Upload
abel-wilson
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Comp2513Comp2513
Forms and CGI Server Forms and CGI Server ApplicationsApplications
Daniel L. Silver, Ph.D.Daniel L. Silver, Ph.D.
2002 Daniel L. Silver 2
ObjectivesObjectives
To discuss HTML Forms and CGI ScriptsTo discuss HTML Forms and CGI Scripts To introduce the concept of server To introduce the concept of server
applications and discuss their use as a part applications and discuss their use as a part of an E-Commerce infrastructureof an E-Commerce infrastructure
References: Ch. 2 Sharma (p.38-41),References: Ch. 2 Sharma (p.38-41),DDEA p.115-124 DDEA p.115-124
2002 Daniel L. Silver 3
OutlineOutline HTML FormsHTML Forms HTTP GET and POST MethodsHTTP GET and POST Methods CGI ServerApplicationsCGI ServerApplications Drawbacks of CGIDrawbacks of CGI Forms and JavascriptForms and Javascript CookiesCookies
2002 Daniel L. Silver 4
HTML FormsHTML Forms Forms are part of an HTML documentForms are part of an HTML document
<FORM ACTION =‘someApplication’><FORM ACTION =‘someApplication’>.. input elements like text fields, radio buttons, etc .... input elements like text fields, radio buttons, etc .... one or more submit buttons .... one or more submit buttons ..
</FORM></FORM> Simple form example: Simple form example: greet_shell2.htmlgreet_shell2.html User enters data, selects optionsUser enters data, selects options User sends request by clicking on a submit buttonUser sends request by clicking on a submit button Data is processed by Javascript or sent back to client Data is processed by Javascript or sent back to client
for processing using a CGI scriptfor processing using a CGI script The results returned to the browser as HTMLThe results returned to the browser as HTML
2002 Daniel L. Silver 5
CGI – Common Gateway InterfaceCGI – Common Gateway Interface
CGI is a standard for HTTP client to server CGI is a standard for HTTP client to server application communications that defines: application communications that defines: – How a client can request to run an application How a client can request to run an application
on a server and use specified input dataon a server and use specified input data– How the data is passed to the server applicationHow the data is passed to the server application– How the server application can pass the How the server application can pass the
response back to the clientresponse back to the client CGI is NOT a programming langaugeCGI is NOT a programming langauge
2002 Daniel L. Silver 6
Forms and CGI: ExamplesForms and CGI: Examples
A barebones CGI request for execution of a sever A barebones CGI request for execution of a sever
applicationapplication: : Hello_time.htmlHello_time.html Passing parameters to a program on a server via Passing parameters to a program on a server via
the CGI protocol: the CGI protocol: greet_shell.htmlgreet_shell.html
Combining forms and CGI: Combining forms and CGI: greet_shell2.htmlgreet_shell2.html
2002 Daniel L. Silver 7
How is User Data Passed How is User Data Passed to the Server?to the Server?
Either GET or POST HTTP method is usedEither GET or POST HTTP method is used See the forms tutorialSee the forms tutorial The default and the one used in the previous The default and the one used in the previous
example is GETexample is GET Recall … the HTTP Request HeaderRecall … the HTTP Request Header
GET /demo/Hello.html HTTP 1.0GET /demo/Hello.html HTTP 1.0Accept: text/plainAccept: text/plainAccept: text/htmlAccept: text/htmlUser-Agent: Mozilla/2.0User-Agent: Mozilla/2.0<CR/LF><CR/LF>
2002 Daniel L. Silver 8
How is User Data Passed How is User Data Passed to the Server?to the Server?
With the GET method, the browser With the GET method, the browser appends a “?” to the URL followed by the appends a “?” to the URL followed by the user entered FORM data. So you see:user entered FORM data. So you see:http://eagle.acadiau.ca/demo/cgi-bin/greet_shell.cgi?name=Dannyhttp://eagle.acadiau.ca/demo/cgi-bin/greet_shell.cgi?name=Danny
The server reads the data following the “?” The server reads the data following the “?” and makes it available in the form of and makes it available in the form of environment variable, QUERY_STRINGenvironment variable, QUERY_STRING
The CGI application on the server must The CGI application on the server must read and parse this environment variable read and parse this environment variable
2002 Daniel L. Silver 9
How is User Data Passed How is User Data Passed to the Server?to the Server?
With the POST method, the browser creates a With the POST method, the browser creates a message containing the user entered FORM data. message containing the user entered FORM data.
The message is sent to the server and forwards it The message is sent to the server and forwards it on to the requested application in the form of an on to the requested application in the form of an “input stream”“input stream”
The CGI application on the server must read and The CGI application on the server must read and parse the input streamparse the input stream
An example: An example: RequestParamExample.htmlRequestParamExample.html, , RequestParamExample.javaRequestParamExample.java
2002 Daniel L. Silver 10
POST versus Get MethodsPOST versus Get Methods
Advisable to use POSTAdvisable to use POST GET is limited to 1024 characters GET is limited to 1024 characters
(restricted by the environment variable size (restricted by the environment variable size limits) limits)
POST provides a first order level of securityPOST provides a first order level of security– Why?Why?
2002 Daniel L. Silver 11
Other Data Available at ServerOther Data Available at Server
The server application that reads the FORM The server application that reads the FORM data can also access other information data can also access other information provided by the CGI standard:provided by the CGI standard:– REMOTE_ADDR – the IP address of the clientREMOTE_ADDR – the IP address of the client– REMOTE_HOST – fully qualified URL of hostREMOTE_HOST – fully qualified URL of host– CONTENT_LENGTH – length of FORM dataCONTENT_LENGTH – length of FORM data– Checkout Checkout “Request Info” and “Request Headers” :“Request Info” and “Request Headers” :
http://eagle.acadiau.ca:8080/examples/servlets/http://eagle.acadiau.ca:8080/examples/servlets/
2002 Daniel L. Silver 12
CGI Server ApplicationsCGI Server Applications
A CGI Script can be any program that can A CGI Script can be any program that can execute on the serverexecute on the server– Shell script, Perl script, C, C++Shell script, Perl script, C, C++
– Perl Example: Perl Example: perl_greeting.htmlperl_greeting.html– Perl code: Perl code: perl_greeting.cgiperl_greeting.cgi
» NOTE: to see Perl code open in source viewNOTE: to see Perl code open in source view
2002 Daniel L. Silver 13
Drawbacks of CGIDrawbacks of CGI
Each time a CGI application is requested by Each time a CGI application is requested by an HTML page the server is requested to an HTML page the server is requested to start a separate process start a separate process
This is true even if it is a Java program This is true even if it is a Java program doThis.cgi :doThis.cgi : #!/bin/sh#!/bin/sh
java doThis.classjava doThis.class
A new JVM is started each timeA new JVM is started each time– Takes time to set up and take downTakes time to set up and take down– Uses memory resources on the serverUses memory resources on the server
2002 Daniel L. Silver 14
Forms and JavascriptForms and Javascript
Javascript was introduced by NetScapeJavascript was introduced by NetScape A client-side languageA client-side language Provides program logic embedded in HTML for Provides program logic embedded in HTML for
generation of dynamic webpages and minor generation of dynamic webpages and minor computationcomputation
Manipulation of objects in HTML page including Manipulation of objects in HTML page including the creation and the creation and movement of browser windowsmovement of browser windows
Most importantly allows validation of entered Most importantly allows validation of entered FORM data: FORM data: calculatorcalculator, greet_javascript, greet_javascript
2002 Daniel L. Silver 15
CookiesCookies
Recall the problem of web sessions being Recall the problem of web sessions being connectionlessconnectionless
TCP/IP is connection oriented but each TCP/IP is connection oriented but each HTTP request/response uses one such HTTP request/response uses one such connection and then terminatesconnection and then terminates
State is not maintained from page to pageState is not maintained from page to page Each item you order is a separate request Each item you order is a separate request So how does a E-Comm site know how to So how does a E-Comm site know how to
accumulate orders for you?accumulate orders for you?
2002 Daniel L. Silver 16
What’s a CookieWhat’s a Cookie
A Cookie is a small piece of data placed on a A Cookie is a small piece of data placed on a client system that is used by the server to identify client system that is used by the server to identify the clientthe client– Client, about to make a request to a server, checks to Client, about to make a request to a server, checks to
see if it has an associated cookiesee if it has an associated cookie» If cookie, then send it with the requestIf cookie, then send it with the request
– Server checks for cookie in requestServer checks for cookie in request» If cookie, then pass it to any applications calledIf cookie, then pass it to any applications called
– Server may create a new cookie and return it with the Server may create a new cookie and return it with the response to the clientresponse to the client
– Client receives response and checks for new cookieClient receives response and checks for new cookie» If cookie, then it saves it for this server URLIf cookie, then it saves it for this server URL
2002 Daniel L. Silver 17
Cookies are not programs …Cookies are not programs …
Contain 4K of text or lessContain 4K of text or less There limits stored by a browser (default: There limits stored by a browser (default:
20 per site, 300 in total, oldest are deleted)20 per site, 300 in total, oldest are deleted) Only the originating domain can ever use Only the originating domain can ever use
the contents of their cookiesthe contents of their cookies Written with or without an expiry dateWritten with or without an expiry date Turn on your browser’s cookie warnings to Turn on your browser’s cookie warnings to
observe how frequent they are usedobserve how frequent they are used
2002 Daniel L. Silver 18
Break down of a CookieBreak down of a Cookie
C:\Program Files\Netscape\ Users\defaultuser\cookies.txtC:\Program Files\Netscape\ Users\defaultuser\cookies.txt www.goto.com FALSE / FALSEwww.goto.com FALSE / FALSE 1293231196 UserID 1293231196 UserID
7481BA1DC3F68F71 7481BA1DC3F68F71 First First Boolean valueBoolean value ( (FALSEFALSE) indicates whether the cookie ) indicates whether the cookie
is available throughout the domain, the second denotes is available throughout the domain, the second denotes whether the cookie data should be transmitted only over whether the cookie data should be transmitted only over secure channelssecure channels
12932311961293231196 is the expiry date = milliseconds since 1970 is the expiry date = milliseconds since 1970 UserIDUserID is the cookie name is the cookie name 7481BA1DC3F68F717481BA1DC3F68F71 is the cookie data is the cookie data
2002 Daniel L. Silver 19
Cookies are UsefulCookies are Useful
Saving user preferences and profileSaving user preferences and profile Remembering pages visited and whenRemembering pages visited and when Greeting people by name Greeting people by name Notifying visitor of changes since last visit Notifying visitor of changes since last visit Retaining data from one page (or frame) to Retaining data from one page (or frame) to
anotheranother Using server side code cookie data can be used Using server side code cookie data can be used
track user visits and movement patternstrack user visits and movement patterns
2002 Daniel L. Silver 20
Cookie ExamplesCookie Examples
Javascript (client controlled) example: Javascript (client controlled) example: Samplecookie1.htmSamplecookie1.htm
Java servlet (server controled) example: Java servlet (server controled) example: Servercookies.htmlServercookies.html
2002 Daniel L. Silver 21
Web ReferencesWeb References
http://http://www.jmarshall.com/easy/cgiwww.jmarshall.com/easy/cgi// http://www.library.uq.edu.au/quik-it/pub_adv.html#formshttp://www.library.uq.edu.au/quik-it/pub_adv.html#forms http://www.nlc-bnc.ca/pubs/netnotes/notes19.htmhttp://www.nlc-bnc.ca/pubs/netnotes/notes19.htm http://hoohoo.ncsa.uiuc.edu/cgi/http://hoohoo.ncsa.uiuc.edu/cgi/ http://www.cgidir.com/http://www.cgidir.com/ http://cgi.resourceindex.com/ http://cgi.resourceindex.com/
THE ENDTHE END
[email protected]@acadiau.ca