File: DEBUG

package info (click to toggle)
lwat 0.17-4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 860 kB
  • ctags: 945
  • sloc: php: 3,151; sh: 212; makefile: 148
file content (40 lines) | stat: -rw-r--r-- 2,024 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Debugging lwat can be kind of hard. If you try to look at the source of
the form you get in front of you, you will only see the menu stuff. the
rest of the form is created on the fly, based on your input. The way
to debug lwat is to actually use wget on the command-line, and here I
will show you how to see the input of the add-user form, or maybe more
specific, to look at how the input control where you give the username
(manually) after you've started to type a Fullname: 

First I enter the password, to avoid it beeing displayed on the command-line:
 read -s ADMINPW

Then I fetch the login-screen: 
 wget -qO - http://localhost/lwatdev/index.php

Then I find what data I need to post, like admindn, adminpw, and the
submit-button, like this.
 wget --keep-session-cookies --save-cookie=cookie.txt \
      --post-data="admindn=admin&adminpw=$ADMINPW&login=login" \
      -qO -  http://localhost/lwatdev/index.php

Since the login-information is stored as a session-cookie, I both need
to save the cookie, and the also keep session-cookies.
From there on, all action is done by the script admin.php, and the
commnuication is done by som javascript-stuff from admin.js. you can
read through it, but you can also cheat by looking at what I put next.
Since we're going to debug (some parts of) the form to add users, we
send out the following :
 wget --keep-session-cookies --load-cookie=cookie.txt --save-cookie=cookie.txt \
      --post-data="action=userAddForm" \
      -qO -  http://localhost/lwatdev/admin.php

Then you can look through the form to add user, and you will notice that next to the input control cn, the is an jacascript call whenever a key is released, that sends the given fullname, and updates the 'newusername' part of the form. 
Lets try to add the user: 
 wget --keep-session-cookies --load-cookie=cookie.txt --save-cookie=cookie.txt \
      --post-data="action=getUsername&cn=Finn-Arne Johansen" \
      -qO -  http://localhost/lwatdev/admin.php

Then you get the autogenerated username back.