FLFSS Source Code Listings

Below, you may select any map or table you wish to view the filePro source for the activity denoted. All tables are for use "AS-IS", and come with no warranty, express or implied. During development especially, tables may indeed have bugs in them, or may be out of date, although I'll try to avoid both situations.

This source is made available for public instruction purposes. The project relies on the generic CGI gateway package, OneGate, and will not function without it. This project serves as a demonstration of the ease with which one can build a functioning web-enabled product using CGI methodology inside filePro, using the OneGate product.

All code is copyrighted to Mark Luljak <fairlite@fairlite.com>, but may be used either (1) without credit, if you license OneGate; or (2) with credit if you modify segments for use without OneGate. Credit must include the following notice, conspicously present on all output data in any application using any code derived from mine: "Portions, Copyright 2004, Fairlight Consulting <fairlite@fairlite.com>."

For documentation and information about OneGate, please follow the link above, and/or email me.

Fairlight->

General Package Flow

FLFSS is pretty straightforward in operation. Let's quickly review how it basically works:

As a starting note, all processing tables run under the flfss_control database. In OneGate, a "slot" number is assigned to each currently running OneGate session, beginning with 1 and going upwards to the number given to OneGate for max_session_count. At any given execution, the lowest possible open slot is used. On the filePro side, the flfss_control database itself is populated with 128 records. When OneGate calls rreport, I use "-sr %n" to avoid record locking issues, as the record used in the table corresponds to the slot number OneGate has assigned to its transaction, which by design can never overlap. That said, let's move on to the actual flow.

• All users must register. While the entry point is the login program, if you are not registered, there is a link present that will take you to the registration process. There, you may choose your username, password, you must fill in your email address, and you can optionally supply your name and URL to your homepage. You may also choose whether or not you wish to utilise cookies with this suite. They are not mandatory, however, due to the implementation of true session management, which we'll get to in a bit.

• Once registered, one is given a link to log in. If cookies are utilised, one is taken directly to the main user menu. If cookies are not utilised, one must enter one's username and password, and will be taken to the main user menu upon successful authentication.

• From the main user menu, one has several choices:

  1. List User Accounts - This lists all user accounts. Usernames are links to the indexes of stored files for each respective user. Links are also presented for the users' email and web addresses if they were provided by the user at registration. From this list (or the list resultant from a search), you may click on any username to view that user's available files.

  2. Search For User/Files - With more than a few users, a full listing might be ungainly, or simply not desirable unless you wanted to browse through all available users. With this option, you can search by partial username, first name, or last name, and an index of all matching users will be presented as described in the previous option's details. Similarly, you may search for users who own a filename (or a file that matches a partial filename, (e.g., .mp3), and only those users who have such files will be listed.

  3. Upload A File - You may choose this option and upload a file to your personal "space". Any files you upload are associated with your username. You may include an optional description of the file, and you may also protect the file with a password if you desire.

  4. Manage Account And Files - This option will automatically bring up the index of your own files, including status indicators for deletion status, restriction status, and the number of times it was downloaded. Each file also has links that will let you soft delete, hard delete, or undelete a file. Soft delete simply makes the file invisible to everyone in file listings--even you, but retains the actual file in the filesystem for later undelete operations. You can only see soft-deleted files in the file management index. Undeleting is like restoring from Windows' recycling bin, and restores a soft-deleted file to visibility. Hard deletion removes the file from the filesystem and deletes the record associated with that file. In addition, you may remove password protection from a file, change the password, or change the description of the file. You may also change your account's email address, URL, or password from this page, or you may cancel your account (which deletes all your files automatically) entirely.

  5. Forget Me (Remove Cookie) - If you chose to utilise cookies, you may choose to disable this functionality at any point by choosing this option. Note that this option will only appear if you have cookies currently enabled.

• When you find any user and select them, you are shown what files they have uploaded and made available for download. If you select any file, it will download. If you are in Windows and have an applicaiton associated with the extension, it may open. You may right-click on any file and use Save As... to save the file to disk instead.

• When you upload a file, its name and size are confirmed, and you are given a link to go back to the menu.

• If you remove your cookie, you are taken back to the menu, which no longer contains the option to remove your cookie, since it's just been removed. This does not end your session.

This would be a good time to talk about session management. Every time you log in, whether it be automatically via cookie, or via manual authentication, you are assigned a session ID. This ID is passed with you from program to program within the suite. No program accessible after the login process will function without a verifiable session ID. Sessions expire after 30 minutes of inactivity. Use of any program will refresh the life of the session to a full 30 minutes of time remaining. Session IDs are unique, and cannot be forged. Nobody can hijack your session from another computer and pretend to be you, as the IP address of the computer attempting to use a session ID is checked against the IP address of the computer it was assigned to. Session ID's are always used, irrespective of whether you utilise cookies to automatically log in. If a session ID expires due to inactivity, users not using cookies will be asked to re-authenticate themselves at the login page, while users using cookies will simply transparently be assigned a new session ID on-the-fly, as if they'd just logged in again. Using sessions, one can be assured at all times that a user is authenticated, know who that user is, and be able to handle any specific behaviours associated with that user. Strict use of sessions ensures that transactions cannot be forged.

That sums up the basic flow and functionality of this package.

Processing Tables

• Display a page once you've cancelled your account -
  prc.canceldone (Last Modified: 27-Jan-2004, 02:51:51 EST)

• Generate a form for verifying your desire to cancæl your account -
  prc.cancelform (Last Modified: 27-Jan-2004, 02:51:51 EST)

• Clean left-over session ID records more than 2 days old (used from crontab, not from the web interface) -
  prc.clean_sessions (Last Modified: 27-Jan-2004, 02:51:51 EST)

• Clean Strings of dangerous shell meta-characters and strip/convert spaces -
  prc.clean_strings (Last Modified: 27-Jan-2004, 02:51:52 EST)

• Create a user account -
  prc.create_account (Last Modified: 27-Jan-2004, 02:51:52 EST)

• Determine a file's MIME type for download -
  prc.determine_mimetype (Last Modified: 27-Jan-2004, 02:51:53 EST)

• Download a file stored on the server -
  prc.download_file (Last Modified: 27-Jan-2004, 02:51:53 EST)

• Generate a form for entering a password for protected downloads -
  prc.downpassform (Last Modified: 27-Jan-2004, 02:51:53 EST)

• Generate a page with a passthru link so you can either view or "Save Target As..." on password protected files-
  prc.downpassthru (Last Modified: 27-Jan-2004, 02:51:54 EST)

• Generate a general HTML error page (to be used only for code errors, not business rules!) -
  prc.generr (Last Modified: 27-Jan-2004, 02:51:54 EST)

• Insert a session ID into the session ID database -
  prc.insert_session (Last Modified: 27-Jan-2004, 02:51:54 EST)

• List all user accounts in the database -
  prc.list_accounts (Last Modified: 27-Jan-2004, 02:51:55 EST)

• List all accessible files for a user that are present in the database -
  prc.list_files (Last Modified: 27-Jan-2004, 02:51:55 EST)

• Log in to the system -
  prc.login (Last Modified: 27-Jan-2004, 02:51:56 EST)

• Generate a result form for successful login -
  prc.logindone (Last Modified: 27-Jan-2004, 02:51:56 EST)

• Generate a form to use for login, or bypass form altogether if cookie is validated -
  prc.loginform (Last Modified: 27-Jan-2004, 02:51:56 EST)

• Generate the the basename for a file (Windows or *nix) -
  prc.make_basename (Last Modified: 27-Jan-2004, 02:51:57 EST)

• Generate the main cookie-setting HTML string -
  prc.make_cookie (Last Modified: 27-Jan-2004, 02:51:57 EST)

• Generate an HTML string that sets the HTTP Expires: header -
  prc.make_expire (Last Modified: 27-Jan-2004, 02:51:57 EST)

• Generate a session ID string with with which one can determine a session over the entire set of programs in the package -
  prc.make_sessionid (Last Modified: 27-Jan-2004, 02:51:58 EST)

• Generate a filename for a user's fP Room share export (for push in the mini-browser) -
  prc.make_shareusername (Last Modified: 27-Jan-2004, 02:51:58 EST)

• Handle changes of email address, URL, or password for one's own account -
  prc.manage_account (Last Modified: 27-Jan-2004, 02:51:59 EST)

• Handle soft and hard deletes, as well as undeletes of one's own files -
  prc.manage_file (Last Modified: 17-Feb-2004, 10:12:01 EST)

• Bring up list of one's own files for management, along with status indicators for each -
  prc.manage_index (Last Modified: 27-Jan-2004, 02:52:00 EST)

• Reiterate the user menu once authenticated without needing to go through login all over again -
  prc.menu (Last Modified: 27-Jan-2004, 02:52:00 EST)

• Populate the control file (used for active filePro user slots) with records so that it is usable (hardwired to 128) -
  prc.populate_control (Last Modified: 27-Jan-2004, 02:52:00 EST)

• Copy the file to a publicly accessble URL on the server for use with the fP Room mini-browser for quick access during synchronised browsing or "push" operations -
  prc.publicize_file (Last Modified: 27-Jan-2004, 02:52:01 EST)

• Generate a result form for successful registration -
  prc.regdone (Last Modified: 27-Jan-2004, 02:52:02 EST)

• Generate a form to use for user registration -
  prc.regform (Last Modified: 27-Jan-2004, 02:52:03 EST)

• Make a user's cookie stale, in essence, removing it -
  prc.remove_cookie (Last Modified: 27-Jan-2004, 02:52:03 EST)

• Generate a form for searching for users -
  prc.searchform (Last Modified: 27-Jan-2004, 02:52:05 EST)

• Search for users by any of three criterion -
  prc.search_accounts (Last Modified: 27-Jan-2004, 02:52:04 EST)

• Update a session's time and date to prevent session timeout-
  prc.update_session (Last Modified: 27-Jan-2004, 02:52:05 EST

• Generate a result form for successful file upload -
  prc.updone (Last Modified: 27-Jan-2004, 02:52:05 EST

• Generate a form to use for file upload -
  prc.upform (Last Modified: 27-Jan-2004, 02:52:06 EST

• Upload a file -
  prc.upload_file (Last Modified: 27-Jan-2004, 02:52:06 EST

• Lacking encryption in filePro, at least make an effort to keep from storing the password in plaintext -
  prc.scramble_pass (Last Modified: 27-Jan-2004, 02:52:04 EST)

• Validate a session ID for any program within the package -
  prc.verify_session (Last Modified: 27-Jan-2004, 02:52:07 EST)

Map Files

• Map for OneGate table -
  onegate/map (Last Modified: 14-Oct-2004, 22:09:32 EDT)

• Map for FLFSS Accounts table -
  flfss_accounts/map (Last Modified: 09-Jan-2004, 04:10:42 EST)

• Map for FLFSS Banned Email Address table -
  flfss_banned_emails/map (Last Modified: 09-Jan-2004, 04:10:42 EST)

• Map for FLFSS Main Control table -
  flfss_control/map (Last Modified: 09-Jan-2004, 04:10:42 EST)

• Map for FLFSS File Code Number Control table -
  flfss_fcodectl/map (Last Modified: 09-Jan-2004, 04:10:44 EST)

• Map for FLFSS MIME Types table -
  flfss_mimetypes/map (Last Modified: 14-Oct-2004, 18:52:01 EDT)

• Map for FLFSS Session ID table -
  flfss_sessionids/map (Last Modified: 09-Jan-2004, 04:10:44 EST)

• Map for FLFSS File Upload table -
  flfss_uploads/map (Last Modified: 09-Jan-2004, 04:10:44 EST)

OneGate Configuration

As mentioned, this package relies on my OneGate engine to handle the CGI end of things. All you have to do in filePro is perform lookups to the onegate database to obtain your data. Configuration of OneGate is minimal for this package. Please note the simplicity of the following files:

• valid.sets file for OneGate
  
  
• config file for flfss_create_account
• environment file for flfss_create_account
• program.set file for flfss_create_account
• fields file for flfss_create_account
  
  
• config file for flfss_download_file
• environment file for flfss_download_file
• program.set file for flfss_download_file
• fields file for flfss_download_file
• cookies file for flfss_download_file
  
  
• config file for flfss_list_accounts
• environment file for flfss_list_accounts
• program.set file for flfss_list_accounts
• fields file for flfss_list_accounts
• cookies file for flfss_list_accounts
  
  
• config file for flfss_list_files
• environment file for flfss_list_files
• program.set file for flfss_list_files
• fields file for flfss_list_files
• cookies file for flfss_list_files
  
  
• config file for flfss_login
• environment file for flfss_login
• program.set file for flfss_login
• fields file for flfss_login
• cookies file for flfss_login
  
  
• config file for flfss_manage_account
• environment file for flfss_manage_account
• program.set file for flfss_manage_account
• fields file for flfss_manage_account
• cookies file for flfss_manage_account
  
  
• config file for flfss_manage_file
• environment file for flfss_manage_file
• program.set file for flfss_manage_file
• fields file for flfss_manage_file
• cookies file for flfss_manage_file
  
  
• config file for flfss_manage_index
• environment file for flfss_manage_index
• program.set file for flfss_manage_index
• fields file for flfss_manage_index
• cookies file for flfss_manage_index
  
  
• config file for flfss_menu
• environment file for flfss_menu
• program.set file for flfss_menu
• fields file for flfss_menu
• cookies file for flfss_menu
  
  
• config file for flfss_remove_cookie
• environment file for flfss_remove_cookie
• program.set file for flfss_remove_cookie
• fields file for flfss_remove_cookie
• cookies file for flfss_remove_cookie
  
  
• config file for flfss_search_accounts
• environment file for flfss_search_accounts
• program.set file for flfss_search_accounts
• fields file for flfss_search_accounts
• cookies file for flfss_search_accounts
  
  
• config file for flfss_upload_file
• environment file for flfss_upload_file
• program.set file for flfss_upload_file
• fields file for flfss_upload_file
• cookies file for flfss_upload_file

In addition, there are several one-line configuration files in the temporary directory for each program in OneGate's spool. You will see them referenced throughout the code. These files are each one line long, and are meant to provide configurability without hardwiring values into the processing table code. These files are:

• flfss.baseurl ­ Contains:
  http://www2.onnik.com/~fairlite/cgi-bin/onegate
  
  
• flfss.cookiedomain - Contains:
  .onnik.com
  
  
• flfss.fileroot - Contains (path changed for security reasons):
  /home/fairlite/projects/flfss/upload-spool
  
  
• flfss.styleurl - Contains:
  http://www2.onnik.com/~fairlite/flfss.css
  
  
• flfss.shareurl - Contains:
  http://www2.onnik.com/~fairlite/flfss_openshares
  
  
• flfss.sharedir - Contains (path changed for security reasons):
  /home/fairlite/flfss_wwwshares
  
  

It should be noted that symbolic links work perfectly for keeping configuration files in sync throughout a project's many program sets. I keep one master copy of the config, environment, and cookies files in one program set's configuration directory, and symlink to them in *nix for all the other program sets. Likewise, I have one temporary directory populated with the real one-line configuration files listed above, symlink to them from the other spool temp directories. This way, you can configure your entire suite by configuring one application. This doesn't hold true for fields and program.set files, as they differ by application. I listed the contents above for each for the sake of clarity, to show that they are indeed needed.

Last Modified: 28-Oct-2006, 04:35:56 EDT