High Level Languages

1
High Level Languages

• Lecture 6
• CGI

Chris Coleman (cqc)
2
Last time

• Monday was HTML day
• Document structure
• Adding text
• Headings
• Forms
• CSS
• XHTML 1.0
• Validating Documents

3
And now...

• Today
• Programming for the Web
• Getting input
• Cookies

4
Programming for the Web

• Web based programming is one of the major uses of
  Perl
• Good skill to learn career wise
• It's not difficult once you've learnt the Perl
  language basics

5
Dynamic Web sites

• A dynamic Web-site is one that can change it's
  content/appearance by interacting with the user
• Two kinds
• Client-side (Java, Javascript, Flash, Shockwave)
• Server-side (Perl, PHP, ASP, Java-servlets)

6
How to make a dynamic page

• When you browse an ordinary (HTML) page the Web
  server just sends the HTML document to your
  browser
• When you browse to a dynamic page, the server
  runs the program and redirects the program's
  output to the browser
• So a dynamic page is just a Perl program that
  happens to output HTML

7
How to make a dynamic page

• Programs to be executed are usually kept in a
  special directory so the server knows they are
  programs and not just documents to be displayed
• The directory is usually named cgi-bin
• CGI is the mechanism of allowing programs to be
  run on the server, bin is short for binary.

8
Directories

• You should place your scripts in the cgi-bin
  directory directly off of your home directory
• The location on the Web will be
• http//scarlet.cs.nott.ac.uk/username/cgi-bin/
• Permissions must be set as follows
• chmod 755 /cgi-bin
• chmod 755 /cgi-bin/file_name.cgi

9
Errors Debugging

• When running scripts you will encounter problems
  / bugs in the code...
• Browser will display an Internal Server Error
  page.
• You can view the web servers error log on scarlet
  at
• /usr/local/apache/logs/error_log
• See http//www.cs.nott.ac.uk/TSG/FAQ/cginotwork
  for more information.

10
Hello World It's back

• ! /usr/bin/perl
• print ltltEOF
• Content-type text/html
• lthtmlgt
• ltbodygtlth1gtHello Worldlt/h1gt
• lt/bodygt
• lt/htmlgt
• EOF

11
Content-type

• The Content-type line tells the browser what kind
  of document to expect
• The two carriage returns (i.e. one clear line) is
  important
• We don't need this for static documents because
  the server does it for us

12
Getting input

• Input is passed in by any of the methods we
  described last lecture (forms / static links)
• The easiest way to get the input and then use it
  in the scripts is to use a pre-written module
  called CGI.

13
Packages

• Perl isn't forcibly object-orientated like Java
  or Delphi
• You can can write object-orientated programs if
  you like, or you can use objects classes in an
  otherwise non-OO program
• A package is the Perl name for class
• Class methods are just sub-routines in the package

14
Packages

• To make a package available to our program, the
  command is use
• The following line makes the CGI package
  available
• use CGI
• However we still need to create an instance of
  the package before we can use it's methods.

15
Creating an object

• When we create an object we are given a reference
• A reference is just a type of scalar variable
• We call methods on the object using the reference
• To create a CGI object
• cgiObject new CGI

16
Working with CGI objects

• We can get a list of all the data keys by calling
  the param method on our object
• _at_allkeys cgiObject-gtparam()
• So if our form had inputs with names of 'id' and
  'comment' the allkeys array would have two
  entries the strings "id" and "comment"

17
How to make a dynamic page

• To get the value associated with a key, use the
  param method again but this time specify the
  name
• comment cgiObject-gtparam("comment")
• It makes sense to read in all of the CGI data at
  the start of the program
• A hash is good for this

18
Reading in CGI data

• This loop will read all the CGI data into a hash
  called cgiData
• foreach key (cgiObject-gtparam())
• cgiDatakey cgiObect-gtparam(key)

19
Web applications The concept

• A normal interactive (shell) program (such as
  we're used to writing) starts, and keeps running
  until the user is done
• CGI programming is different because the program
  runs to complete some task and then finishes
• A CGI application is therefore made up of many
  different scripts, one for each task

20
Working together

• So a Web application is a number of scripts
  working together
• HTML links are used to move between the scripts
• For example, if you had a library catalogue
  system you could have a search script to list all
  of the books in the catalogue
• The search script would create a link for each
  book, to the details script

21
Working together

• The links created by the search script would
  include the id of each book
• lta href"info.cgi?idperl"gtProgramming Perllt/agt
• lta href"info.cgi?idcamel"gtCamel carelt/agt
• lta href"info.cgi?idspods"gtWalking with
  spodslt/agt

22
Maintaining state

• With interactive programs we can use variables to
  remember information such as the users identity
• However, since a Web application is made up of
  scripts that only run briefly, this won't work as
  the values in the variables will be forgotten as
  soon as the program finishes

23
Maintaining state Method 1

• To remember our user's identify, we could ask it
  for it once, then add it to every link we create
• lta href"search.cgi?userdjm"gtSearchlt/agt
• lta href"info.cgi?idperlampuserdjm"gtProgrammin
  g Perllt/agt
• Each script will then have access to the user
  parameter with the user name in it
• Bit messy though. Especially if there is lots of
  variables to pass.

24
Maintaining state Method 2

• Another way to approach this problem is with
  cookies
• A cookie is a small piece of information stored
  in the user's Web browser
• A script can read or write to cookies, so one
  script could store the user name in a cookie and
  the other scripts read the name from the cookie

25
Cookies Writing

• First of all we need to include another package
• use CGICookie
• Now we can create a cookie object with the data
  we want

26
Cookies Writing

• We can set the name and value using a couple of
  methods
• myCookie new CGICookie
• myCookie-gtname("username")
• myCookie-gtvalue("Duncan")
• Now we can sent this cookie to the browser

27
Cookies Writing

• The command to send the cookie to the browser is
• print "Set-Cookie myCookie\n"
• This must be sent before the Content-type line

28
Cookies Reading

• First of all, we read all cookies returned by the
  browser in a hash
• cookies fetch CGICookie
• The keys of the hash are the names of the cookies

29
Cookies Reading

• The data part of the hash is not just the value
  assigned in, it contains other info as well, e.g.
• usernameduncan path/djm/cgi-bin/
• To separate out just the value part of the
  cookie, we can use a regular expression
• cookies'username' /()\susername(.?)(
  )/
• uname 2 duncan

30
Cookies Reading

• Special characters such as semi-colon cannot be
  stored in this format directly, instead they are
  represented by URL-escaping. This is because ''
  is used in the storage of the cookie.
• URL escaping is the process of encoding those
  characters to something else that wont cause a
  probelm.
• You can unescape a string with this regular
  expression
• value s/(a-fA-F0-92)/chr(hex(1))/ge

31
Cookies Reading

• So, 3 stages of reading a cookie value
• Read all cookies into a hash
• Get the value from the cookie data
• Unescape the string

32
Expiring cookies

• Unless you specify otherwise, a cookie you set
  will be forgotten when the user closes their
  browser
• You might want the cookie to persist between
  sessions, you can do this by setting an
  expiration date for the cookie
• myCookie-gtexpires("1d")

33
Expiring cookies

• Relative expiration dates
• 30s 30 seconds from now
• 15m 15 minutes from now
• 2h 2 hours from now
• 4w 4 weeks from now
• 1M 1 month from now
• 10y 10 years from now
• Or a specific time
• Thursday, 25-Apr-2002 124033 GMT

34
Expiring cookies

• To delete a cookie, set an expiration date in the
  past
• So to delete the existing username cookie,
  create a send a new username cookie with an
  expiration date in the past.

35
Writing less code

• So far we've been creating cookies like this
• myCookie new CGICookie
• myCookie-gtname("username")
• myCookie-gtvalue("Duncan")
• myCookie-gtexpires("2d")
• We can do this in one line using the CGICookie
  constructor

36
Writing less code

• This creates the same cookie as the previous
  slide
• myCookie new CGICookie(
• -name gt 'username',
• -value gt 'Duncan',
• -expires gt '2d')

37
Security

• With any program you have to presume people will
  try to break it.
• Security with CGI scripts is particularly
  important as your exposing your program to the
  whole world via the WWW.
• It's a good idea to filter out any characters
  from input fields that could cause problems for
  your script. - Yet another use of regex.

38
Security

• For example
• Someone could place JScript, PHP or any other web
  language in an input box on your page.
• Then if the next page was supposed to display the
  text in the input box then the code would be
  contained in the page.
• If the person was clever, and the code malicious,
  then this could perform server side operations
  Like
• Get webserver to perform poorly.
• Display sensitive information.
• Break site / Delete server side files.

39
Summary

• That's all folks, we covered
• Programming for the Web
• Getting input
• Cookies
• Security (VERY briefly!)