1

This issue is I call a function to run and I’m not sure if it’s running. I have site hosted on a raspberry pi using lighttpd and some .cgi and .py located in the /var/www/cgi-bin. When I go to the that location ie 192.168.1.24/cgi-bin/test1.py it runs but when I click the button that should trigger the event I don’t seem to get anything. Also in the script are system commands but they don’t seem to work either.

HTML code:

<button style="height: 75px; width: 85px" onclick="bot_stop()">
<img style="height: 63px"src="http://images.clipartpanda.com/stop-sign-
clipart-119498958977780800stop_sign_right_font_mig_.svg.hi.png">
</button>

<script>
var xmlhttp;
function bot_stop()
{
xmlhttp.open('POST','CGI-Executables/test1.py',true);
xmlhttp.send(null);
}
</script>

CGI Code:

!#/usr/bin/python
import os

print  "Content-type: text/html\r\n\r\n"
print  "<html>"
print  "<head><title> code is executing</title></head>"
os.system("sudo service motion stop")
os.system("sudo service motion stop")
os.system("sudo motion")
os.system("sudo service motion start")
print  "<p> code ran </p>"
print  "</html>"
JacobIRR
  • 8,545
  • 8
  • 39
  • 68
innve89
  • 101
  • 7

1 Answers1

0

that cgi script is returning html for a full page, and doesn't require post. It probably is not meant for the ajax call you are trying to do. try putting a simple link in the main html file to start

<a href='/cgi-bin/test1.py'>
  <img style="height: 63px"src="http://images.clipartpanda.com/stop-sign-clipart-119498958977780800stop_sign_right_font_mig_.svg.hi.png">
</a>

If you want to switch to a post, maybe a simple form could also do it.

<form method='post' action='/cgi-bin/test1.py'>
  <input type="submit" value="stop">
</form>

I think the ajax call might have the wrong path in it, and a few other issues. This might work. If the alert says 200, it ran.

function bot_stop() {
  var xmlhttp = new XMLHttpRequest();
  xmlhttp.onreadystatechange = function() {
    if (this.readyState == 4) {
      alert(this.status);
    }
  };
  xmlhttp.open('POST','/cgi-bin/test1.py',true);
  xmlhttp.send(null);
}

If you are only accessing the script by ajax, you can change it so it just prints a simple "OK" instead of the full html page. Something like this...

#! /usr/bin/python
import os

# TODO: maybe check that this is a post and not a get before restarting
os.system("sudo service motion stop")
os.system("sudo service motion stop")
os.system("sudo motion")
os.system("sudo service motion start")

print "Content-type: text/plain"
print ""
print "OK"

--------------- next issue-----------

you might not be able to run those commands with sudo if the server user doesn't have permissions set up. Python isn't really needed in the above script, so it can be replaced by this:

#! /bin/bash
sudo service motion stop
sudo service motion stop
sudo motion
sudo service motion start

echo Content-type: text/plain
echo
echo OK

to see what user you are running these scripts as maybe point the browser at the script (called /var/www/cgi-bin/whoami.sh) (when you create new scripts remember to chmod +x <scriptname>)

#! /bin/bash
echo Content-type: text/plain
echo
whoami

and then point the browser at http://192.168.1.24/cgi-bin/whoami.sh

to see what happens when you try to sudo a different command try this

#! /bin/bash
echo Content-type: text/plain
echo
sudo echo 1
echo 2

if sudo is the issue, on the command line you can sudo su <whatever user you get from the whoami script> and see what happens when you try the script as them.

---- and if sudo permissions are the problem ---

a solution could be to put the four restart commands into their own script, and give the lighttpd user sudo permissions to run that script without a password like this: https://serverfault.com/questions/294661/how-to-grant-sudo-rights-only-to-specific-script-files. (or find another way to make those commands work without sudo - could be the subject of another question)

#! is backwards in the code above.

When you run cgi scripts on the command line to test them, try running them like this

./test1.py

not

python test1.py

and that will help make sure that the interpreter and permissions are set up correctly. You may have to fix the permissions like this chmod +x test1.py

In some cases the server will use this information to run the script. In other cases I case you configure the interpreter for the extension and none of this part matters.

Alex028502
  • 3,486
  • 2
  • 23
  • 50
  • I'm taking it set by step thus far, I ran the script in the browser and it outputs "Ok" but it doesn't seem like it actually did what it normally does in the terminal. – innve89 Mar 02 '18 at 00:16
  • For .sh and .cgi the browser just downloads the files. Am I missing something? – innve89 Mar 13 '18 at 20:21
  • maybe try setting the content disposition header as well: https://stackoverflow.com/a/11894771/5203563 – Alex028502 Mar 13 '18 at 20:30
  • Fixed that part. Now I get an error of "Internal server error 500" – innve89 Mar 13 '18 at 20:37
  • yes no issue on the command line. I think it might an issue with cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl", ".rb" => "/usr/bin/ruby", ".erb" => "/usr/bin/eruby", ".py" => "/usr/bin/python", ".php" => "/usr/bin/php-cgi", ".sh" => "/usr/bin/bash") } – innve89 Mar 13 '18 at 21:07
  • Got it! its /bin/bash – innve89 Mar 13 '18 at 21:11
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/166772/discussion-between-innve89-and-alex028502). – innve89 Mar 13 '18 at 21:33
  • The issue now is that alert doesn't pop up after the script is ran. I had to remove the action='XXX' so it would change the page after a click. – innve89 Mar 13 '18 at 22:09