Skip to Content

Available Scripts

The Central Web Server 9 provides several special purpose scripts to help you build your web site:


Redirection

The redirection script allows your web site to redirect users to different web pages depending upon the link they arrived from. For example, your web site might have two different virtual host names: welcome.uconn.edu and mysite.uconn.edu

You might prefer the first virtual host name to send users to web.uconn.edu/mysite/welcome.html and the second virtual host name to send users to web.uconn.edu/mysite/allaboutme.html. To do this you could substitute the two lines in the script linked above to the following text:

$redirect_url["welcome.uconn.edu"] = "http://web.uconn.edu/welcome.html";
$redirect_url["mysite.uconn.edu"] = "http://www.uconn.edu/allaboutme.html";

To learn more about Virtual Host Names, please see our Web Site Address page.


File List

Sometimes webmasters want users to use their web site like a file respository, and give users the ability to search the web site like a directory tree. You can accomplish this by using the script filelist.php. Simply copy this script to a directory of your web site and name it index.php. The users will see something like this. Users will be able to click up and down the directory tree by clicking on the folders, and view files by clicking on the file icons. They will not be able to view files outside the directory - only files in and below the directory.

If you only want authorized people to view your files, you can secure your directories using the Online Webmaster Utility. If you secure the directory that holds index.php, then unauthorized people will not be able to view your directory tree. If you secure a directory under the directory which holds index.php, then unauthorized users will be able to view the filenames of the secured files, but they will not be able to read the files.


File Share

Sometimes users want to share files among themselves. You can provide this capability with the script fileshare.php. Simply copy this script to a secure directory of your web site and name it index.php. (We'll talk more about the need for a secure directory below). The users will see something like this.

Users will be able to upload and download files to and from the server. The maximum allowed size per file is 4 megabytes. Users can upload files by entering the file name in the text box or clicking the Browse... button. Users can download files by clicking the file icons.

You must place this script in a secure directory, it will refuse to run otherwise. You can use the Online Webmaster Utility to secure a directory and identify users (by their netid) who are authorized to use it. Although the script must be placed in a secure directory, it can configured to upload and download files from any single directory within your web site. If you need the ability to upload and download to multiple directories, currently you must install multiple instances of this script. If you are interested in a script that can handle multiple directories, please contact the Web Development lab. If there is enough demand, perhaps we can provide one.

This script cannot be run in an unsecured directory because anyone on the Internet could use it to share files. Experience shows that this kind of vulnerability will eventually be found and exploited and consume large amounts of disk space. We reserve the right to remove file sharing scripts which are not properly secured.


Formmail

A common task performed on web sites is gathering information from visitors. One way to do this is to include a form in your web page using the HTML <form> tag, and configuring the form so that when the user clicks the enter button, the form sends the data to a formmail script. The formmail script in turn mails the information to an adminstrator.

The formmail script is a customized version of a program provided by Matt's Script Archive. The original version has been locally customized to prevent it from being used to send spam, and to allow the form user to specify a recipient(s) in addition to the those recipients that the form writer coded into the HTML.

Here is the HTML code example of a form which uses the formmail script:

<b>SEND AN EMAIL MESSAGE</b>
<form method="post" name="mail" action="http://web9.uits.uconn.edu/cgi-bin/formmail.pl">
<input type="hidden" name="recipient" value="admin@mymail.uconn.edu">
<input
type="hidden" name="required" value="email,subject,message">

<b>
Enter Optional Mail Recipient</b><br>
<input type="text" name="recipient1" value="" size="64">
<b>Enter Your Email Address</b><br>
<input type="text" name="email" value="" size="64">
<b>Enter Your Subject</b><br>
<input type="text" name="subject" value="" size="64">
<b>
Enter Your Message</b><br>
<textarea name="message" cols="64" rows="3"></textarea> <br>
<input type="submit" value="Submit">
</form>

this is what it will look like to the user:

SEND AN EMAIL MESSAGE

Enter Optional Mail Recipient

Enter Your Email Address


Enter Your Subject


Enter Your Message

The field recipient1 is a local customization that allows you (the form writer) to specify recipeints in two fields: the standard recipient field in the original formmail.pl script, and the custom recipient1 field.

The hidden field required is to make certain fields (email, subject, and message in the above example) on the form to be required, i.e., people can't submit the form when these required fields are empty.

In order to use the formmail script, you must include (copy) the html source code [seen above] into your web page. You can copy the formmail script, and paste it in any page you wish.

For more information on the formmail.pl script and the standard fields, see the the original formmail documentation.


Captcha Script

A Captcha image helps verify that real people, not hacker scripts, are filling out your web forms. Your web user proves he or she is a person by reading an image like this,

and entering the text into your web form. When your web form calls its controlling script, that script verifies your user's input with the Captcha script.

Here's a link to an example web form that uses the Captcha script: Captcha Test Script. And here is the source code.

Here's a short explanation of how our Captcha works. With every new image, the Captca script generates a new code; a string of six characters (six random letters and numbers); this is the code that users will enter. This code is built from a set of 46 unique characters, some like l and 1 are omitted to prevent confusion. Each new code is stored on the server, indexed by its first two characters. The fact that each code is indexed by its first two characters has the following consequences.

Although the hacker might easily guess the first two characters, he will not know the remaining four characters. Thus, if he tries to guess a code, he has no better than a 1 in 4,447,456 (464) chance in guessing correctly.

A further security feature is that the Captcha invalidates a code once it's been used. You can see this if you try the Captcha example; you can only submit a valid code once. This prevents a hacker from manually deciphering a code and using it multiple times. Note: There is no way to know if your user entered the same valid code that they saw on your form. They may have entered a valid code from a different page. Ultimately this does not matter, because either way they have verified that they are a genuine user, not a script. This feature simplifies Captcha use for the web designer.


Cron Script

You can designate one or more scripts on your web site to be cron scripts. Cron scripts are typically used to perform some chronic maintenance on your website. If you register your cron script with the Web Development Lab, they will automatically be run every hour on the hour. It is up to you to make sure the scripts perform correctly. For example, if you would like your cron script to run once a day, you will need to write your script so even though it's called 24 times a day, it only performs your required action once a day.

For your convenience, here is a portion of PHP code that you can place at the start of your script. This code will check that it's being called at the proper time, and will terminate the script otherwise.

When writing your cron script, keep in mind two things.


CAS Logout Script

The CAS Logout Script will log you out from your Secure Folder and from CAS. Note that this scripts only works with CAS authenticated Secure Folders on our Central Web Servers. Other implementions of CAS will most likely not work with this script without modification.

To better understand what happens with the CAS Logout Script, we need to understand a little about CAS authentication. Whenever you visit a CAS authenticated Secure Folder, it checks for a ModAuthCAS cookie previously sent to your browser. If you have this cookie, you are authenticated. If not, you are redirected to the CAS Server.

Upon visiting the CAS Server, it checks for another cookie, the CAS Server cookie. If you have such a cookie, you are redirected back to your Secure Folder, and you will receive a ModAuthCAS cookie. Otherwise, you will be prompted for your NetID and password, which will get you a new CAS Server cookie and a redirect back to the Secure Folder on your site. Once back at your site, you will get a ModAuthCas cookie, and be free to use the Secure Folder.

Thus, if you have either cookie, a ModAuthCAS cookie from your web site or a CAS Server cookie from the CAS Server, you will be automatically allowed into your Secure Folder. This means that if you want to logout from your website, you will need to remove both cookies. This is what the CAS Logout Script does. It does this by erasing your ModAuthCAS cookie, and redirecting you to the CAS Server where your CAS Server cookie is removed. This two part process is required because cookies can only be removed by the web site that sent it.

Because there are two cookies involved, logging out with the CAS Logout Script has the following effects upon the user:

There are two versions of this CAS logout script, a PHP version, and a Javascript version.