concerning how script, script included at the bottom.

Here's the prob concerning "How 1.0" from interlogy.com:

How is an online html editor written in cgi

the how.cgi program with its default code looks to me as its designed to want to put everything under the same directory, but if it is under the same directory and the file and directory I want to change has 777 permission, permissions which I must have for a different reason, then anyone can come in and change the passwords or edit the files for the how script, that's the problem. So, what I was wondering is what do I need to type into the how.cgi program so that it will look at the how_tmp.htm in one directory with 777 permission and list_tmp.txt file from another directory with 644 permission and work properly.

Thanks,
john

script

#!/usr/local/bin/perl
# HOW comes from Html-On-the-Web
# written by Aytekin Tank, 1999
# make sure to read "how.txt"

# you dont need to modify anything in this file
# but if you change the names of these files
# make sure change here too.
$how_temp = "http://mulano.com/user/how_temp.htm";
$list_file = "http://mulano.com/user/useredit.txt";

# tell browser that this will be an html file
print "Content-type: text/html\n\n";
# get the input from the form:
&readparse;
# put the header in its place
&start;

# get the password and the list of the files
# from our small config file:
open (TEMP, "<$list_file");
$password = <TEMP>;
while(($thisrow = <TEMP>))
{ if($thisrow ne "\n")
{ push(@files, join("", split("\n", $thisrow))); }}
close TEMP;

# check for password, if wrong bye bye!
if ($password eq "")
{ print "\n\n<br>something is wrong with $list_file"; &end; }
chomp($password);

# The form above to select the file to be modified:
if ($password ne $input{'password'} )
{
print "<p><br> <blockquote>";
print "<form action=how.cgi method=post>password: ";
print "<input type=text size=10 name=password>";
&pull_down;
print "<INPUT type=submit name=submit value=how?></form>";
&end;
}

# modified file is being replaced with the older one:
if ($input{'file'} ne "")
{
$html = $input{'html'};
$html =~ s/\<\*textarea\>/<\/textarea>/;
open (FILE, ">$input{'file'}");
print FILE $html;
close FILE;
}

# the forms and html stuff
print "<p> <blockquote>\n";
print "<form action=how.cgi method=post>\n";
print "<input type=hidden size=10 name=password value=$input{'password'}>\n";
&pull_down;
print "<INPUT type=submit name=submit value=how?> </form>\n";
print "<form action=how.cgi method=post>\n";
print "<input type=hidden name=file value=$input{'selected'}>\n";
print "<input type=hidden size=10 name=password value=$input{'password'}>\n";
print "File: <a href=$input{'selected'}>$input{'selected'}</a>\n";
print "<textarea name=html rows=20 cols=60 wrap=soft>\n";
&get_file;
print "</text> \n";
&pull_down;
print "<INPUT type=submit name=submit value=Modify> \n";
print "<INPUT type=reset name=reset value=Reset> \n";
print "</form><p><br>\n";

&end;

# This places the file into the textarea.
# </text> inside the textarea give me a little headache
# because of its premature ending.
# But I solved it like this:
sub get_file
{
open (FILE, "<$input{'selected'}");
while(($thisrow = <FILE>))
{
$thisrow =~ s/\<\/textarea\>/\<\*textarea\>/;
print $thisrow;
}
close FILE;
}

# the pull down menu:
sub pull_down
{
print " <p><b> <blockquote>\n";
print " <select name=selected size=1>\n";
print " <option selected value=$input{'selected'}> $input{'selected'} </option>\n";
foreach $file(@files)
{ print "<option value=$file> $file </option>\n"; }
print "</select>\n";
}

# the header
sub start
{
open (HOWTEMP, "<$how_temp");
while(($thisrow = <HOWTEMP>))
{ push(@howtemplate, $thisrow); }
close HOWTEMP;
@howtemplate = split("%%HOW HERE%%", join("\n", @howtemplate));
print $howtemplate[0];
}

# the end of the html text
sub end
{
print $howtemplate[1];
exit;
}

###############################
# FORM PARSE
###############################
sub readparse {
read(STDIN,$user_string,$ENV{'CONTENT_LENGTH'});
if (length($ENV{'QUERY_STRING'})>0)
{$user_string=$ENV{'QUERY_STRING'}};
$user_string =~ s/\+/ /g;
@name_value_pairs = split(/&/,$user_string);
foreach $name_value_pair (@name_value_pairs) {
($keyword,$value) = split(/=/,$name_value_pair);
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/ge;
$input{$keyword} = $value;
}
}