39 lines
2.9 KiB
Markdown
39 lines
2.9 KiB
Markdown
|
# fortran-µhttpd (game website & webserver)
|
||
|
|
||
|
Fortran does not have any native way to connect to the internet. It cannot even create sockets of any kind.
|
||
|
|
||
|
This makes it an absolute nightmare to create a web server since you need to import sockets and tcp libraries from C, using the using the [use iso_c_binding feature](https://fortranwiki.org/fortran/show/iso_c_binding).
|
||
|
|
||
|
However, in the spirit of the challenge, I wanted to not have to resort to importing functions from another programming language as much as possible. Later when I create the client I would *have* to import libraries from C, but for this I could try and use "Fortran Only".
|
||
|
|
||
|
While reading this [old Fortran google groups question from 2009](https://groups.google.com/g/comp.lang.fortran/c/wL1xdnB1plk) the group suggested that the user just use [netcat](https://en.wikipedia.org/wiki/Netcat) and serve the Fortran program as if it were a cgi script.
|
||
|
|
||
|
This was a great idea because instead of needing to mess around with networking and making sure the functions and types imported corretly from C, I could just read and write to standard in/out and to files.
|
||
|
|
||
|
The downside of using `netcat` is that it uses unidirectional sockets. You would have to create a named pipe and do a bunch of redrieting to get it to work.
|
||
|
|
||
|
```sh
|
||
|
mkfifo ncpipe
|
||
|
nc -l 8080 0<ncpipe | ./fortran-µhttpd '../../common/html/index.html' 1>ncpipe
|
||
|
```
|
||
|
|
||
|
It just doesnt seem all that clean to me. Additionally, it refused to stay open after running one message from the web client, so I gave up on that approach.
|
||
|
|
||
|
Somthing that does work and be a lot cleaner is [listen1](https://9fans.github.io/plan9port/man/man8/listen1.html) from [plan9port](https://9fans.github.io/plan9port/). This allows for the web browser to connect to the programs stdin, stdout, & stderr, and the program can read and write as a normal command line program.
|
||
|
|
||
|
```sh
|
||
|
listen1 'tcp!*!8080' ./fortran-µhttpd
|
||
|
```
|
||
|
I next implemented the post handling. In www.f90, it checks to see if the header returning from the
|
||
|
|
||
|
I found a library to interface with the sqlite library I will store the username, password, and other information about.
|
||
|
|
||
|
The issue is that fortran does not have a built in cryptographic hash library nor is it in the stdlib, I did find a implementation of the [SM3](https://github.com/zoziha/SM3-Fortran/tree/main) hash which is cryptographically sound, and have used that.
|
||
|
|
||
|
If this were to be used in the real world I would prefer to use [bcrypt](https://en.wikipedia.org/wiki/Bcrypt) as it is the most common password hashing algorithm.
|
||
|
|
||
|
The implementation does not work well with existing systems since you have to convert from fortran strings to c strings and it returns an integer array of c strings which has to be converted back into fortran strings.
|
||
|
|
||
|
This is a horrible implementation from a security POV, since there is no easy way to sanitize the input, fortran certainly doesn't do that out of the box.
|
||
|
|