270 likes | 412 Vues
Internet / Intranet Spring 2000. Class 8 Perl / CGI Scripting. Class 8 Agenda. Homework Discussion : Milestone #3 Presentations CGI Scripting Perl Telnet / UNIX Lab Work Telnet Basic UNIX Perl. CGI / Scripting. Scripts are Programs Run By the Server CGI – Common Gateway Interface
E N D
Internet / IntranetSpring 2000 Class 8 Perl / CGI Scripting
Class 8 Agenda • Homework Discussion : Milestone #3 • Presentations • CGI Scripting • Perl • Telnet / UNIX • Lab Work • Telnet • Basic UNIX • Perl Brandeis University Internet/Intranet Spring 2000
CGI / Scripting • Scripts are Programs Run By the Server • CGI – Common Gateway Interface • Methodology For Server/Script Communication • Can Be Written in Any Language Supported By the Server • UNIX Origins • PERL is Most Common • Script Output is Returned to the Browser • Alternative Methodologies Exist • CGI is the Most Portable • PERL – Practical Extraction and Reporting Language • UNIX Based Scripting Language • Ported to Multiple Platforms • How Does Browser Know to Execute a Program? • Program is in a Script Directory • Typically cgi-bin (Apache) • Or By Extension (e.g. .pl, .cgi) • Scripts Must Have Executable Permissions Brandeis University Internet/Intranet Spring 2000
Scripting Features • Scripts Can Have Input Parameters • Passed as Part of URL : ? Argument (Query String) • Special Characters Passed as % Ascii Hex Values • Name/Value Pairs : Separated by & • Variable • Passed in HTTP Header • Name/Value Pairs • Method = Post • HTML Forms • Passed in Cookies • Netscape Origins, Now Widely Adopted • Name/Value Pairs Associated With a URL • Stored on Client Computer • Users May Turn off Cookies • Scripts Must Be Aware of How Parameters are Being Passed • Different Methodology to Access Each Method • Parameters Also Used to Maintain State Information • Help Track a “Session” Brandeis University Internet/Intranet Spring 2000
Scripting Issues • Security Concerns • No Limits on What CGI Scripts May Access • Potential to Execute Any System Command • Hacker Can Cause Serious and Unforeseen Problems • Potential to Affect More Than Just Your Web Site • Many ISP’s Limit CGI Capabilities • Performance Concerns • CGI Scripts are Run as a Standalone Process • E.g. Interpreter is Loaded and Initialized Each Time • Alternative to Posting Forms • Mailto Option Brandeis University Internet/Intranet Spring 2000
Perl • Why Should I Learn Perl? • S/W Engineers Need to Be Adept at Picking Up New Languages • Need a “Comfort Level” of Expertise • Ability to Write Basic Code • Ability to View/Modify Existing Code • Ability to Learn More as Needed • Develop Reference “Library” • Develop “Guru” Network • Large Public Archives of Perl Scripts • Perl Basics • Interpreted • Originally Used Primarily By UNIX Sys-Admins • “Public Domain” • The preferred language for CGI Scripts • PERL is Relatively Portable • Activestate ActivePerl (Windows / IIS) • UNIX specific scripts dominate (Uses UNIX O/S Commands) Brandeis University Internet/Intranet Spring 2000
Perl 101 • C-like • Lines end with ; • Syntax of Print statement is very similar • Pointers and indirection • VB-like • Untyped (except for arrays) • Associative arrays • UNIX-like • “Tricks” • e.g. $a = <> retrieves a line of input from stdin • support for regular expressions • doublequotes vs. singlequotes • all examples must contain foo • Perl-Like • Variables begin with $ • Comments begin with # • Subroutines Begin with & • Associative Arrays Begin with % Brandeis University Internet/Intranet Spring 2000
Perl 102 • Powerful Features • Can run “command line” commands on O/S (system, `xxx`) • Can create code on the fly (eval) • Subroutine Libraries • Powerful Features Make it a Target of Hackers • Print is the Most Important Command • Generate HTML Using Print Statements • print “text to print \n” • Don’t forget carriage returns: \n • First Line: #! /usr/local/bin/perl • Output has Mime content-type as first line, blank line • print “Content-type: text/html \n\n”; Brandeis University Internet/Intranet Spring 2000
A Simple Perl Example #! /usr/local/bin/perl # First Perl $myname=“Evan”; print <<END; Content-type: text/html <HTML> <HEAD> <TITLE> </TITLE> </HEAD> <BODY> END print “<H1>This is $myname ’s Test Perl Script.</H1>\n”; print “<H2>Hello World</H2>\n”; print “</BODY>\n”; print “</HTML>\n”; Brandeis University Internet/Intranet Spring 2000
Class Exercise: First Perl • Save This Locally as perl1.pl • Open a Command Prompt: • perl.exe perl1.pl • Once You Are Satisfied With the HTML Produced • Upload This via FTP to public_html/cgi-bin in your ShoreNet Account • Remember to Transfer this In ASCII Mode! • Give the Script Execute Permissions For All • Right Button Click / chmod in WS_FTP • http://shell3.shore.net/~brinetxx/cgi-bin/perl1.pl Brandeis University Internet/Intranet Spring 2000
Advanced Exercise • Create a Script Like the One in Stein p.481 • Typo: for each should be foreach • Put it On Your Web Site • Remember to Give the Script the Appropriate Permissions • OPTIONAL Homework: Install a Perl Interpreter On Your Local Machine • Read Stein Chapter 9. Skim Chapter 8. Brandeis University Internet/Intranet Spring 2000
Telnet • Telnet is a Remote Login Protocol • Terminal Emulation • All Processing Occurs on Host • Command Line Interface • Port 23 • Used Extensively for UNIX Machines / Multiuser Systems • Why Do We Care? • Remote Administration of Web Site • Configuring Web Servers, Setting Permissions Brandeis University Internet/Intranet Spring 2000
Sample Telnet Session telnet world.std.com Trying 192.74.137.5... Connected to world.std.com. Escape character is '^]'. UNIX System V.4 (world) login: evan Password: xxxxx Last login: Sun Jan 23 16:03:36 from fxtc2-c.std.com Welcome to The World! A 24 x 250MHZ CPU 2.5GB SGI Challenge XL world% DNS Resolves the Name to an IP Address Found the Telnet Server at This IP Address Host Information Login Successful UNIX Command Prompt Brandeis University Internet/Intranet Spring 2000
UNIX - Background • UNIX Developed at AT&T Bell Labs – 1969 • Multi-User / Multi-Tasking • Many Other Proprietary Operating Systems Existed • Schools Adopted UNIX as “Teaching” Environment • Schools Made Significant Additions and Changes • Standardization Efforts • Culture of Sharing / Helping / Working Together • Free Software Foundation, etc. • Put Source-Code in Public Domain • Many Other “Free” Add-Ons / Extensions • LINUX UNIX Expects Technical Competence Brandeis University Internet/Intranet Spring 2000
UNIX File Structure • Forward Slashes (/) to Separate Filenames, Directories • Case Sensitive File Names • Windows is Not • No Limit on Filename Size / Extensions • Extensions are by Convention • Root is “/” • User Home Directory is: “~/” • Symbolic Links / Aliases • Directories Can Be Spread Over Multiple Drives • Can Create Non-Hierarchical Structure • File Permissions • Read, Write, Execute • Separate Permissions for Owner, Group, All • Directories are Special Cases of Files • Execute Permissions = Able to Browse Directory Brandeis University Internet/Intranet Spring 2000
Common Basic UNIX Commands • pwd : List the current working directory • More filename : List the Contents of a File • ls : Lists the files in a directory • ls –l • Permissions: drwxrwxrwx • d – If this is a directory • r,w,x – Read, Write, Execute • Owner, Group, Public • Owner, Filesize, Timestamp, Filename • cd – change directory • cd ~/ • Change to Your Root Directory • chmod • Changes Permissions • Don’t Use This Command Until You’re Sure About It • Can Open Up Serious Security Holes Brandeis University Internet/Intranet Spring 2000
More Unix Commands • man command • UNIX help • e.g. man ls • cat filename • List a file • command | more • All Output can be “piped” to Display one Screen at a Time • e.g. cat filename | more • Carriage return – next page • q – quit • cp path1 path2 • Copy a File • mv path1 path2 • Move a File. Useful for Renaming a file Brandeis University Internet/Intranet Spring 2000
The UNIX chmod Command • “UNIX” Mode • chmod abc filename • Where a,b,c are digits from 0 to 7 (Bit Mask) • 4 – Read, 2 – Write, 1 – Execute • a – owner, b – group, c- others • e.g. chmod 711 myscript.cgi • Sets permissions on file myscript.cgi so that: • It is readable, writable, and executable by owner • It is executable by all others. • An “Easier” Way • chmod u=rwx,g=x,o=x • u – owner (user), g – group, o – other (Not Owner!) • r – read, w –write, x – execute Brandeis University Internet/Intranet Spring 2000
A Caveat • UNIX Culture – Developer Oriented • Read Access Often Given For Non-Confidential Files • User Responsibility to Not Abuse It • Be Respectful When Not in Your User Directory Brandeis University Internet/Intranet Spring 2000
Lab Work: Telnet • From a command prompt type: telnet • Connect/Remote System • Host Name: users.shore.net • Login: brinetxx [Your Shorenet Login] • Password: [Your Shorenet password] • ls –l • cd public_html • ls –l • cd bin • chmod perl1.pl 600 • Try to access the Script Now • chmod perl1.pl 755 • ls -l • cd ~/ • ls –l • logout Brandeis University Internet/Intranet Spring 2000
Reference Material • CGI / PERL • Stein Chapter 9 • http://www.activestate.com/ActivePerl • Freeware ActivePerl Interpreter For Microsoft Platforms • http://www.shore.net/techtalk/referenceold/cgi.html • ShoreNet’s CGI Reference Page • http://www.webdeveloper.com/cgi-perl • CGI/Perl Portal • http://agora.leeds.ac.uk/Perl/start.html • A Perl tutorial • http://worldwidemart.com/scripts/ • Free CGI Scripts (Matt’s Script Archive) Brandeis University Internet/Intranet Spring 2000
Processing Forms – The Server Side • Target of Forms is Usually a CGI Script • Script Requirements • 1. Parse the Data • 2. Process the Data • 3. Return Data to the User • Raw HTML or Another Form • Data Flow Options • Each Script Handles a Specific Form • Form in Plain HTML • Script in Perl • One Script Handles Multiple Forms • Selects Action Based on Data Passed In • All in Perl Brandeis University Internet/Intranet Spring 2000
Scripting – Parsing Data • GET vs. PUT • Each Requires Different Logic • Parsing is Not Trivial • All Parameters Passed in On One Line • Each Name/Value Pair Separated by & • Name Separated From Value by = • Special Character Encoding Complicates It • E.g. Value May Contain &,= • Error Handling • Typically Use a Library to Parse Data • Public Domain • Cgi.pm – Perl5 Object Oriented • Used by Stein • Cgi-lib.pl – Basic Perl • Used by Schapiro • Others Brandeis University Internet/Intranet Spring 2000
CGI-LIB • http://cgi-lib.berkeley.edu/ • Using This Library in Perl • Download Library From Website • Version 2.18 – Latest Version • More Robust • Supports Saving File Uploads as Files • Version 1.14 – Easier to Understand • Use This Version to Understand cgi-lib Code • Install it in cgi-bin Directory • Perl Code: • require (“cgi-lib.pl”); • &ReadParse(); • More Perl Info • require – Includes Another File • %varname – Associative Arrays • Use Braces {} to Index, $ prefix • e.g. $varname { ‘keyname’ } Brandeis University Internet/Intranet Spring 2000
ReadParse Subroutine in cgi-lib • ReadParse Subroutine • Reads in Both Get and Put Data • Converts Encoding to Plain Text • Puts Key/Value Pairs in %in • %in is an Associative Array • To Access a Value: • $in { ‘keyname’ } • To Access Each Key/Value Pair foreach $keyname (sort keys (%in)) print “$keyname $in {$keyname }; } Example Brandeis University Internet/Intranet Spring 2000
In Class Exercise • Modify Last Weeks Script to Accept User Name via a Form • Step 1: Install cgi-lib in Your bin Directory • Make Sure to Set Permissions Correctly • Step 2: Make a Copy of perl1.pl • Name it perl2.pl • Step 3: Edit perl2.pl • Add these lines: require (“cgi-lib.pl”); &ReadParse(); • Replace $myname=‘xxx’; with $myname = $in { ‘username’ }; • Copy it to Your Shorenet cgi-bin directory Brandeis University Internet/Intranet Spring 2000
In Class Exercise (2) • Step 4: Create a Simple Form To Accept User Name <html><head></head><body> <form method=“post” action=http://users.shore.net/~brinetxx/cgi-bin/perl2.pl> Enter name: <input type=“text” name=“username” value=“default”><br> <input type=“submit” Value=“submit”> </form> </body></html> • Copy it to Your Shorenet Public_html Directory • Step 5: Try It! • When You Are Done • Review Sample Scripts / Demos Brandeis University Internet/Intranet Spring 2000