Advanced CGI Scripts. personalized web browsing using cookies: count number of visits. secure hash algorithm using cookies for login data the scripts

Size: px

Start display at page:

Download "Advanced CGI Scripts. personalized web browsing using cookies: count number of visits. secure hash algorithm using cookies for login data the scripts"

Donna Beasley
6 years ago
Views:

1 Advanced CGI Scripts 1 Cookies personalized web browsing using cookies: count number of visits 2 Password Encryption secure hash algorithm using cookies for login data the scripts 3 Authentication via login to your mailbox sending an MCS 275 Lecture 35 Programming Tools and File Management Jan Verschelde, 7 April 2017 Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

2 Advanced CGI Scripts 1 Cookies personalized web browsing using cookies: count number of visits 2 Password Encryption secure hash algorithm using cookies for login data the scripts 3 Authentication via login to your mailbox sending an Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

3 Personalized Web Browsing more clever cgi scripts Storing information about a client: 1 previous selections made passing data from one script to another 2 personal information identification and passwords 3 information from previous visits counting number of visits Potential applications: 1 customize displayed content 2 store encrypted password for fast access 3 personalized pricing... Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

4 cookies store information about client Cookies are data stored by web server on client computer, managed by the browser. Using the cookies module: >>> from http import cookies >>> c = cookies.simplecookie() >>> c[ L ] = 35 >>> c[ data ] = Fri 7 Apr 2017 >>> print(c) Set-Cookie: L=35 Set-Cookie: data="fri 7 Apr 2017" Cookies are objects like dictionaries. Reserved keys: expires and path. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

5 computing with cookies To compute with values stored in cookies: The value of cookie is the attribute value. The type of the value is a string. To update the number of visits stored in the cookie cnt: >>> from http import cookies >>> cnt = cookies.simplecookie() >>> cnt[ visits ] = 0 >>> cnt[ visits ] <Morsel: visits=0> >>> cnt[ visits ].value 0 >>> cnt[ visits ] = str(1 + int(cnt[ visits ].value)) >>> cnt[ visits ].value 1 A simple cookie stores all data as strings. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

6 the environment variable HTTP_COOKIE We can initialize a cookie with keys and values: >>> from http.cookies import SimpleCookie >>> c = SimpleCookie( x=1; y=2 ) >>> c[ x ].value 1 >>> c[ y ].value 2 The environment variable HTTP_COOKIE is set by the web server. When we rerun a web page the cookies are retrieved as follows: >>> from os import environ >>> environ[ HTTP_COOKIE ] = z = 3 >>> d = SimpleCookie(environ[ HTTP_COOKIE ]) >>> d[ z ].value 3 Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

7 Advanced CGI Scripts 1 Cookies personalized web browsing using cookies: count number of visits 2 Password Encryption secure hash algorithm using cookies for login data the scripts 3 Authentication via login to your mailbox sending an Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

8 using cookies We use a cookie to count the number of visits. Write a script to 1 retrieve cookie, initialize counter to zero, 2 or increment the value of counter by one, 3 and display counter value on the page. The name of the script is cookie_counter.py. 1 We can run the script with myserver.py of Lecture The browser settings must accept cookies. Note: each browser has its own cookies. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

9 running cookie_counter.py Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

10 code for cookie_counter.py #!/usr/bin/python import os from http.cookies import SimpleCookie def increment(): Retrieves cookie, either initializes counter, or increments the counter by one. if HTTP_COOKIE in os.environ: cnt = SimpleCookie(os.environ[ HTTP_COOKIE ]) else: cnt = SimpleCookie() if visits not in cnt: cnt[ visits ] = 0 else: cnt[ visits ] = str(1 + int(cnt[ visits ].value)) return cnt Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

11 the main() in cookie_counter.py def main(): Retrieves a cookie and writes the value of counter to the page, after incrementing the counter. counter = increment() print(counter) print("content-type: text/plain\n") print("counter: %s" % counter[ visits ].value) main() Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

12 Advanced CGI Scripts 1 Cookies personalized web browsing using cookies: count number of visits 2 Password Encryption secure hash algorithm using cookies for login data the scripts 3 Authentication via login to your mailbox sending an Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

13 Secure Hash Algorithm for password encryption We can use cookies for login names and passwords. If passwords are unencrypted, then insecure. Secure hash algorithm: 1 computationally infeasible to compute inverse is trapdoor function 2 very low collision rate very low chance that two different messages will generate the same key Server encrypts password before sending to client. Authentication by comparing encrypted passwords. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

14 using the hashlib module >>> from hashlib import sha1 >>> m = this is me >>> h = sha1(m.encode()) >>> h <sha1 HASH 0x1019a53f0> >>> h.hexdigest() 99cf08cddcc3ae19fae7ec8f53f b11406 Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

15 Advanced CGI Scripts 1 Cookies personalized web browsing using cookies: count number of visits 2 Password Encryption secure hash algorithm using cookies for login data the scripts 3 Authentication via login to your mailbox sending an Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

16 Login Forms with cookies to remember data Accessing cookie_login.py for the first time: 1 user submits login name and password, 2 submitted data processed by cookie_userpass.py, 3 cookie stores login name and encrypted password. Connecting to cookie_login.py a second time: 1 cookie is retrieved, 2 login name is displayed if not empty, 3 user must type no password if in cookie. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

17 Advanced CGI Scripts 1 Cookies personalized web browsing using cookies: count number of visits 2 Password Encryption secure hash algorithm using cookies for login data the scripts 3 Authentication via login to your mailbox sending an Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

18 script cookie_login.py #!/usr/bin/python import cgitb cgitb.enable() from http.cookies import SimpleCookie from os import environ def main(): Form to process login. clp = get_cookie() print(clp) print("content-type: text/html\n") print("<html><body>\n") ask_name(clp) print("</body></html>\n") Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

19 the function get_cookie() def get_cookie(): Retrieves cookie, and initializes it. if HTTP_COOKIE in environ: sim = SimpleCookie(environ[ HTTP_COOKIE ]) else: sim = SimpleCookie() if login not in sim: sim[ login ] = sim[ passw ] = return sim Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

20 the function ask_name() first part def ask_name(cki): Form to enter user name, using cookie cki to show user name. print(<form method = "post" action = "cookie_userpass.py"> ) vlog = cki[ login ].value vpas = cki[ passw ].value values of v and w determine what will be asked from the user. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

21 ask_name() continued if vlog == : print(<p> Login Name: <input type = "text" name = "login" size = 20>) else: print(<p> Login Name: <input type = "text" name = "login" size = 20 value = %s> % vlog) if vpas == : print(<p> Password: <input type = "password" name = "passw" size = 20>) print( <input type = "submit" value = "submit"> </form>) Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

22 script cookie_userpass.py #!/usr/bin/python import cgi def main(): Form to process login. form = cgi.fieldstorage() cki = get_cookie(form) print(cki) print("content-type: text/html\n") print("<html><body>\n") error = process_name(form) if not error: process_pass(cki) print("</body></html>\n") Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

23 the function get_cookie() def get_cookie(form): Retrieves cookie and uses form to update. if HTTP_COOKIE in environ: sim = SimpleCookie(environ[ HTTP_COOKIE ]) else: sim = SimpleCookie() if login in sim: if login in form: sim[ login ] = form[ login ].value if passw in sim: if passw in form: vpw = form[ passw ].value data = sha1(vpw).hexdigest() sim[ passw ] = data return sim Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

24 processing the name def process_name(form): Processes name of login form. Returns True if error, else False. error = False try: name = form[ login ].value except KeyError: print("please enter your name") error = True if not error: print( welcome + name + \n ) return error Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

25 processing password def process_pass(cki): Processes password of login form, stored in the cookie. print("<p>your password is ") print(cki[ passw ].value) instead of printing the password, compare against password on file. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

26 Advanced CGI Scripts 1 Cookies personalized web browsing using cookies: count number of visits 2 Password Encryption secure hash algorithm using cookies for login data the scripts 3 Authentication via login to your mailbox sending an Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

27 connecting to gmail The Simple Mail Transfer Protocol (SMTP) is an internet standard for transmission In Python we can send using smtplib. To connect to the gmail server: >>> from smtplib import SMTP >>> s = SMTP( smtp.gmail.com, 587) >>> s.starttls() (220, b Ready to start TLS ) The Transport Layer Security (TLS) protocol provides data encryption for socket based communication. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

28 the script auth.py from smtplib import SMTP from getpass import getpass try: SERVER = SMTP(host= mail.uic.edu, port=25) RESULT = SERVER.starttls() print(result) except: print( Failed to connect to the server. ) Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

29 the script auth.py continued SUCCESS = False USER = input( Type your UIC netid : ) USER = USER for _ in range(3): # allow for three attempts PASW = getpass( Type your UIC password : ) try: RESULT = SERVER.login(USER, PASW) print(result) SUCCESS = True break except: print( Login failed, please try again. ) Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

30 Advanced CGI Scripts 1 Cookies personalized web browsing using cookies: count number of visits 2 Password Encryption secure hash algorithm using cookies for login data the scripts 3 Authentication via login to your mailbox sending an Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

31 first connect to the server HOSTNAME = mail.uic.edu PORTNUMBER = 25 from smtplib import SMTP from .mime.text import MIMEText from getpass import getpass def authenticate(hostname, portnumber): Returns the server and the address of the user, after a successful authentication, otherwise None is returned. try: server = SMTP(host=hostname, port=portnumber) result = server.starttls() except: print( Failed to connect to the server. ) Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

32 logging in success = False user = input( Type your UIC netid : ) user = user for _ in range(3): # allow for three attempts pasw = getpass( Type your UIC password : ) try: result = server.login(user, pasw) success = True break except: print( Login failed, please try again. ) if success: print( You are authenticated via UIC . ) return server, user else: print( Authentication via UIC failed. ) return None Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

33 the function main() def main(): First we authenticate and then we send the . srvusr = authenticate(hostname, PORTNUMBER) if srvusr!= None: server, user = srvusr ret = sendan (server, user) if ret == {}: print( The message was accepted for delivery. ) else: print( The message was rejected for delivery. ) print(ret) Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

34 composing the message MIME (Multipurpose Internet Mail Extensions) is an internet standard to extend the format of . In Python, .mime.text represents text/* type MIME documents. >>> from .mime.text import MIMEText >>> msg = MIMEText( This is a test. ) >>> msg[ Subject ] = hello >>> msg[ To ] = someuser@gmail.com >>> print(msg.as_string()) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: hello To: someuser@gmail.com This is a test. >>> Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

35 sending an def sendan (server, user): Prompts the user for a destination, subject and a message body. dest = input( Give the destination address : ) subj = input( Give the subject : ) body = input( Give the message : ) msg = MIMEText(body) msg[ Subject ] = subj msg[ To ] = dest result = server.sendmail(user, dest, msg.as_string()) return result Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

36 register and activate an account The registration/activation is a two step process: 1 The user connects to our web site and submits a form with the address of the user (which will be the name of the account) and a password, which is encrypted. The register.py script 1 stores the account information, 2 generates a random code for one time use, 3 sends the to the user with link to the activate script that takes the random code as input. The sent contains an URL of the following form: /cgi-bin/activate.py?login=%s&code=%s This login and the code are the address and the code. 2 The activation process is executed by activate.py. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

37 the activation of an account 2 The activation process is executed by activate.py. This script checks whether the two parameters in the activate script match what is stored in the database. If okay, if the access code gives a match for the login name, then the user can login via the login form. In this process, the server only sends , does not read it. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

38 Summary + Assignments Assignments: 1 Extend cookie_counter.py so that a different HTML page is displayed based on whether the counter is zero or not. 2 Extend cookie_userpass.py for it to do proper password authentication: compare the given password with the one that was earlier entered and stored on file. 3 Consider an mysql table customers which contains as its fields the identification number, the name, and the address of each customer. Write a script to every customer a greeting. 4 Write code for the register.py described earlier. 5 Write code for the activate.py described earlier. Programming Tools (MCS 275) advanced cgi scripts L-35 7 April / 38

Web Interfaces. the web server Apache processing forms with Python scripts Python code to write HTML

Web Interfaces. the web server Apache processing forms with Python scripts Python code to write HTML Web Interfaces 1 Python Scripts in Browsers the web server Apache processing forms with Python scripts Python code to write HTML 2 Web Interfaces for the Determinant dynamic interactive forms passing data