Setting up the HarvEX-SE CGI script
HarvEX SE uses your own relay CGI script on your own web space (homepage). This script relays the
SE bid event from the HarvEX server and inserts your eBay password.
After performing the test described at CGI-Test
successfully, you could install the final script with these steps:
- Download the SE script templates contained in this ZIP file : my_hxse_script.zip
- Setup the Python CGI script template my_hxse_script.py and place it for example as
http//yourserver.xxx/cgi-bin/my_hxse_script.py with your favorite FTP
program (e.g. SynchronEX incremental
FTP
upload)
Perl version : my_hxse_script.pl ; The Perl version is not recommended if Python is running on your server;
Some server installations require also to set up url_get.pl (ZIP container)
next to my_hxse_script.pl
- Inside the script edit myregkey and mypass
as shown :
######################################################################
##
## set your registration key and auction password here:
myregkey="d7e8f0e8d...--your-registration-key"
mypass="--replace-with-your-password--"
##
##### end of configuration section ###################################
|
edit it like this (and be sure to not remove or damage the script
"-quote characters ! ) :
######################################################################
##
## set your registration key and auction password here:
myregkey="d7e8f0ABAB3455e8d6473824682374628734"
mypass="mysecret"
##
##### end of configuration section ###################################
|
(regkey protects against abusage of your script)
- FTP-Transfer this script as ASCII. BIN may result in error message
"internal server error" in (5). When using SynchronEX,
a setting like ftp_ascii=ftp_executable=['*.py','*.pl']
handles everything automatically
- Mark this file as executable. (Windows-Explorer-FTP: right-click on
my_hxse_script.py; Set Properties/Executable; Unix: chmod
a+x my_hxse_script.py )
- Be sure that the path #!/usr/bin/python
inside the script is right for your web server
- Call http//yourserver.xxx/cgi-bin/my_hxse_script.py with your web browser.
You succeeded if the string "empty call" appears! In case there
appears something like "internal server error", please again check
(3) (4) and (5)
- Finally test the script with the Script-Test-Button from inside HarvEX. If
ok, everything is fine.
- For relaying multi user snipes you should use the alternate script my_hxse_script_mu.py
(also contained in the ZIP-archive)
In that script you have to enter user/password pairs except for the
default account! In that case
please take extra care, that your script may only be executed but not read
by anyone except you.
Notes on password security:
- Only executable: If your script is marked executable as required by the test described, then nobody can read the script text itself from the web.
(The only entrance would be backdoor over your web space provider, upload ftp-account, and other criminal paths)
- Regkey protection: The SE script can be "executed" for relay and maybe
password insertion only with correct regkey supplied in the call.
- Account name not stored together with password: If anybody would intrude
backdoor for getting the password, he can only get a password but not the corresponding
eBay user account name. (exception: my_hxse_script_mu.py with more than the default user: then
user/pwd pairs would be readable. As mentioned, this requires more attention, that nobody from the server-side can read your web space directories.
check read-flags of your directories)
- Last but not least: An eBay account is not a bank account as no direct money transfer is involved and you receive mails and money requests if somebody wants something from you ... and you can complain. What would a potential
pwd-stealer win bidding 10000$ on his own 1$ item for example? Betray himself?
|
|
|
|
> download free trial
<
Use Cases / Tips & Tricks
|
Background Knowledge?
|
|
|
|
