CGI Presentation

CGI Sopan Shewale , sopan.shewale@gmail.com

A few Assumptions

Web Application

Web Server

Web Browser

HTML

Static Pages

Dynamic Pages

HTTP short discussion

URL

http:// www.persistentsys.com :80 /cgi/calender.cgi ? month=jan # week2 Scheme Host port Path Query Fragment

Request/Response Cycle

HTTP short discussion (Cont…)

First Line of http request contains “method”, “resource”, and version string of protocol.

Request Methods can be “GET”, “HEADER”, “POST”, “PUT”, “DELETE”, “CONNECT”, “OPTIONS”, “TRACE”

PUT and DELETE are not used in CGI

GET AND POST are best friends of CGI

HTTP short discussion (Cont…)

A few words about GET and POST

GET:

is the standard (intended) method to retrieve a document via HTTP on the WEB, should not have any side-effects.

Back-button issues because of GET request

You can notice query parameters in URL

POST:

Used with HTML forms to submit information

Always included a body containing the submitted information

You can not notice query parameters in URL

CGI: What is that?

HTTP is the common language that web browsers and web servers use to communicate with each other on the internet

CGI is a specification for transferring information between a Web Server and a CGI program

CGI is most common way for web servers to interact dynamically with Users

CGI scripts help Web Applications to create the Dynamic Pages

How a CGI Applications Work? CGI Application User Web Browser 1 2 3 4 HTTP Request HTTP Response CGI Program’s Response Call CGI Server Application (on Server)

How a CGI Applications Work?

When Web Server gets a request for a CGI script, the web server executes the CGI Script as an another process.

The Web Server Passes some parameters and collects the output.

The Output is sent back to the browsers just as it had been fetched from a static file.

Alternatives to CGI

Many Alternatives appeared-Some of them

Attempt to avoid the drawback of: Creating a separate process to execute the script every time it is requested.

Try to make a less of a distinction between HTML pages and code by moving code into HTML pages itself.

List goes as follow:

ASP: Created by Microsoft, ASP engine is integrated into the web server so it does not require to an additional process.

PHP: Programming Langauge, similar to Perl, supports embedded code within HTML pages .

Alternatives to CGI (cont…)

List goes as follow: (cont…)

Java servlets: Use Java Technology, so must be compiled as Classes before they are run, interface is quite different that CGI.

Mod_perl: Is a module for Apache web Server, avoids creating new instance of perl process for each CGI request. Mod_perl embeds the perl interpreter into web server-gives performance advantage.

Configuring Apache to Permit CGI

ScriptAlias

“ ScriptAlias” directive tells apache that a particular directory is set aside for CGI Programs. Apache assumes that every file in that directory is a CGI program

The ScriptAlias directive looks as follow:

Explicitly using Options to permit CGI Execution

One can explicitly use the Options directive, inside main configuration of Apache to specify the CGI execution is permitted in a particular directory:

ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin / <Directory /usr/local/apache/htdocs/somedir> Options +ExecCGI </Directory >

CGI Environment

CGI scripts generally executed with limited permission

CGI Scripts are given predefined environment variables that provide information about web server and client

For Perl, it’s available through %ENV hash

Example of Environment variables

SERVER_NAME: The servers hostname/ip

SERVER_PROTOCOL: The name and version of the protocol.

SERVER_PORT: The port number to which request was sent

REQUEST_METHOD: The method with witch the request was made

PATH_INFO:

SCRIPT_NAME

QUERY_STRING

CGI Environment (Cont…)

Example of Environment variables (cont…)

REMOTE_HOST

REMOTE_ADDR

AUTH_TYPE: if the server supports user authentication

REMOTE_USER: If the server supports users authentication, and the script is protected, this is the username they have authenticated as.

CONTENT_TYPE

CONTENT_LENGTH

Perl

CGI applications can be developed almost in any programming language, but Perl is popularly used

Perl is easy to Learn (at lease people say)

Easily portable and available on many platforms

Extremely powerful string manipulation (RE is powerful)

Countless Open Source Modules available on CPAN ( http://www.cpan.org )

CGI.pm module

Provides interface for most of the common CGI tasks.

Helps for

Parsing input parameters

outputting headers and a powerful/elegant way to output HTML code from scripts.

Handling Errors

Also supports Object Oriented Syntax

Simple Example:

#!/usr/bin/perl use strict; use warnings; use CGI; my $q = new CGI(); print $q->header("text/html"), $q->start_html("Welcome"), $q->p("Welcome to the world of CGI"), $q->end_html();

Handling Input with CGI.pm

$cgi->auth_type, $cgi->content_type, etc are methods to get information about environment

$cgi->param is the method to access parameters submitted to script-applies for both POST and GET method.

Modifying parameters is also possible (sometimes extremely useful)

$cgi->param( title=>”Sr. Member of Tech Staff”);

$cgi->delete(“title”);

$cgi->delete_all;

Handling Output with CGI.pm

Extremely useful for outputting headers and HTML with Perl

Headers

$cgi->header(-type=>”text/html”, -status=>”404 Not found”);

$cgi->header(-type=>”text/html”, -expires=>”+30m”);

HTML

Forms

Tables

start_html/end_html etc

Handling Errors with CGI.pm

Many times things does not work as planned

One can use CGI::Carp (included with CGI.pm)

For trapping the abnormal exists/crashes of the script

Displaying informative message on browser

Maintaining State

HTTP is a stateless protocol

The series of interactions that a particular user has with our site is a session.

The Client must pass unique identifier with each request

Using request line

Using header line

Using content(in case of post method)

Possible methods

Query strings and extra path information

Hidden Fields

Client Side Cookies (CGI::Session, CGI::Cookie modules are extremely useful to do this)

Authentication and Identification

Authentication

Can be supported by Web Servers

When used with Cookies/Sessions – Application can help with Authentication

Identification

If Web Servers handle Authentication

REMOTE_USER variable can be used to identify the user

If Applications handle creation of Sessions/Cookie

While authentication is done, User Name can be identified and set into the session at Server Side.

Example

Application which demonstrates CGI

Click Increase or Decrease button and track the count

Explain Back Button Issues

Reload Issues

Explain Cookie/Session-by walkthrough the code.

Example: Count Click Script #!/usr/bin/perl # ######################### ## Author: Sopan Shewale ### This script is created for giving demo on click count. ## The Script is support to display increse/decrease click's, handles back button of browser, does not handle reload stuff. ## also it's based on sessions. ######################## use strict; use warnings; use CGI; use CGI::Session; use CGI::Cookie; my $q = new CGI(); my $sessionid = $q->cookie("CGISESSID") || undef; my $session = new CGI::Session(undef, $sessionid, {Directory=>'/tmp'}); $sessionid = $session->id(); my $cookie = new CGI::Cookie(-name=>'CGISESSID', -value=>$sessionid, -path=>"/"); print $q->header('text/html', -cookie=>$cookie); print $q->start_html("Welcome to Click Count Demo"); print "<h1>Welcome to Click Count Demo</h1>"; my $count = $session->param('count'); ## count-is click count variable if(!defined($count)) { $session->param('count', 0); $count=0;} ### if session is first time created, set count=0 $session->param('count', $count); $count = $session->param('count'); #print "<h1>The Click Count is: $count "; ## Form stuff print $q->startform(-method=>'POST'); print $q->submit( -name=>"Increase", -value=>'Increase1'); print $q->submit( -name=>"Decrease", -value=>'Decrease1'); print $q->endform();

Example: Count Click Script (Cont…) ## Which button is being pressed my $which_button = $q->param('Increase'); if(defined ($which_button)) { print "Increase pressed"; $count = increase_count($count); ## Increase the count since increase button is clicked $session->param('count', $count); }else { $which_button=$q->param('Decrease'); if(defined($which_button)){ print "Decrease pressed"; $count = decrease_count($count); ## Decrease the count since decrease button is clicked $session->param('count', $count); } else {print "You have not pressed any button, seems you are typing/re-typing the same URL"; } } $count = $session->param('count'); print "<h1>The Click Count is: $count "; print $q->end_html(); ## increases the count by 1 sub increase_count { my $number = shift; $number = $number +1; return $number; } ## decreases the count by 1 sub decrease_count { my $number = shift; $number = $number -1; return $number; }

Example of Back- button Issue

What Next?