Server-side Scripts

This application uses a database table, users, hosted by the server undcemcs01.und.edu. The table is accessed from the following two JDBC programs, using the GET and POST methods respectively: 
CREATE TABLE  users (
   name      VARCHAR(32) PRIMARY KEY,
   password  VARCHAR(16),
   role      VARCHAR(16) );

INSERT INTO  users  VALUES (
   'Poke Mon', 'hush', 'admin' );

INSERT INTO  users  VALUES (
   'Mario', 'secret', 'user' );

INSERT INTO  users  VALUES (
   'Super Man', 'knock-knock', 'hacker' );
http://undcemcs01.und.edu/~wen.chen.hu/cgi-bin/520/14/LoginGet.cgi 
#!/usr/bin/bash

CLASSPATH=.:/usr/lib/oracle/12.1/client64
CLASSPATH=$CLASSPATH:/usr/lib/oracle/12.1/client64/lib/ojdbc7.jar
CLASSPATH=$CLASSPATH:/usr/lib/oracle/12.1/client64/lib/ottclasses.zip
export  CLASSPATH

/usr/bin/perl  LoginGet.pl
# (for POST) /usr/bin/perl  LoginPost.pl
http://undcemcs01.und.edu/~wen.chen.hu/cgi-bin/520/14/LoginGet.pl 
#!/usr/bin/perl
use CGI;
$query    = new CGI;
$username = $query->url_param( 'username' );
# (for POST) $username = $query->param( 'username' );
$password = $query->url_param( 'password' );
# (for POST) $password = $query->param( 'password' );

print ( "Content-type: text/html\n\n" );
# Remove leading and trailing spacing.
$username =~ s/^\s*(\S*)\s*$/$1/;
# For security, remove some Unix metacharacters.
$password =~ s/;|>|>>|<|\*|\?|\&|\|//g;

# Compose a Java command.
$cmd  = "/usr/bin/java -Djava.security.egd=file:/dev/./urandom ";
$cmd .= "Login '$username' '$password'";
system( $cmd );
http://undcemcs01.und.edu/~wen.chen.hu/cgi-bin/520/14/Login.java 
/*******************************************************************

  This Java program is used by both GET and POST methods, whose
    differences will be shown by LoginGet.pl and LoginPost.pl.

  To use this program, you need to create the following
    table by using the commands below:

  SQL> CREATE TABLE  users (
    2    username  VARCHAR(32) PRIMARY KEY,
    3    password  VARCHAR(16),
    4    role      VARCHAR(16) );

  SQL> INSERT INTO  users  VALUES ( 'Poke Mon', 'hush', 'admin' );

  SQL> INSERT INTO  users  VALUES ( 'Mario', 'secret', 'user' );

  SQL> INSERT INTO  users  VALUES ( 'Super Man', 'knock-knock', 'hacker' );

*******************************************************************/

// Import the following packages to use JDBC.
import  java.sql.*;
import  java.io.*;
import  oracle.jdbc.*;
import  oracle.jdbc.pool.OracleDataSource;

class  Login {
  public static void  main( String args[ ] ) throws SQLException {
    String user     = "C##user.id";
    String password = "password";
    String database = "65.52.222.73:1521/cdb1";

    // Open an OracleDataSource and get a connection.
    OracleDataSource ods = new OracleDataSource( );
    ods.setURL     ( "jdbc:oracle:thin:@" + database );
    ods.setUser    ( user );
    ods.setPassword( password );
    Connection conn = ods.getConnection( );

    try {
      // Create, compose, and execute a statement.
      Statement stmt = conn.createStatement( );
      String  query  = "SELECT role FROM users WHERE name='";
              query += args[0].trim( ) + "' AND password='" + args[1].trim( ) + "'";
      ResultSet rset = stmt.executeQuery( query );

      // The user name is unique, so at most one row is returned.
      if ( rset.next( ) )  System.out.print( rset.getString( 1 ) );

      // Close the ResultSet and Statement.
      rset.close( );
      stmt.close( );
    }
    catch ( SQLException ex ) {
      System.out.println( ex );
    }
    // Close the Connection.
    conn.close( );
  }
}




      Why did the student eat his homework?    
      Because his teacher said, it was a peace of cake.