Notes for Class 8
advertisement
Internet / Intranet
Spring 2000
Class 8
Perl / CGI Scripting
Class 8 Agenda
Homework Discussion : Milestone #3
Presentations
CGI Scripting
Perl
Telnet / UNIX
Lab Work
Telnet
Basic UNIX
Perl
Brandeis University Internet/Intranet Spring 2000
2
CGI / Scripting
Scripts are Programs Run By the Server
CGI – Common Gateway Interface
Methodology For Server/Script Communication
Can Be Written in Any Language Supported By the Server
UNIX Origins
PERL is Most Common
Script Output is Returned to the Browser
Alternative Methodologies Exist
CGI is the Most Portable
PERL – Practical Extraction and Reporting Language
UNIX Based Scripting Language
Ported to Multiple Platforms
How Does Browser Know to Execute a Program?
Program is in a Script Directory
Typically cgi-bin (Apache)
Or By Extension (e.g. .pl, .cgi)
Scripts Must Have Executable Permissions
Brandeis University Internet/Intranet Spring 2000
3
Scripting Features
Scripts Can Have Input Parameters
Passed as Part of URL : ? Argument (Query String)
Special Characters Passed as % Ascii Hex Values
Name/Value Pairs : Separated by &
Variable
Passed in HTTP Header
Name/Value Pairs
Method = Post
HTML Forms
Passed in Cookies
Netscape Origins, Now Widely Adopted
Name/Value Pairs Associated With a URL
Stored on Client Computer
Users May Turn off Cookies
Scripts Must Be Aware of How Parameters are Being Passed
Different Methodology to Access Each Method
Parameters Also Used to Maintain State Information
Help Track a “Session”
Brandeis University Internet/Intranet Spring 2000
4
Scripting Issues
Security Concerns
No Limits on What CGI Scripts May Access
Potential to Execute Any System Command
Hacker Can Cause Serious and Unforeseen Problems
Potential to Affect More Than Just Your Web Site
Many ISP’s Limit CGI Capabilities
Performance Concerns
CGI Scripts are Run as a Standalone Process
E.g. Interpreter is Loaded and Initialized Each Time
Alternative to Posting Forms
Mailto Option
Brandeis University Internet/Intranet Spring 2000
5
Perl
Why Should I Learn Perl?
S/W Engineers Need to Be Adept at Picking Up New Languages
Need a “Comfort Level” of Expertise
Ability to Write Basic Code
Ability to View/Modify Existing Code
Ability to Learn More as Needed
Develop Reference “Library”
Develop “Guru” Network
Large Public Archives of Perl Scripts
Perl Basics
Interpreted
Originally Used Primarily By UNIX Sys-Admins
“Public Domain”
The preferred language for CGI Scripts
PERL is Relatively Portable
Activestate ActivePerl (Windows / IIS)
UNIX specific scripts dominate (Uses UNIX O/S Commands)
Brandeis University Internet/Intranet Spring 2000
6
Perl 101
C-like
Lines end with ;
Syntax of Print statement is very similar
Pointers and indirection
VB-like
Untyped (except for arrays)
Associative arrays
UNIX-like
“Tricks”
e.g. $a = <> retrieves a line of input from stdin
support for regular expressions
doublequotes vs. singlequotes
all examples must contain foo
Perl-Like
Variables begin with $
Comments begin with #
Subroutines Begin with &
Associative Arrays Begin with %
Brandeis University Internet/Intranet Spring 2000
7
Perl 102
Powerful Features
Can run “command line” commands on O/S (system, `xxx`)
Can create code on the fly (eval)
Subroutine Libraries
Powerful Features Make it a Target of Hackers
Print is the Most Important Command
Generate HTML Using Print Statements
print “text to print \n”
Don’t forget carriage returns: \n
First Line: #! /usr/local/bin/perl
Output has Mime content-type as first line, blank line
print “Content-type: text/html \n\n”;
Brandeis University Internet/Intranet Spring 2000
8
A Simple Perl Example
#! /usr/local/bin/perl
# First Perl
$myname=“Evan”;
print <<END;
Content-type: text/html
<HTML>
<HEAD>
<TITLE>
</TITLE>
</HEAD>
<BODY>
END
print “<H1>This is $myname ’s Test Perl Script.</H1>\n”;
print “<H2>Hello World</H2>\n”;
print “</BODY>\n”;
print “</HTML>\n”;
Brandeis University Internet/Intranet Spring 2000
9
Class Exercise: First Perl
Save This Locally as perl1.pl
Open a Command Prompt:
perl.exe perl1.pl
Once You Are Satisfied With the HTML Produced
Upload This via FTP to public_html/cgi-bin in your
ShoreNet Account
Remember to Transfer this In ASCII Mode!
Give the Script Execute Permissions For All
Right Button Click / chmod in WS_FTP
http://shell3.shore.net/~brinetxx/cgi-bin/perl1.pl
Brandeis University Internet/Intranet Spring 2000
10
Advanced Exercise
Create a Script Like the One in Stein p.481
Typo: for each should be foreach
Put it On Your Web Site
Remember to Give the Script the Appropriate Permissions
OPTIONAL Homework: Install a Perl Interpreter On
Your Local Machine
Read Stein Chapter 9. Skim Chapter 8.
Brandeis University Internet/Intranet Spring 2000
11
Telnet
Telnet is a Remote Login Protocol
Terminal Emulation
All Processing Occurs on Host
Command Line Interface
Port 23
Used Extensively for UNIX Machines / Multiuser
Systems
Why Do We Care?
Remote Administration of Web Site
Configuring Web Servers, Setting Permissions
Brandeis University Internet/Intranet Spring 2000
12
Sample Telnet Session
telnet world.std.com
Trying 192.74.137.5...
Connected to world.std.com.
Escape character is '^]'.
DNS Resolves the Name to an IP Address
Found the Telnet Server at This IP Address
UNIX System V.4 (world)
Host Information
login: evan
Login Successful
Password: xxxxx
Last login: Sun Jan 23 16:03:36 from fxtc2-c.std.com
Welcome to The World! A 24 x 250MHZ CPU 2.5GB SGI
Challenge XL
UNIX Command Prompt
world%
Brandeis University Internet/Intranet Spring 2000
13
UNIX - Background
UNIX Developed at AT&T Bell Labs – 1969
Multi-User / Multi-Tasking
Many Other Proprietary Operating Systems Existed
Schools Adopted UNIX as “Teaching” Environment
Schools Made Significant Additions and Changes
Standardization Efforts
Culture of Sharing / Helping / Working Together
Free Software Foundation, etc.
Put Source-Code in Public Domain
Many Other “Free” Add-Ons / Extensions
LINUX
UNIX Expects Technical Competence
Brandeis University Internet/Intranet Spring 2000
14
UNIX File Structure
Forward Slashes (/) to Separate Filenames, Directories
Case Sensitive File Names
Windows is Not
No Limit on Filename Size / Extensions
Extensions are by Convention
Root is “/”
User Home Directory is: “~/”
Symbolic Links / Aliases
Directories Can Be Spread Over Multiple Drives
Can Create Non-Hierarchical Structure
File Permissions
Read, Write, Execute
Separate Permissions for Owner, Group, All
Directories are Special Cases of Files
Execute Permissions = Able to Browse Directory
Brandeis University Internet/Intranet Spring 2000
15
Common Basic UNIX Commands
pwd : List the current working directory
More filename : List the Contents of a File
ls : Lists the files in a directory
ls –l
Permissions: drwxrwxrwx
d – If this is a directory
r,w,x – Read, Write, Execute
Owner, Group, Public
Owner, Filesize, Timestamp, Filename
cd – change directory
cd ~/
Change to Your Root Directory
chmod
Changes Permissions
Don’t Use This Command Until You’re Sure About It
Can Open Up Serious Security Holes
Brandeis University Internet/Intranet Spring 2000
16
More Unix Commands
man command
UNIX help
e.g. man ls
cat filename
List a file
command | more
All Output can be “piped” to Display one Screen at a Time
e.g. cat filename | more
Carriage return – next page
q – quit
cp path1 path2
Copy a File
mv path1 path2
Move a File. Useful for Renaming a file
Brandeis University Internet/Intranet Spring 2000
17
The UNIX chmod Command
“UNIX” Mode
chmod abc filename
Where a,b,c are digits from 0 to 7 (Bit Mask)
4 – Read, 2 – Write, 1 – Execute
a – owner, b – group, c- others
e.g. chmod 711 myscript.cgi
Sets permissions on file myscript.cgi so that:
It is readable, writable, and executable by owner
It is executable by all others.
An “Easier” Way
chmod u=rwx,g=x,o=x
u – owner (user), g – group, o – other (Not Owner!)
r – read, w –write, x – execute
Brandeis University Internet/Intranet Spring 2000
18
A Caveat
UNIX Culture – Developer Oriented
Read Access Often Given For Non-Confidential Files
User Responsibility to Not Abuse It
Be Respectful When Not in Your User Directory
Brandeis University Internet/Intranet Spring 2000
19
Lab Work: Telnet
From a command prompt type: telnet
Connect/Remote System
Host Name: users.shore.net
Login: brinetxx [Your Shorenet Login]
Password: [Your Shorenet password]
ls –l
cd public_html
ls –l
cd bin
chmod perl1.pl 600
Try to access the Script Now
chmod perl1.pl 755
ls -l
cd ~/
ls –l
logout
Brandeis University Internet/Intranet Spring 2000
20
Reference Material
CGI / PERL
Stein Chapter 9
http://www.activestate.com/ActivePerl
Freeware ActivePerl Interpreter For Microsoft Platforms
http://www.shore.net/techtalk/referenceold/cgi.html
ShoreNet’s CGI Reference Page
http://www.webdeveloper.com/cgi-perl
CGI/Perl Portal
http://agora.leeds.ac.uk/Perl/start.html
A Perl tutorial
http://worldwidemart.com/scripts/
Free CGI Scripts (Matt’s Script Archive)
Brandeis University Internet/Intranet Spring 2000
21
Processing Forms – The Server Side
Target of Forms is Usually a CGI Script
Script Requirements
1. Parse the Data
2. Process the Data
3. Return Data to the User
Raw HTML or Another Form
Data Flow Options
Each Script Handles a Specific Form
Form in Plain HTML
Script in Perl
One Script Handles Multiple Forms
Selects Action Based on Data Passed In
All in Perl
Brandeis University Internet/Intranet Spring 2000
22
Scripting – Parsing Data
GET vs. PUT
Each Requires Different Logic
Parsing is Not Trivial
All Parameters Passed in On One Line
Each Name/Value Pair Separated by &
Name Separated From Value by =
Special Character Encoding Complicates It
E.g. Value May Contain &,=
Error Handling
Typically Use a Library to Parse Data
Public Domain
Cgi.pm – Perl5 Object Oriented
Used by Stein
Cgi-lib.pl – Basic Perl
Used by Schapiro
Others
Brandeis University Internet/Intranet Spring 2000
23
CGI-LIB
http://cgi-lib.berkeley.edu/
Using This Library in Perl
Download Library From Website
Version 2.18 – Latest Version
More Robust
Supports Saving File Uploads as Files
Version 1.14 – Easier to Understand
Use This Version to Understand cgi-lib Code
Install it in cgi-bin Directory
Perl Code:
require (“cgi-lib.pl”);
&ReadParse();
More Perl Info
require – Includes Another File
%varname – Associative Arrays
Use Braces {} to Index, $ prefix
e.g. $varname { ‘keyname’ }
Brandeis University Internet/Intranet Spring 2000
24
ReadParse Subroutine in cgi-lib
ReadParse Subroutine
Reads in Both Get and Put Data
Converts Encoding to Plain Text
Puts Key/Value Pairs in %in
%in is an Associative Array
To Access a Value:
$in { ‘keyname’ }
To Access Each Key/Value Pair
foreach $keyname (sort keys (%in))
print “$keyname $in {$keyname };
}
Example
Brandeis University Internet/Intranet Spring 2000
25
In Class Exercise
Modify Last Weeks Script to Accept User Name via a Form
Step 1: Install cgi-lib in Your bin Directory
Make Sure to Set Permissions Correctly
Step 2: Make a Copy of perl1.pl
Name it perl2.pl
Step 3: Edit perl2.pl
Add these lines:
require (“cgi-lib.pl”);
&ReadParse();
Replace $myname=‘xxx’; with
$myname = $in { ‘username’ };
Copy it to Your Shorenet cgi-bin directory
Brandeis University Internet/Intranet Spring 2000
26
In Class Exercise (2)
Step 4: Create a Simple Form To Accept User Name
<html><head></head><body>
<form method=“post”
action=http://users.shore.net/~brinetxx/cgi-bin/perl2.pl>
Enter name: <input type=“text” name=“username”
value=“default”><br>
<input type=“submit” Value=“submit”>
</form>
</body></html>
Copy it to Your Shorenet Public_html Directory
Step 5: Try It!
When You Are Done
Review Sample Scripts / Demos
Brandeis University Internet/Intranet Spring 2000
27
