LiquidGravity wrote:
Very interesting.
So does this work like a server side VBScript or PHP? Maybe I am wrong in this interpretation. What kind of security does it have? Could you post about its functions too.
1st of all its a script which is written in pure ahk, running this script, you may access content hosted there by typing
http://localhost:81/
There is a Script called "Sparrow.Core.ahk" This one works as the standard webserver, In the server settings you have an option to tell if hkml files being interpreted. when turnoed to on, and being requested from the webserver, it will load the whatvernameithas.hkml file and starts interpreting
its content.
it looks for sections enclosed in <?ahk ?> brackets.
The content of such a tag is - you guess it a plain AHK script. so a basic HKML script would look like this:
Code:
<html>
<head>
<title>HKML TestFile</title>
</head>
<body>
<?ahk echo("Hello World from AHK embedded in HTML") ?>
</body>
</html>
of course these sections may include more than just one command. you can even use include files - not directly, a particular include directory has to be specified, so a direct access to includefiles is not possible.
atm the server is in a very early stage. the script are not checked. nor is its content. from what i canm say a path traversal hack wont work, but is not fully exploited yet.
each scriplet has a set of one-way global accessible variables. that means, each script gets a fresh copy of selected serverside variables but is not abled to change these back on server. these variables have a $_ prefix and come in different categories:
$_GET variables which include any passed variables sent with teh request
$_POST variables, from any forms uploaded
$_FILES (not fully working atm)
$_SERVER variables which have some vital information like referrer etc.
the server accepts POST and GET requests. File transfers will be possible, but are disabled for now (the server crashes, thats why)
if u ever done something in PHP, you will find, that requests posted (aswell as set via get) are stored flobally in $_GET[Varname] Variables
Same with $_POST[Varname]
On my list i have things like header injection - so the servers header content can be changed from within a script, superglobals - variables, that will be accessible from different code segments on _ONE_ hkml file.
Right now, doing some code like:
Code:
<html>
<head>
<title>HKML TestFile</title>
</head>
<body>
<?ahk a := 5 ?>
<p>Some HTML content</p>
<?ahk echo(a) ?>
</body></html>
will simply not work - technically these are two scripts and run in seperate adress spaces. i need to resetup my IPC so server works as a variable buffer for scripts. along with that, cookie-session management and header injection will become possible.
php or asp like vbs wont work, unless someone writes a wrapper for that.
i have setup a technical demo, which is also seen from the screenshot above, showing environment variables in a hkml file which were accessed at runtime of the script - not at that from server. besides each script may do whatever AHK script can do. control applications, create GUIS (no these are not send back to client, 'd be cool though
), whatever ... all GUI actions will physically happen on the server. the client only receives the html (content whatever) you sent back to it.
it is not working atm, but i have plans to include a demo showing how to use GDI+ libraries to dynamically create graphics on the fly and send these back to client.
there is a basic interface for a plugin structure but this needs more imporvement, so plugins may be loaded at runtime (enabled or disabled)
so far .. most of the stuff i have written here will also be readable in the documentation which will be accessible from standard welcome page
more to come
greets
DerRaphael
Login
Register
FAQ
Search
