Internet intrarnet CIS class 8

CGI / ScriptingScripts are Programs Run By the Server CGI – Common Gateway Interface Methodology For Server/Script Communication Can Be Written in Any Language Supported By the Server UN

Internet / Intranet

CIS-536

Class 8 Perl / CGI Scripting

CGI / Scripting

Scripts are Programs Run By the Server

CGI – Common Gateway Interface

Methodology For Server/Script Communication

Can Be Written in Any Language Supported By the Server UNIX Origins

PERL is Most Common Script Output is Returned to the Browser

Alternative Methodologies Exist

CGI is the Most Portable

PERL – Practical Extraction and Reporting Language

UNIX Based Scripting Language

Ported to Multiple Platforms

How Does Browser Know to Execute a Program?

Program is in a Script Directory

Typically cgi-bin (Apache)

Or By Extension (e.g .pl, cgi)

Scripts Must Have Executable Permissions

Scripting Features

Scripts Can Have Input Parameters

Passed as Part of URL : ? Argument (Query String)

Special Characters Passed as % Ascii Hex Values

Name/Value Pairs : Separated by &

Variable Passed in HTTP Header

Name/Value Pairs

Method = Post

HTML Forms

Passed in Cookies

Netscape Origins, Now Widely Adopted

Name/Value Pairs Associated With a URL

Stored on Client Computer

Users May Turn off Cookies

Scripts Must Be Aware of How Parameters are Being Passed

Different Methodology to Access Each Method

Parameters Also Used to Maintain State Information

Help Track a “Session”

Scripting Issues

Security Concerns

No Limits on What CGI Scripts May Access

Potential to Execute Any System Command

Hacker Can Cause Serious and Unforeseen

Problems

Potential to Affect More Than Just Your Web Site Many ISP’s Limit CGI Capabilities

Performance Concerns

CGI Scripts are Run as a Standalone Process

E.g Interpreter is Loaded and Initialized Each Time

Alternative to Posting Forms

Mailto Option

Why Should I Learn Perl?

S/W Engineers Need to Be Adept at Picking Up New

Languages

Need a “Comfort Level” of Expertise

Ability to Write Basic Code Ability to View/Modify Existing Code Ability to Learn More as Needed

Develop Reference “Library”

Develop “Guru” Network

Large Public Archives of Perl Scripts

Perl Basics

Interpreted

Originally Used Primarily By UNIX Sys-Admins

“Public Domain”

The preferred language for CGI Scripts

PERL is Relatively Portable

Activestate ActivePerl (Windows / IIS)

Perl 101

C-like

Lines end with ;

Syntax of Print statement is very similar

Pointers and indirection

Variables begin with $

Comments begin with #

Subroutines Begin with &

Powerful Features Make it a Target of Hackers

Print is the Most Important Command

Generate HTML Using Print Statements

print “text to print \n”

Don’t forget carriage returns: \n

First Line: #! /usr/local/bin/perl

Output has Mime content-type as first line, blank line

print “Content-type: text/html \n\n”;

A Simple Perl Example

Class Exercise: First Perl

Save This Locally as perl1.pl

Open a Command Prompt:

perl.exe perl1.pl

Once You Are Satisfied With the HTML Produced Upload This via FTP to public_html/cgi-bin in your ShoreNet Account

Remember to Transfer this In ASCII Mode!

Give the Script Execute Permissions For All

Right Button Click / chmod in WS_FTP

http://shell3.shore.net/~brinetxx/cgi-bin/perl1.pl

Telnet is a Remote Login Protocol

Terminal Emulation

All Processing Occurs on Host

Command Line Interface

Port 23

Used Extensively for UNIX Machines / Multiuser Systems

Why Do We Care?

Remote Administration of Web Site

Configuring Web Servers, Setting Permissions

Sample Telnet Session

Last login: Sun Jan 23 16:03:36 from fxtc2-c.std.com

Welcome to The World! A 24 x 250MHZ CPU 2.5GB SGI

Culture of Sharing / Helping / Working Together

Free Software Foundation, etc.

Put Source-Code in Public Domain

Many Other “Free” Add-Ons / Extensions

LINUX

UNIX Expects Technical Competence

UNIX File Structure

Forward Slashes (/) to Separate Filenames, Directories Case Sensitive File Names

Windows is Not

No Limit on Filename Size / Extensions

Extensions are by Convention

Root is “/”

User Home Directory is: “~/”

Symbolic Links / Aliases

Directories Can Be Spread Over Multiple Drives

Can Create Non-Hierarchical Structure

File Permissions

Read, Write, Execute

Separate Permissions for Owner, Group, All

Directories are Special Cases of Files

Execute Permissions = Able to Browse Directory

Common Basic UNIX Commands

pwd : List the current working directory

More filename : List the Contents of a File

ls : Lists the files in a directory

ls –l

Permissions: drwxrwxrwx

d – If this is a directory r,w,x – Read, Write, Execute Owner, Group, Public

Owner, Filesize, Timestamp, Filename

Don’t Use This Command Until You’re Sure About It

Can Open Up Serious Security Holes

More Unix Commands

The UNIX chmod Command

“UNIX” Mode

chmod abc filename

Where a,b,c are digits from 0 to 7 (Bit Mask)

4 – Read, 2 – Write, 1 – Execute

a – owner, b – group, c- otherse.g chmod 711 myscript.cgi

Sets permissions on file myscript.cgi so that:

It is readable, writable, and executable by owner

It is executable by all others

An “Easier” Way

chmod u=rwx,g=x,o=x

u – owner (user), g – group, o – other (Not Owner!)

r – read, w –write, x – execute

A Caveat

UNIX Culture – Developer Oriented

Read Access Often Given For Non-Confidential Files User Responsibility to Not Abuse It

Be Respectful When Not in Your User Directory

Lab Work: Telnet

From a command prompt type: telnet

Connect/Remote System

Host Name: users.shore.net

Login: brinetxx [Your Shorenet Login]

Password: [Your Shorenet password]

Processing Forms – The Server Side

Target of Forms is Usually a CGI Script

Script Requirements

1 Parse the Data

2 Process the Data

3 Return Data to the User

Raw HTML or Another Form

Data Flow Options

Each Script Handles a Specific Form

Form in Plain HTMLScript in Perl

One Script Handles Multiple Forms

Selects Action Based on Data Passed InAll in Perl

Scripting – Parsing Data

GET vs PUT

Each Requires Different Logic

Parsing is Not Trivial

All Parameters Passed in On One Line

Each Name/Value Pair Separated by &

Name Separated From Value by = Special Character Encoding Complicates It

E.g Value May Contain &,=

Used by Schapiro

http://cgi-lib.berkeley.edu/

Using This Library in Perl

Download Library From Website

Version 2.18 – Latest Version

More Robust Supports Saving File Uploads as Files Version 1.14 – Easier to Understand

Use This Version to Understand cgi-lib Code

Install it in cgi-bin Directory

Perl Code:

require (“cgi-lib.pl”);

&ReadParse();

More Perl Info

require – Includes Another File

%varname – Associative Arrays

Use Braces {} to Index, $ prefix

ReadParse Subroutine in cgi-lib

ReadParse Subroutine

Reads in Both Get and Put Data

Converts Encoding to Plain Text

Puts Key/Value Pairs in %in

%in is an Associative Array

To Access a Value:

$in { ‘keyname’ }

To Access Each Key/Value Pair

foreach $keyname (sort keys (%in))

print “$keyname $in {$keyname };

}

Example

In Class Exercise

Modify Last Weeks Script to Accept User Name via a Form

Step 1: Install cgi-lib in Your bin Directory

Make Sure to Set Permissions Correctly

Step 2: Make a Copy of perl1.pl

Name it perl2.pl

Step 3: Edit perl2.pl

Add these lines:

require (“cgi-lib.pl”);

&ReadParse();

Replace $myname=‘xxx’; with

$myname = $in { ‘username’ };

Copy it to Your Shorenet cgi-bin directory

In Class Exercise (2) Step 4: Create a Simple Form To Accept User Name

Copy it to Your Shorenet Public_html Directory

Step 5: Try It!

When You Are Done

Review Sample Scripts / Demos