Developing Web Applications

1
Lecture 6 Server-side Languages
2
Review

• Had a look at basic protocols HTTP
• Looked at static web pages HTML
• Had a look at style sheets CSS
• Experimented with dynamic client-side scripting
  JavaScript

3
Today
Overview of the Server-side

• Client-server architecture
• Static to dynamic - why we need it
• Development history
• Server-side languages now available
• Servers

4
HTTP Over Internet (TCP/IP)
Laptop
Internet
Apple Mac
Web Server
PC
HTTP Clients
HTTP Server
5
Static Web Model
Server
Browser
Request
File System
Reply
6
Dynamic Web Model Client-side scripting,
Server-side scripting (Server-Side Includes,
Active Server Pages, Java Server Pages, PHP
Hypertext Processor (PHP), Perl )
Server
Browser
Request
File System
Reply
Other Programs
7
How to make web pages dynamic?

• Client side programming
• JavsScript
• Others (e.g., VBScript)
• Server side programming
• Server Side Include
• CGI
• PHP
• Others (e.g., ASP, JSP, Perl)

8
Serve-Side Include
9
ltheadgt lttitlegtExample of SSIlt/titlegt lt/headgt
lt!--include file"layout_top.html"--gt lth1gt
Example of SSI lt/h1gt The layout of this page is
fully controlled by a common file. There are no
BODY, COLOR or TABLE tags in this page.
lt!--include file"layout_bottom.html"--gt
lt/htmlgt where layout_top.html has ltbody
bgcolor"red"gt lttablegt lttrgt lttd valign"top"gt
side barlt/tdgt lttd valign"top"gt and
layout_bottom.html has lt/tdgt lt/trgt lt/tablegt
Server Side Include (SSI) Example
10
Server-Side Includes (SSI)

• Web server reads the file as it sends out to the
  users web browser
• Looks for SSI instructions in the file and
  executes them, replacing the instruction with the
  output from the command
• Allows for simple header and footer includes but
  no programming logic

11
Server Side Includes (SSI)

• SSI is a simple server-side scripting language
  used almost exclusively for the web. As its name
  implies, its primary use is including the
  contents of one file into another one dynamically
  when the latter is served by a server.
• SSI is primarily used to "paste" the contents of
  one file into another. For example, a file (of
  any type, .html, .txt, etc.) containing a daily
  quote could be included into multiple SSI-enabled
  pages throughout a website by placing the
  following code into the desired pages
• lt!--include virtual"../quote.txt" --gt
• With one change of the quote.txt file, pages
  including the snippet will display the latest
  daily quote.
• Server Side Includes are useful for including a
  common piece of code throughout a site, such as a
  navigation menu.
• SSI is most suitable for simple server-side
  processing more complex processing is often done
  with one of the programming languages Perl, PHP,
  ASP, JSP.

12
SSI -- basic syntax

• SSI has a simple syntax lt!--directive
  parametervalue parametervalue --gt.
• Directives are placed in HTML comments so that if
  SSI isn't enabled, users won't see the SSI
  directives on the page, unless they look at its
  source.

13
SSI most common directives
14
Common Gateway Interface (CGI)

• CGI is a standard protocol for interfacing
  external application software with a web server.
• The task of a web server is to respond to
  requests from client web browsers by returning
  output. Each time a request is received, the
  server analyzes what the request asks for, and
  returns the appropriate output.
• The two simplest ways for the server to do this,
  are the following
• if the request identifies a file stored on disk,
  return the contents of that file
• if the request identifies an executable command
  and possibly arguments, run the command and
  return its output
• CGI defines a standard way of doing the second.
  It defines how information about the server and
  the request is passed to the command along with
  arguments via environment variables, and how the
  command can pass back extra information about the
  output (such as the type) in the form of header.

15
CGI Implementation

• From the web server's point of view, certain
  locators (URL), e.g. http//www.example.com/wiki.c
  gi, are defined as corresponding to a program to
  execute via CGI. When a request for the URL is
  received, the corresponding program is executed.
• Arguments are passed into the program using
  environment variables. In the case of HTTP POST,
  the user-submitted data is provided to the
  program via the standard input.
• Web servers often have a cgi-bin directory at the
  base of the directory tree to hold executable
  files called with CGI.
• The program returns the result to the web server
  in the form of standard output.

16
CGI -- Drawbacks

• This is a low-tech approach.
• Calling a command generally means the invocation
  of a newly created process.
• Starting up the process can take up much more
  time and memory than the actual work of
  generating the output, especially when the
  program still needs to be interpreted or
  compiled.
• If the program is called often, the workload can
  quickly overwhelm web servers.

17
CGI Dynamic Web Model
Server
Browser
Request
File System
Reply
CGI Program
Other Programs
18
Static to dynamic, a case study
19
Static to dynamic, a case study
This is the story of a fictional news site and
how it evolved over time.
20
Version 1.0 (Static only)

• HTML and images only
• Large collection of news articles
• Good navigation in header and in footer

21
Version 1.1 (Dynamic, using SSI)

• Navigation headers and footers have to be
  displayed on every page
• Converted to using Server-Side Includes (SSI) to
  avoid having to update every file the next time
  this happens.

22
Version 1.2 (Dynamic, with CGI)

• HTML form with user submissions
• CGI program to process submissions, send them to
  the editors of the site.
• Retrieve data from CGI environment or servers
  standard input stream
• Send mail to editors
• Send redirect to user's web browser

23
Version 1.3 (User login, sessions)

• Optional user login ability added to site
• Session management required
• Some pages in web site have to detect if the user
  is logged in and behave differently
• Server-side scripting used, session management
  abilities built in

24
Version 2.0

• Version 1.3 used 3 different technologies. (SSI,
  CGI program, server-side scripting)
• Everything can be done by one technology,
  server-side scripting.
• Converting the SSI pages (every page) to
  server-side scripting increases flexibility for
  additional features.
• PHP

25
Why use server-side scripting?

• Written for the Web
• Libraries and APIs for web applications
• Web page output is the ends, code is the
  means
• Easy to pick up and start using immediately
• As fast or faster than CGI programs and more
  secure.

26
Which server-side language is best?

• Simply a question of what is best for your
  environment and what you need to be able to do
  with the language
• Functions and speed are main factors
• Design of application the largest factor
• Database or storage system speed next biggest
  factor

27
Picking a language Criteria

• Availability
• A stable platform (server) to run on
• People who can write and maintain programs
• Interoperability with other applications
• Security
• Security reputation of the language, especially
  with respect to applications or servers dealing
  with sensitive data

28
Choices Server/Client Sides - overview
Web / Database Technologies
Client-side Processing
Server-side Processing
Compiled Programs
Server-side Scripts
Client-side Scripts
Downloading and running compiled programs on
client
CGI servicing programs ISAPI servicing
programs (Internet Server API, programs which
integrate with web server and therefore faster)
JavaScript VBScript
Server-side Includes (SSI) Common Gateway
Interface (CGI) Active Server Pages
(ASPs) PHP Java Server Pages (JSPs) Perl
Applets ActiveX
29
PHP Strengths

• High performance
• - see benchmarks at
  http//www.zend.com
• Interfaces to different database systems
• Low cost
• Various packages include Apache, PHP and MySQL
  for many OS
• Ease of learning and use
• Portability

30
PHP 4 Architecture Language parser
self-contained component called The Zend Engine
(Zend core). PHP function modules, now called PHP
core, are also basically self-contained. Web
server abstraction layer called SAPI that greatly
simplifies the task of adding native support for
new Web servers.
31
Server Choice - Web Servers

• Use such protocols as HTTP (HyperText Transfer
  Protocol), FTP (File Transfer Protocol) and SMTP
  (Simple Mail Transfer Protocol)
• The web werver, using HTTP, accepts HTTP requests
  from web browsers (Internet Explorer, Netscape,
  FireFox) and returns the requested HTML pages,
  images, embedded Java applets etc
• This can be enhanced by a number of server-side
  (running on the web server) technologies.
• These include CGI scripts, server-side includes,
  SSL security, Java servlets, ASP, PHP, etc.

32
Web Servers

• Although a Web Server may be considered a network
  server, it has unique web networking features
• Handles permissions
• Executes programs
• Keeps track of directories and files
• Communicates with client computers
• A server may be a powerful PC, a minicomputer or
  even a mainframe.
• Many Web Servers run on the UNIX operating system
  (60), although a fair number use Microsofts NT
  OS (40) ZD Net Tech InfoBase

33
Apache Web Server

• The leading UNIX web server (therefore most
  common to be found on the Internet)
• It is a high performance HTTPD (HTTP daemon)
  server A daemon is a background process in UNIX
  which implements the server-side of a protocol
• HTTPD is the program you would run on a UNIX
  platform to start the web server
• Apache Web Server - developed by the Apache
  Group. UNIX and Windows versions available.
• Tools, languages and modules available SSL (port
  443)
• Versions 1.3 and 2.0
• http//www.apache.org

34
Microsoft IIS

• IIS Internet Information Server
• Extends Windows NT Server to Intranet and
  Internet
• Works closely with NT Services, Security and
  Monitoring
• Adds WWW Service, Gopher, FTP, Internet Service
  Manager (admin tools), Internet Database
  Connector (IDC), Secure Socket Layer (SSL)
• IIS 2.0 is part of NT 4.0, IIS 5 is part of
  Windows 2000
• http//www.microsoft.com/ntserver/Basics/WebServic
  es/
• Provides full Intranet and Internet capabilities,
  from publishing information to access to data
  stored in databases
• Supports CGI (Common Gateway Interface)
  although with poor memory management

35

• Choices for development and learning
• Lycos Tripod - http//tripod.lycos.uk
• XAMPP(lite) - http//www.apachefriends.org/xampp-w
  indows-en.html
• - download and install on own machine or to
  memory stick
• - extract to a machines C drive, run
  setup_xampp.bat,
• burn disk of directory xampplite
• When you want to use it copy it to uni
  machines C drive
• Start Apache with batch file Apache_start.bat
• Stop with Apache_stop.bat
• Start MySQL with batch file MySQL_start.bat
• Stop with MySQL_stop.bat
• Develop scripts in htdocs dir but save
  separately
• Place back in folder when you want to use them
  again

36
Summary

• Architectures and protocols
• Static serving to dynamic
• Case history of an application
• Server-side languages reviewed
• Which server?

37
Next

• Introduction to PHP