Document Sample
CGI Powered By Docstoc
       CGI Programming
• What is "CGI"?
  – Common Gateway Interface
    • A means of running an executable program via
      the Web.
    • CGI is not a Perl-specific concept. Almost any
      language can produce CGI programs - even
      C++ (gasp!!)
    • However, Perl does have a *very* nice
      interface to creating CGI methods
Common Gateway Interface
• User selects page that will be provided by a CGI
• Server recognizes dynamic page
   – By extension (usually .cgi)
   – By location
• Server spawns the app
   – Passes arguments via stdin
   – HTTP header info available in environment variables
• App passes HTML page back to server via stdout
• Server sends page back to user
• Advantages
  – Original approach (substantial installed base)
  – Use any language compatible with or available on the server
  – Many free CGI scripts (
• Disadvantages
  – Overhead of spawning/killing the app repeatedly
  – Concurrent hits on page cause multiple parallel copies of the
    app in memory
  – Many CGI scripts use slow interpreted languages
      • Many use PERL
         Web Server Architecture
                                                Socket    // Thread pseudo code
                       Web Server               Queue     while(1)
                                                             newSkt = DeQ()
                                                             // Communicate
                                                             // using HTTP


                   // Server pseudo code                      stdin
                   // Create Socket Queue
                   // Create Thread pool
                   {                                                   CGI
                      newSkt = accept(…)                             program
             GET vs. POST
GET /path/file.html?n=v HTTP/1.1
[blank line here]

        POST /path/script.cgi HTTP/1.0
        User-Agent: HTTPTool/1.0
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 32

         CGI & Parameters
• All input to a CGI program comes from:
  – Environment                       HTTP headers
  – stdin                             Message Body
• Get
  – Query string - Everything after the ?
     • Goes in environment variable QUERY_STRING
  – All data comes in the message body
     • via stdin - just read and parse appropriately
                   PERL & CGI
• PERL is nice for CGI
• Steps
   – Parse the environment
   – If GET
       • QUERY_STRING contains url encoded args
   – If POST
       • Body of message contains binary data
       • Process body by reading stdin appropriately
           – CGI program must know how to react to what is coming in
           – Use mime type in CONTENT_TYPE
• Can be done manually - But why?
   – Use cgi library
#!/usr/bin/perl                                                 if ($reqmeth eq "POST")
use CGI;                                                            print "<h2>This is a POST</h2>\n";
                                                                    print "The Query String is empty. The arguments come in the\n";
$cgi = new CGI;                                                     print "body of the HTTP request message. Here it is.\n";

# Start the page by outputing the Content-type header           elsif ($reqmeth eq "GET")
print $cgi->header;                                             {
print $cgi->start_html("Using the CGI class");                     print "<h2>This is a GET</h2>\n";
                                                                   print "The Query String is in the environment\n";
print "<h1>This is a list of the environment variables</h1>\n"; }
print $cgi->hr();                                               else
print "<pre>\n";                                                   print "<h2>Unknown method</h2>\n";
foreach $var (sort(keys(%ENV))) {
   $val = $ENV{$var};                                           print "<pre>\n";
   $val =~ s|\n|\\n|g;
   $val =~ s|"|\\"|g;                                           @names = $cgi->param;
   print "${var}=\"${val}\"\n";                                 $i = 0;
}                                                               foreach $n (@names)
print "</pre>\n";                                                  print "Arg $i name is: [$n]\n";
                                                                   $value = $cgi->param($n);
print $cgi->hr();                                                  print "Arg $i value is: [$value]\n";
$reqmeth = $cgi->request_method();                              }

                                                                print "</pre>\n";
                                                                print "<h2>All done now... bye</h2>\n";
          PERL cgi functions
•   start_html
•   h1
•   p
•   checkbox_group
•   popup_menu
•   start_form
•   end_form
•   param
•   header
•   Best help -
          PERL Here docs
• Multiple print statements are sometimes a

      This is a test

• Goes until it finds the marker
             File Locking
•  $LOCK_SH = 1;
•  $LOCK_EX = 2;
•  $LOCK_NB = 4;
•  $LOCK_UN = 8;
• open(LOCKFILE, ">>lockfile") or die "Unable
  to open lockfile: $!\n";
• $err = flock LOCKFILE, $LOCK_EX;
• print LOCKFILE $ARGV[0], ",", time(), ".\n";
– Most (not all) CGI scripts are contacted
  through the use of HTML forms.
– A form is an area of a web page in which
  the user can enter data, and have that
  data submitted to another page.
– When user hits a submit button on the
  form, the web browser contacts the script
  specified in the form tag.
            Creating a Form
• <form method="post" action="file.cgi">
      <input type="submit" value="Submit Form">
• Method attribute specifies how parameters are passed
   – "post" means they’re passed in the HTTP header and message
     body (and therefore aren’t seen anywhere).
   – "get" means they’re passed through the query string of the URL
     itself, and therefore seen in the address bar in the web browser
     (seen in the QUERY_STRING header).
   – Action attribute specifies which program you want the web browser
     to contact.
   – <input>is a tag used to accept User data.
   – type="submit" specifies a Submit button. When user clicks this
     button, browser contacts file specified in action attribute.
          Form Input Types
– Many different ways of getting data from user. Most
  specified by <input> tag, type specified by type attribute
    • textfield a text box
    • checkbox a check box
    • radio a Radio button
    • password password field (text box, characters display as ******)
    • Hidden - hidden field (nothing displayed in browser)
    • Submit - Submit button. Submits the form
    • Reset - Reset button. Clears form of all data.
    • Button - A button the user can press (usually used w/
    • File - field to upload a file
    • Image - an image user can click to submit form
Preserving State in CGI
           Preserving State
• HTTP is stateless, but we would like to save
  and remember state
  – Shopping cart
  – Interactive or multipart questionnaire
  – A search engine that remembers past searches
• Main techniques
  –   Hidden fields
  –   URL rewriting
  –   Session ID
  –   Cookies
           Hidden Fields
• Add hidden input fields to a form
  – <input type = “hidden”….>
• Advantages
  – Easy
• Disadvantages
  – Data is continually sent back and forth
  – Data is easily readable & changeable
  – Only available if there is a form
           URL Rewriting
• Create links dynamically
  – Contain information in the url
• Advantages
  – Fairly simple also
• Disadvantages
  – If state is complex, must encode
  – User visible and modifiable
                Session ID
• Generate a session ID - use as filename
  – Large random number
  – Time, PID, etc.
• Pass the session ID using url rewriting or
  hidden fields
  – More secure because user can only change the
    session ID and most likely will be wrong
• Advantages
  – Good when state is large, complex, or private
  – Easy using
         SessionID example
$query = new CGI;
open(FILE, “>$sessionID.sav”) || die “…”;

              $cgi = new CGI;
              open(FILE, “$sessionID.sav”) || die “…”;
              $oldquery = new CGI(FILE);
• A small piece of information stored on
  the client machine and returned to the
• http headers
  – Cookie
  – Set-Cookie
• 4 K bytes per cookie
• 20 cookies per server or domain at least
    Set-Cookie (server side)
Set-Cookie: name=value
      - URL encoded text
      - Wdy, DD-Mon-YY HH:MM:SS GMT
      - valid domain name
      - path to send cookie
      - transmitted only if communication is SSL
      Cookie (client-side)
Cookie: name=value1; name=value2

All cookie name=value pairs that match
  the current path are sent.
          Cookie example
• Client requests document and receives
  – Set-Cookie: cust=W_Coyote; path=/;
• Client stores cookie
• When client requests another URL below /,
  client sends
  – Cookie: cust=W_Coyote;
• Server may set multiple cookies with different
• Client returns all matching cookies
   • has some nice functions for the
     creation and use of cookies
# cookie creation
$mycookie = $query->cookie(-name=>’sessionID’,
# send the cookie in the header
print $query->header(-cookie=>$mycookie);

                                # To retrieve cookie, call cookie() without a -value param

                                $thecookie = $query->cookie(-name=>’sessionID’);
                                %allcookies = $query->cookie(-name=>’sessionID’);

Shared By: