1 / 20

3.0.1.3.3 Introduction to CGI – Session 3

3.0.1.3.3 Introduction to CGI – Session 3. Introduction to CGI: Data persistence in CGI apps Keeping track on user Caching data Cookies: pieces of information stored on the user side ‘Live’ demo of a web application which uses it all. Introduction to the problem.

allistair-bates
Download Presentation

3.0.1.3.3 Introduction to CGI – Session 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 3.0.1.3.3 Introduction to CGI – Session 3 • Introduction to CGI: • Data persistence in CGI apps • Keeping track on user • Caching data • Cookies: pieces of information stored on the user side • ‘Live’ demo of a web application which uses it all 3.0.1.3.3 - Introduction to CGI

  2. Introduction to the problem • HTML - stateless protocol, as it doesn’t have a direct methods for tracking individual users. Practicing indirect method for tracking individual users is called maintaining state. Cases, where we need maintaining state: • Shopping cart: Internet stores • Caching the results of computationally intense analysis • Tracking the ‘clicking through’ (pages of the site which user requests using site’s hyperlinks) • Automatic login • Tracking the date of the last visit 3.0.1.3.3 - Introduction to CGI

  3. Possible solutions and tools • Hidden fields • <INPUT TYPE=“hidden” NAME=“Secret” VALUE=“foobar”> • Allow to pass variables between forms through multiple web pages, limited by • Temporary file names • Temporary file names and ids are necessary for unique identification of a user. • Special tools for data storage • Serialization tools like Storable help to record complex data structures effortlessly. • Client-side cookies • Although this technique has its own limitation – for example, users have to enable cookies in their browser – this method of identifying users on the web is very popular. 3.0.1.3.3 - Introduction to CGI

  4. Using hidden fields Hidden fields may be used for passing information betweenpages, containing forms (essentially, between forms) and are not visible in a browser. However, hidden fields are visible when user view HTML source. And, of course, CGI-style: <FORM NAME=“MY_FORM” ACTION=“my_form.cgi” METHOD=“POST”> .. .. <INPUT TYPE = “hidden” NAME = “id” VALUE = “e08a5676b1289a1787900cd6787cab” </FORM> print $q->hidden(-name => “id”, -value => “e08a5676b1289a1787900cd6787cab” ); 3.0.1.3.3 - Introduction to CGI

  5. Hidden fields example .. print header(-type=>"text/html");; print start_html(-title=>"Testing CGI"); my $name = param('Y_name'); my $age = param('Y_age'); if($name && $age){ print h2("Your name is $name and you are $age years old"), end_html; exit; }elsif($name){ print start_form(-action=>"hidden_test.cgi", -method=>"post"), "Enter Your Age:", textfield(-name =>"Y_age"), hidden(-name => "Y_name", -value=> $name), br; }else{ print start_form(-action=>"hidden_test.cgi", -method=>"post"), "Enter Your Name:", textfield(-name =>"Y_name"), br; } print submit(-name =>"Send_it", -value=>"Send"), end_form; print end_html; 3.0.1.3.3 - Introduction to CGI

  6. Using Digest::MD5 module for generation of session ids Digest::MD5 module • This module gives user the access to MD5 Message Digest algorithm which can digest a string of arbitrary length into 128-bit “fingerprint” or message digest. • $md5->hexdigest • The length of the returned string will be 32 and it will only contain characters from this set: '0'..'9' and 'a'..'f'. • $md5->b64digest • The length of the returned string will be 22 and it will only contain characters from this set: 'A'..'Z', 'a'..'z', '0'..'9', '+' and '/'. use Digest::MD5; my $md5 = new Digest::MD5; $md5->add(“A”, ”B”, .. $Z); The things you might want to add to md5: time, $$, random number 3.0.1.3.3 - Introduction to CGI

  7. An example of using Digest::MD5 In this example we concatenate all environment variables and digest these values into hexadecimal string #!/usr/local/bin/perl -w use strict; use CGI qw(:standard); use CGI::Carp qw(fatalsToBrowser); use Digest::MD5; my $md5 = new Digest::MD5; map{md5->add($_)} values %ENV; my $string = $md5->md5_hexdigest; print header(-type=>"text/html"), start_html(-title=>"MD5 test"), h2("Your session id is $string"), end_html; Your session id is 6df23dc03f9b54cc38a0fc1483df6e21 3.0.1.3.3 - Introduction to CGI

  8. Temporary file name generation • use POSIX qw(tmpnam); .. use POSIX qw(tmpnam); use IO::File; my $tmpfilename; opendir(DIR,"./tmp") or die "couldn't read from dir"; my @entries = readdir DIR; close DIR; while(1){ $tmpfilename = tmpnam(); map{if("/tmp/".$_ eq $tmpfilename){next;}} @entries; last; } my $fh = new IO::File; my @data = ("horse","duck","camel"); $fh->open(">.$tmpfilename") or die "Couldn't write to [$tmpfilename]\n"; for(@data){ print $fh $_."\n"; } $fh->close; /tmp/fileAfg78C 3.0.1.3.3 - Introduction to CGI

  9. Using temporary filename for storing data on a server • use IO::File • Provides a method for generating anonymous temporary filehandles • use Storable (store, retrieve); • Storable – module allowing serialization of data, i.e. recording and retrieving complex data structures as data stream (without parsing input or output) use IO::File; . . . my $tmp_fh = new_tmpfile IO::File; Temporary files get erased as soon as the script exits use Storable; store \%table, 'file'; $hashref = retrieve('file'); 3.0.1.3.3 - Introduction to CGI

  10. Locking files • Web is a multi-user environment • There might be a situation when different user might try to access the same file (i.e. simultaneously read and write to a file) • Insecure approach: use CGI; .. my $email = param(“email”) || “Anonymous”; my $comment = param(“comment”) || “No comments”; open FILE, “>> /usr/local/apache/data/guestbook.txt” or &printError(“Can not add an entry to the guestbook!”); print FILE “From $email: $comment\n\n”; close FILE; .. File locking allows to limit the access to a file to one user at a time 3.0.1.3.3 - Introduction to CGI

  11. Example of using flock() : simple .cgi counter use Fcntl qw(:flock); use CGI qw(:standard); my $file = 'counts.txt'; my $SEMAPHORE = $file.'.lck'; my $counts; open(S,">>$SEMAPHORE") or die "SEMAPHORE: $!"; flock(S,LOCK_EX) or die "flock() failed for $SEMAPHORE: $!"; if(open(FH,"$file")){ $counts = <FH>; close FH; } else{$counts = 0;} open(FH,">$file")or die "Can't open $file: $!"; print FH ++$counts; close FH; close S; print header, start_html('Counter Test'), h1("You are visitor $counts"), end_html; You are visitor 2002030 flock() does not protect files from writing, it works through giving a ‘notice’ to other processes which use flock() 3.0.1.3.3 - Introduction to CGI

  12. Cookies • Cookies were originally developed by Netscape and are small pieces of information which can be user id, the date of last visit of a webpage, etc. 3.0.1.3.3 - Introduction to CGI

  13. Syntax for setting a cookie • HTTP Cookie parameters: • Name -name The id for cookie • Value -value The value assigned for cookie • Domain -domain The browser will only return the cookie for URLs within this domain • Expires -expires This tells the browser when cookie expires • Path -path The browser will only return the cookie for URLs below this path • Secure -secure The browser will only return the cookie for secure URLs using https protocol my $cookie = $q->cookie(-name => “my_id”, -value => 12345, -domain => ”.bcgsc.ca”, -expires => “+1m”, -path => “/cgi”, -secure => 1 ); 3.0.1.3.3 - Introduction to CGI

  14. Setting and reading cookies print “Set-Cookie: $cookie\n”; CGI-style: print $q->header( -type => “text/html”, -cookie => $cookie); To read the cookie script passes a name to CGI method cookie: Remember that having cookies with the same name will result in reading only one cookie my $cookie = $q->cookie( -name => “my_cookie”); 3.0.1.3.3 - Introduction to CGI

  15. Example of using a cookie • .. • my $q = new CGI; • my $Page_Cookie; • my %Values = $q->cookie('page_values'); • my $name = $q->param('Name') || $Values{Name}; • my $title = $q->param('Title') || $Values{Title}; • my %Newvalues = (Name => $name || "", • Title => $title|| "“ • ); • unless(%Newvalues && $Newvalues{Name}){ • print $q->header(-type=>"text/html"), • $q->start_html(-title =>"Enter Name"), • $q->start_form(-name =>"Cookie_form", • -action=>"cookie.cgi", • -method=>"post"), • "Your Name", • $q->popup_menu(-name=>"Title", • $q->option(["Mr","Mrs","Ms","Dr"])), • $q->textfield(-name=>"Name"), • $q->br, • $q->submit(-name =>"Submit", • -value=>"send"), • $q->end_form, • $q->end_html; • exit; • } • .. 3.0.1.3.3 - Introduction to CGI

  16. Cookies (continues) • .. • $Page_Cookie = $q->cookie(-name =>'page_values', • -expires=>'+1d', • -value =>\%Newvalues • ); • print $q->header(-type =>"text/html", • -cookie=>$Page_Cookie), • $q->start_html(-title=>"Cookie Test"), • $q->h2("Hello $title $name!"), • $q->end_html; 3.0.1.3.3 - Introduction to CGI

  17. Summary on tools: • Generation of unique ids: • use Digest::MD5 • use POSIX qw(tmpnam) • use IO::File; • Caching data: • use Storable; • use Cache::Cache; • use DataDumper; • use Fcntl qw(flock); • Cookies: • $cookie = $q->cookie(-name=> “my_cookie”, -value=>$bar); • print $q->header(-type => “text/html”, -cookie=>$cookie); • $cookie = $q->cookie(‘my_cookie’); • .. • return $ENV{UNIQUE_ID} if exists $ENV{UNIQUE_ID}; 3.0.1.3.3 - Introduction to CGI

  18. Debugging CGI scripts Running Scripts from Command Line Depending on the version of CGI.pm file parameters to a script may be passed in two different ways: 2.56 and earlier - prompts for pairs of name=value finish input with Crl+D (Crl+Z in Windows) 2.57 and later: pass the parameter as arguments to your script localhost> ./my_script.cgi (offline mode: enter name=value pairs on standard input) item=foo price=bar It is also possible to use ptkdb debugger which is written using Tk library for GUI localhost> ./my_script.cgi item=foo price=bar 3.0.1.3.3 - Introduction to CGI

  19. Some good practices for coding CGI • Use strict Helps trap syntax abusage as using unquoted words in your statements, using symbolic links (they are evil, remember?) • Check the status of your system calls (open, eval, system) open (FILE, “/usr/local/apache/data/guestbook.txt”); • Trap die (use Carp module) use CGI::Carp(fatalsToBrowser) • Lock file (or use database connection) Avoid headaches by allowing user to access a file one by one • Set automatic flushing for buffer (especially when using system calls) $| = 1; 3.0.1.3.3 - Introduction to CGI

  20. 3.0.1.3.3 Introduction to CGI – Session 3 • Tools for maintaining state: • Hidden fields may be used to re-submit previously entered information • Temporary file names may be generated with POSIX • Cookies: use to save some user information on the client side 3.0.1.3.3 - Introduction to CGI

More Related