1 / 112

CGI Programming

CGI Programming. The Common Gateway Interface (CGI) Generic script ... Client-server interaction ... Accessing Form Input ... Output from the Common Gateway Interface Forms and CGI Server Side Includes Hypermedia Documents Advanced forms and gateways ... Advanced Form Applications

orlando-wolf
Télécharger la présentation

CGI Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CGI Programming • The Common Gateway Interface (CGI) • Generic script ... • Client-server interaction ... • Accessing Form Input ... • Output from the Common Gateway Interface • Forms and CGI • Server Side Includes • Hypermedia Documents • Advanced forms and gateways ... • Advanced Form Applications • Multiple Form Interaction

  2. The Common Gateway Interface (CGI) • What Is CGI? ... • CGI Applications ... • Some Working CGI Applications ... • Internal Workings of CGI ... • Configuring the Server ... • Programming in CGI ... • CGI Considerations ...

  3. What Is CGI? ... • Communicate with other programs on server • Pass data to program • Process data • Response back to browser • Model ...

  4. Model ... • Browser server application

  5. CGI Applications ... • Interactive • User ask questions, run app's • Forms ... • Gateways ... • Virtual documents ...

  6. Forms ... • Subset of HTML • User supply information • Graphical widgets for form creation • Radio buttons, text fields, checkboxes, selection lists • Submit button send info to server • Execute program associated with form • Back-and-forth interaction

  7. Gateways ... • Programs/scripts • Access info not readable by client • E.g., SQL queries to read database ... • E.g., Archie, WAIS, any other Internet info service • Use forms to query, search • Retrieve & display dynamic, virtual documents

  8. Virtual documents ... • Create on the fly; response to info query • HTML, plain, image, audio • Simple example ... • More sophisticated example: Art gallery ...

  9. Simple example ... • Welcome to IVPR's WWW Server! • You are visiting from cs.uml.edu. The load average on this machine is 1.25. • Happy navigating! • Dynamic information

  10. More sophisticated example: Art gallery ... • Form for user info • Search field for user-searches • E-mail/store form info • Response • Image of requested painting w/info on painting • Form w/ image processing options • Or message: doesn't exist

  11. Some Working CGI Applications (old) ... • Lycos: www.lycos.com • Coloring book: www.ravenna.com/coloring • ArchiePlex gateway: http://pubweb.nexor.co.uk/public/archie/archieplex/archieplex.html • Guestbook with world map: www.cosy.sbg.ac.at/rec/guestbook • Japanese <-> English dictionary: www.wg.omron.co.jp/cgi-bin/j-e?SASE=jfield.html • or http://enterprise/ic.gc.ca/cgi-bin/j-e

  12. Internal Workings of CGI ... • Programs in cgi-bin, w/ certain file extensions (usually) • User open URL ==> client sends request to server, ask for file • Server tries to execute program in file • E.g., ... • Program gets input from STDIN ... • Program sends output on STDOUT ... • Out directly to client or via server ...

  13. E.g., ... • GET /cgi-bin/welcome.pl HTTP/1.0 • Accept: www/source • Accept: text/html • Accept: image/gif • User-Agent: Lynx/2.4 libwww/2.14 • From: haim@cs.uml.edu • All files in cgi-bin recognized as programs • Data formats accepted by client

  14. Program gets input from STDIN ... • + UNIX environment variables • Input search string, format, length, remote host & user, other client info, server name, comm. protocol, server sw

  15. Program sends output on STDOUT ... • Program creates output/gives URL of existing • Send as data stream • HTTP header (at least format - HTML, plain text, gif, ) • Blank line (= end of header) • Body (data in appropriate format - not modified by server)

  16. Out directly to client or via server ... • If complete HTTP header ==> directly to client • OW, to server • Adds complete header info • Sends to client using HTTP protocol • E.g., with complete header ... • E.g., with partial header ...

  17. E.g., with complete header ... HTTP/1.0 OK Date: Tuesday, 9-April-96 11:37:00 GMT Server: NCSA/1.4.2 MIME-Version: 1.0 Content-type: text/html Content-length: 2000 <HTML> <HEAD><TITLE>Welcome to IVPR's WWW Server!</TITLE></HEAD> <BODY> <H1>Welcome!</H!> . . </BODY> </HTML>

  18. E.g., with partial header ... Content-type: text/html <HTML> <HEAD><TITLE>Welcome to IVPR's WWW Server!</TITLE></HEAD> <BODY> <H1>Welcome!</H!> . . </BODY> </HTML>

  19. Configuring the Server ... • ServerRoot • /usr/local/etc/httpd (in httpd.conf) • ScriptAlias • /cgi-bin/ /usr/local/etc/httpd/cgi-bin • E.g., http://domain/cgi-bin/welcome <--> /usr/local/etc/httpd/cgi-bin/welcome • Can have multiple CGI script directories • Can run programs anywhere (dangerous!) ...

  20. Can run programs anywhere (dangerous!) ... • AddType • application/x-httpd-cgi .pl .sh .cgi • In srm.conf ==> exec files w/ given extensions

  21. Programming in CGI ... • Which programming language? Features ... • AppleScript (Mac only) ... • C/C++ (UNIX, Mac, Windows) ... • C shell (UNIX only) ... • Tcl (UNIX only) ... • Visual Basic (Windows only) ... • Perl (UNIX, Mac, Windows) ...

  22. Which programming language? Features ... • Ease of text manipulation • Interface w/other sw libs and utilities • Access environment variables (in UNIX)

  23. AppleScript (Mac only) ... • Integral part of MacOS 7.5 + • No inherent pattern matching • Extensions • Interface w/ other Mac app's through AppleEvents • E.g., present form to user, decode contents, query & search Microsoft FoxPro database

  24. C/C++ (UNIX, Mac, Windows) ... • No database extensions • No inherent pattern matching • Modules/function • +: Compiled

  25. C shell (UNIX only) ... • No pattern matching • ==> Must use e.g., sed or awk • uncgi sw tool (in C) • Decode form data + store in shell envi. vars. • No direct database access • Bugs & limitations

  26. Tcl (UNIX only) ... • Shell, tcsh • Simple constructs, a little more diff. than Perl • Extensions to database and graphic libs. • Supports regular expressions • Insufficient handling at compile time

  27. Visual Basic (Windows only) ... • Communicate with other Windows programs • No string manipulations

  28. Perl (UNIX, Mac, Windows) ... • Most widely used • Highly portable • Powerful string manipulation op's, functions for binary data • Simple, concise constructs • Easy calling shells, equivalents of UNIX systems functions • Extensions (e.g., oraperl for Oracle) • Perl primer ...

  29. CGI Considerations ... • Data readable by client? • Text/HTML ok • Others: need gateway to translate • How to present? • E.g., Graphics, plots

  30. Generic script ... • 1. Print header w/ Content-type declaration • 2. Print start of HTML doc. • 3. Try to get query string • 4. No string ==> user's 1st access • Create searchable doc. w/ <ISINDEX> or <FORM> • 5. Query string: create doc w/ result of request / ack request processed • 6. Print end of HTML doc, inc. signature • 7. Exit • skeleton.pl

  31. Client-server interaction ... • Input to the Common Gateway Interface

  32. Input to the Common Gateway Interface • Introduction ... • Using Environment Variables ...

  33. Introduction ... • In CGI environment variables • Info about client, server, user • Form data from user • In environment variable / body of request • Add'l pathname info

  34. Using Environment Variables ... • List of CGI Environment variables • Perl: %ENV associative array • Example: About this server ... • Example: Check the client browser ... • Restricting access for specified domains ... • User authentication and identification ... • Where did you come from? ...

  35. Example: About this server ... about_this_server.pl Typical output <HTML> <HEAD><TITLE>About this Server</TITLE></HEAD> <BODY><H1>About this Server</H1> <HR><PRE> Server Name: cs.uml.edu Running on Port: 80 Server Software: NCSA/1.4.2 Server Protocol: HTTP/1.0 CGI Revision: CGI/1.1 <HR></PRE> </BODY></HTML>

  36. Example: Check the client browser ... • check_browser.pl

  37. Restricting access for specified domains ... • Different documents for internal, external users • restrict_domain.pl

  38. User authentication and identification ... • Access restricted • Need user name & password • Unencrypted: DON'T use real • Server passes in REMOTE_USER env. var. • Identify users ...

  39. Identify users ... • $remote_use = $ENV{'REMOTE_USER'}; • if ($remote_user eq "haim") { • print "Who are you?", "\n" • } elseif ($remote_use eq "john") { • print "Hi John." "\n"; • }

  40. Where did you come from? ... • Last URL you were before coming here • HTTP_REFERER env. var. (from client) • referer.pl • Not all browsers set var. • Not set for first server accessed • Meaningless if accessed from bookmark / straight typing of URL • ==> Not entirely accurate

  41. Accessing Form Input ... • Form interaction with CGI ... • Query strings ... • Simple form ... • GET and POST methods ... • Encoded data ... • Extra Path Information ... • Other Languages Under UNIX • Other Languages Under Microsoft Windows • Other Languages on Macintosh Servers • Examining Environment Variables

  42. Form interaction with CGI ... • Browser Server Application

  43. Query strings ... • http://domain/cgi-bin/program?query-string • Call program • Store query-string (after ?) in QUERY_STRING • E.g., name.pl • http://domain/cgi-bin/name.pl?fortune • http://domain/cgi-bin/name.pl?finger • http://domain/cgi-bin/name.pl • Security warning ...

  44. Security warning ... • Caution not to execute system commands • NEVER: print `$query_string`; • E.g., rm -fr / • ==> delete everything

  45. Simple form ... • Form: simple_form.html • Script: unix.pl (GET version) • GET method ==> • All form data in URL ==> • Can also access directly • http://domain/cgi-bin/unix.pl?command=fortune • Same result as with form

  46. GET and POST methods ... POST: server sends data to program as input stream <FORM ACTION="unix.pl" METHOD="POST"> ==> Request POST /cgi-bin/unix.pl HTTP/1.0 . (header) . Content-length: 15 command=fortune unix.pl (POST version, both version)

  47. Encoded data ... • GET ==> form info as part of URL • ==> No spaces, special character • ==> Encoding • HTML form ... • Clients issues request ...

  48. HTML form ... • birthday.html • <HTML> • <HEAD><TITLE>When's your birthday?</TITLE></HEAD> • <BODY> • <H1>When's your birthday?</H1> • <HR> • <FORM ACTION="birthday.pl" METHOD="POST"> • Birthday (in the form of mm/dd/yy): <INPUT TYPE="text" NAME="birthday" SIZE=40> • <P> • <INPUT TYPE="submit" VALUE="Submit Form!"> • <INPUT TYPE="reset" VALUE="Clear Form"> • </FORM> • <HR> • </BODY> • </HTML>

  49. Clients issues request ... Enter: 08/30/53 POST /cgi-bin/birthday.pl HTTP/1.0 . . (information) . Content-length: 21 birthday=08%2F30%2F53 Decode "%2F" to "/” Program: birthday.pl ...

  50. Program: birthday.pl ... #!/usr/local/bin/perl $size_of_form_information = $ENV{'CONTENT_LENGTH'}; read (STDIN, $form_info, $size_of_form_information); $form_info =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg; ... ($field_name, $birthday) = split (/=/, $form_info); print "Content-type: text/plain", "\n\n"; print "Hey, your birthday is on: $birthday. That's what you told me, right?", "\n"; exit (0);

More Related