1 / 24

3.0.1.3 Introduction to CGI – Session 1

3.0.1.3 Introduction to CGI – Session 1. Introduction to CGI: HTML elements Sending Data: GET vs POST CGI.pm module Setting up a cgi script. CGI: Common Gateway Interface. NOT THIS CGI !. CGI definition: Don’t get confused with other CGIs – CGI stands for common gateway interface

hiram-williams
Télécharger la présentation

3.0.1.3 Introduction to CGI – Session 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 3.0.1.3 Introduction to CGI – Session 1 • Introduction to CGI: • HTML elements • Sending Data: GET vs POST • CGI.pm module • Setting up a cgi script 3.0.1.3 - Introduction to CGI

  2. CGI: Common Gateway Interface NOT THIS CGI ! CGI definition: Don’t get confused with other CGIs – CGI stands for common gateway interface and is designed to allow Web To do things. The other kind of CGI: computer-generated image (we are going to discuss totally different CGI !!!) 3.0.1.3 - Introduction to CGI

  3. Support of CGI for computer programming languages Scripting Languages other than Perl may be used for CGI: • Unix SH • KSH • CSH • C Alternatives to CGI: • ASP (Microsoft) • PHP • ColdFusion • Java Servlets/JSP • FastCGI • Mod_perl 3.0.1.3 - Introduction to CGI

  4. Where you can see CGI at work Wide range of government, scientific and commercial websites use CGI 3.0.1.3 - Introduction to CGI

  5. HTML stuff URLs HTTP Request Methods • PUT Ask the server to create or replace a resource on the server • DELETE Ask the server to delete a resource on the server • CONNECT Used to allow secure SSL connection to tunnel through HTTP • OPTIONS Ask the server to list the request methods available for resource • TRACE Ask the server to echo back the request headers as it receives them • HEAD Used as GET, but returns only HTTP headers • GET Ask the server for a resource • POST Instructs the server to modify the information on the server 3.0.1.3 - Introduction to CGI

  6. Forms on the Web • Form tags: • <FORM ACTION=“/cgi/register.cgi” METHOD=“POST”> Starts the Form • <INPUT TYPE=“text” NAME=“name” VALUE=“value” Text Field • SIZE=“size”> • <INPUT TYPE=“hidden” NAME=“name” Hidden Field • VALUE=“value”> • <INPUT TYPE=“checkbox” NAME=“name” Checkbox • VALUE=“value”> • <INPUT TYPE=“submit” NAME=“name” Submit Button • VALUE=“value”> 3.0.1.3 - Introduction to CGI

  7. Two examples of using GET and POST <HTML> <HEAD> <TITLE>Testing CGI</TITLE> </HEAD> <BODY> <FORM NAME=“Customer_id” ACTION = “myURL/survey.cgi” METHOD=“POST”> Your Name: <INPUT TYPE=“TEXT” NAME=“f_name”><BR> <INPUT TYPE=“SUBMIT” NAME=“send” VALUE=“Send Info”> <FORM> </BODY> </HTML> <HTML> <HEAD> <TITLE>Testing CGI</TITLE> </HEAD> <BODY> <FORM NAME=“weather_report” ACTION = “myURL/report.cgi” METHOD=“GET”> Weather Report: <INPUT TYPE=“RADIO” NAME=“city” VALUE=“Vancouver”>Vancouver<BR> <INPUT TYPE=“RADIO” NAME=“city” VALUE=“Burnaby”>Burnaby<BR> <INPUT TYPE=“RADIO” NAME=“city” VALUE=“Coquitlam”>Coquitlam<BR> <INPUT TYPE=“SUBMIT” NAME=“send” VALUE=“Get Info”> <FORM> </BODY> </HTML> 3.0.1.3 - Introduction to CGI

  8. GET vs POST • GET: • Most common http request. Used to retrieve information from the server, does not have a body – passes request inside URL • Clicking on hyperlink • typing location into browser URL box • clicking on bookmarks • POST: • Used to submit information which alters data on the server (passes the data through STDIN) • May be used for just retrieving information • Post more secure than GET because it doesn’t pass data inside URL and therefore, users can not modify this data: not true as it is legal to construct URLs and pass information with POST • The resources received via POST cannot be bookmarked or hyperlinked (and this is preferred behaviour) 3.0.1.3 - Introduction to CGI

  9. CGI.pm module: Why Perl? • Why Perl is good for writing CGI applications? • Multiple OS support • Interpreted language – no need to recompile • Great set of features (arguably the best reg. Expressions) • Short development time • May be used for full-scale backend support 3.0.1.3 - Introduction to CGI

  10. Namespace of your script and CGI.pm Use CGI qw(:standard); :cgi Import all CGI-handling methods, such as param(), path_info() and the like. :form Import all fill-out form generating methods, such as textfield(). :html2 Import all methods that generate HTML 2.0 standard elements. :html3 Import all methods that generate HTML 3.0 proposed elements (such as <table>, <super> and <sub>). :netscape Import all methods that generate Netscape-specific HTML extensions. :html Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' + 'netscape')... :standard Import "standard" features, 'html2', 'html3', 'form' and 'cgi'. :all Import all the available methods. For the full list, see the CGI.pm code, where the variable %EXPORT_TAGS is defined.Use CGI; 3.0.1.3 - Introduction to CGI

  11. Ways to generate HTML code: as always, more than one #!/usr/local/bin/perl -wT use strict; print HTML<<; <HTML> <HEAD><TITLE>Test HTML page</TITLE> </HEAD> <BODY> <H1>Some Really Huge Letters</H1> <BR> </BODY> </HTML> HTML Using here printing Or object-oriented CGI: #!/usr/local/bin/perl -wT use strict; use CGI; my $q = new CGI; print $q->header(”text/html”), $q->start_html(“Test HTML page”), $q->h1(“Some Really Huge Letters), $q->br, $q->end_html; 3.0.1.3 - Introduction to CGI

  12. Using CGI.pm: basic syntax • Standard HTML elements • Printing tags without closing tags: • Printing opening and closing tags: • Setting attributes for HTML element: print $q->br; <BR> print $q->p( “This is a paragraph”); print $q->p(“My homepage is”, $q->em($q->server_name)); <P>This is a paragraph</P> <P>My homepage is <EM>localhost</EM></P> print $q->a({-href => “/downloads”}, “Download Area”); <A HREF=“/downloads”>Download Area</A> 3.0.1.3 - Introduction to CGI

  13. Using CGI.pm: basic syntax • Printing Lists: • More complex example: <OL> <LI>First</LI> <LI>Second</LI> <LI>Third</LI> </OL> print $q->ol($q->li( [“First”,”Second”,”Third”] ) ); <TABLE BORDER=“1” WIDTH=“100%”> <TR> <TH BGCOLOR=“#cccccc”>Name</TH> <TH BGCOLOR=“#cccccc”>Occupation</TH> </TR> <TR> <TD>Frodo</TD> <TD>Hobbit</TD> </TR> <TR> <TD>Gandalf</TD> <TD>Wizard</TD> </TR> <TR> <TD>Gollum</TD> <TD>Frodo’s friend</TD> </TR> </TABLE> print $q->table( {-border => 1, -width => “100%” }, $q->Tr( [ $q->th( {-bgolor => “#cccccc” }, [“Name”, “Occupation” ] ), $q->td( [“Frodo”, ”Hobbit”] ), $q->td( [“Gandalf”, “Wizard”] ), $q->td( [“Gollum”, “Frodo’s friend”] ) ] ) ); 3.0.1.3 - Introduction to CGI

  14. CGI syntax allows to do new things easily • Expandability • This will produce the following nonstandard HTTP header: • HTTP/1.0 200 OK • Cost: Three smackers • Annoyance-level: high • Complaints-to: bit bucket • Content-type: text/html print $q->header(-type => 'text/html', -cost => 'Three smackers', -annoyance_level => 'high', -complaints_to => 'bit bucket'); 3.0.1.3 - Introduction to CGI

  15. Form tags in CGI.pm • Syntax for Forms in CGI is different from syntax for other elements • start_form <FORM> • end_form </FORM> • textfield <INPUT TYPE=“TEXT”> • password_field <INPUT TYPE=“PASSWORD”> • filefield <INPUT TYPE=“FILE”> • button <INPUT TYPE=“BUTTON”> • submit <INPUT TYPE=“SUBMIT”> • radio_group <INPUT TYPE=“RADIO”> • textarea <TEXTAREA> … my $q=new CGI; print $q->textfield(-name => ”username”, -default => “Anonymous” ); Generates: <INPUT TYPE=“TEXT” NAME=“username” VALUE=“Ananymous”> 3.0.1.3 - Introduction to CGI

  16. Tainted data • Examples: • Potentially dangerous things: $foo = @ARGV; $bar = $foo; $file = <FOO>; $foo = “Hello”; Tainted (came from outside) Tainted (because $foo is tainted) Tainted (obtained with <> operator) Ok, as we set $foo inside unlink $foo; open(FOO, “$foo”); exec “cat $foo”; exec “cat”, $foo; Insecure Ok as it is read-only access Insecure as it uses sub-shell Ok, as we do not use the shell 3.0.1.3 - Introduction to CGI

  17. Using Carp module: your scripts will leave a suicide note • Using Perl -T option: • -T option instructs Perl to monitor data for potential use in code, modifying something outside the script. Data considered to be tainted: • Command line arguments • File input • Various system calls • Environment variables • Carp module: • Catches fatal calls and shows the messages in the browser • Use CGI::Carp qw( fatalsToBrowser ); 3.0.1.3 - Introduction to CGI

  18. Complaining in your browser window • No Carp: • [an error occurred while processing this directive] • Internal Server Error • If you did not expect this error contact our webmaster. This error is due to either a script or server misconfiguration. • [an error occurred while processing this directive] • With CGI::Carp qw(fatalsToBrowser): • Software error: • syntax error at /usr/local/web/apache/cgi-bin/intranet/people/pruzanov/quicktests/test2.cgi line 15, near "Name:" • Execution of /usr/local/web/apache/cgi-bin/intranet/people/pruzanov/quicktests/test2.cgi aborted due to compilation errors. • For help, please send mail to the webmaster (webmaster@bcgsc.ca), giving this error message and the time and date of the error. 3.0.1.3 - Introduction to CGI

  19. Getting values into script: param() • Source of a test.cgi script: • param() takes an id for variable and returns the value of this variable #!/usr/bin/perl -wT use strict; use CGI qw(:standard); use CGI::Carp qw(fatalsToBrowser); print header; print start_html(-title=>"Testing CGI"); print "Your name is ".param('Y_name')."\<BR\>"; print end_html; 3.0.1.3 - Introduction to CGI

  20. Say Hello to World Source of form_test.html: Output: • <html> • <head> • <title>Form Tester</title> • </head> • <body> • <br> • <form name="test" action="../cgi-bin/quicktests/test.cgi" method="POST"> • Enter Your name: • <input type="TEXT" name="Y_name" value="Enter Your name"> • <br> • <br> • <input type="SUBMIT" name="Send_it" value="Send"> • </form> • </body> • </html> Note that we are using POST here. GET, however, will work in this situation just as well 3.0.1.3 - Introduction to CGI

  21. Using cgi to process HTML form • CGI.pm at work: Here we are typing in some name At this point we are pressing ‘Send’ 3.0.1.3 - Introduction to CGI

  22. Self-processing script That is what we see when the script first starts • Doing it all at once in one place: #!/usr/bin/perl -wT use strict; use CGI qw(:standard); use CGI::Carp qw(fatalsToBrowser); print header; print start_html(-title=>"Testing CGI"); if(my $name = param('Y_name')){ print "Your name is ".$name."\<BR\>"; }else{ print start_form(-name =>"test", -action=>"", -method=>"post"), textfield(-name =>"Y_name", -default=>"Enter Your name"), submit(-name =>"Send_it", -value=>"Send"), end_form; } print end_html; That is what we see when we pass a name to THE VERY SAME script 3.0.1.3 - Introduction to CGI

  23. HTML code produced by .cgi scripts: • Output from test2.cgi: • What we see in a browser: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US"><head> <title>Testing CGI</title> </head> <body> <form method="post" action="" enctype="application/x-www-form-urlencoded" name="test"> Enter Your Name:<input type="text" name="Y_name" /> <br /> <input type="submit" name="Send_it" value="Send" /> <div></div> </form> </body> </html> 3.0.1.3 - Introduction to CGI

  24. 3.0.1.3 Introduction to CGI – Session 1 • Common gateway interface • CGI.pm usage: • use POST to change data on a server • use GET to get the data • strict and Carp are good for CGI • monitor your data with -T 3.0.1.3 - Introduction to CGI

More Related