Internet / Intranet Spring 2000

whooploafSoftware and s/w Development

Dec 13, 2013 (3 years and 10 months ago)

77 views

Internet / Intranet


Spring 2000

Class 8

Perl / CGI Scripting



Brandeis University Internet/Intranet Spring 2000

2

Class 8 Agenda

Homework Discussion : Milestone #3

Presentations

CGI Scripting

Perl

Telnet / UNIX

Lab Work

Telnet

Basic UNIX

Perl

Brandeis University Internet/Intranet Spring 2000

3

CGI / Scripting

Scripts are Programs Run By the Server

CGI


Common Gateway Interface

Methodology For Server/Script Communication

Can Be Written in Any Language Supported By the Server

UNIX Origins

PERL is Most Common

Script Output is Returned to the Browser

Alternative Methodologies Exist

CGI is the Most Portable

PERL


Practical Extraction and Reporting Language

UNIX Based Scripting Language

Ported to Multiple Platforms

How Does Browser Know to Execute a Program?

Program is in a Script Directory

Typically cgi
-
bin (Apache)

Or By Extension (e.g. .pl, .cgi)

Scripts Must Have Executable Permissions

Brandeis University Internet/Intranet Spring 2000

4

Scripting Features

Scripts Can Have Input Parameters

Passed as Part of URL :
?

Argument (Query String)

Special Characters Passed as
%

Ascii Hex Values

Name/Value Pairs : Separated by
&

Variable

Passed in HTTP Header

Name/Value Pairs

Method = Post

HTML Forms

Passed in Cookies

Netscape Origins, Now Widely Adopted

Name/Value Pairs Associated With a URL

Stored on Client Computer

Users May Turn off Cookies

Scripts Must Be Aware of How Parameters are Being Passed

Different Methodology to Access Each Method

Parameters Also Used to Maintain State Information

Help Track a “Session”

Brandeis University Internet/Intranet Spring 2000

5

Scripting Issues

Security Concerns

No Limits on What CGI Scripts May Access

Potential to Execute
Any

System Command

Hacker Can Cause Serious and Unforeseen Problems

Potential to Affect More Than Just Your Web Site

Many ISP’s Limit CGI Capabilities

Performance Concerns

CGI Scripts are Run as a Standalone Process

E.g. Interpreter is Loaded and Initialized Each Time

Alternative to Posting Forms

Mailto Option

Brandeis University Internet/Intranet Spring 2000

6

Perl

Why Should I Learn Perl?

S/W Engineers Need to Be Adept at Picking Up New Languages

Need a “Comfort Level” of Expertise

Ability to Write Basic Code

Ability to View/Modify Existing Code

Ability to Learn More as Needed

Develop Reference “Library”

Develop “Guru” Network

Large Public Archives of Perl Scripts

Perl Basics

Interpreted

Originally Used Primarily By UNIX Sys
-
Admins

“Public Domain”

The preferred language for CGI Scripts

PERL is Relatively Portable

Activestate ActivePerl (Windows / IIS)

UNIX specific scripts dominate (Uses UNIX O/S Commands)

Brandeis University Internet/Intranet Spring 2000

7

Perl 101

C
-
like

Lines end with ;

Syntax of Print statement is very similar

Pointers and indirection

VB
-
like

Untyped (except for arrays)

Associative arrays

UNIX
-
like

“Tricks”

e.g. $a = <> retrieves a line of input from stdin

support for regular expressions

doublequotes vs. singlequotes

all examples must contain foo

Perl
-
Like

Variables begin with $

Comments begin with #

Subroutines Begin with &

Associative Arrays Begin with %

Brandeis University Internet/Intranet Spring 2000

8

Perl 102

Powerful Features

Can run “command line” commands on O/S (system, `xxx`)

Can create code on the fly (eval)

Subroutine Libraries

Powerful Features Make it a Target of Hackers

Print is the Most Important Command

Generate HTML Using Print Statements

print “text to print
\
n”

Don’t forget carriage returns:
\
n

First Line: #! /usr/local/bin/perl

Output has Mime content
-
type as first line, blank line

print “Content
-
type: text/html
\
n
\
n”;

Brandeis University Internet/Intranet Spring 2000

9

A Simple Perl Example

#! /usr/local/bin/perl

# First Perl

$myname=“Evan”;

print <<END;

Content
-
type: text/html


<HTML>

<HEAD>

<TITLE>

</TITLE>

</HEAD>

<BODY>

END

print “<H1>This is $myname ’s Test Perl Script.</H1>
\
n”;

print “<H2>Hello World</H2>
\
n”;

print “</BODY>
\
n”;

print “</HTML>
\
n”;


Brandeis University Internet/Intranet Spring 2000

10

Class Exercise: First Perl

Save This Locally as perl1.pl

Open a Command Prompt:

perl.exe perl1.pl


Once You Are Satisfied With the HTML Produced

Upload This via FTP to public_html/cgi
-
bin in your
ShoreNet Account

Remember to Transfer this In ASCII Mode!

Give the Script Execute Permissions For All

Right Button Click / chmod in WS_FTP



http://shell3.shore.net/~brinetxx/cgi
-
bin/perl1.pl


Brandeis University Internet/Intranet Spring 2000

11

Advanced Exercise

Create a Script Like the One in Stein p.481

Typo: for each should be foreach

Put it On Your Web Site

Remember to Give the Script the Appropriate Permissions

OPTIONAL Homework: Install a Perl Interpreter On
Your Local Machine

Read Stein Chapter 9. Skim Chapter 8.



Brandeis University Internet/Intranet Spring 2000

12

Telnet

Telnet is a Remote Login Protocol

Terminal Emulation

All Processing Occurs on Host

Command Line Interface

Port 23

Used Extensively for UNIX Machines / Multiuser
Systems

Why Do We Care?

Remote Administration of Web Site

Configuring Web Servers, Setting Permissions

Brandeis University Internet/Intranet Spring 2000

13

Sample Telnet Session

telnet world.std.com




Trying 192.74.137.5...

Connected to world.std.com.

Escape character is '^]'.



UNIX System V.4 (world)



login:
evan

Password:
xxxxx

Last login: Sun Jan 23 16:03:36 from fxtc2
-
c.std.com


Welcome to The World! A 24 x 250MHZ CPU 2.5GB SGI
Challenge XL

world%

DNS Resolves the Name to an IP Address

Found the Telnet Server at This IP Address

Host Information

Login Successful

UNIX Command Prompt

Brandeis University Internet/Intranet Spring 2000

14

UNIX
-

Background

UNIX Developed at AT&T Bell Labs


1969

Multi
-
User / Multi
-
Tasking

Many Other Proprietary Operating Systems Existed

Schools Adopted UNIX as “Teaching” Environment

Schools Made Significant Additions and Changes

Standardization Efforts

Culture of Sharing / Helping / Working Together

Free Software Foundation, etc.

Put Source
-
Code in Public Domain

Many Other “Free” Add
-
Ons / Extensions

LINUX


UNIX Expects Technical Competence




Brandeis University Internet/Intranet Spring 2000

15

UNIX File Structure

Forward Slashes (/) to Separate Filenames, Directories

Case Sensitive File Names

Windows is Not

No Limit on Filename Size / Extensions

Extensions are by Convention

Root is “/”

User Home Directory is: “~/”

Symbolic Links / Aliases

Directories Can Be Spread Over Multiple Drives

Can Create Non
-
Hierarchical Structure

File Permissions

Read, Write, Execute

Separate Permissions for Owner, Group, All

Directories are Special Cases of Files

Execute Permissions = Able to Browse Directory

Brandeis University Internet/Intranet Spring 2000

16

Common Basic UNIX Commands

pwd : List the current working directory

More filename : List the Contents of a File

ls : Lists the files in a directory

ls

l

Permissions: drwxrwxrwx

d


If this is a directory

r,w,x


Read, Write, Execute

Owner, Group, Public

Owner, Filesize, Timestamp, Filename

cd


change directory

cd ~/

Change to Your Root Directory

chmod

Changes Permissions

Don’t Use This Command Until You’re Sure About It

Can Open Up Serious Security Holes

Brandeis University Internet/Intranet Spring 2000

17

More Unix Commands

man command

UNIX help

e.g. man ls

cat filename

List a file

command | more

All Output can be “piped” to Display one Screen at a Time

e.g. cat filename | more

Carriage return


next page

q


quit

cp path1 path2

Copy a File

mv path1 path2

Move a File. Useful for Renaming a file


Brandeis University Internet/Intranet Spring 2000

18

The UNIX chmod Command

“UNIX” Mode

chmod abc filename

Where a,b,c are digits from 0 to 7 (Bit Mask)

4


Read, 2


Write, 1


Execute

a


owner, b


group, c
-

others

e.g. chmod 711 myscript.cgi

Sets permissions on file myscript.cgi so that:

It is readable, writable, and executable by owner

It is executable by all others.

An “Easier” Way

chmod u=rwx,g=x,o=x

u


owner (user), g


group, o


other (
Not

Owner!)

r


read, w

write, x


execute

Brandeis University Internet/Intranet Spring 2000

19

A Caveat

UNIX Culture


Developer Oriented

Read Access Often Given For Non
-
Confidential Files

User Responsibility to Not Abuse It

Be Respectful When Not in Your User Directory


Brandeis University Internet/Intranet Spring 2000

20

Lab Work: Telnet

From a command prompt type: telnet

Connect/Remote System

Host Name: users.shore.net

Login:
brinetxx

[Your Shorenet Login]

Password: [Your Shorenet password]

ls

l

cd public_html

ls

l

cd bin

chmod perl1.pl 600

Try to access the Script Now

chmod perl1.pl 755

ls
-
l

cd ~/

ls

l

logout

Brandeis University Internet/Intranet Spring 2000

21

Reference Material

CGI / PERL

Stein Chapter 9

http://www.activestate.com/ActivePerl

Freeware ActivePerl Interpreter For Microsoft Platforms


http://www.shore.net/techtalk/referenceold/cgi.html

ShoreNet’s CGI Reference Page


http://www.webdeveloper.com/cgi
-
perl

CGI/Perl Portal


http://agora.leeds.ac.uk/Perl/start.html

A Perl tutorial


http://worldwidemart.com/scripts/

Free CGI Scripts (Matt’s Script Archive)


Brandeis University Internet/Intranet Spring 2000

22

Processing Forms


The Server Side

Target of Forms is Usually a CGI Script

Script Requirements

1. Parse the Data

2. Process the Data

3. Return Data to the User

Raw HTML or Another Form

Data Flow Options

Each Script Handles a Specific Form

Form in Plain HTML

Script in Perl

One Script Handles Multiple Forms

Selects Action Based on Data Passed In

All in Perl






Brandeis University Internet/Intranet Spring 2000

23

Scripting


Parsing Data

GET vs. PUT

Each Requires Different Logic

Parsing is Not Trivial

All Parameters Passed in On One Line

Each Name/Value Pair Separated by &

Name Separated From Value by =

Special Character Encoding Complicates It

E.g. Value May Contain &,=

Error Handling

Typically Use a Library to Parse Data

Public Domain

Cgi.pm


Perl5 Object Oriented

Used by Stein

Cgi
-
lib.pl


Basic Perl

Used by Schapiro

Others

Brandeis University Internet/Intranet Spring 2000

24

CGI
-
LIB


http://cgi
-
lib.berkeley.edu/

Using This Library in Perl

Download Library From Website

Version 2.18


Latest Version

More Robust

Supports Saving File Uploads as Files

Version 1.14


Easier to Understand

Use This Version to Understand cgi
-
lib Code

Install it in cgi
-
bin Directory

Perl Code:

require (“cgi
-
lib.pl”);

&ReadParse();

More Perl Info

require


Includes Another File

%varname


Associative Arrays

Use Braces {} to Index, $ prefix

e.g. $varname { ‘keyname’ }


Brandeis University Internet/Intranet Spring 2000

25

ReadParse Subroutine in cgi
-
lib

ReadParse Subroutine

Reads in
Both

Get and Put Data

Converts Encoding to Plain Text

Puts Key/Value Pairs in %in

%in is an Associative Array

To Access a Value:

$in { ‘keyname’ }

To Access Each Key/Value Pair

foreach $keyname (sort keys (%in))

print “$keyname $in {$keyname };

}










Example

Brandeis University Internet/Intranet Spring 2000

26

In Class Exercise

Modify Last Weeks Script to Accept User Name via a Form


Step 1: Install cgi
-
lib in Your bin Directory

Make Sure to Set Permissions Correctly

Step 2: Make a Copy of perl1.pl

Name it perl2.pl

Step 3: Edit perl2.pl

Add these lines:

require (“cgi
-
lib.pl”);

&ReadParse();

Replace $myname=‘xxx’; with

$myname = $in { ‘username’ };

Copy it to Your Shorenet cgi
-
bin directory


Brandeis University Internet/Intranet Spring 2000

27

In Class Exercise (2)

Step 4: Create a Simple Form To Accept User Name



<html><head></head><body>

<form method=“post”
action=
http://users.shore.net/~brinetxx/cgi
-
bin/perl2.pl
>

Enter name: <input type=“text” name=“username”
value=“default”><br>

<input type=“submit” Value=“submit”>

</form>

</body></html>

Copy it to Your Shorenet Public_html Directory

Step 5: Try It!

When You Are Done

Review Sample Scripts / Demos