1 / 34

itec 400 Perl CGI

itec 400 Perl CGI. George Vaughan Franklin University. Topics. Perl CGI CGI CGI Scripts in Apache Perl CGI Module (CGI.pm) Processing Parameters Tag Attributes Other HTML Components Linux Network Services xinetd sshd. CGI. CGI Stands for ‘Common Gateway Interface’

phong
Download Presentation

itec 400 Perl CGI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. itec 400Perl CGI George Vaughan Franklin University

  2. Topics • Perl CGI • CGI • CGI Scripts in Apache • Perl CGI Module (CGI.pm) • Processing Parameters • Tag Attributes • Other HTML Components • Linux Network Services • xinetd • sshd

  3. CGI • CGI Stands for ‘Common Gateway Interface’ • HTML files on the server provide ‘static’ content. • CGI scripts are one of several techniques for providing dynamic content. • CGI scripts can be used for transaction processing on the Web.

  4. CGI • CGI scripts are programs that run on the server. • CGI scripts generate context sensitive HTML output which is then sent to the browser. • CGI scripts can process user requests or parameters sent form the browser to the server.

  5. Perl CGI Scripts • CGI scripts can be written in a variety of languages, including Shell and Perl. • Perl is the preferred language for writing CGI scripts due to its text processing power. • The script prints strings to standard out. These strings usually contain HTML tags and web content. • Strings can get complicated since HTML tags also use punctuation such as double quotes.

  6. Perl CGI Module (CGI.pm) • You do not need the Perl CGI module (CGI.pm) to write CGI script in Perl. • However, CGI.pm provides a lot of CGI support to Perl scripts, such as: • Environment information • Form Input • File Uploads • HTML generation • Error Handling • We will see some of these features in upcoming examples…

  7. Creating CGI Scripts • On Einstein, you can execute CGI scripts within your home directory. • Set up the the following directories, as follows: • cd $HOME • mkdir public_html • chmod 705 public_html • cd $HOME/public_html • mkdir itec400 • chmod 705 itec400 • cd $HOME/public_html/itec400 • mkdir CGI • chmod 705 CGI • You will place your CGI scripts in this CGI directory. • If you have a scripts named myScript.cgi in the CGI directory, you can execute them by typing the following URL in your browser: http://cs.franklin.edu/~your-login-id/itec400/CGI/myScript.cgi • For example, since my login id is ‘vaughang’, I would use: http://cs.franklin.edu/~vaughang/itec400/CGI/myScript.cgi

  8. examples • In the next several slides we will study examples: ex1420.cgi and ex1420.cgi • ex1410.cgi is an example of using the object-oriented interface of the CGI module. • ex1420.cgi is an example of using the function-oriented interface of the CGI module. • Although the function-oriented interface is cleaner, you only have access to the default CGI object. • With the object-oriented interface you can have many CGI objects simultaneously. • CGI objects may also be saved in files or databases to preserve state.

  9. ex1410.cgi

  10. 0001: #!/usr/bin/perl -w 0002: 0003: use CGI; 0004: 0005: $cgi = new CGI; 0006: $time = localtime; 0007: 0008: print $cgi->header, 0009: $cgi->start_html("George's World"), 0010: $cgi->h1("Hello World!"), 0011: $cgi->h1("Local Server Time:"), 0012: $cgi->h1("$time"), 0013: $cgi->end_html; Notes: Line 3: Use the CGI perl module Line 5: Instantiant an object of type CGI Line 6: Get local time Line 8-13: Big print statement Line 8: generate HTML for header. Line 9: Generate HTML for title Lines 10-12: Generate HTML for level 1 header Line 13: Generate HTML to complete web page ex1410.cgi

  11. ex1410.cgi • Generated HTML from ex1410.cgi 0001: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> 0002: <html><head><title>George's World</title> 0003: </head><body> 0004: <h1>Hello World!</h1> 0005: <h1>Local Server Time:</h1> 0006: <Sun Dec 5 20:14:35 2004</h1> 0007: </body></html>

  12. 0001: #!/usr/bin/perl -w 0002: 0003: use CGI ":standard"; 0004: 0005: $time = localtime; 0006: 0007: print header, 0008: start_html("George's World"), 0009: h1("Hello World!"), 0010: h1("Local Server Time:"), 0011: h1("$time"), 0012: end_html; Line 3: Use the CGI module with the “function-oriented” interface. This code produces the same results as ex1410.cgi ex1420.cgi

  13. Processing Parameters • With CGI.pm, we can process URL parameters that have been submitted to us from the browser. • We can read the value of a parameter named ‘myParam’: $value = param(“myParam”); • The next example illustrates this…

  14. ex1430.cgi • When I first go to the web page, this is what I see • The CGI script has a text field for me to type in the login Name.

  15. ex1430.cgi • In this example, I type ‘apache’ as an example and press the enter key.

  16. ex1430.cgi • The CGI script produces a listing of all processes owned by user ‘apache’

  17. 0001 #!/usr/bin/perl -w 0002 0003 use CGI; 0004 0005 use CGI ":standard"; 0006 0007 print header, 0008 start_html("ex1430"), 0009 h1("Active Processes for A User"), 0010 start_form, 0011 "Login Name: ", 0012 textfield("logname"), 0013 submit, 0014 end_form, 0015 hr; 0016 Line 10: Create form Line 12: Create an input field Line 13: Create a submit button Line 14: End the form Line 15: Generate a horizontal rule ex1430.cgi

  18. 0017 if ($logname = param("logname")) { 0018 open(PS_LIST, "ps -ef | egrep ^$logname |"); 0019 while ($line=<PS_LIST>) { 0020 print $line, p; 0021 } 0022 print hr; 0023 } Line 17: Test if ‘logname’ was set Line 18: Create an input pipe Line 19: print each line, followed by a new paragraph Line 22: print another horizontal rule. ex1430.cgi

  19. Tag Attributes • Many HTML Tags have attribute-value pairs within the tag itself, example: <H1 ALIGN=“LEFT”>Hello World!</H1> • Such a tag can be generated by invoking the following CGI member function: h1({-align=>left}, “Hello World!”) • Curly braces are used to distinguish between attributes and contents.

  20. Other HTML Components • CGI.pm provides functions for creating: • check boxes • groups of check boxes • groups of radio buttons • scrolling lists • pop-up menus • The next example, ex1440.cgi illustrates the use of radio buttons with CGI.pm…

  21. ex1440.cgi • When I go to the web page, the CGI script generates a text field for me to enter a decimal number

  22. ex1440.cgi • When I enter the decimal number ‘123456’ and press the ENTER key, the CGI script produces the following result…

  23. 0001 #!/usr/bin/perl -w 0002 0003 use CGI; 0004 0005 use CGI ":standard"; 0006 0007 print header, 0008 start_html("ex1440"), 0009 h1({-align=>center}, 0010 "Number Converter"), 0011 start_form, 0012 "Decimal Number: ", 0013 textfield("number"), 0014 p, 0015 radio_group( 0016 -name=>'base', 0017 -values=>['octal','hex'], 0018 -default=>'hex'), Line 8: Create a centered, level 1 header Line 15: create a group of radio buttons: button group name= base 2 buttons default button is ‘hex’ ex1440.cgi

  24. 0019 p, 0020 submit, 0021 end_form, 0022 hr; 0023 0024 if ($number = param("number")) { 0025 $base = param("base"); 0026 if ($base eq "hex") { 0027 printf("%d (dec) = %x (hex)", 0028 $number, $number); 0029 } 0030 else { 0031 printf("%d (dec) = %o (octal)", 0032 $number, $number); 0033 } 0034 print hr; 0035 } Line 24: Only process request if user entered a number. Line 26: based on radio button selection, print value either in hex or octal. ex1440.cgi

  25. Linux Network Services • The following discussion is based on Red Hat 9.0 (may be applicable to other distributions) • Focus will be on telnet and ftp

  26. xinetd • Historically, each network service is supported by its own daemon process or processes. • A telnet daemon would support the telnet service, the ftp daemon would support the ftp process, etc. • Many daemons are running, often not being used. • Each service had to worry about security from the point of connection

  27. xinetd • inetd (precursor to xinetd) was created to address the issue of the abundance of network service daemons. • inetd was designed to listen on ports for network service requests. • when a request arrived at a port, inetd would fork the appropriate process (ftp, telnet, etc) to service the request. • Therefore services like ftp, telnet, etc were no longer daemons - they are now transient processes.

  28. xinetd • xinetd stands for eXtended InterNET services Daemon. • Created by Panos Tsirigotis at the University of Colorado. • More secure than inetd - designed to prevent Denial of Service attacks. • Can control access by: • address of remote host • time of access • name of remote host • domain of remote host • xinetd is sometimes referred to as the “super-server”.

  29. 0001: # 0002: # Simple configuration file for xinetd 0003: # 0004: # Some defaults, and include /etc/xinetd.d/ 0005: 0006: defaults 0007: { 0008: instances = 60 0009: log_type = SYSLOG authpriv 0010: log_on_success = HOST PID 0011: log_on_failure = HOST 0012: cps = 25 30 0013: } 0014: 0015: includedir /etc/xinetd.d 0016: xinetd is the name of the daemon process. xinetd config file: /etc/xinetd.conf instances: max number of simultaneous servers for a given service cps: first number is max connections per second second number is number of seconds to wait before re-enabling service after cps has been exceeded. xinetd.conf

  30. xinetd.d • In addition to having a config file for the xinetd daemon itself, each supported service (ftp, telnet, etc) has its own config file in /etc/xinetd.d [root@localhost xinetd.d]# ls amanda cups-lpd eklogin ipop3 pop3s services time amandaidx daytime finger klogin rexec sgi_fam time-udp amidxtape daytime-udp gssftp krb5-telnet rlogin swat chargen dbskkd-cdb imap kshell rsh talk chargen-udp echo imaps ktalk rsync telnet comsat echo-udp ipop2 ntalk servers tftp

  31. xinetd.d • Example: What follows is the configuration file for telnet: 0001: # default: on 0002: # description: The telnet server serves telnet sessions; it uses \ 0003: # unencrypted username/password pairs for authentication. 0004: service telnet 0005: { 0006: flags = REUSE 0007: socket_type = stream 0008: wait = no 0009: user = root 0010: server = /usr/sbin/in.telnetd 0011: log_on_failure += USERID 0012: disable = no 0013: } 0014:

  32. SSHD • SSHD - OpenSSH SSH daemon • replaces rsh and rlogin • forks a new sshd daemon for each new connection • communication is encrypted • used on einstein and can comes configured on RedHat 9.0

  33. SSHD • SSHD supports: • ssh • similar to telnet • client uses tool like putty (Windows), ssh (Linux/Unix) • secure ftp • similar to ftp • client uses tool like winscp2 (Windows), sftp (Linux, Unix)

  34. References • CGI Programming with Perl by Scott Guelich, Shishir Gundavarum, and Gunther Birznieks, 2000. • http://www.perldoc.com/perl5.6.1/lib/CGI.html • http://www.xinetd.org/faq.html • http://www.linuxfocus.org/English/November2000/article175.shtml • http://www.macsecurity.org/resources/xinetd/tutorial.shtml • http://www.bgw.org/tutorials/operating_systems/linux/inetd_tour.php3

More Related