Cgi-bin

[SeaHag]

I really dont understand this.
I am assuming that it is a directory, where scripts are kept..

Please help me understand how a cgi process is done.

I was messing around with hotmails login page, and i have
narrowed it down to this..

Please help me understand whats happening here, (it does work)

Whats the form target=_top..



<FORM action=https://lc2.law5.hotmail.passport.com/cgi-bin/dologin method=post
name=passwordform target=_top>

<INPUT id=a_si maxLength=64 name=login size=16>

<INPUT id=a_p maxLength=16 name=passwd size=16 type=password>


<INPUT name=enter onclick="return ;" type=submit value="Sign In">


</FORM>


Seahag

[Cudabean]

Disregard/remove the target=_top. It is not part of the CGI process, really, it's a frames thing that tells the browser which frame is going to be receiving the result of the form submission. Leaving it out would cause the result to come to the primary screen, which is probably what you want anyway.

cgi-bin is a directory which this server has designated as a place to store/serve cgi programs. You could put dologin in another directory, but good security measures would typically not allow the server to execute it as a cgi. The input tags identify the input fields. Notice how each input field has a name associated with it. The CGI program then can receive the contents of login and passwd fields. When the user hits the submit button, the dologin program receives a set of standard variables with values that a browser always sends to the server after a submit, plus three custom bits of information: the login, the passwd and submit (having the value of "Sign In").

The server, having received the correct login information will begin executing the login process and will assign a cookie to the user which gets stored on the user's drive and contains the session identification. During subsequent maneuvers through the site the server will be able to get the contents of the Session ID which will identify the user anew for every page visited.

cudabean

[SeaHag]

Thnks

About the script.

now.. Does the script run, using the form passed to it..

I mean.. the script is looking for a form, and it uses
passwordform.passwrd as a variable...

See I know i am on the right trak.. but still not sure.

[Cudabean]

The script doesn't receive the whole form, it only receives the variables that are defined in the form. The script might not really know that it got called from passwordform at all. You could fool dologin by writing your own script by making sure you had a login, a passwd and perhaps a submit. I say perhaps because it would depend whether dologin cared that submit contained "Sign In" or not.

cudabean

[JoshT]

The text from a POSTed form is the same as the text from a GETed form, only it goes to the CGI app as standard input rather than being appended to the URL.

[SeaHag]

Thanks alot yous..
How hard is it to make scripts?