CS105 Perl: Perl CGI. Nathan Clement 24 Feb 2014

Transcription

1 CS105 Perl: Perl CGI Nathan Clement 24 Feb 2014

2 Agenda We will cover some CGI basics, including Perl-specific CGI What is CGI? Server Architecture GET vs POST Preserving State in CGI URL Rewriting, Hidden Fields Session ID Cookies

3 CGI Programming What is "CGI"? Common Gateway Interface A means of running an executable program via the Web. CGI is not a Perl-specific concept. Almost any language can produce CGI programs - even C++ (gasp!!) However, Perl does have a *very* nice interface to creating CGI methods

4 Common Gateway Interface User selects page that will be provided by a CGI application Server recognizes dynamic page By extension (usually.cgi) By location Server spawns the app Passes arguments via stdin HTTP header info available in environment variables App passes HTML page back to server via stdout Server sends page back to user

5 CGI Advantages Original approach (substantial installed base) Use any language compatible with or available on the server Many free CGI scripts ( Disadvantages Overhead of spawning/killing the app repeatedly Concurrent hits on page cause multiple parallel copies of the app in memory Many CGI scripts use slow interpreted languages Many use PERL

6 Web Server newskt Socket Queue Web Server Architecture // Thread pseudo code while(1) { newskt = DeQ() // Communicate // using HTTP } connect Client http // Server pseudo code! // Create Socket Queue // Create Thread pool while(1) { newskt = accept( ) EnQ(newSkt) } stdout stdin CGI program

7 GET vs. POST GET /path/file.html?n=v HTTP/1.1 Host: [blank line here] POST /path/script.cgi HTTP/1.0 From: User-Agent: HTTPTool/1.0 Content-Type: application/x-www-formurlencoded Content-Length: 32! home=cosby&favorite+flavor=flies

8 CGI & Parameters All input to a CGI program comes from: Environment HTTP headers stdin Message Body Get Query string - Everything after the? Goes in environment variable QUERY_STRING POST All data comes in the message body via stdin - just read and parse appropriately

9 PERL & CGI PERL is nice for CGI Steps Parse the environment REQUEST_METHOD = POST or GET If GET QUERY_STRING contains url encoded args If POST Body of message contains binary data Process body by reading stdin appropriately CGI program must know how to react to what is coming in Use mime type in CONTENT_TYPE Can be done manually - But why? Use cgi library

10 CGI Example cgi-start.cgi

11 PERL cgi functions start_html h1 p checkbox_group popup_menu start_form end_form param header Best help -

12 PERL Here docs Multiple print statements are sometimes a pain! print<<eof; This is a test <h1>hi</h1>! EOF!! Goes until it finds the marker

13 File Locking locking.cgi

14 Forms Most (not all) CGI scripts are contacted through the use of HTML forms. A form is an area of a web page in which the user can enter data, and have that data submitted to another page. When a user hits a submit button on the form, the web browser contacts the script specified in the form tag.

15 Creating a Form <form method="post" action="file.cgi">... <input type="submit" value="submit Form"> </form> The method attribute specifies how parameters are passed "post" means they re passed in the HTTP header and message body (and therefore aren t seen anywhere). "get" means they re passed through the query string of the URL itself, and therefore seen in the address bar in the web browser (seen in the QUERY_STRING header). The action attribute specifies which program you want the web browser to contact. <input> is a tag used to accept User data. type="submit" specifies a Submit button. When user clicks this button, the browser contacts the file specified in the action attribute.

16 Form Input Types Many different ways of getting data from user. Most specified by <input> tag, type specified by type attribute textfield a text box checkbox a check box radio a Radio button password password field (text box, characters display as ******) hidden - hidden field (nothing displayed in browser) submit - Submit button. Submits the form reset - Reset button. Clears form of all data. button - A button the user can press (usually used w/ javascript) file - field to upload a file image - an image user can click to submit form

17 Preserving State in CGI

18 Preserving State HTTP is stateless, but we would like to save and remember state Shopping cart Interactive or multipart questionnaire A search engine that remembers past searches Main techniques Hidden fields URL rewriting Session ID Cookies

19 Hidden Fields Add hidden input fields to a form <input type = hidden > Advantages Easy Disadvantages Data is continually sent back and forth Data is easily readable & changeable Only available if there is a form

20 URL Rewriting Create links dynamically Contain information in the url Advantages Fairly simple also Disadvantages If state is complex, must encode User visible and modifiable

21 Session ID Generate a session ID - use as filename Large random number Time, PID, etc. Pass the session ID using url rewriting or hidden fields More secure because user can only change the session ID and most likely will be wrong Advantages Good when state is large, complex, or private Easy using CGI.pm

22 SessionID example $query = CGI->new(); open my $FILE, ">", "$sessionid.sav" or die " "; $query->save($file); close($file) $cgi = CGI->new(); open my $FILE, "<", "$sessionid.sav") or die " "; $oldquery = CGI->new($FILE); close($file)

23 Cookies A small piece of information stored on the client machine and returned to the server. http headers Cookie Set-Cookie 4 K bytes per cookie 20 cookies per server or domain at least

24 Set-Cookie (server side) Set-Cookie: name=value - URL encoded text [;EXPIRES=dateValue] - Wdy, DD-Mon-YY HH:MM:SS GMT [;DOMAIN=domainName] - valid domain name [;PATH=pathName] - path to send cookie [;SECURE] - transmitted only if communication is SSL

25 Cookie (client-side) Cookie: name=value1; name=value2! All cookie name=value pairs that match the current path are sent.

26 Cookie example Client requests document and receives Set-Cookie: cust=w_coyote; path=/; Client stores cookie When client requests another URL below /, client sends Cookie: cust=w_coyote; Server may set multiple cookies with different paths Client returns all matching cookies

27 Cookies CGI.pm has some nice functions for the creation and use of cookies # cookie creation $mycookie = $query->cookie( -name=> sessionid, -value=> zzzzz, -expires=> +1h, -path=> /url/path/, -domain=>.cs.byu.edu, -secure=>1); # send the cookie in the header print $query->header(-cookie=>$mycookie); # To retrieve cookie, call fetch()! my %cookies = $query->fetch(); for (keys %cookies) { do_something($cookies{$_}); }