Upload
orlando-wolf
View
36
Download
0
Embed Size (px)
DESCRIPTION
CGI Programming. The Common Gateway Interface (CGI) Generic script ... Client-server interaction ... Accessing Form Input ... Output from the Common Gateway Interface Forms and CGI Server Side Includes Hypermedia Documents Advanced forms and gateways ... Advanced Form Applications - PowerPoint PPT Presentation
Citation preview
Institute for Visualization and Perception ResearchI VPR 1
© Copyright 1998 Haim Levkowitz
CGI Programming• The Common Gateway Interface (CGI)• Generic script ...• Client-server interaction ...• Accessing Form Input ...• Output from the Common Gateway Interface• Forms and CGI• Server Side Includes• Hypermedia Documents• Advanced forms and gateways ...• Advanced Form Applications• Multiple Form Interaction
Institute for Visualization and Perception ResearchI VPR 2
© Copyright 1998 Haim Levkowitz
The Common Gateway Interface (CGI)• What Is CGI? ...
• CGI Applications ...
• Some Working CGI Applications ...
• Internal Workings of CGI ...
• Configuring the Server ...
• Programming in CGI ...
• CGI Considerations ...
Institute for Visualization and Perception ResearchI VPR 3
© Copyright 1998 Haim Levkowitz
What Is CGI? ...
• Communicate with other programs on server
• Pass data to program
• Process data
• Response back to browser
• Model ...
Institute for Visualization and Perception ResearchI VPR 4
© Copyright 1998 Haim Levkowitz
Model ...
• Browser server application
CGI
Form
CGI program's response
CGI program's response
Submit completed form
Call CGI
Institute for Visualization and Perception ResearchI VPR 5
© Copyright 1998 Haim Levkowitz
CGI Applications ...
• Interactive
• User ask questions, run app's
• Forms ...
• Gateways ...
• Virtual documents ...
Institute for Visualization and Perception ResearchI VPR 6
© Copyright 1998 Haim Levkowitz
Forms ...• Subset of HTML• User supply information• Graphical widgets for form creation
• Radio buttons, text fields, checkboxes, selection lists
• Submit button send info to server• Execute program associated with form
• Back-and-forth interaction
Institute for Visualization and Perception ResearchI VPR 7
© Copyright 1998 Haim Levkowitz
Gateways ...• Programs/scripts
• Access info not readable by client
• E.g., SQL queries to read database ...
• E.g., Archie, WAIS, any other Internet info service
• Use forms to query, search
• Retrieve & display dynamic, virtual documents
Institute for Visualization and Perception ResearchI VPR 8
© Copyright 1998 Haim Levkowitz
Virtual documents ...
• Create on the fly; response to info query
• HTML, plain, image, audio
• Simple example ...
• More sophisticated example: Art gallery ...
Institute for Visualization and Perception ResearchI VPR 9
© Copyright 1998 Haim Levkowitz
Simple example ...
• Welcome to IVPR's WWW Server!
• You are visiting from cs.uml.edu. The load average on this machine is 1.25.
• Happy navigating!
• Dynamic information
Institute for Visualization and Perception ResearchI VPR 10
© Copyright 1998 Haim Levkowitz
More sophisticated example: Art gallery ...• Form for user info• Search field for user-searches• E-mail/store form info• Response
• Image of requested painting w/info on painting• Form w/ image processing options
• Or message: doesn't exist
Institute for Visualization and Perception ResearchI VPR 11
© Copyright 1998 Haim Levkowitz
Some Working CGI Applications (old) ...• Lycos: www.lycos.com• Coloring book: www.ravenna.com/coloring• ArchiePlex gateway:
http://pubweb.nexor.co.uk/public/archie/archieplex/archieplex.html
• Guestbook with world map: www.cosy.sbg.ac.at/rec/guestbook
• Japanese <-> English dictionary: www.wg.omron.co.jp/cgi-bin/j-e?SASE=jfield.html• or http://enterprise/ic.gc.ca/cgi-bin/j-e
Institute for Visualization and Perception ResearchI VPR 12
© Copyright 1998 Haim Levkowitz
Internal Workings of CGI ...• Programs in cgi-bin, w/ certain file extensions
(usually)• User open URL ==> client sends request to server,
ask for file• Server tries to execute program in file• E.g., ...• Program gets input from STDIN ...• Program sends output on STDOUT ...• Out directly to client or via server ...
Institute for Visualization and Perception ResearchI VPR 13
© Copyright 1998 Haim Levkowitz
E.g., ...
• GET /cgi-bin/welcome.pl HTTP/1.0• Accept: www/source• Accept: text/html• Accept: image/gif• User-Agent: Lynx/2.4 libwww/2.14• From: [email protected]• All files in cgi-bin recognized as programs• Data formats accepted by client
Institute for Visualization and Perception ResearchI VPR 14
© Copyright 1998 Haim Levkowitz
Program gets input from STDIN ...
• + UNIX environment variables
• Input search string, format, length, remote host & user, other client info, server name, comm. protocol, server sw
Institute for Visualization and Perception ResearchI VPR 15
© Copyright 1998 Haim Levkowitz
Program sends output on STDOUT ...• Program creates output/gives URL of
existing• Send as data stream
• HTTP header (at least format - HTML, plain text, gif, )
• Blank line (= end of header)• Body (data in appropriate format - not
modified by server)
Institute for Visualization and Perception ResearchI VPR 16
© Copyright 1998 Haim Levkowitz
Out directly to client or via server ...
• If complete HTTP header ==> directly to client
• OW, to server• Adds complete header info• Sends to client using HTTP protocol
• E.g., with complete header ...• E.g., with partial header ...
Institute for Visualization and Perception ResearchI VPR 17
© Copyright 1998 Haim Levkowitz
E.g., with complete header ...HTTP/1.0 OK
Date: Tuesday, 9-April-96 11:37:00 GMT
Server: NCSA/1.4.2
MIME-Version: 1.0
Content-type: text/html
Content-length: 2000
<HTML>
<HEAD><TITLE>Welcome to IVPR's WWW Server!</TITLE></HEAD>
<BODY>
<H1>Welcome!</H!>
.
.
</BODY>
</HTML>
Institute for Visualization and Perception ResearchI VPR 18
© Copyright 1998 Haim Levkowitz
E.g., with partial header ...
Content-type: text/html
<HTML>
<HEAD><TITLE>Welcome to IVPR's WWW Server!</TITLE></HEAD>
<BODY>
<H1>Welcome!</H!>
.
.
</BODY>
</HTML>
Institute for Visualization and Perception ResearchI VPR 19
© Copyright 1998 Haim Levkowitz
Configuring the Server ...
• ServerRoot• /usr/local/etc/httpd (in httpd.conf)
• ScriptAlias• /cgi-bin/ /usr/local/etc/httpd/cgi-bin
• E.g., http://domain/cgi-bin/welcome <--> /usr/local/etc/httpd/cgi-bin/welcome
• Can have multiple CGI script directories• Can run programs anywhere (dangerous!) ...
Institute for Visualization and Perception ResearchI VPR 20
© Copyright 1998 Haim Levkowitz
Can run programs anywhere (dangerous!) ...
• AddType
• application/x-httpd-cgi .pl .sh .cgi
• In srm.conf ==> exec files w/ given extensions
Institute for Visualization and Perception ResearchI VPR 21
© Copyright 1998 Haim Levkowitz
Programming in CGI ...
• Which programming language? Features ...• AppleScript (Mac only) ...• C/C++ (UNIX, Mac, Windows) ...• C shell (UNIX only) ...• Tcl (UNIX only) ...• Visual Basic (Windows only) ...• Perl (UNIX, Mac, Windows) ...
Institute for Visualization and Perception ResearchI VPR 22
© Copyright 1998 Haim Levkowitz
Which programming language? Features ...
• Ease of text manipulation
• Interface w/other sw libs and utilities
• Access environment variables (in UNIX)
Institute for Visualization and Perception ResearchI VPR 23
© Copyright 1998 Haim Levkowitz
AppleScript (Mac only) ...• Integral part of MacOS 7.5 +• No inherent pattern matching
• Extensions• Interface w/ other Mac app's through
AppleEvents• E.g., present form to user, decode
contents, query & search Microsoft FoxPro database
Institute for Visualization and Perception ResearchI VPR 24
© Copyright 1998 Haim Levkowitz
C/C++ (UNIX, Mac, Windows) ...
• No database extensions
• No inherent pattern matching
• Modules/function
• +: Compiled
Institute for Visualization and Perception ResearchI VPR 25
© Copyright 1998 Haim Levkowitz
C shell (UNIX only) ...
• No pattern matching• ==> Must use e.g., sed or awk
• uncgi sw tool (in C)• Decode form data + store in shell envi.
vars.• No direct database access• Bugs & limitations
Institute for Visualization and Perception ResearchI VPR 26
© Copyright 1998 Haim Levkowitz
Tcl (UNIX only) ...
• Shell, tcsh• Simple constructs, a little more diff.
than Perl• Extensions to database and graphic
libs.• Supports regular expressions
• Insufficient handling at compile time
Institute for Visualization and Perception ResearchI VPR 27
© Copyright 1998 Haim Levkowitz
Visual Basic (Windows only) ...
• Communicate with other Windows programs
• No string manipulations
Institute for Visualization and Perception ResearchI VPR 28
© Copyright 1998 Haim Levkowitz
Perl (UNIX, Mac, Windows) ...• Most widely used• Highly portable• Powerful string manipulation op's, functions for
binary data• Simple, concise constructs• Easy calling shells, equivalents of UNIX systems
functions• Extensions (e.g., oraperl for Oracle)• Perl primer ...
Institute for Visualization and Perception ResearchI VPR 29
© Copyright 1998 Haim Levkowitz
CGI Considerations ...
• Data readable by client?
• Text/HTML ok
• Others: need gateway to translate
• How to present?
• E.g., Graphics, plots
Institute for Visualization and Perception ResearchI VPR 30
© Copyright 1998 Haim Levkowitz
Generic script ...• 1. Print header w/ Content-type declaration• 2. Print start of HTML doc.• 3. Try to get query string• 4. No string ==> user's 1st access
• Create searchable doc. w/ <ISINDEX> or <FORM>• 5. Query string: create doc w/ result of request / ack
request processed• 6. Print end of HTML doc, inc. signature• 7. Exit• skeleton.pl
Institute for Visualization and Perception ResearchI VPR 31
© Copyright 1998 Haim Levkowitz
Client-server interaction ...
• Input to the Common Gateway Interface
Institute for Visualization and Perception ResearchI VPR 32
© Copyright 1998 Haim Levkowitz
Input to the Common Gateway Interface
• Introduction ...
• Using Environment Variables ...
Institute for Visualization and Perception ResearchI VPR 33
© Copyright 1998 Haim Levkowitz
Introduction ...
• In CGI environment variables
• Info about client, server, user
• Form data from user
• In environment variable / body of request
• Add'l pathname info
Institute for Visualization and Perception ResearchI VPR 34
© Copyright 1998 Haim Levkowitz
Using Environment Variables ...• List of CGI Environment variables
• Perl: %ENV associative array• Example: About this server ...• Example: Check the client browser ...• Restricting access for specified domains ...• User authentication and identification ...• Where did you come from? ...
Institute for Visualization and Perception ResearchI VPR 35
© Copyright 1998 Haim Levkowitz
Example: About this server ...about_this_server.pl
Typical output
<HTML>
<HEAD><TITLE>About this Server</TITLE></HEAD>
<BODY><H1>About this Server</H1>
<HR><PRE>
Server Name: cs.uml.edu
Running on Port: 80
Server Software: NCSA/1.4.2
Server Protocol: HTTP/1.0
CGI Revision: CGI/1.1
<HR></PRE>
</BODY></HTML>
Institute for Visualization and Perception ResearchI VPR 36
© Copyright 1998 Haim Levkowitz
Example: Check the client browser ...
• check_browser.pl
Institute for Visualization and Perception ResearchI VPR 37
© Copyright 1998 Haim Levkowitz
Restricting access for specified domains ...
• Different documents for internal, external users
• restrict_domain.pl
Institute for Visualization and Perception ResearchI VPR 38
© Copyright 1998 Haim Levkowitz
User authentication and identification ...
• Access restricted
• Need user name & password
• Unencrypted: DON'T use real
• Server passes in REMOTE_USER env. var.
• Identify users ...
Institute for Visualization and Perception ResearchI VPR 39
© Copyright 1998 Haim Levkowitz
Identify users ...
• $remote_use = $ENV{'REMOTE_USER'};• if ($remote_user eq "haim") {
• print "Who are you?", "\n"• } elseif ($remote_use eq "john") {
• print "Hi John." "\n";• }
Institute for Visualization and Perception ResearchI VPR 40
© Copyright 1998 Haim Levkowitz
Where did you come from? ...• Last URL you were before coming here• HTTP_REFERER env. var. (from client)• referer.pl• Not all browsers set var.• Not set for first server accessed• Meaningless if accessed from bookmark /
straight typing of URL• ==> Not entirely accurate
Institute for Visualization and Perception ResearchI VPR 41
© Copyright 1998 Haim Levkowitz
Accessing Form Input ...• Form interaction with CGI ...
• Query strings ...
• Simple form ...
• GET and POST methods ...
• Encoded data ...
• Extra Path Information ...
• Other Languages Under UNIX
• Other Languages Under Microsoft Windows
• Other Languages on Macintosh Servers
• Examining Environment Variables
Institute for Visualization and Perception ResearchI VPR 42
© Copyright 1998 Haim Levkowitz
Form interaction with CGI ...• Browser Server Application
NETWORK
1. User requests a form
Retrieves form
2. Sends form to clientUser fills out form
3. User submits form
4. Forwards to CGI Application Process data
5. Output to server
T
Institute for Visualization and Perception ResearchI VPR 43
© Copyright 1998 Haim Levkowitz
Query strings ...• http://domain/cgi-bin/program?query-string
• Call program • Store query-string (after ?) in QUERY_STRING• E.g., name.pl
• http://domain/cgi-bin/name.pl?fortune• http://domain/cgi-bin/name.pl?finger• http://domain/cgi-bin/name.pl
• Security warning ...
Institute for Visualization and Perception ResearchI VPR 44
© Copyright 1998 Haim Levkowitz
Security warning ...
• Caution not to execute system commands
• NEVER: print `$query_string`;
• E.g., rm -fr /
• ==> delete everything
Institute for Visualization and Perception ResearchI VPR 45
© Copyright 1998 Haim Levkowitz
Simple form ...
• Form: simple_form.html• Script: unix.pl (GET version)• GET method ==>
• All form data in URL ==>• Can also access directly
• http://domain/cgi-bin/unix.pl?command=fortune
• Same result as with form
Institute for Visualization and Perception ResearchI VPR 46
© Copyright 1998 Haim Levkowitz
GET and POST methods ...POST: server sends data to program as input stream
<FORM ACTION="unix.pl" METHOD="POST">
==> Request
POST /cgi-bin/unix.pl HTTP/1.0
.
(header)
.
Content-length: 15
command=fortune
unix.pl (POST version, both version)
GET version only down to here
Institute for Visualization and Perception ResearchI VPR 47
© Copyright 1998 Haim Levkowitz
Encoded data ...
• GET ==> form info as part of URL
• ==> No spaces, special character
• ==> Encoding
• HTML form ...
• Clients issues request ...
Institute for Visualization and Perception ResearchI VPR 48
© Copyright 1998 Haim Levkowitz
HTML form ...• birthday.html• <HTML>• <HEAD><TITLE>When's your birthday?</TITLE></HEAD>• <BODY>• <H1>When's your birthday?</H1>• <HR>• <FORM ACTION="birthday.pl" METHOD="POST">• Birthday (in the form of mm/dd/yy): <INPUT TYPE="text" NAME="birthday"
SIZE=40>• <P>• <INPUT TYPE="submit" VALUE="Submit Form!">• <INPUT TYPE="reset" VALUE="Clear Form">• </FORM>• <HR>• </BODY>• </HTML>
Institute for Visualization and Perception ResearchI VPR 49
© Copyright 1998 Haim Levkowitz
Clients issues request ...Enter: 08/30/53
POST /cgi-bin/birthday.pl HTTP/1.0
.
. (information)
.
Content-length: 21
birthday=08%2F30%2F53
Decode "%2F" to "/”
Program: birthday.pl ...
Institute for Visualization and Perception ResearchI VPR 50
© Copyright 1998 Haim Levkowitz
Program: birthday.pl ...#!/usr/local/bin/perl
$size_of_form_information = $ENV{'CONTENT_LENGTH'};
read (STDIN, $form_info, $size_of_form_information);
$form_info =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg; ...
($field_name, $birthday) = split (/=/, $form_info);
print "Content-type: text/plain", "\n\n";
print "Hey, your birthday is on: $birthday. That's what you told me, right?", "\n";
exit (0);
Institute for Visualization and Perception ResearchI VPR 51
© Copyright 1998 Haim Levkowitz
$form_info =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg; ...• s: substitute; starts with %• ( ): store in var. ($1)• 2 chars., [\dA-Fa-f]: digit or letter A-F (or a-f)• /pack ("C", hex ($1)): convert val. in $1 to
ASCII equiv.• e: eval replacement string as expression• g: replace all occurrences of hexa. string
Institute for Visualization and Perception ResearchI VPR 52
© Copyright 1998 Haim Levkowitz
Extra Path Information ...• Can pass as part of URL• Server needs to know where name of prog. ends
• Understand that what's following is extra• http://domain/cgi-bin/display.pl/cgi/cgi_doc.txt
• /cgi/cgi_doc.txt --> PATH_INFO• Set PATH_TRANSLATED, map info in PATH_INFO to doc.
root dir.• Can use PATH_INFO + DOCUMENT_ROOT (not set by all
servers• $path_translated = join ("/",
$ENV{'DOCUMENT_ROOT'}, $ENV{'PATH_INFO'};
Institute for Visualization and Perception ResearchI VPR 53
© Copyright 1998 Haim Levkowitz
Output from the Common Gateway Interface• Overview ...• CGI and Response Headers ...• Accept Types and Content Types ...• The Content-length Header ...• Server Redirection ...• The “Expires” and “Pragma” Headers ...• Status Codes ...• Complete (Non-Parsed) Headers ...
Institute for Visualization and Perception ResearchI VPR 54
© Copyright 1998 Haim Levkowitz
Overview ...
• Execute program• Return output in a way browser can handle• Output to browser
• Plain text / HTML• Graphics / binary• HTTP status codes• Tell server to send a document
Institute for Visualization and Perception ResearchI VPR 55
© Copyright 1998 Haim Levkowitz
CGI and Response Headers ...• Valid HTTP headers ...• Netscape-compatible headers ...• Complete list:
http://www.w3.org/hypertext/WWW/Protocols/HTTP/Object_Headers.html
• Header lines don't have to be in any special order
• Header block must end with blank line
Institute for Visualization and Perception ResearchI VPR 56
© Copyright 1998 Haim Levkowitz
Valid HTTP headers ...
• Content-length: in bytes• Content-type: MIME type• Expires: expiration date & time of doc.
==> reload• Location: server redirection• Pragma: Turn doc. caching on/off• Status: of request
Institute for Visualization and Perception ResearchI VPR 57
© Copyright 1998 Haim Levkowitz
Netscape-compatible headers ...
• Refresh: client reloads specified doc.
• Set-cookie: client stores specified data
• Keep track of data between requests
Institute for Visualization and Perception ResearchI VPR 58
© Copyright 1998 Haim Levkowitz
Accept Types and Content Types ...
• CGI can handle any type that client can
• E.g., plain, HTML, PS, PDF, SGML, ...
• Client sends list of "accept types"
• Supports directly / via helper app's
• Server stores in HTTP_ACCEPT
• Code to check, accept JPEG or GIF? ...
Institute for Visualization and Perception ResearchI VPR 59
© Copyright 1998 Haim Levkowitz
Code to check, accept JPEG or GIF? ...
#/usr/local/bin/perl
$gif_image = "logo.gif";
$jpeg_image = "logo.jpg";
$plain_text = "logo.txt";
$accept_types = $ENV{'HTTP_ACCEPT'};
if ($accept_types =~ m|image/gif|) {
$html_document = $gif_image;
} elseif ($accept_types =~ m|image/jpeg|) {
$html_document = $jpeg_image;
} else {
$html_document = $plain_text;
}
Institute for Visualization and Perception ResearchI VPR 60
© Copyright 1998 Haim Levkowitz
The Content-length Header ...
• Entire file: contents_length.pl• stat command to get contents length• 13 element array; [7] is file size in
bytes• Good for small graphics, not for large
• In pieces: gif_pieces.pl
Institute for Visualization and Perception ResearchI VPR 61
© Copyright 1998 Haim Levkowitz
Server Redirection ...
• Retrieve existing doc from somewhere• Send location header: tell server which doc.• Result appears as if client requested doc. not
prog.• "Canned" response• E.g., thanks.html ...• Simple redirection code ...• Decide what gets returned based on ...
Institute for Visualization and Perception ResearchI VPR 62
© Copyright 1998 Haim Levkowitz
E.g., thanks.html ...<HTML>
<HEAD><TITLE>Thank You!</TITLE></HEAD>
<BODY>
<H1>Thank You!</H1>
<HR>
Thank You for filling out this form. We will be using your input to improve our products.
Thanks again,
WWW Software, Inc.
</BODY>
</HTML>
Institute for Visualization and Perception ResearchI VPR 63
© Copyright 1998 Haim Levkowitz
Simple redirection code ...#!/usr/local/bin/perl
print "Location: /thanks.html", "\n\n";
exit (0);
Can't return content type headers
Can return any location on web
Institute for Visualization and Perception ResearchI VPR 64
© Copyright 1998 Haim Levkowitz
Decide what gets returned based on ...
E.g., load
#!/usr/local/bin/perl
$uptime = `/usr/ucb/uptime`;
($load_average) = ($uptime =~ /average: ([^,]*)/);
$load_limit = 10.0;
$simple_document = "/simple.html";
$complex_document = "/complex.html";
if ($load_average >= $load_limit) {
print "Location: $simple_document", "\n\n";
} else {
print "Location: $complex_document", "\n\n";
}
exit (0);
Institute for Visualization and Perception ResearchI VPR 65
© Copyright 1998 Haim Levkowitz
The "Expires" and "Pragma" Headers ...
• Caching stores virtual doc.
• ==> CGI prog. not run again ==> out-of-date
• E.g., click for date and time ...
• Click again, date/time same, should be diff. ...
Institute for Visualization and Perception ResearchI VPR 66
© Copyright 1998 Haim Levkowitz
E.g., click for date and time ...#!/usr/local/bin/perl
chop ($current_date = `/bin/date`);
$script_name = $ENV{'SCRIPT_NAME'};
print "Content-type: text/html", "\n\n";
print "<HTML>", "\n";
print "<HEAD><TITLE>Effects of Browser Caching</TITLE></HEAD>", "\n";
print "<BODY><H1>", $current_date, "</H1>", "\n";
print "<P>", qq|<A HREF="$script_name">Click here to run again!</A>|, "\n";
print "</BODY></HTML>", "\n";
exit (0);
Institute for Visualization and Perception ResearchI VPR 67
© Copyright 1998 Haim Levkowitz
Click again, date/time same, should be diff. ...
• Contents from cached doc. rather than prog.
• To fix, tell browser not to cache ...
• Or cause to expire ...
• But some browsers don’t handle correctly
Institute for Visualization and Perception ResearchI VPR 68
© Copyright 1998 Haim Levkowitz
To fix, tell browser not to cache ...
#!/usr/local/bin/perl
print "Content-type: text/html", "\n\n";
print "Pragma: no-cache", "\n\n";
Institute for Visualization and Perception ResearchI VPR 69
© Copyright 1998 Haim Levkowitz
Or cause to expire ...
#!/usr/local/bin/perl
print "Content-type: text/html", "\n\n";
print “Expires: Tuesday, 16-April-96 17:30:00 GMT", "\n\n";
Institute for Visualization and Perception ResearchI VPR 70
© Copyright 1998 Haim Levkowitz
Status Codes ...
• Codes ...
• Example ...
Institute for Visualization and Perception ResearchI VPR 71
© Copyright 1998 Haim Levkowitz
Codes ...• 200: Success• 204: No response ...• 301: Document moved• 401: Unauthorized • 403: Forbidden• 404: Not found• 500: Internal server error• 501: Not implemented
Institute for Visualization and Perception ResearchI VPR 72
© Copyright 1998 Haim Levkowitz
204: No response ...
• Don’t load new page
• Good for invalid values in forms, or clicks on unassigned sections in imagemaps
• E.g., ...
Institute for Visualization and Perception ResearchI VPR 73
© Copyright 1998 Haim Levkowitz
E.g., ...#!/usr/local/bin/perl
print "Content-type: text/plain", "\n";
print "Status: 204 No Response", "\n\n";
print "You should not see this message. If you do, your browser does", "\n";
print "not implement status codes correctly.", "\n";
exit (0);
Institute for Visualization and Perception ResearchI VPR 74
© Copyright 1998 Haim Levkowitz
Example ...#!/usr/local/bin/perl
$remote_host = $ENV{'REMOTE_HOST'};
print "Content-type: text/plain", "\n";
if ($remote_host eq "uml.edu") {
print "Status: 200 OK", "\n\n";
print "Great! You are from UMass Lowell!", "\n";
} else {
print "Status: 400 Bad Request", "\n\n";
print "Sorry! You need to access this from UMass Lowell!", "\n";
}
exit (0);
Institute for Visualization and Perception ResearchI VPR 75
© Copyright 1998 Haim Levkowitz
Complete (Non-Parsed) Headers ...• So far, partial HTTP headers (Content-type)• Can generate complete header• ==> No overhead on server
• Output goes directly CGI prog. --> client ...• ==> + Faster response• ==> – Careful! Server can’t avoid errors• Programs start with “nph-” (non-parsed header)• E.g., this will count in real time ...• But, with partial header, not! ...
Institute for Visualization and Perception ResearchI VPR 76
© Copyright 1998 Haim Levkowitz
Output goes directly CGI prog. --> client ...
• .
BrowserServer
CGI Application
Partial header
Complete header
Server response with Complete header
Institute for Visualization and Perception ResearchI VPR 77
© Copyright 1998 Haim Levkowitz
E.g., this will count in real time ... #!/usr/local/bin/perl
$server_protocol = $ENV{'SERVER_PROTOCOL'};$server_software = $ENV{'SERVER_SOFTWARE'};
print "$server_protocol 200 OK", "\n";print "Server: $server_software", "\n";print "Content-type: text/plain", "\n\n";
print "OK, Here I go. I am going to count from 1 to 50!", "\n";
for ($loop=1; $loop <= 50; $loop++) { print $loop, "\n"; sleep (2);}
print "All Done!", "\n";
exit (0);
Institute for Visualization and Perception ResearchI VPR 78
© Copyright 1998 Haim Levkowitz
But, with partial header, not! ...
• Leave only Content-type
• Remove nph- from name
• Result is entire document at once
Institute for Visualization and Perception ResearchI VPR 79
© Copyright 1998 Haim Levkowitz
Forms and CGI
• HTML Form Tags ...
• Sending Data to the Server ...
• Designing Applications Using Forms in Perl ...
• Decoding Forms in Other Languages
Institute for Visualization and Perception ResearchI VPR 80
© Copyright 1998 Haim Levkowitz
HTML Form Tags ...• <FORM ACTION="/cgi-bin/prog.pl" METHOD="POST">• <INPUT TYPE="text" NAME="name" VALUE="value" SIZE="size">• <INPUT TYPE="password" NAME="name" VALUE="value"
SIZE="size">• <INPUT TYPE="checkbox" NAME="name" VALUE="value">• <INPUT TYPE="radio" NAME="name" VALUE="value">• <SELECT NAME="NAME" SIZE=1>• <OPTION SELECT>ONE• <OPTION>Two• </SELECT>• More form Tags ...
Institute for Visualization and Perception ResearchI VPR 81
© Copyright 1998 Haim Levkowitz
More form Tags ...
• <SELECT NAME="NAME" SIZE=n MULTIPLE>• <TEXTAREA ROWS=yy COLS=xx NAME="name">• </TEXTAREA>• <INPUT TYPE="submit" VALUE="Message">• <INPUT TYPE="submit" NAME="name"
VALUE="value">• <INPUT TYPE="image" SRC="/image"
NAME="name" VALUE="value">• <INPUT TYPE="reset" VALUE="Message">
Institute for Visualization and Perception ResearchI VPR 82
© Copyright 1998 Haim Levkowitz
Sending Data to the Server ...
• MIME type to encode form data: application/x-www-form-urlencoded
• Equate each NAME with entered value• key-value_pair&key-value_pair&key-value_pair• text, password: value = user input [blank]• radio: value = [on]; unchecked ==> ignored• GET vs. POST ...• Decoding form data ...
Institute for Visualization and Perception ResearchI VPR 83
© Copyright 1998 Haim Levkowitz
GET vs. POST ...• GET
• + Access CGI prog. w/ query without a form• Pass parameters to program ...• Can send extra path info ...
• – Query might get truncated• Post
• + Unlimited query length• – No “canned” queries
Institute for Visualization and Perception ResearchI VPR 84
© Copyright 1998 Haim Levkowitz
Pass parameters to program ...
• <A HREF="cgi-bin/prog.pl?user=Haim%20Levkowitz&Occupation=Professor">CGI Program</A>
• Need to encode spaces, special char's
• encode.pl (not a CGI prog!)
Institute for Visualization and Perception ResearchI VPR 85
© Copyright 1998 Haim Levkowitz
Can send extra path info ...
• <A HREF="cgi-bin/prog.pl/user=Haim%20Levkowitz/Occupation=Professor">CGI Program</A>
Institute for Visualization and Perception ResearchI VPR 86
© Copyright 1998 Haim Levkowitz
Decoding form data ...
• REQUEST_METHOD: how data passed by client• GET: get QUERY_STRING / PATH_INFO from
env. var.• POST: read CONTENT_LENGTH bytes from
STDIN• Split query string on “&” (key=value&key=value ...)• Decode hexadec. and “+” in key-value pairs• Create key-value table, key as index
Institute for Visualization and Perception ResearchI VPR 87
© Copyright 1998 Haim Levkowitz
Designing Applications Using Forms in Perl ...
• Simple form: Testing A Form
• Form: name.html
• Program: greeting.pl
• Combining graphics and queries
• Form: color_text.html
• Program: gd_text.pl
Institute for Visualization and Perception ResearchI VPR 88
© Copyright 1998 Haim Levkowitz
Server Side Includes• Introduction ...
• How SSI work? ...
• Configuration ...
• Environment Variables ...
• Including Boilerplates ...
• File Statistics ...
• Executing External Programs ...
• Executing CGI Programs ...
• Tailoring SSI Output ...
• Common Errors ...
Institute for Visualization and Perception ResearchI VPR 89
© Copyright 1998 Haim Levkowitz
Introduction ...
• Directives in HTML doc ...
• Execute progs, output data, e.g., envi. vars.
• Not all servers support
• CERN: no; NCSA, Netscape: yes
• fakessi.pl simulates
Institute for Visualization and Perception ResearchI VPR 90
© Copyright 1998 Haim Levkowitz
Directives in HTML doc ...
Command Parameter Description echo var Insert value of SSI/envi. vars. include Insert text of doc. into curr. file file Pathname relative to curr. dir. virtual Virtual path to doc. on server fsize file Insert size of spec'd file flastmod file Insert last mod data/time exec Exec. ext.prog; output -> cur. doc cmd Any application on host cgi CGI program config Modify aspect of SSI errmsg Default error message sizefmt Format for size of file timefmt Format for dates
Institute for Visualization and Perception ResearchI VPR 91
© Copyright 1998 Haim Levkowitz
How SSI work? ...
• Client request doc. from SSI-enabled server• Server parsed doc., returns evaluated doc. ...• No auto parsing of all files, only those configured• Powerful, but
• Expensive: computational load parsing• Security risk: directives to exec risky sys
commands
Institute for Visualization and Perception ResearchI VPR 92
© Copyright 1998 Haim Levkowitz
Server parsed doc., returns evaluated doc. ...
Server
Process SSI Statements
Browser
Visitor HTML
HTMLw/SSI
Request document
Retrieve document from file system
1234
Institute for Visualization and Perception ResearchI VPR 93
© Copyright 1998 Haim Levkowitz
Configuration ...
• Extensions of files server should parse (srm.conf) ...
• Access configuration (access.conf) ...
Institute for Visualization and Perception ResearchI VPR 94
© Copyright 1998 Haim Levkowitz
Extensions of files server should parse (srm.conf) ...
• .shtml: • AddType text/x-server-parsed-html
.shtml• All HTML:
• AddType text/x-server-parsed-html.html• ==> Performance degradation
Institute for Visualization and Perception ResearchI VPR 95
© Copyright 1998 Haim Levkowitz
Access configuration (access.conf) ...
• Includes: embed SSI directives to display env. vars. & file stats. in HTML docs.
• Exec: execute external programs from HTML docs.
• Options Includes ExecCGI
• Options IncludesNoExec
Institute for Visualization and Perception ResearchI VPR 96
© Copyright 1998 Haim Levkowitz
Environment Variables ...
• <!--#echo var="ENVIRONMENT_VAR"-->• DOCUMENT_NAME current file• DOCUMENT_URI virtual path to file• QUERY_STRING_UNESCAPED undecoded query string,
shell metachars escaped w “\”• DATE_LOCAL current date & time (local)• DATE_GMT current date & time (GMT)• LAST_MODIFIED last mod’n date & time
Institute for Visualization and Perception ResearchI VPR 97
© Copyright 1998 Haim Levkowitz
Including Boilerplates ...
• Include file in HTML doc
• <!--#include file="file.ext"-->
Institute for Visualization and Perception ResearchI VPR 98
© Copyright 1998 Haim Levkowitz
File Statistics ...
• The size of the file is <!--#fsize file="file.ext"--> bytes
• It was last modified on <!--#flastmod file="file.ext"--> .
Institute for Visualization and Perception ResearchI VPR 99
© Copyright 1998 Haim Levkowitz
Executing External Programs ...• Execute CGI / sys program• Output in HTML doc• Welcome <!--#echo var"REMOTE_USER"-->. Here is
some info about you:• <PRE><!--#exec cmd="/usr/ucb/finger
$REMOTE_USER@REMOTE_HOST"--></PRE> • ==> Finger user in var.• WARNING: strip SSI commands from input
• E.g., <!--#exec cmd="/bin/rm -fr /"-->
Institute for Visualization and Perception ResearchI VPR 100
© Copyright 1998 Haim Levkowitz
Executing CGI Programs ...
• E.g., access counter
• This page has been accessed <!--#exec cgi="/cgi-bin/counter.pl"--> times
Institute for Visualization and Perception ResearchI VPR 101
© Copyright 1998 Haim Levkowitz
Tailoring SSI Output ...• <!--#config errmsg="Error, contact SysAdmin"-->• <!--#config sizefmt="abbrev"-->• <!--#config timefmt="%D %r"-->
• %D: Date as “%m/%d/%y” (04/16/96)• %r: Time as “%I:%M:%S AM | PM” (05:00:00
PM)• 21 SSI Time formats
• Table omitted
Institute for Visualization and Perception ResearchI VPR 102
© Copyright 1998 Haim Levkowitz
Common Errors ...
• <!--echo var="REMOTE_USER"-->• No “#”
• <!-- #echo var="REMOTE_USER"-->• Space between “-” and “#”
• ==> Whole expression treated as HTML comment • No error message!
Institute for Visualization and Perception ResearchI VPR 103
© Copyright 1998 Haim Levkowitz
Hypermedia Documents
• Graphics creation and manipulation w/ CGI• Creating Dynamic Home Pages ...• CGI Examples with PostScript ...• The gd Graphics Library• CGI Examples with gnuplot• CGI Examples with pgperl• Animation ...
Institute for Visualization and Perception ResearchI VPR 104
© Copyright 1998 Haim Levkowitz
Creating Dynamic Home Pages ...
• Creating Dynamic Home Pages ...Tell server to exec CGI prog ...
• E.g., greeting with time of access
• homepage_welcome.pl
Institute for Visualization and Perception ResearchI VPR 105
© Copyright 1998 Haim Levkowitz
Creating Dynamic Home Pages ...• Tell server to exec CGI prog• Instead of displaying HTML file• In srm.conf:
• AddType application/x-httpd-cgi index.html
• CERN server (httpd.conf): • Exec /index.html /usr/local/etc/httpd/cgi-
bin/index.pl
Institute for Visualization and Perception ResearchI VPR 106
© Copyright 1998 Haim Levkowitz
CGI Examples with PostScript ...• Dynamic graphics• PostScript on screen same as on page• Run through interpreter (browsers don't handle PS)
• E.g., GNU GhostScript (http://www.phys.ufl.edu/docs/goodies/unix/previewers/ghostscript.html)
• ==> GIF image to browser• E.g., http://domain/cgi-bin/ps_time.pl• Or <IMG SRC="/cgi-bin/ps_time.pl">
Institute for Visualization and Perception ResearchI VPR 107
© Copyright 1998 Haim Levkowitz
Animation ...
• Client pull ...
• Server push ...
Institute for Visualization and Perception ResearchI VPR 108
© Copyright 1998 Haim Levkowitz
Client pull ...
• New HTTP connection for ea. requested doc
• E.g. display time continuously w/ HTML ...
• And with Perl ...
• E.g., random fortune message every 10 secs. ...
Institute for Visualization and Perception ResearchI VPR 109
© Copyright 1998 Haim Levkowitz
E.g., display time continuously w/ HTML ...
<META HTTP-EQUIV="Refresh" CONTENT=5>
<!--#echo var="DATE_LOCAL"-->
Institute for Visualization and Perception ResearchI VPR 110
© Copyright 1998 Haim Levkowitz
And with Perl ...
• #!/usr/local/bin/perl
• $delay = 5;• $date = "/bin/date";
• print "Refresh: ", $delay, "\n";• print "Content-type: text/plain", "\n\n";• print `$date`;
• exit(0);
Institute for Visualization and Perception ResearchI VPR 111
© Copyright 1998 Haim Levkowitz
E.g., random fortune message every 10 secs. ...#!/usr/local/bin/perl
$fortune = "/usr/local/bin/fortune";$refresh_time = 10;
print "Refresh: ", $refresh_time, "\n";print "Content-type: text/plain", "\n\n";
print "Here is another fortune...", "\n";print `$fortune`;
exit(0);