Blockland Forums > Modification Help
Torque Webserver V2
Truce:
Some of you that frequent this section might remember me posting a webserver concept I had drafted up in a reference scripts topic I created awhile ago. I decided to rewrite that script today and add a ton of new features to it with hopes that it will get even more usage than the old one.
Click for beautiful syntax highlighting and monospace font:
http://pastebin.com/9q06sz62
--- Quote ---Changelog:
- Changed $SERVER["REMOTE_ADDR"] to $_SERVER["REMOTE_ADDR"]
- Fixed a ?> detection issue when preceeded with a tab character
- Disconnects clients potentially attempting to exploit Torque file handling
- Added IP blacklist field at Webserver.blockIPs (Nice try, 78.69.143.58)
- Added HTTP authentication (.tqss), but don't count on it without testing
--- End quote ---
Note: I plan to constantly update this as needed. If you are interested in using this for a project (which users such as DrenDran, Chrono, and Zack0Wack0 have), stay tuned in this topic for the latest updates. Also, if you want to see a new feature added, just ask away and I can implement it.
I'm still calling it beta, so test out these features sometime:
* Preferences for port, debug echos, local IP restriction, timeout in MS, root folder, default index page, and Torquescript tag prefixes and suffixes can be set in the Webserver creation.
* Setting of variables familiar to PHP users such as $_GET, $_POST, and $_SERVER. The $_SERVER variables are dynamically created in Webserver::finish based in on the header received.
* Torquescript located in pages is evaluated before the data is sent to the client, allowing for very dynamic pages such as a real-time score display or even an external server management page.
From a more in depth point of view, it has all this and more:
* Easily editable settings in object creation
* Optional debug echos can be turned on
* Accepts incoming connections on any port
* Can filter to only local IP addresses
* Connections can timeout after a delay
* Lines parsed as received to allow for binary data
* Binary data can be submitted (POST)
* Lines parsed as a whole after all submitted
* Temporary file used for reading binary data
* Sets $_GET based on provided arguments
* Sets $_SERVER based on provided header
* Sets $_POST based on provided body data
* Allows for defaulting to an index page
* Sends a 404 error if page is not found
* Support functions include, print, and puts
These two pages...
...are generated from...
derp.tqs
--- Code: ---<?tqs
print($_GET["a"] @ "<br/>\n");
print($_GET["dood"] @ "<br/>\n");
?>
<br/>
hi<br/>
<br/>
<?tqs include("/date.tqs"); ?><br/>
<br/>
<form name="input" action="submit.tqs" method="post">
Username: <input type="text" name="user" /><br/>
Fav Color: <input type="text" name="color" /><br/>
<input type="submit" value="Submit" />
</form>
--- End code ---
date.tqs
--- Code: ---Page displayed at:<br/>
<?tqs
print(getDateTime() @ "<br/>\n");
include("/author.tqs");
?>
--- End code ---
author.tqs
--- Code: ---By: <?tqs print("Truce"); ?>
--- End code ---
submit.tqs
--- Code: ---<?tqs
print($_POST["user"] @ "<br/>\n");
print($_POST["color"] @ "<br/>\n");
?>
--- End code ---
Sample output from debug being set to true (from console.log):
--- Quote ---[Webserver] Connect request from IP 98.217.56.108 (6842)
[Webserver] > Client timeout in 1000 milliseconds.
[Webserver] Packet terminated from client 6842.
[Webserver] Parsing client 6842's GET args: a=31&dood=392
[Webserver] > Assigning 31 to a.
[Webserver] > Assigning 392 to dood.
[Webserver] Parsing client 6842's header: Host: trewse.us.to
Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.642.2 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
[Webserver] > Assigning trewse.us.to to HTTP_Host.
[Webserver] > Assigning keep-alive to HTTP_Connection.
[Webserver] > Assigning application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 to HTTP_Accept.
[Webserver] > Assigning Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.642.2 Safari/534.16 to HTTP_User_Agent.
[Webserver] > Assigning gzip,deflate,sdch to HTTP_Accept_Encoding.
[Webserver] > Assigning en-US,en;q=0.8 to HTTP_Accept_Language.
[Webserver] > Assigning ISO-8859-1,utf-8;q=0.7,*;q=0.3 to HTTP_Accept_Charset.
[Webserver] Parsing client 6842's POST args:
[Webserver] > No POST args found to parse!
[Webserver] Deploying file: /derp.tqs
[Webserver] > File found! Including all its contents.
--- End quote ---
For the HTTP authentication accounts file, format it like this example:
(username:password on a line, # are comments, blank lines ignored.)
--- Quote ---# Friends
admin:password
truce:test
# Clan Members
blah:lol
--- End quote ---
The webserver objects points to config/accounts.dat by default.
Questions? Comments? Concerns? Just direct whatever feedback you may have to the reply button.
Again, everything I've tested (above) has worked so far, but I'm hoping someone will find a bug in it.
mctwist:
Cool. Who's going to make a webbrowser? :cookieMonster:
Even though, the only thing I noted (Except security issues, $SERVER["REMOTE_ADDR"] and not backwards compatible with HTTP/1.0) is that you should do a strupr on all parameters you get in on line 101. But that isn't necessary.
Destiny/Zack0Wack0:
Sweet you added include :D
Did you fix the post with chrome issue?
Truce:
--- Quote from: mctwist on January 25, 2011, 02:09:17 AM ---Cool. Who's going to make a webbrowser? :cookieMonster:
Even though, the only thing I noted (Except security issues, $SERVER["REMOTE_ADDR"] and not backwards compatible with HTTP/1.0) is that you should do a strupr on all parameters you get in on line 101. But that isn't necessary.
--- End quote ---
What kind of security issues are there? Also, fixed the missing underscore. Thanks.
As for the strupr, variables are case insensitive, so I didn't bother putting that in.
--- Quote from: Destiny/Zack0Wack0 on January 25, 2011, 02:39:24 AM ---Sweet you added include :D
Did you fix the post with chrome issue?
--- End quote ---
It turns out the TCPObject had to be set to binary mode to capture the post args.
That took me much longer than it should have to debug, but I found it in the end.
mctwist:
--- Quote from: Truce on January 25, 2011, 09:58:21 AM ---What kind of security issues are there?
--- End quote ---
--- Code: ---<?tqs
quit();
?>
--- End code ---
Still, I doubt that you would do that nor allow anyone else.