Web Programming 3. Object Oriented Interface to CGI.pm. Generating Images. Using Headers. Using Cookies. Hidden fields.

Transcription

1 Web Programming 3 Object Oriented Interface to CGI.pm Generating Images Using Headers Caching/accept/languages Using Cookies Hidden fields File Upload 195 Page 195

2 Object-Oriented interface to CGI.pm CGI.pm supports a procedural approach use use CGI CGI qw(:standard); my my ($name, ($name, $city) $city) = (param('name'), param('city')); print print header.start_html ('Embedded ('Embedded HTML'). HTML'). h1 h1 ('Embedded ('Embedded HTML').'HTML HTML').'HTML by by Perl'.end_html; CGI.pm supports an object-orientated approach use use CGI; CGI; $q $q = new new CGI; CGI; my my ($name, $city) = ($q->param('name'), $q->param('city')); print print $q->header. $q->start_html ('Embedded HTML'). $q->h1 ('Embedded HTML').'HTML by by Perl'.$q->end_html; 196 The CGI module can be used with a procedural interface, as we ve seen so far, or with an object-oriented interface. The object interface is slightly faster and doesn t lead to namespace pollution for large-scale web projects, the object approach is usually preferred. The main difference is in the use command and in how CGI methods are invoked. The two scripts above show how this is done. Page 196

3 Generating images Generating Images Using the GD module Set binmode on MS Windows use use CGI CGI qw(:standard); use use GD::Graph::bars; = (2,2,2,3,3,3,3,3,3,3,4,4); my (10,10,12,12,14,14,16,15,16,15,16,15); = qw(jan qw(jan Feb Feb Mar Mar Apr Apr May May Jun Jun Jul Jul Aug Aug Sep Sep Oct Oct Nov Nov Dec); Dec); my my $graph $graph = GD::Graph::bars->new(400, 300); 300); $graph->set('x_label' => => 'Month', 'Month', 'y_label' 'y_label' => => 'Income 'Income and and Costs', Costs', 'title' 'title' => => '1999 '1999 Income Income and and Costs', Costs', 'y_max_value' 'y_max_value' => => 20); 20); my my $gd $gd = $graph->plot([ \@names, \@names, \@income, \@income, \@costs \@costs ]); ]); my my $format $format = $graph->export_format; print print header("image/$format"); binmode binmode STDOUT; STDOUT; print print $gd->gif; $gd->gif; Use a generic format Output as GIF 197 The example above is a CGI script, so we are printing to STDOUT, but the print could be to a real file instead. The GD module is used for preference, and GD::Graph supports many different graph formats. Output from this program and from GD::Graph::lines is shown below: One of the advantages of GD is the wide range of graphics formats supported. In the example we have specified 'export_format' which enables us the decide later which format we actually want by calling a different method, gif in this case. The GIFGraph module used to be popular, but patent issues with GIF files mean that this module is now deprecated. Page 197

4 Using headers Incoming headers tell CGI script what client wants Accepted MIME types Preferred language Outgoing headers tell web browser what to do MIME type sent Size of data following Expiration time of data 198 The incoming header from the client is placed into environment variables. We have two ways of accessing these values. We can look at %ENV direct, always assuming that we know the name of the variable we want to look at. Second we can call a CGI module method, for example environment variable HTTP_USER_AGENT can be accessed using CGI->user_agent(), which returns the type of browser. See the CGI documentation for other methods (there are about twenty). The slides that follow show how to use some of these values. Page 198

5 Determine client language sub sub get_language_code { my my my my en-gb en-gb en-ie en-ie fr-fr fr-fr de-de) = (undef) x 5; 5; if if (defined $ENV{HTTP_ACCEPT_LANGUAGE) { for for my my $lang $lang (split /,/, /,/, $ENV{HTTP_ACCEPT_LANGUAGE) { return $lang $lang if if (exists $codes{$lang); if if ($lang =~ =~ /^($1)-\w+$/) { return $1 $1 if if (exists $codes{$1); if if ($cgi->user_agent()=~ m!.\((?:[^;]+; ){3([^;]+).+\)! ){ ){ return $1 $1 if if (exists $codes{lc $1); $1); return 'unknown'; 199 The subroutine above shows an approach of trying to determine the user's language code. It tries all user choices (such as en, 'en-us' or de-au ); falls back on the main language code if necessary; then tries to see if the user has a translated browser. HTTP_ACCEPT_LANGUAGE might indicate the locale or the language, assumptions should not be made that it indicates, for example, the collation sequence, although it might. The spec (HTTP/1.1 RFC) says that this means the language, nothing more. A typical browser name is Mozilla/5.0 (X11; U; Linux i686; en-us; rv:1.7.8) Gecko/ (Firefox on Fedora Core 4). Notice that HTTP_USER_AGENT has the locale in mixed case, whereas the HTTP_ACCEPT_LANGUAGE is in lower. Many HTTP_USER_AGENT names have MSIE in them, which does not mean they are Microsoft Internet Explorer, but compatible (?) with it. Unfortunately there is no standard for the text string, so constructing an RE can be difficult. Page 199

6 Send expiry time Tell client when a page expires Browser will now cache the page afterwards my my $counter = 0; 0; $counter = <COUNTER> if if (open (open (COUNTER, 'counter.dat')); open open (COUNTER, '>', '>', 'counter.dat'); print print COUNTER ++$counter; close close COUNTER; print print header(-type => => 'image/gif', -expires => => '-1d'); binmode STDOUT; Generate simple my my $im $im = new new GD::Image(45,20); GIF image my my $white = $im->colorallocate(255,255,255); my my $black = $im->colorallocate(0,0,0); $im->transparent($white); $im->interlaced('true'); $im->string(gdlargefont,2,2, sprintf("%05d",$counter),$black); print print $im->gif; 200 The script above is a very simple graphical counter script. It generates a dynamic GIF image showing a number that increases by one everytime somebody views the page. (On a busy site, locking the file would be useful.) If you refer to the above script from a web page without the expire header, like <IMG src="/cgi-bin/counter.cgi"> you will find the browser caches the GIF image. The only way to get it to update is to do a shift + reload. Once you add the expire header, with in this case a negative expiry time of minus one day, the GIF image image will not be cached. Note that not all browsers cache data. Examples expires => '+30s' 30 seconds from now expires => '+10m' ten minutes from now expires => '+1h' one hour from now expires => '-1d' yesterday expires => 'now' immediately expires => '+3M' in three months expires => '+10y' in ten years time expires => 'Thu, 25-Apr :40:33 GMT' at the indicated time & date Page 200

7 Send download size Tell client how much to expect Browser will now draw progress bar and remaining time Especially important for application MIME types #!/usr/bin/perl -w -w use use strict; use use CGI CGI ':standard'; local local $/; $/; open open (PDF, (PDF, '/home/user1/delegate/delegate.pdf'); my my $data $data = <PDF>; close close PDF; PDF; print print header('-type' => => 'application/pdf', '-Content-Length' => => length($data)); binmode STDOUT; print print $data; 201 When your script send large volumes of data to the client, make sure to indicate the browser how many bytes you re going to send. This allows the browser to put up a progress bar and indicate the remaining download time. For a MIME type that is not handled by a client plug-in, but is going to be saved to disk instead, it is essential that you get the file name right as well. Sadly, this cannot be specified using any header; instead, browsers will use your script name. However, remember that browsers do not know how the web server handles directories, script names and path-information. So, if your script is normally at and you want to send the user a file called data.csv, turn the URL into Page 201

8 Cookies Save transaction information on the client Not reliable! Implemented by an additional header HTML Set-Cookie CGI.pm cookie() method cookie (-name, -value, -domain, -expires, -path, -secure) To set: $cookie $cookie = cookie cookie ('userid', ('userid', 1234); 1234); print print header(-type header(-type => => 'text/html', 'text/html', -cookie -cookie => => $cookie); $cookie); To read: $value $value = cookie cookie ('userid'); ('userid'); 202 HTTP is a stateless protocol, but often we want to save data between requests (a multi-phase transaction). There are a couple of ways of doing that, by saving information on the client (cookies) and saving information on the form itself (hidden fields). The problem with using cookies for state information is that it breaks when the client goes back a few screens. Instead cookies should store persistent information such as the client s address, customer id, or preferences. Cookies are a controversial subject because they can contain user data that can be sent to servers that the user has not contacted a threat to user privacy if abused. The CGI.pm cookie() method makes cookies easy to use. We can default the last three arguments: -domain uses the current domain, -expires is set to the end of the current session, -path is the request path, and secure (use https) is set to 0 (false). The expires argument can use absolute or relative dates, for example '+7d', see the CGI documentation for formats. To retrieve data stored by a cookie, simply default the second argument (-value). Cookies are retained on the client between session, so there is no server maintenance, and different scripts may share information. However some users refuse to use cookies, or delete them, so their use is not guaranteed. It should also be remembered that the same user can use different machines (think of an internet café). Page 202

9 Hidden fields Include information on the form For transmission at the next request Create using an INPUT_TYPE of 'hidden' HTML: <INPUT TYPE="hidden" NAME="name", VALUE="value"> CGI method: hidden('name','value1','value2'...) Retrieve data as normal: $value = param('name'); Hidden fields are insecure The user can make them visible and edit them particularly a Perl programmer using LWP.pm Even using POST user can copy the html and resubmit using GET 203 Hidden fields are more difficult to disable by the user than cookies, however they are visible if the user views the source. Perl modules such as LWP.pm allow browser requests to be made from a user written program, and it is not difficult to alter fields and return a GET request, even if the original was a POST. Viewing and altering cookie data is more difficult, but still not impossible. Page 203

10 File upload Allow the user to send a complete file to the script Requires special form type multipart/form-data Handle file-upload field for named param sub sub read_file_upload { my my ($cgi, my my $image = $cgi->param($name); if if ($image) { local local $/; $/; my my $image_data = <$image>; return ($image, $image_data); return; 204 A file upload field can only be used with a special type of form, multipart/form-data. This can be done most easily by using the CGI function start_multipart_form instead of the normal start_form. In fact this uses a newer format, and can be used instead of start_form elsewhere. For a file upload field, the value returned is an overloaded object that can be used as a file-handle or as a string in the latter case, the name of the file on the client is returned. Page 204

11 Summary CGI.pm can be driven procedurally or using OO Images may be created using GD.pm Headers contain useful information: Client language and browser type Can set expiry time and download size State may be saved on the client using cookies State may be saved on the form using hidden fields 205 Page 205

12