1 / 18

Outcomes

Outcomes. Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules in your perl program Able to use Split function to extract information Understand what is CGIWRAP. CGI Environment Variables.

alida
Download Presentation

Outcomes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Outcomes • Know what are CGI Environment Variables • Know how to use environment variables • How to process A simple Query Form • Able to use URL Encoding rules in your perl program • Able to use Split function to extract information • Understand what is CGIWRAP

  2. CGI Environment Variables • Environment variables is a set of hidden values that Web server sends to every CGI you run. • You CGI program can parse them, and use the data you send • Environment variables are stored in a hash called %ENV • The %ENV hash is automatically set for every CGI, and you can use any or all of it as needed

  3. CGI Environment variables • Environment variables are a series of hidden values that the web server sends to every CGI you run. Your CGI can parse them, and use the data they send. • Variable Name Value • DOCUMENT_ROOT The root directory of your server • HTTP_COOKIE The visitor’s cookie, if one is set • HTTP_HOST The hostname of your server • HTTP_REFERER The URL of the page that called your script • HTTP_USER_AGENT The browser type of the visitor • HTTPS "on" if the script is being called through a secure server • PATH The system path your server is running under • QUERY_STRING The query string (see GET, below) • REMOTE_ADDR The IP address of the visitor

  4. CGI Environment variables • REMOTE_HOST The hostname of the visitor (if your server has reversename-lookups on; otherwise this is the IP address again) • REMOTE_PORT The port the visitor is connected to on the web server • REMOTE_USER The visitor’s username (for .htaccess-protected pages) • REQUEST_METHOD GET or POST • REQUEST_URI The interpreted pathname of the requested document or • CGI (relative to the document root) • SCRIPT_FILENAME The full pathname of the current CGI • SCRIPT_NAME The interpreted pathname of the current CGI (relative to the document root) • SERVER_ADMIN The email address for your server’s webmaster • SERVER_NAME Your server’s fully qualified domain name • SERVER_PORT The port number your server is listening on • SERVER_SOFTWARE The server software you’re using (such as Apache 1.3)

  5. Examples of useful Environment variables (env.cgi) #!/usr/bin/perl print "Content-type:text/html\n\n"; print <<EndOfHTML; <html><head><title>Print Environment </title></head> <body> EndOfHTML foreach $key (sort(keys %ENV)) { print "$key = $ENV{$key}<br>\n"; } print "</body></html>";

  6. DOCUMENT_ROOT = /users/csd/csd/spider/sbuGATEWAY_INTERFACE = CGI/1.1HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*HTTP_ACCEPT_LANGUAGE = en-gbHTTP_CACHE_CONTROL = max-age=259200HTTP_CONNECTION = keep-aliveHTTP_HOST = www.sbu.ac.ukHTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)HTTP_VIA = 1.0 cache2-eth0.sbu.ac.uk:8080 (Squid/2.3.STABLE4)HTTP_X_FORWARDED_FOR = unknownPATH = /usr/local/etc/httpd:/sbin:/usr/sbin:/usr/binPATH_INFO = PATH_TRANSLATED = /users/eee/eee/zhaoza/.public_html/cgi-bin/env.plQUERY_STRING = REMOTE_ADDR = 136.148.1.94REMOTE_HOST = cache2-eth0.sbu.ac.ukREMOTE_PORT = 2833REQUEST_METHOD = GETREQUEST_URI = /cgi-bin/cgiwrap/~zhaoza/env.plSCRIPT_FILENAME = /usr/local/apache/share/cgi-bin/cgiwrapSCRIPT_NAME = /cgi-bin/cgiwrap/zhaoza/env.plSERVER_ADDR = 136.148.1.1SERVER_ADMIN = webmaster@sbu.ac.ukSERVER_NAME = www.sbu.ac.ukSERVER_PORT = 80SERVER_PROTOCOL = HTTP/1.0zSERVER_SIGNATURE = SERVER_SOFTWARE = Apache/1.3.12 (Unix)

  7. Remote Host ID(rhost.cgi) #!/usr/bin/perl print "Content-type:text/html\n\n"; print <<EndHTML <html><head><title>Hello!</title></head> <body> <h2>Hello!</h2> Welcome, visitor from $ENV{'REMOTE_HOST'}!<p> </body></html> EndHTML

  8. #!/usr/bin/perl print "Content-type:text/html\n\n"; print <<EndHTML <html><head><title>Hello!</title></head> <body> <h2>Hello!</h2> Welcome, visitor from $ENV{'REMOTE_ADDR'}!<p> </body></html> EndHTML

  9. Checking Browser Type(browser.cgi) #!/usr/bin/perl print "Content-type:text/html\n\n"; print "<html><head><title>Welcome</title></head>\n"; print "<body>\n"; print "Browser: $ENV{'HTTP_USER_AGENT'}<p>\n"; if ($ENV{'HTTP_USER_AGENT'} =~/MSIE/) { print "You seem to be using <b>Internet Explorer!</b><p>\n"; } elsif ($ENV{'HTTP_USER_AGENT'} =~/Mozilla/) { print "You seem to be using <b>Netscape!</b><p>\n"; } else {print "You seem to be using a browser other than Netscape or IE.<p>\n"; } print "</body></html>\n";

  10. A simple Query Form • When GET method is used to send data from an HTML form to CGI, the input values from the form are saved in the QUERY_STRING environment variable. • In the Get method, the input values from the form are sent as part of the URL. The values ( saved in query_string) appears after the question mark in the URL itself. • The query_string is organised in some way called URL encoding.

  11. If I include the form in my html document in the following way <form action=“http://www.sbu.ac.uk/cgi-bin/cgiwrap/~zhaoza/test.cgi method=“get”> Enter some test here <input type="text" name="sample_text" size=30> <p>My name is<input type="text" name="myname" size=30> <input type="submit"><p></form> • When click on the submit query button, the URL should look like this: http://www.sbu.ac.uk/cgi-bin/cgiwrap/~zhaoza/test.cgi?sample_text= This+is+a+22%test22%&myname=zhao

  12. URL Encoding rules • Values appears immediately after a ? Mark • Items(values) are separated by & . • For each item(value), the value on the left of = is the actual name of the form field. The value on the right is whatever you typed into the input box. • Space is replaced with +. Other special non-alphanumeric characters aer escaped out with a %-code

  13. Normal Character URL Encoded String \t (tab) %09 \n (return) %0A / %2F ~ %7E : %3A ; %3B @ %40 & %26

  14. Split function In this example $ENV{‘QUERY_STRING’}=sample_text= This+is+a+22%test22%&myname=zhao Example to use split function: @values = split(/&/,$ENV{'QUERY_STRING'}); foreach $i (@values) { ($varname, $mydata) = split(/=/,$i); print "$varname = $mydata\n"; }

  15. CGIWrap • CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the http server. Scripts are run with the permissions of the user who owns the script. In addition, several security checks are performed on the script, which will not be executed if any checks fail.

More Related