CS 330 Class 6

1
CS 330 Class 6

• Programming plan for Oct 1, 2007
• HTTP
• Simple CGI programs in perl
• Sending data to the server
• Environment variables
• Data passed via GET and POST

2
http//www.xkcd.com/208/
3
Homework

• Regular expressions clarification
• thePattern /d5/ matches exactly 5
  digits
• thePattern /d5/ would mean it
  contains 5 consecutive digits,
• but
  would also match abc12345x
• guestreg.htm
• Cornell colloquium Jennifer Rexford (slides)

4
How Does Client Data Get into a Server Script?

• Client/server communication handled by HTTP
• the protocol used to deliver resources (requests,
  files, data) on the Web.
• Client passes data to the server as environment
  variables
• e.g. the server name or client address.
• these travel with an HTTP request in an
  environment variable
• Client passes data as part of the URL
• scripts/guest.cgi?NameFredAge25

5
Client/Server Communication (so far)
Client (1)
Server (3)
(2)
client program
server program
(4)
(5)
Steps (1) Client program makes
connection to server program (2) Client sends
HTTP request message (3) Server processes
HTTP request message (4) Server sends HTTP
response message (5) Server closes the
connection
6
CGI

• Common gateway interface
• Allows interactions among client browser, web
  server, and traditional applications
• E.g.
• processing forms
• gateways to services not immediately available to
  the client, e.g. a database
• virtual documents (tailored to the users input,
  e.g. results from Yahoo)
• Logistics
• CGI programs run on the server
• results are usually sent back in a client page

7
CGI Communication
Server Machine
(1)
Client
Server SW
(5)
(4)
(2)
Other servers
CGI Script (3)
Other programs
(1) Server SW decodes client HTTP request (2)
Server SW sets variables and calls CGI script (3)
CGI script runs (4) Script returns output with
CGI headers to server SW (5) Server translates
output and headers into HTTP response to client
8
Popular Languages for CGI Scripts

• Perl (practical extraction and report language)
• open source, portable, general purpose scripting
• powerful string manipulation operations
• stand-alone programs, executed on the server
• PHP
• open source, portable, designed for web scripting
• embedded in webpages and executed before they are
  sent to the client
• ASP (Active Server Pages)
• developed by Microsoft
• replaced by ASP.NET

9
The Traffic Cop HTTP

• The server has set up a socket to listen and
  respond to requests
• default port for HTTP servers 80
• A client makes a TCP request to a web server
• the client issues a single command "GET",
  "HEAD", "POST", or "PUT", sending a data path,
  headers, and optionally basic authentication and
  data to the remote server
• The server responds with a status indication,
  response headers, and optionally data
• The server closes the connection
• Note this is above the Network layer

10
HTTP Messages

• HTTP header attached to a successfully returned
  page
• HTTP/1.1 200 OK
• E.g. a resource request for a web page
• GET /hi.htm HTTP/1.1
• Host xx.wells.edu
• Accept text/plain
• The response
• HTTP/1.1 200 OK
• Content-Type text/plain
• Content-Length 42
• lthtmlgt
• ltbodygt
• Hello there
• lt/bodygt
• lt/htmlgt

11
Sample HTTP Exchanges

• GET http//www.jmarshall.com/easy/http/sample
• To send parameters, append to the file name
• GET /path/file.html?firstNameFredlastNa
  meFink
• POST http//www.jmarshall.com/easy/http/postmeth
  od
• Back to the access logs on aurora.wells.edu
• Good reference for syntax http//vms.process.com/
  help/helphttp.html
• Library HTTP, The Definitive Guide, Gourley and
  Totty, O'Reilly

12

• Status Code Indicates Success/Failure
• What happens if you request a page that isn't
  there?
• Response codes
• 200 success
• 401 unauthorized
• 404 not found
• Alternate responses can be listed in
  etc/http/conf/srm.conf
• Customizable error response (Apache style)
• Overrides for a directory and subdirectories can
  be stored in a file .htaccess (ref)
• Disabled on aurora in /etc/httpd/conf/access.conf
  
• This controls which options the .htaccess
  files in directories can
• override. Can also be "All", or any
  combination of "Options", "FileInfo",
• "AuthConfig", and "Limit"
• AllowOverride None

13
Scripting HTTP

• Chapter 20 in Flanagan
• Will not cover, but you should be aware of the
  ability to do so
• Simple HTTP scripting
• set the location property of a window object
• get or post request as a result of submitting a
  form
• get the source for an ltimggt or ltiframegt tag
• More allow a page to construct arbitrary HTTP
  requests
• Uses an XMLHttpRequest object
• to create a request, submit it, and receive a
  response
• Wikepedia definition
• AJAX (Asynchronous JavaScript and XML) an
  architecture that uses this to create
  applications that communicate with servers
  without reloading the page (definition)

14
PERL CGI Example (no data passed)

• hello.htm invokes script hello.cgi via
• ltagt ref"http/../scripts/hello.cgi"gt
  Hello Worldlt/agt
• This generates HTTP header GET
  ../scripts/hello.cgi
• Server executes hello.cgi and sends output to
  client
• the print statements create an HTML document
  which is interpreted by the browser
• Conventions
• scripts are usually stored in a separate
  directory and must have execute permission
• the first line indicates the language
• the second is part of the returned HTTP header

15
hello.htm

• ltbodygt
• lth3gtHello World From A Formlt/h3gt
• ltform action "../scripts/hello.cgi"gt
• ltinput type "submit" value"Call Hello
  World"gt
• lt/formgt
• lt/bodygt
• hello.cgi
• !/usr/bin/perl
• print "Content-type text/html\n\n"
• print "lthtmlgt\n"
• print "ltheadgt\n"
• print "lttitlegtHello Worldlt/titlegt"
• print "lt/headgt\n"
• print "ltbodygt\n"
• print "Hello World\n"
• print "lt/bodygt\n"
• print "lt/htmlgt\n"

16
Environment Variables (sent with the HTTP request)

• Dynamic values that can affect the way running
  processes will behave (Wikipedia)
• Things you want to know about the client and
  server (my def.)
• env1.cgi
• !/usr/bin/perl
• print "Content-type text/html\n\n"
• print "lthtmlgt\n"
• print "ltheadgtlttitlegtAbout this Serverlt/titlegtlt/hea
  dgt\n"
• print "lth2gtAbout this Serverlt/h2gt\n"
• print "lthrgtltpregt\n"
• print "Server name
  ",ENV'SERVER_NAME',"ltbr /gt\n"
• print "Running on port
  ",ENV'SERVER_PORT',"ltbr /gt\n"
• print "Server software
  ",ENV'SERVER_SOFTWARE',"ltbr /gt\n"
• print "Server protocol
  ",ENV'SERVER_PROTOCOL',"ltbr /gt\n"
• print "lthrgtlt/pregtlt/htmlgt\n"

17
Environment Variables

• env2.cgi
• !/usr/local/bin/perl
• print "Content-type text/html\n\n"
• print "lthtmlgt\n"
• print "ltheadgtlttitlegtAbout this serverlt/titlegtlt/hea
  dgt\n"
• print "ltbodygt\n"
• print "lth2gtEnvironment Variableslt/h2gt\n"
• print "lthrgtltpregt\n"
• foreach envvar (keys(ENV))
• print "envvar ENVenvvarltbrgt\n"
• print "lt/pregtlt/bodygtlt/htmlgt\n"

18
Data Passed From the Client

• Next programs that accept and use information
  from a client
• form1.htm
• ltform action "../scripts/form1.cgi"
  method"GET"gt
• Your name ltinput type "text"
  name"Name"gt
• ltinput type "submit" value"Send"gt
• lt/formgt
• Response to selecting the submit button
• http//aurora.wells.edu/cs330/scripts/form1.c
  gi?NameCarol
• (An HTTP GET request)
• What happens on the server?
• the server extracts form variables
• and does something (next page)

19
HTTP Exchanges for form1.htm

• A GET request
• GET ../scripts/form1.cgi?NameCarol
• HTTP/1.1
• Host cshilepsky.wells.edu
• Accept text/plain
• If it were a POST request
• POST ../scripts/form1.cgi HTTP/1.1
• Host cshilepsky.wells.edu
• Content-Type text/plain
• Content-Length 18
• NameCarol

20
Form Input with a Single Field

• form1.htm is processed by form1.cgi
• !/usr/bin/perl
• print "Content-type text/html\n\n"
• print "lthtmlgt\n"
• print "ltheadgtlttitlegtSimple Form
  Processinglt/titlegtlt/headgt\n"
• print "lth2gtSimple Form Processinglt/h2gt\n"
• print "lthrgt\n"
• print "The query string ",ENV'QUERY_STRING',
  "ltbrgt\n\n"
• (field_name, data) split (//,ENV'QUERY_STRI
  NG')
• print "The field ",field_name,
  "ltbrgt\n"
• print "The data ",data, "ltbrgt\n"
• print "lthrgtlt/htmlgt\n"

21
Form Input with Multiple Fields

• form2.htm is processed by form2.cgi
• !/usr/bin/perl
• print "Content-type text/html\n\n"
• print "lthtmlgt\n"
• print "ltheadgtltTITLEgtForm Processing
  2lt/titlegtlt/headgt\n"
• print "lth2gtForm Processing, Multiple
  Inputslt/h2gt\n"
• print "lthrgtltpregt\n"
• print "ltbgtThe query string
  lt/bgt",ENV'QUERY_STRING',"\n\n"
• print "ltbgtField Valuelt/bgt\n"
• _at_pairs split (//,ENV'QUERY_STRING')
• foreach pair (_at_pairs)
• (field_name, value) split(//,pair)
• print field_name," ",value,"\n"
• print "lthrgtlt/pregtlt/htmlgt\n"

22
Form Input with Post

• form2p.htm is processed by form2p.cgi
• ...(header stuff)...
• print "lthtmlgt\n"
• print "ltheadgtlttitlegtForm Processing/POSTlt/titlegtlt/
  headgt\n"
• print "lth2gtForm Processing, POSTlt/h2gt\n"
• print "lthrgtltpregt\n"
• print "ltbgtThe content length lt/bgt",ENV'CONTENT_
  LENGTH',"\n\n"
• read(STDIN, form_data, ENV'CONTENT_LENGTH')
• print "ltbgtThe form data lt/bgt",form_data,"\n"
• print "ltbgtField Valuelt/bgt\n"
• _at_pairs split ('', form_data)
• foreach pair (_at_pairs)
• (field_name, value) split(//,pair)
• print field_name," ",value,"\n"
• print "lthrgtlt/pregtlt/htmlgt\n"

23
GET versus POST?

• GET is limited in size of data, POST is not
• GET is the default if no method is specified in
  the form
• POST does not reveal the form inputs
• POST is preferred
• Code often includes option to process either
• Next PHP for processing form input