cgi programming n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
CGI Programming PowerPoint Presentation
Download Presentation
CGI Programming

Loading in 2 Seconds...

play fullscreen
1 / 112

CGI Programming - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

CGI Programming. The Common Gateway Interface (CGI) Generic script ... Client-server interaction ... Accessing Form Input ... Output from the Common Gateway Interface Forms and CGI Server Side Includes Hypermedia Documents Advanced forms and gateways ... Advanced Form Applications

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CGI Programming' - orlando-wolf


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cgi programming
CGI Programming
  • The Common Gateway Interface (CGI)
  • Generic script ...
  • Client-server interaction ...
  • Accessing Form Input ...
  • Output from the Common Gateway Interface
  • Forms and CGI
  • Server Side Includes
  • Hypermedia Documents
  • Advanced forms and gateways ...
  • Advanced Form Applications
  • Multiple Form Interaction
the common gateway interface cgi
The Common Gateway Interface (CGI)
  • What Is CGI? ...
  • CGI Applications ...
  • Some Working CGI Applications ...
  • Internal Workings of CGI ...
  • Configuring the Server ...
  • Programming in CGI ...
  • CGI Considerations ...
what is cgi
What Is CGI? ...
  • Communicate with other programs on server
  • Pass data to program
    • Process data
  • Response back to browser
  • Model ...
model
Model ...
  • Browser server application
cgi applications
CGI Applications ...
  • Interactive
    • User ask questions, run app's
  • Forms ...
  • Gateways ...
  • Virtual documents ...
forms
Forms ...
  • Subset of HTML
  • User supply information
  • Graphical widgets for form creation
    • Radio buttons, text fields, checkboxes, selection lists
  • Submit button send info to server
    • Execute program associated with form
  • Back-and-forth interaction
gateways
Gateways ...
  • Programs/scripts
  • Access info not readable by client
  • E.g., SQL queries to read database ...
  • E.g., Archie, WAIS, any other Internet info service
  • Use forms to query, search
    • Retrieve & display dynamic, virtual documents
virtual documents
Virtual documents ...
  • Create on the fly; response to info query
  • HTML, plain, image, audio
  • Simple example ...
  • More sophisticated example: Art gallery ...
simple example
Simple example ...
  • Welcome to IVPR's WWW Server!
  • You are visiting from cs.uml.edu. The load average on this machine is 1.25.
  • Happy navigating!
  • Dynamic information
more sophisticated example art gallery
More sophisticated example: Art gallery ...
  • Form for user info
  • Search field for user-searches
  • E-mail/store form info
  • Response
    • Image of requested painting w/info on painting
      • Form w/ image processing options
    • Or message: doesn't exist
some working cgi applications old
Some Working CGI Applications (old) ...
  • Lycos: www.lycos.com
  • Coloring book: www.ravenna.com/coloring
  • ArchiePlex gateway: http://pubweb.nexor.co.uk/public/archie/archieplex/archieplex.html
  • Guestbook with world map: www.cosy.sbg.ac.at/rec/guestbook
  • Japanese <-> English dictionary: www.wg.omron.co.jp/cgi-bin/j-e?SASE=jfield.html
    • or http://enterprise/ic.gc.ca/cgi-bin/j-e
internal workings of cgi
Internal Workings of CGI ...
  • Programs in cgi-bin, w/ certain file extensions (usually)
  • User open URL ==> client sends request to server, ask for file
  • Server tries to execute program in file
  • E.g., ...
  • Program gets input from STDIN ...
  • Program sends output on STDOUT ...
  • Out directly to client or via server ...
slide13
E.g., ...
  • GET /cgi-bin/welcome.pl HTTP/1.0
  • Accept: www/source
  • Accept: text/html
  • Accept: image/gif
  • User-Agent: Lynx/2.4 libwww/2.14
  • From: haim@cs.uml.edu
  • All files in cgi-bin recognized as programs
  • Data formats accepted by client
program gets input from stdin
Program gets input from STDIN ...
  • + UNIX environment variables
  • Input search string, format, length, remote host & user, other client info, server name, comm. protocol, server sw
program sends output on stdout
Program sends output on STDOUT ...
  • Program creates output/gives URL of existing
  • Send as data stream
    • HTTP header (at least format - HTML, plain text, gif, )
    • Blank line (= end of header)
    • Body (data in appropriate format - not modified by server)
out directly to client or via server
Out directly to client or via server ...
  • If complete HTTP header ==> directly to client
  • OW, to server
    • Adds complete header info
    • Sends to client using HTTP protocol
  • E.g., with complete header ...
  • E.g., with partial header ...
e g with complete header
E.g., with complete header ...

HTTP/1.0 OK

Date: Tuesday, 9-April-96 11:37:00 GMT

Server: NCSA/1.4.2

MIME-Version: 1.0

Content-type: text/html

Content-length: 2000

<HTML>

<HEAD><TITLE>Welcome to IVPR's WWW Server!</TITLE></HEAD>

<BODY>

<H1>Welcome!</H!>

.

.

</BODY>

</HTML>

e g with partial header
E.g., with partial header ...

Content-type: text/html

<HTML>

<HEAD><TITLE>Welcome to IVPR's WWW Server!</TITLE></HEAD>

<BODY>

<H1>Welcome!</H!>

.

.

</BODY>

</HTML>

configuring the server
Configuring the Server ...
  • ServerRoot
    • /usr/local/etc/httpd (in httpd.conf)
  • ScriptAlias
    • /cgi-bin/ /usr/local/etc/httpd/cgi-bin
  • E.g., http://domain/cgi-bin/welcome <--> /usr/local/etc/httpd/cgi-bin/welcome
  • Can have multiple CGI script directories
  • Can run programs anywhere (dangerous!) ...
can run programs anywhere dangerous
Can run programs anywhere (dangerous!) ...
  • AddType
    • application/x-httpd-cgi .pl .sh .cgi
  • In srm.conf ==> exec files w/ given extensions
programming in cgi
Programming in CGI ...
  • Which programming language? Features ...
  • AppleScript (Mac only) ...
  • C/C++ (UNIX, Mac, Windows) ...
  • C shell (UNIX only) ...
  • Tcl (UNIX only) ...
  • Visual Basic (Windows only) ...
  • Perl (UNIX, Mac, Windows) ...
which programming language features
Which programming language? Features ...
  • Ease of text manipulation
  • Interface w/other sw libs and utilities
  • Access environment variables (in UNIX)
applescript mac only
AppleScript (Mac only) ...
  • Integral part of MacOS 7.5 +
  • No inherent pattern matching
    • Extensions
  • Interface w/ other Mac app's through AppleEvents
    • E.g., present form to user, decode contents, query & search Microsoft FoxPro database
c c unix mac windows
C/C++ (UNIX, Mac, Windows) ...
  • No database extensions
  • No inherent pattern matching
    • Modules/function
  • +: Compiled
c shell unix only
C shell (UNIX only) ...
  • No pattern matching
    • ==> Must use e.g., sed or awk
  • uncgi sw tool (in C)
    • Decode form data + store in shell envi. vars.
  • No direct database access
  • Bugs & limitations
tcl unix only
Tcl (UNIX only) ...
  • Shell, tcsh
  • Simple constructs, a little more diff. than Perl
  • Extensions to database and graphic libs.
  • Supports regular expressions
    • Insufficient handling at compile time
visual basic windows only
Visual Basic (Windows only) ...
  • Communicate with other Windows programs
  • No string manipulations
perl unix mac windows
Perl (UNIX, Mac, Windows) ...
  • Most widely used
  • Highly portable
  • Powerful string manipulation op's, functions for binary data
  • Simple, concise constructs
  • Easy calling shells, equivalents of UNIX systems functions
  • Extensions (e.g., oraperl for Oracle)
  • Perl primer ...
cgi considerations
CGI Considerations ...
  • Data readable by client?
    • Text/HTML ok
    • Others: need gateway to translate
  • How to present?
    • E.g., Graphics, plots
generic script
Generic script ...
  • 1. Print header w/ Content-type declaration
  • 2. Print start of HTML doc.
  • 3. Try to get query string
  • 4. No string ==> user's 1st access
    • Create searchable doc. w/ <ISINDEX> or <FORM>
  • 5. Query string: create doc w/ result of request / ack request processed
  • 6. Print end of HTML doc, inc. signature
  • 7. Exit
  • skeleton.pl
client server interaction
Client-server interaction ...
  • Input to the Common Gateway Interface
input to the common gateway interface
Input to the Common Gateway Interface
  • Introduction ...
  • Using Environment Variables ...
introduction
Introduction ...
  • In CGI environment variables
    • Info about client, server, user
    • Form data from user
      • In environment variable / body of request
    • Add'l pathname info
using environment variables
Using Environment Variables ...
  • List of CGI Environment variables
    • Perl: %ENV associative array
  • Example: About this server ...
  • Example: Check the client browser ...
  • Restricting access for specified domains ...
  • User authentication and identification ...
  • Where did you come from? ...
example about this server
Example: About this server ...

about_this_server.pl

Typical output

<HTML>

<HEAD><TITLE>About this Server</TITLE></HEAD>

<BODY><H1>About this Server</H1>

<HR><PRE>

Server Name: cs.uml.edu

Running on Port: 80

Server Software: NCSA/1.4.2

Server Protocol: HTTP/1.0

CGI Revision: CGI/1.1

<HR></PRE>

</BODY></HTML>

restricting access for specified domains
Restricting access for specified domains ...
  • Different documents for internal, external users
  • restrict_domain.pl
user authentication and identification
User authentication and identification ...
  • Access restricted
  • Need user name & password
    • Unencrypted: DON'T use real
    • Server passes in REMOTE_USER env. var.
  • Identify users ...
identify users
Identify users ...
  • $remote_use = $ENV{'REMOTE_USER'};
  • if ($remote_user eq "haim") {
    • print "Who are you?", "\n"
  • } elseif ($remote_use eq "john") {
    • print "Hi John." "\n";
  • }
where did you come from
Where did you come from? ...
  • Last URL you were before coming here
  • HTTP_REFERER env. var. (from client)
  • referer.pl
  • Not all browsers set var.
  • Not set for first server accessed
  • Meaningless if accessed from bookmark / straight typing of URL
  • ==> Not entirely accurate
accessing form input
Accessing Form Input ...
  • Form interaction with CGI ...
  • Query strings ...
  • Simple form ...
  • GET and POST methods ...
  • Encoded data ...
  • Extra Path Information ...
  • Other Languages Under UNIX
  • Other Languages Under Microsoft Windows
  • Other Languages on Macintosh Servers
  • Examining Environment Variables
form interaction with cgi
Form interaction with CGI ...
  • Browser Server Application
query strings
Query strings ...
  • http://domain/cgi-bin/program?query-string
    • Call program
    • Store query-string (after ?) in QUERY_STRING
    • E.g., name.pl
      • http://domain/cgi-bin/name.pl?fortune
      • http://domain/cgi-bin/name.pl?finger
      • http://domain/cgi-bin/name.pl
  • Security warning ...
security warning
Security warning ...
  • Caution not to execute system commands
  • NEVER: print `$query_string`;
    • E.g., rm -fr /
    • ==> delete everything
simple form
Simple form ...
  • Form: simple_form.html
  • Script: unix.pl (GET version)
  • GET method ==>
    • All form data in URL ==>
    • Can also access directly
      • http://domain/cgi-bin/unix.pl?command=fortune
      • Same result as with form
get and post methods
GET and POST methods ...

POST: server sends data to program as input stream

<FORM ACTION="unix.pl" METHOD="POST">

==> Request

POST /cgi-bin/unix.pl HTTP/1.0

.

(header)

.

Content-length: 15

command=fortune

unix.pl (POST version, both version)

encoded data
Encoded data ...
  • GET ==> form info as part of URL
  • ==> No spaces, special character
  • ==> Encoding
  • HTML form ...
  • Clients issues request ...
html form
HTML form ...
  • birthday.html
  • <HTML>
  • <HEAD><TITLE>When's your birthday?</TITLE></HEAD>
  • <BODY>
  • <H1>When's your birthday?</H1>
  • <HR>
  • <FORM ACTION="birthday.pl" METHOD="POST">
  • Birthday (in the form of mm/dd/yy): <INPUT TYPE="text" NAME="birthday" SIZE=40>
  • <P>
  • <INPUT TYPE="submit" VALUE="Submit Form!">
  • <INPUT TYPE="reset" VALUE="Clear Form">
  • </FORM>
  • <HR>
  • </BODY>
  • </HTML>
clients issues request
Clients issues request ...

Enter: 08/30/53

POST /cgi-bin/birthday.pl HTTP/1.0

.

. (information)

.

Content-length: 21

birthday=08%2F30%2F53

Decode "%2F" to "/”

Program: birthday.pl ...

program birthday pl
Program: birthday.pl ...

#!/usr/local/bin/perl

$size_of_form_information = $ENV{'CONTENT_LENGTH'};

read (STDIN, $form_info, $size_of_form_information);

$form_info =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg; ...

($field_name, $birthday) = split (/=/, $form_info);

print "Content-type: text/plain", "\n\n";

print "Hey, your birthday is on: $birthday. That's what you told me, right?", "\n";

exit (0);

form info s da fa f da fa f pack c hex 1 eg
$form_info =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg; ...
  • s: substitute; starts with %
  • ( ): store in var. ($1)
  • 2 chars., [\dA-Fa-f]: digit or letter A-F (or a-f)
  • /pack ("C", hex ($1)): convert val. in $1 to ASCII equiv.
  • e: eval replacement string as expression
  • g: replace all occurrences of hexa. string
extra path information
Extra Path Information ...
  • Can pass as part of URL
  • Server needs to know where name of prog. ends
    • Understand that what's following is extra
  • http://domain/cgi-bin/display.pl/cgi/cgi_doc.txt
    • /cgi/cgi_doc.txt --> PATH_INFO
    • Set PATH_TRANSLATED, map info in PATH_INFO to doc. root dir.
    • Can use PATH_INFO + DOCUMENT_ROOT (not set by all servers
      • $path_translated = join ("/", $ENV{'DOCUMENT_ROOT'}, $ENV{'PATH_INFO'};
output from the common gateway interface
Output from the Common Gateway Interface
  • Overview ...
  • CGI and Response Headers ...
  • Accept Types and Content Types ...
  • The Content-length Header ...
  • Server Redirection ...
  • The “Expires” and “Pragma” Headers ...
  • Status Codes ...
  • Complete (Non-Parsed) Headers ...
overview
Overview ...
  • Execute program
  • Return output in a way browser can handle
  • Output to browser
    • Plain text / HTML
    • Graphics / binary
    • HTTP status codes
    • Tell server to send a document
cgi and response headers
CGI and Response Headers ...
  • Valid HTTP headers ...
  • Netscape-compatible headers ...
  • Complete list: http://www.w3.org/hypertext/WWW/Protocols/HTTP/Object_Headers.html
  • Header lines don't have to be in any special order
  • Header block must end with blank line
valid http headers
Valid HTTP headers ...
  • Content-length: in bytes
  • Content-type: MIME type
  • Expires: expiration date & time of doc. ==> reload
  • Location: server redirection
  • Pragma: Turn doc. caching on/off
  • Status: of request
netscape compatible headers
Netscape-compatible headers ...
  • Refresh: client reloads specified doc.
  • Set-cookie: client stores specified data
    • Keep track of data between requests
accept types and content types
Accept Types and Content Types ...
  • CGI can handle any type that client can
    • E.g., plain, HTML, PS, PDF, SGML, ...
  • Client sends list of "accept types"
    • Supports directly / via helper app's
  • Server stores in HTTP_ACCEPT
  • Code to check, accept JPEG or GIF? ...
code to check accept jpeg or gif
Code to check, accept JPEG or GIF? ...

#/usr/local/bin/perl

$gif_image = "logo.gif";

$jpeg_image = "logo.jpg";

$plain_text = "logo.txt";

$accept_types = $ENV{'HTTP_ACCEPT'};

if ($accept_types =~ m|image/gif|) {

$html_document = $gif_image;

} elseif ($accept_types =~ m|image/jpeg|) {

$html_document = $jpeg_image;

} else {

$html_document = $plain_text;

}

the content length header
The Content-length Header ...
  • Entire file: contents_length.pl
    • stat command to get contents length
    • 13 element array; [7] is file size in bytes
    • Good for small graphics, not for large
  • In pieces: gif_pieces.pl
server redirection
Server Redirection ...
  • Retrieve existing doc from somewhere
  • Send location header: tell server which doc.
  • Result appears as if client requested doc. not prog.
  • "Canned" response
  • E.g., thanks.html ...
  • Simple redirection code ...
  • Decide what gets returned based on ...
e g thanks html
E.g., thanks.html ...

<HTML>

<HEAD><TITLE>Thank You!</TITLE></HEAD>

<BODY>

<H1>Thank You!</H1>

<HR>

Thank You for filling out this form. We will be using your input to improve our products.

Thanks again,

WWW Software, Inc.

</BODY>

</HTML>

simple redirection code
Simple redirection code ...

#!/usr/local/bin/perl

print "Location: /thanks.html", "\n\n";

exit (0);

Can't return content type headers

Can return any location on web

decide what gets returned based on
Decide what gets returned based on ...

E.g., load

#!/usr/local/bin/perl

$uptime = `/usr/ucb/uptime`;

($load_average) = ($uptime =~ /average: ([^,]*)/);

$load_limit = 10.0;

$simple_document = "/simple.html";

$complex_document = "/complex.html";

if ($load_average >= $load_limit) {

print "Location: $simple_document", "\n\n";

} else {

print "Location: $complex_document", "\n\n";

}

exit (0);

the expires and pragma headers
The "Expires" and "Pragma" Headers ...
  • Caching stores virtual doc.
  • ==> CGI prog. not run again ==> out-of-date
  • E.g., click for date and time ...
  • Click again, date/time same, should be diff. ...
e g click for date and time
E.g., click for date and time ...

#!/usr/local/bin/perl

chop ($current_date = `/bin/date`);

$script_name = $ENV{'SCRIPT_NAME'};

print "Content-type: text/html", "\n\n";

print "<HTML>", "\n";

print "<HEAD><TITLE>Effects of Browser Caching</TITLE></HEAD>", "\n";

print "<BODY><H1>", $current_date, "</H1>", "\n";

print "<P>", qq|<A HREF="$script_name">Click here to run again!</A>|, "\n";

print "</BODY></HTML>", "\n";

exit (0);

click again date time same should be diff
Click again, date/time same, should be diff. ...
  • Contents from cached doc. rather than prog.
  • To fix, tell browser not to cache ...
  • Or cause to expire ...
  • But some browsers don’t handle correctly
to fix tell browser not to cache
To fix, tell browser not to cache ...

#!/usr/local/bin/perl

print "Content-type: text/html", "\n\n";

print "Pragma: no-cache", "\n\n";

or cause to expire
Or cause to expire ...

#!/usr/local/bin/perl

print "Content-type: text/html", "\n\n";

print “Expires: Tuesday, 16-April-96 17:30:00 GMT", "\n\n";

status codes
Status Codes ...
  • Codes ...
  • Example ...
codes
Codes ...
  • 200: Success
  • 204: No response ...
  • 301: Document moved
  • 401: Unauthorized
  • 403: Forbidden
  • 404: Not found
  • 500: Internal server error
  • 501: Not implemented
204 no response
204: No response ...
  • Don’t load new page
  • Good for invalid values in forms, or clicks on unassigned sections in imagemaps
  • E.g., ...
slide73
E.g., ...

#!/usr/local/bin/perl

print "Content-type: text/plain", "\n";

print "Status: 204 No Response", "\n\n";

print "You should not see this message. If you do, your browser does", "\n";

print "not implement status codes correctly.", "\n";

exit (0);

example
Example ...

#!/usr/local/bin/perl

$remote_host = $ENV{'REMOTE_HOST'};

print "Content-type: text/plain", "\n";

if ($remote_host eq "uml.edu") {

print "Status: 200 OK", "\n\n";

print "Great! You are from UMass Lowell!", "\n";

} else {

print "Status: 400 Bad Request", "\n\n";

print "Sorry! You need to access this from UMass Lowell!", "\n";

}

exit (0);

complete non parsed headers
Complete (Non-Parsed) Headers ...
  • So far, partial HTTP headers (Content-type)
  • Can generate complete header
  • ==> No overhead on server
    • Output goes directly CGI prog. --> client ...
    • ==> + Faster response
    • ==> – Careful! Server can’t avoid errors
    • Programs start with “nph-” (non-parsed header)
    • E.g., this will count in real time ...
    • But, with partial header, not! ...
e g this will count in real time
E.g., this will count in real time ...

#!/usr/local/bin/perl

$server_protocol = $ENV{'SERVER_PROTOCOL'};

$server_software = $ENV{'SERVER_SOFTWARE'};

print "$server_protocol 200 OK", "\n";

print "Server: $server_software", "\n";

print "Content-type: text/plain", "\n\n";

print "OK, Here I go. I am going to count from 1 to 50!", "\n";

for ($loop=1; $loop <= 50; $loop++) {

print $loop, "\n";

sleep (2);

}

print "All Done!", "\n";

exit (0);

but with partial header not
But, with partial header, not! ...
  • Leave only Content-type
  • Remove nph- from name
  • Result is entire document at once
forms and cgi
Forms and CGI
  • HTML Form Tags ...
  • Sending Data to the Server ...
  • Designing Applications Using Forms in Perl ...
  • Decoding Forms in Other Languages
html form tags
HTML Form Tags ...
  • <FORM ACTION="/cgi-bin/prog.pl" METHOD="POST">
  • <INPUT TYPE="text" NAME="name" VALUE="value" SIZE="size">
  • <INPUT TYPE="password" NAME="name" VALUE="value" SIZE="size">
  • <INPUT TYPE="checkbox" NAME="name" VALUE="value">
  • <INPUT TYPE="radio" NAME="name" VALUE="value">
  • <SELECT NAME="NAME" SIZE=1>
  • <OPTION SELECT>ONE
  • <OPTION>Two
  • </SELECT>
  • More form Tags ...
more form tags
More form Tags ...
  • <SELECT NAME="NAME" SIZE=n MULTIPLE>
  • <TEXTAREA ROWS=yy COLS=xx NAME="name">
  • </TEXTAREA>
  • <INPUT TYPE="submit" VALUE="Message">
  • <INPUT TYPE="submit" NAME="name" VALUE="value">
  • <INPUT TYPE="image" SRC="/image" NAME="name" VALUE="value">
  • <INPUT TYPE="reset" VALUE="Message">
sending data to the server
Sending Data to the Server ...
  • MIME type to encode form data: application/x-www-form-urlencoded
  • Equate each NAME with entered value
  • key-value_pair&key-value_pair&key-value_pair
  • text, password: value = user input [blank]
  • radio: value = [on]; unchecked ==> ignored
  • GET vs. POST ...
  • Decoding form data ...
get vs post
GET vs. POST ...
  • GET
    • + Access CGI prog. w/ query without a form
      • Pass parameters to program ...
      • Can send extra path info ...
    • – Query might get truncated
  • Post
    • + Unlimited query length
    • – No “canned” queries
pass parameters to program
Pass parameters to program ...
  • <A HREF="cgi-bin/prog.pl?user=Haim%20Levkowitz&Occupation=Professor">CGI Program</A>
  • Need to encode spaces, special char's
    • encode.pl (not a CGI prog!)
can send extra path info
Can send extra path info ...
  • <A HREF="cgi-bin/prog.pl/user=Haim%20Levkowitz/Occupation=Professor">CGI Program</A>
decoding form data
Decoding form data ...
  • REQUEST_METHOD: how data passed by client
    • GET: get QUERY_STRING / PATH_INFO from env. var.
    • POST: read CONTENT_LENGTH bytes from STDIN
  • Split query string on “&” (key=value&key=value ...)
  • Decode hexadec. and “+” in key-value pairs
  • Create key-value table, key as index
designing applications using forms in perl
Designing Applications Using Forms in Perl ...
  • Simple form: Testing A Form
    • Form: name.html
    • Program: greeting.pl
  • Combining graphics and queries
    • Form: color_text.html
    • Program: gd_text.pl
server side includes
Server Side Includes
  • Introduction ...
  • How SSI work? ...
  • Configuration ...
  • Environment Variables ...
  • Including Boilerplates ...
  • File Statistics ...
  • Executing External Programs ...
  • Executing CGI Programs ...
  • Tailoring SSI Output ...
  • Common Errors ...
introduction1
Introduction ...
  • Directives in HTML doc ...
  • Execute progs, output data, e.g., envi. vars.
  • Not all servers support
    • CERN: no; NCSA, Netscape: yes
    • fakessi.pl simulates
how ssi work
How SSI work? ...
  • Client request doc. from SSI-enabled server
  • Server parsed doc., returns evaluated doc. ...
  • No auto parsing of all files, only those configured
  • Powerful, but
    • Expensive: computational load parsing
    • Security risk: directives to exec risky sys commands
configuration
Configuration ...
  • Extensions of files server should parse (srm.conf) ...
  • Access configuration (access.conf) ...
extensions of files server should parse srm conf
Extensions of files server should parse (srm.conf) ...
  • .shtml:
    • AddType text/x-server-parsed-html .shtml
  • All HTML:
    • AddType text/x-server-parsed-html .html
      • ==> Performance degradation
access configuration access conf
Access configuration (access.conf) ...
  • Includes: embed SSI directives to display env. vars. & file stats. in HTML docs.
  • Exec: execute external programs from HTML docs.
  • Options Includes ExecCGI
  • Options IncludesNoExec
environment variables
Environment Variables ...
  • <!--#echo var="ENVIRONMENT_VAR"-->
  • DOCUMENT_NAME current file
  • DOCUMENT_URI virtual path to file
  • QUERY_STRING_UNESCAPED undecoded query string, shell metachars escaped w “\”
  • DATE_LOCAL current date & time (local)
  • DATE_GMT current date & time (GMT)
  • LAST_MODIFIED last mod’n date & time
including boilerplates
Including Boilerplates ...
  • Include file in HTML doc
  • <!--#include file="file.ext"-->
file statistics
File Statistics ...
  • The size of the file is <!--#fsize file="file.ext"--> bytes
  • It was last modified on <!--#flastmod file="file.ext"--> .
executing external programs
Executing External Programs ...
  • Execute CGI / sys program
  • Output in HTML doc
  • Welcome <!--#echo var"REMOTE_USER"-->. Here is some info about you:
  • <PRE><!--#exec cmd="/usr/ucb/finger $REMOTE_USER@REMOTE_HOST"--></PRE>
  • ==> Finger user in var.
  • WARNING: strip SSI commands from input
    • E.g., <!--#exec cmd="/bin/rm -fr /"-->
executing cgi programs
Executing CGI Programs ...
  • E.g., access counter
  • This page has been accessed <!--#exec cgi="/cgi-bin/counter.pl"--> times
tailoring ssi output
Tailoring SSI Output ...
  • <!--#config errmsg="Error, contact SysAdmin"-->
  • <!--#config sizefmt="abbrev"-->
  • <!--#config timefmt="%D %r"-->
    • %D: Date as “%m/%d/%y” (04/16/96)
    • %r: Time as “%I:%M:%S AM | PM” (05:00:00 PM)
  • 21 SSI Time formats
    • Table omitted
common errors
Common Errors ...
  • <!--echo var="REMOTE_USER"-->
    • No “#”
  • <!-- #echo var="REMOTE_USER"-->
    • Space between “-” and “#”
  • ==> Whole expression treated as HTML comment
    • No error message!
hypermedia documents
Hypermedia Documents
  • Graphics creation and manipulation w/ CGI
  • Creating Dynamic Home Pages ...
  • CGI Examples with PostScript ...
  • The gd Graphics Library
  • CGI Examples with gnuplot
  • CGI Examples with pgperl
  • Animation ...
creating dynamic home pages
Creating Dynamic Home Pages ...
  • Creating Dynamic Home Pages ...Tell server to exec CGI prog ...
  • E.g., greeting with time of access
    • homepage_welcome.pl
creating dynamic home pages1
Creating Dynamic Home Pages ...
  • Tell server to exec CGI prog
  • Instead of displaying HTML file
  • In srm.conf:
    • AddType application/x-httpd-cgi index.html
  • CERN server (httpd.conf):
    • Exec /index.html /usr/local/etc/httpd/cgi-bin/index.pl
cgi examples with postscript
CGI Examples with PostScript ...
  • Dynamic graphics
  • PostScript on screen same as on page
  • Run through interpreter (browsers don't handle PS)
    • E.g., GNU GhostScript (http://www.phys.ufl.edu/docs/goodies/unix/previewers/ghostscript.html)
      • ==> GIF image to browser
  • E.g., http://domain/cgi-bin/ps_time.pl
  • Or <IMG SRC="/cgi-bin/ps_time.pl">
animation
Animation ...
  • Client pull ...
  • Server push ...
client pull
Client pull ...
  • New HTTP connection for ea. requested doc
  • E.g. display time continuously w/ HTML ...
  • And with Perl ...
  • E.g., random fortune message every 10 secs. ...
e g display time continuously w html
E.g., display time continuously w/ HTML ...

<META HTTP-EQUIV="Refresh" CONTENT=5>

<!--#echo var="DATE_LOCAL"-->

and with perl
And with Perl ...
  • #!/usr/local/bin/perl
  • $delay = 5;
  • $date = "/bin/date";
  • print "Refresh: ", $delay, "\n";
  • print "Content-type: text/plain", "\n\n";
  • print `$date`;
  • exit(0);
e g random fortune message every 10 secs
E.g., random fortune message every 10 secs. ...

#!/usr/local/bin/perl

$fortune = "/usr/local/bin/fortune";

$refresh_time = 10;

print "Refresh: ", $refresh_time, "\n";

print "Content-type: text/plain", "\n\n";

print "Here is another fortune...", "\n";

print `$fortune`;

exit(0);

server push
Server push ...
  • Connection open till all data received
  • multipart/x-mixed-replace MIME type
  • E.g., server_push.pl