C++ is one of the most versital, fast, and extendable lanuages there is and pointers are vary useful. Ofcorse to get all this means the language is a little harder then some, therefor not for everyone. Line 1 declares and inishalizes x and y to 0. Line 2 Is a pointer to an error message. Line 3 and 4 is allocates memory and checkes if memory was allocated. Why is 2 added to the size? becouse of line 17 and 19 add 2 characters. Why is len + 2 in parefacess? Percedence 5 + 2 * 2 = 9, (5 + 2) * 2 = 14. Percedence is the order that operrations are executed. "*,/,+,-". If you use parefacess in you math, not only will you be less likly to error but it is ezerer to read. Line 5 for(;x < len; x++,y++ ). becouse we are only going to use this function one time and becouse we inisshalized x and y when it was declared. We do not need to inisulaze x and y in the for loop "for(x=0,y=0;x < len; x++,y++ )". Lines 6,7,and 8 exzamens the input and creates the apropet output. Line 9 - 14 if the input is a % the get the scan code for extended character. Line 15 if it is none of the above then jest copy the input to the output. After the raw input is transcoded line 17 - 19 addes a next line character and then a NULL terminater. Why do we add a next line character and then a NULL terminater? When we know there is a NULL terminater sent from both get_post() and get_get() functions? Whell I like to make shere there is at lest one. In fact there not needed.
There is one real change in the code between unencode() function in the password program and this function. Line 8 creates an '/n' (next line) where there is a '&'. Where the password program creates a space ' '. Why? First there is no identifer passed for username or password in the HTML FORM "INPUT TYPE="text" NAME="" SIZE="20" MAXLENGTH="20" -- NAME="". And the password program always come with 2 values and in the same order. The raw input from the form look like =username&=password. Then the trancoded output migth look like "bob 123456abc". This works fine as long as you know the order of the values and there is no spaces.

Lets look at the raw input and the output of this function.
input
FNAME=Gary&LNAME=Russell&ADDR1=1127+Acane+Drv.&ADDR2=Spit%2CMo&ZIP=64355&SEND=SEND/0
output
FNAME Gary\nLNAME Russell\nADDR1 1127 Acane Drv.\nADDR2 Spit,Mo\nZIP 64355\nSEND SEND/0/n/0

New lets think about 3 ways this info mite be used. In a file, database, or displayed from the web browser. How might we use this output? In a file it would be ezeey. The output to the file would look like. A redy made address book.

In a database you would need to compare the idenifier and then copy the value to the database.
In the return to a web browser you would replace the '\n' with a "<BR>" .
The code, to be sutible for a libubary needs to be versital aneff to acomplase a number of task but not be so defined that it can only be used in a fue casses. The secread of a libuary function is to know when to quit.

Hear is the main().

At this point you have lernt how to create a single, perpritary cgi password script. And a more visital, all-perpes cgi program. By adding onto this code you can recive the input from any form, translates it, and use it.