Common Gateway Common Gateway Interface MechanismInterface Mechanismusing Perl & Pythonusing Perl & Python

Common Gateway Common Gateway Interface MechanismInterface Mechanismusing Perl & Pythonusing Perl & Python

NOTE: Some of slides are extracted from the course notes of USC CS571 and Deitel & Associates. These documents are copyrighted according to: either "Copyright © Ellis Horowits or PrenticeHall. All Rights Reserved.

Outline

• Basic Operation– Invoking a CGI Script– CGI Environment variables– CGI Script Output

• Using Perl/Python for Server-side scripting• Program to print environment variables• Program that checks the client’s browser• Program that restricts access via IP address

Purpose of CGI• Common Gateway Interface (CGI) is a mechanism by

which programs, called scripts, can be used to create dynamic Web documents– Initially placed in a server directory often named cgi-

bin– Serve information that is not directly readable by

clients– Dynamically convert data from a non-Web source

into Web-compatible documents• Current version of CGI is 1.1• The reason for the term “common gateway” is these

programs act as gateways between the WWW and any other type of data or service

Basic Operation• An executable program that can be run without being

directly invoked by users

(a)Webbrowser

Webserver

Script inGateway

Query via URL or stdin

HTML output (b)(c)

Database(optional)

(d)

Languages to Write Gateway Programs

• Any language that can produce an executable file• Some typical ones are:

– Traditional compiled languages such as C/C++– Or interpreted languages such as:

• Perl• Python• C-Shell/Bourne Shell• TCL• Visual Basic or VBScript

• Interpreted languages are often preferred as they are– Easy to write and portable, and speed is usually not a

factor• Java and JavaScript were first designed for building client-

side applications, but they can be used on the server side as well

Anchors Are Used to Invoke CGI Scripts

•A hypertext reference can refer to:– A local file <A HREF="file://docs/system.html">–A remote file <A HREF="http://domain_name/path/myfile.html">–An executable script in the cgi-bin directory <A HREF="http://domain_name/cgi-bin/scriptname">–An executable script with arguments <A HREF="http://domain_name/cgi-bin/scriptname?arg1+arg2">

•All of these anchors use the GET method

CGI Script Input• There are three ways to pass input to a CGI script: the URL,

standard input, environment variables• GET Method - places all info in the URL• POST Method

– sends data to the server via a message body and a CGI script gets it from the server via stdin

– The script returns data using stdout• Command-line arguments

– Many programs accept command-line argumentse.g., tar xvfz files.tar.gz

– To invoke a program with command-line arguments, append them to the HREF in an anchore.g., <A HREF="http://domain/cgi-bin/tar?xvfz+files.tar.gz">

CGI Script Input

• Environment variables– DOS/Windows and UNIX use these as a means of passing information about the environment– Are set immediately before the server executes the gateway script– Portions of the URL are assigned to variables QUERY_STRING and PATH_INFO; e.g.,http://www.usc.edu/cgi-bin/scriptname/extra_path/afile?input_data

• QUERY_STRING is assigned input_data• PATH_INFO is assigned /extra_path/afile• scriptname is executed

CGI Environment Variables

• Can be classified into two major categories:– 1. Non-request specific– 2. Request specific– Non-request-specific environment variables

are set for all requests:• SERVER_SOFTWARE, the name and version of the

information server software answering the request

e.g. SERVER_SOFTWARE = Apache/1.2.5• SERVER_NAME, server’s hostname, DNS alias, or

IP address• e.g. SERVER_NAME = nunki.usc.edu• GATEWAY_INTERFACE, the revision of the CGI

specification with which this server complies

CGI Environment Variables

• Request-specific environment variables– These variables are set depending on each request

• SERVER_PROTOCOL, the name and revision of the information protocol with which this request came in

e.g. SERVER_PROTOCOL = HTTP/1.0• SERVER_PORT, the port number to which the

request was sente.g. SERVER_PORT = 8088• REQUEST_METHOD, the method with which the

request was made; e.g., (GET, POST)

CGI Environment Variables•PATH_INFO, the extra path information as given by

the client; e.g.,given

http://nunki.usc.edu:8080/cgi-bin/test-cgi/extra/paththen PATH_INFO = /extra/path•PATH_TRANSLATED, the PATH_INFO path translated

into an absolute document path on the local systemPATH_TRANSLATED =

/auto/home-scf-03/csci351/WebServer/apache_1.2.5/htdocs/extra/path

•SCRIPT_NAME, the path and name of the script being accessed as referenced in the URL

SCRIPT_NAME = /cgi-bin/test-cgi•QUERY_STRING, the information that follows the ? in

the URL that referenced this script

CGI Environment Variables

– REMOTE_HOST, Internet domain name of the host making the request

– REMOTE_ADDR, the IP address of the remote host making the request

– AUTH_TYPE, the authentication method required to authenticate a user who wants access

– REMOTE_USER, user name that server and script have authenticated

– REMOTE_IDENT, the remote user name retrieved by the server using inetd identification (RFC 1413)

– CONTENT_TYPE, for queries that have attached information, such as POST method, this is the MIME content type of the data

– CONTENT_LENGTH, the length of the content as given by the client

CGI Environment Variables

• Also, every item of information in an HTTP request header is stored in an environment variable– Capitalize the name in the request header field– Convert dashes to underscores– Add the prefix HTTP_

• For example:– HTTP_USER_AGENT contains the request header

User_Agent field datae.g. HTTP_USER_AGENT = Mozilla/4.5 [en]C-DIAL (WinNT; U)– HTTP_ACCEPT contains the request header Accept field, of

the form type/subtype– HTTP_REFERER contains the URL of the document that

generated this request

CGI Script Output• There are two ways a script can return data to the server

– The script sends its output to stdout; the server adds appropriate headers and returns this output to the client

– If the name of the CGI script starts with nph- (nonparsed header), the server sends whatever it receives directly on to the client

• Output from a script to the server could be:– A document generated by a script– Instructions to the server for retrieving the desired

output• The type of document could be:

– HTML, plain text, image, or video or audio clip– References to other documents

Server Directives

• The output of scripts begins with a small header consisting of text lines containing server directives– This must be followed by a blank line

• Any headers that are not server directives are sent directly back to the client

• Server directives are used by CGI scripts to inform the server about the type of output

• The current CGI specification defines three server directives:– Content-type– Location– Status

Server Directives

• 1. Content-type: type/subtype– The MIME type of the document being returned– For example,content-type: text/html (HTML document)content-type: text/plain (plain-text document)

• 2. Location– Alerts the server that the script is returning a reference to

a document, not an actual document– If the argument is a URL, the server will issue a redirect to

the client; for example,location: gopher://gopher.ncsa.uiuc.edu/– If the argument is a path, the document specified will be

retrieved by the server, starting at the document root; for example,

location: /path/doc.txt

Things to Check Before Running CGI Scripts

• The following need to be readable and executable by the server– CGI scripts– Other programs that the scripts call– The directory in which the scripts reside

• In UNIX, check the read/write permissions of the files and directories

• In Windows/NT, check the web server settings of the script directories

Perl Program to Print Environment Variables

#!/perl5/bin/perl.exeprint "Content-type: text/html", "\n\n";print "<HTML>", "\n";print "<HEAD><TITLE>Environment Variables</TITLE></HEAD>", "\n";print "<BODY><H1>Some Environment Variables</H1>", "\n";print "<HR><PRE>", "\n";print "SERVER NAME: ", $ENV{'SERVER_NAME'}, "<BR>", "\n";print "SERVER PORT: ", $ENV{'SERVER_PORT'}, "<BR>", "\n";print "SERVER PROTOCOL: ", $ENV{'SERVER_PROTOCOL'}, "<BR>", "\n";print "CGI Revision: ", $ENV{'GATEWAY_INTERFACE'}, "<BR>", "\n";print "REQUEST_METHOD ", $ENV{'REQUEST_METHOD'}, "<BR>", "\n";print "HTTP_ACCEPT ", $ENV{'HTTP_ACCEPT'}, "<BR>", "\n";print "<HR></PRE>", "\n";print "</BODY></HTML>", "\n";

Sample Output

Perl Program That Checks the Client Browser

#!/perl5/bin/perl.exe#set location of Perl and document root#place files graphicsver.html and textver.html in document root$document_root = '/web470/exercises';$nongraphic_browsers = 'Lynx | CERN-LineMode';$client_browser = $ENV{'HTTP_USER_AGENT'};$graphic_doc = "graphicsver.html";$text_doc = "textver.html";if ($client_browser =~ /$nongraphic_browsers/) {$html_doc = $text_doc;} else {$html_doc = $graphic_doc; }print "Content-type: text/html", "\n\n";$html_doc = join('/', $document_root, $html_doc);if (open (HTML, $html_doc)) {

while (<HTML>) { print; }close (HTML);} else { print "problem with configuration", "<BR>";} exit(0);

Perl Program to Restrict Access#!/perl5/bin/perl.exe#set location of Perl and document root$document_root = '/web470/exercises';$host_address = "ltree\.com";$ip_address = "204\.253";$remote_address = $ENV{'REMOTE_ADDR'};$remote_host = $ENV{'REMOTE_HOST'};$local_users = "intranet.html";$outside_users = "internet.html";if (($remote_host =~ /\.$host_address$/) && ($remote_address

=~ /^$ip_address/)) { $html_doc = $local_users;} else { $html_doc = $outside_users; }print "Content-type: text/html", "\n\n";$html_doc = join("/", $document_root, $html_doc);if (open(HTML, $html_doc)) { while (<HTML>) { print; }close(HTML); } else { print "a problem", "\n";} exit(0);

HTML Creating Forms

Forms

• Used to create a set of pages that contain fields in which the viewer can select and supply information– Introduced into HTML 2.0– Allows WWW users to perform data entry– Permit direct interaction with customers for inquiries,

registration, sales of products, and services– To create a capability requires two steps:

• Use HTML form elements to create the pages that contain the form

• Write a server-side script to process form data; this program must be placed so the WWW server can execute it

Summary of User Interface Elements

<INPUT>

<TEXTAREA>

<SELECT>

TextCheckboxRadio buttonSubmitResetPassword

submitreset****

File Browse

Red

RedGreenBlue

<FORM> Tag

• <FORM> is an HTML tag that contains other tags for capturing user input– Has two attributes, ACTION and optionally METHOD– ACTION specifies the URL of a server-side script

where the input data should be sent– METHOD selects variations in the sending protocol

• GET is the default; form contents are appended to the URL

• POST causes the fill-out form contents to be sent in a data body as standard input

– The amount of information that can be sent via POST is not limited by the size of a URL

<INPUT> Tag• Used inside the <FORM> tag to specify a data-entry object• Attributes

– TYPE: What kind of input the user will supply (default is TEXT)

– NAME: Name of data entry object whose value the user will supply

– VALUE: Required for radio and checkboxes– CHECKED: For radio buttons and checkboxes– SIZE: Specific to each type of field– MAXLENGTH: Limit on accepted characters– SRC: Image file used as a graphical submit button when

TYPE=IMAGE– ALIGN: TOPMIDDLEBOTTOMLEFTRIGHT

<INPUT> Tag(continued)•TYPE:[CHECKBOXFILEHIDDENIMAGEPASSWORD

RADIORESETSUBMITTEXT]•CHECKBOX: A single value, on/off; each generates name/value pair<INPUT TYPE=CHECKBOX CHECKED NAME="MARRIED" VALUE="yes">•FILE: Users attach a file to the form contents; a text field holds the file name and a button permits browsing<INPUT TYPE=FILE NAME="banner" ACCEPT="image*">•HIDDEN: The field is not rendered, so servers can maintain state information<INPUT TYPE=HIDDEN NAME="BANKACCT" VALUE="A057-23-789">

<INPUT> Tag(continued)

• IMAGE: Used for graphical submit buttons<INPUT TYPE=IMAGE SRC="banner.gif"

VALUE="gohome">• PASSWORD: Just like TYPE=TEXT, but the input is

echoed with *<INPUT TYPE=PASSWORD SIZE=10 NAME="pw">

• RADIO: Used for attributes that take a single value from a set of alternatives; all buttons have same name and explicit value<INPUT TYPE=RADIO NAME="AGE" VALUE="0-20"><INPUT TYPE=RADIO NAME="AGE" VALUE="21-50"><INPUT TYPE=RADIO NAME="AGE" VALUE="51-100"

CHECKED>

<INPUT> Tag(continued)

•RESET: Defines a button that users click to reset fields to their initial state<INPUT TYPE=RESET VALUE="CLEAR">

•SUBMIT: Defines a button that users click to submit the form’s contents to the server<INPUT TYPE=SUBMIT VALUE="submit data">

•TEXT: An input field of a single line where users can enter data<INPUT TYPE=TEXT SIZE=20 NAME="lastname" VALUE="empty">

Example of <FORM> With Text Widgets

<HTML><HEAD><TITLE>Testing Text Widgets<TITLE> </HEAD>

<BODY><FORM METHOD="POST"ACTION="/cgi-bin/post-query">Name: <INPUT NAME="in_name" TYPE="text"

SIZE=40><P>Date of Birth: <INPUT TYPE="text” NAME="in_dob"><P>Social Security Number: <INPUT TYPE="text"

NAME="in_ssn"><P>You can submit by clicking the SEND button:

<INPUT TYPE="submit" VALUE="SEND"></FORM></BODY></HTML>

Browser Output of Text Widgets Example

Query Results for Text Widget Example

Example of <FORM> With Checkboxes<HTML><HEAD><TITLE>Testing Checkboxes</TITLE></HEAD><BODY><FORM METHOD="POST" ACTION="/cgi-bin/post-query">Fill in facts about yourself:<P><INPUT TYPE="checkbox" NAME="house" VALUE="yes">own a house<BR><INPUT TYPE="checkbox" NAME="car" VALUE="yes">own a car<BR><INPUT TYPE="checkbox" NAME="boat" VALUE="yes">own a boat<BR><INPUT TYPE="checkbox" NAME="degree" VALUE="yes">have a college degree<BR>To reset the checkboxes, click here<INPUT TYPE=reset VALUE="RESET"><P>You can submit by clicking on the SEND button:<INPUT TYPE=submit VALUE="SEND"><P></FORM></BODY></HTML>

Browser Output of Checkbox Example

Query Results of Checkbox Example

Example of <FORM> With Radio Buttons

<HTML><HEAD><TITLE>Testing Radio Buttons</TITLE></HEAD><BODY><FORM METHOD="POST" ACTION="/cgi-bin/post-query">How would you like to pay? Choose one of the following:<P><OL><LI><INPUT TYPE="radio" Name="paymethod" VALUE="billme" CHECKED>Billme<BR><LI><INPUT TYPE="radio" Name="paymethod" VALUE="check">Check<BR><LI><I> Credit Card </I><UL><LI><INPUT TYPE="radio" Name="paymethod" VALUE="mastercard">mastercard<BR><LI><INPUT TYPE="radio" Name="paymethod" VALUE="visa">Visa<BR><LI><INPUT TYPE="radio" Name="paymethod" VALUE="amer">American Express<BR></UL></OL><INPUT TYPE="submit" VALUE="Submit Query"></FORM></BODY></HTML>

Browser Output of Radio Buttons

Query Results for Radio Buttons Example

<TEXTAREA> Tag

• specifies a large rectangular text-entry object with multi-line input and scroll bars

• Attributes:NAME=name specifies a name for the data entry object

to be sent to the server-side scriptCOLS=num– Width (in characters) of a text-entry region on

the screen– If user types more than COLS characters, field

is scrolledROWS=num– Height (in characters) of a text-entry region

on the screen– If user types more than ROWS lines, field is

scrolled

Example of Multiline Input Areas

<HTML><HEAD><TITLE>Form Example with Multiple Multiline Inputs</TITLE></HEAD> <body><form method="POST" action="/cgi-bin/postquery"><TEXTAREA NAME="largearea" ROWS=10 COLS=30></TEXTAREA><BR>Here is a 10 x 30 text area.<BR><TEXTAREA NAME="smallarea" ROWS=2 COLS=20></TEXTAREA><BR>Here is a 2 x 20 text area.<BR><TEXTAREA NAME="narrowarea" ROWS=1 COLS=40></TEXTAREA><BR>Here is a 1 x 40 area <BR>To submit your comments, press this button: <INPUT TYPE="submit" VALUE="Submit Comments"><BR></FORM></BODY></HTML>

Browser Output of Multiline Input Areas

Query Results of Textarea Example

<SELECT> Tag

• Used inside the <FORM> element to specify a selection list object (a list of items or a pop-down menu that the user can select from)

• Attributes:– NAME=name

• Specifies a name for the data entry object to be passed to the server-side script

– SIZE=num• Number of lines of the list to display at a time• If SIZE is 1 or unspecified, browser will display as

a drop-down list box• If SIZE is greater than 1, browser will display as a

scrollable list with only SIZE options visible at a time

<SELECT> Tag Attributes

– MULTIPLE• Specifies that multiple list items may be selected

(whereas normally only 1 item can be selected)• All selected values are sent to server-side script

as separate name/value pairs

<OPTION> Tag

• Used inside the <SELECT> tag to specify the start of a new menu item in the selection list

• Syntax as follows:<OPTION attributes> Text

• Attributes:– SELECTED

• Specifies this menu item as pre-selected in the list

– VALUE="text"• Text specifies the value to be sent to the script if

the option is selected• By default, the text following the OPTION element

is sent– DISABLED

• Specifies a “grayed” or non-selectable list item

Example of <SELECT>, <OPTION> Tags<HTML><HEAD><TITLE>Forms Example with Options</TITLE></HEAD><BODY><FORM METHOD="POST"ACTION="/cgi-bin/post-query">Which School would you like to apply to? <BR><SELECT NAME="school" SIZE=5><OPTION> Letters&Science<OPTION SELECTED> Engineering<OPTION> Business<OPTION>Law<OPTION> Medicine</SELECT> <BR>What semester do you wish to start? <BR><SELECT NAME="semester"><OPTION SELECTED> Fall<OPTION> Spring<OPTION> Summer</SELECT><BR>To submit your choices, press this button: <INPUT TYPE="submit” VALUE="Submit Choices">. <BR >To reset the form, press this button: <INPUT TYPE="reset" VALUE="Reset">.</FORM></BODY></HTML>

Browser Output of <SELECT>, <OPTION> Example

Query Results for <SELECT> Example

Forms Example

<html>

<head><title>Test1</title></head>

<body bgcolor="#ffffff">

Example

<FORM METHOD=POST ACTION=""><table>

<tr><td valign=bottom>

First name</font><br>

<input type="text" size="15" name="FirstName"></td><td valign=top>Last name</font><br>

<input type="text" size="15" name="LastName"></td></tr>

<tr><td valign=bottom>

<select name="SEARCH" size="1">

<option value="Email">E-Mail Address</option>

<option value="PHONE">Phone Number</option>

</select>

</td><td valign=bottom><br>

<input type="submit" value="find"></td></tr>

</table>

</FORM><p></body></html>

This example shows howone can align the fields ofa form to match up with related text

Browser Output

LectureLectureLectureLecture

CGI Scripts for Processing FormsCGI Scripts for Processing Forms

Outline• Sample CGI Scripts in Perl

– complete version of showcgi.pl– processing an application for credit– more examples using showcgi.pl– Program to extract a birthday– Program using extra path information– Program to echo form input– Program to return a GIF image– Graphic counter– Redirection– Creating a list of files

• Location of Perl CGI Scripts• CGI Libraries

– cgi-lib.pl– libwww.pl

A General Perl Program• We have already seen a program that prints out the

environment variables created by the server• We extend this program so it also prints out

– any command line arguments– any input sent on standard in– the name=value pairs, when there are any

General Algorithm for Decoding Form Data1. determine the request method (GET or POST) by checkingREQUEST_METHOD environment variable2. If the protocol is GET, read the QUERY_STRING variableand/or the extra path information from PATH_INFO3. If the protocol is POST, determine the size of the requestusing CONTENT_LENGTH, and read that amount of data fromstandard input4. Split the query string on the "&" character, which separateskey-value pairs, (the format is key=value&key=value)5. decode the hexadecimal and "+" charactes in each key-value

pair6. create a key-value table with the key as the index.

Code to Check For GET and POST methods

#!/usr/usc/bin/perl$request_method = $ENV{‘REQUEST_METHOD’};if ($request_method eq “GET)

{$form_info=$ENV{‘QUERY_STRING’};} else { $size_of_form_info=$ENV{‘CONTENT_LENGTH’};

read(STDIN, $form_info, $size_of_form_info); }($field_name, $input) = split (/=/, $form_info);#field_name will contain the name of the user input,

$input the value that was entered

Showcgi.pl - Printing Command Line Arguments#!/perl5/bin/perl.exe#!/usr/usc/bin/perl#Perl script to print CGI inputsprint "Content-type: text/html\n\n";print "<HEAD>\n";print "<TITLE>Show CGI Inputs</TITLE>\n";print "</HEAD>";print "<BODY>";print "<h1>Show CGI Inputs:</h1><hr>\n";print "<h2>Command Line Arguments:</h2>\n";$j=1;foreach $a (@ARGV){ print "arg$j: $a<BR>\n";$j=$j+1; }

Show where your Perlinterpreter resides

output MIME type

ARGV is an array whoseelements are the argumentson the command line

Showcgi.pl - Printing Environment Variables (contd)

print "<HR>";print "<h2>Environment Variables:</h2>\n";print "SERVER_SOFTWARE = $ENV{'SERVER_SOFTWARE'}<BR>\n";print "SERVER_NAME = $ENV{'SERVER_NAME'}<BR>\n";print "GATEWAY_INTERFACE = $ENV{'GATEWAY_INTERFACE'}

<BR>\n";print "SERVER_PROTOCOL = $ENV{'SERVER_PROTOCOL'}<BR>\n";print "SERVER_PORT = $ENV{'SERVER_PORT'}<BR>\n";print "REQUEST_METHOD = $ENV{'REQUEST_METHOD'}<BR>\n";print "HTTP_ACCEPT = $ENV{'HTTP_ACCEPT'}<BR>\n";print "PATH_INFO = $ENV{'PATH_INFO'}<BR>\n";print "PATH_TRANSLATED = $ENV{'PATH_TRANSLATED'}<BR>\n";

Showcgi.pl - Printing Environment Variables (contd)

print "SCRIPT_NAME = $ENV{'SCRIPT_NAME'}<BR>\n";print "QUERY_STRING = $ENV{'QUERY_STRING'}<BR>\n";print "REMOTE_HOST = $ENV{'REMOTE_HOST'}<BR>\n";print "REMOTE_ADDR = $ENV{'REMOTE_ADDR'}<BR>\n";print "REMOTE_USER = $ENV{'REMOTE_USER'}<BR>\n";print "CONTENT_TYPE = $ENV{'CONTENT_TYPE'}<BR>\n";print "CONTENT_LENGTH =

$ENV{'CONTENT_LENGTH'}<BR>\n";print "HTTP_REFERER = $ENV{'HTTP_REFERER'}<BR>\n";print "HTTP_USER_AGENT =

$ENV{'HTTP_USER_AGENT'}<BR>\n";print "HTTP_COOKIE = $ENV{'HTTP_COOKIE'}<BR>\n";print "<hr>\n";

Showcgi.pl - Printing Standard Input (contd)

print "<h2>Standard Input:</h2>\n";#get buffer from QUERY_STRING (GET) or STDIN (POST)if ($ENV{'REQUEST_METHOD'} eq "GET") { $buffer = $ENV{'QUERY_STRING'}; print "There is no input in STDIN"; print " when using GET method.<BR>\n"; }else { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});print "$buffer\n"; }print "<hr>";print "<h2>Name/Value pairs extracted</h2>\n";#check for equal signs in buffer$e = index($buffer,"=");

if ( $e == -1 ){ print "no name/value pairs in input\n"; }else

Test here for the method, GET orPOST and assign whateverit is to the variable $buffer

If arguments exist, they arein the form of name=value

Showcgi.pl - Printing Name-Value Pairs (contd){ #make an array of pairs split at the & sign @nvpairs = split(/&/, $buffer);

#for each pair, extract name and value foreach $pair (@nvpairs) {($name, $value) = split(/=/, $pair); #split into name and

value #print name/value pair print "$name = $value<BR>\n"; } }

split the strings in nvpairs usingthe = sign, and then print theirname and value

Splits the buffer string intoseveral strings, divided bythe & char. Each string is placed in the nvpairs array

Showcgi.pl - Printing Name-Value Pairs (contd)print "<hr>";print "<h2>Name/Value pairs decoded</h2>\n";if ( $e != -1 ){foreach $pair (@nvpairs) {$pair =~ s/\+/ /g; #convert plusses to spaces ($name, $value) = split(/=/, $pair); #split into name and value#decode any %XX from hex numbers to alphanumeric $name =~ s/%(..)/pack("c",hex($1))/ge; $value =~ s/%(..)/pack("c",hex($1))/ge;#print name/value pair and decoded value print "$name = $value<BR>\n"; } }print "</BODY><HTML>\n";

=~is “pattern equality” and the sstands for substitution; g causesa global substitutionchange the name/value pairsso that + is replaced by blankand hex codes are replaced bytheir equivalent character

Some Perl Points• S/PATTERN/REPLACEMENT/[g][i][e][o]

– searches a string for a pattern, and if found, replaces that pattern with the replacement text and returns the number of substitutions made, otherwise false

– the g option indicates that all occurrences of the pattern are to be replaced

– the i option indicates that matching is to be done in a case insensitive manner

– the e option indicates that the replacement string is to be evaluated as an expression rather than just as a double-quoted string

• pack(template,list)– takes an array, or list of values and packs it into a binary structure

returning the string containing the structure– template can be, e.g. c a signed char value, I a signed integer

value, f a float value• hex(expr)

– returns the decimal value of expr

Examples of Showcgi.pl

• Check the class web page,http://tlaloc.sfsu.edu/~csc667/WebServer/showcgi.html

Form Input to test showcgi.pl– Form data passed via query using GET method

<FORM ACTION="/cgi-bin/showcgi.pl" METHOD="GET">Enter string <INPUT TYPE="text" SIZE=30 NAME="string"><INPUT TYPE="checkbox" NAME="checkbox" VALUE="on">

and click here <P><INPUT TYPE="submit" VALUE="submit"></FORM>– Form data passed via stdin using POST method<FORM ACTION="/cgi-bin/showcgi.pl" METHOD="POST">Enter string <INPUT TYPE="text" SIZE=30 NAME="string"><INPUT TYPE="checkbox" NAME="checkbox" VALUE="on">

and click here <P><INPUT TYPE="submit" VALUE="submit"></FORM>

Application for Credit Form

Browser Input for Form<HEAD><TITLE>Sample Form</TITLE></HEAD><BODY><H1>Application for a Credit Card</H1> <FORM METHOD="" ACTION=""><H4>Background Information</H4>Name <INPUT name=name> Street <INPUT name=street><BR>City <INPUT name=city> State <SELECT name=state><OPTION> Alabama <OPTION> California <OPTION> New York<OPTION> Wisconsin </SELECT><H4>Amount of Credit</H4> <INPUT type=radio name=amount

value=5000>$5,000 <INPUT type=radio name=amount value=10000>$10,000<INPUT type=radio name=amount value=15000>$15,000<H4>Financial Facts:</H4> <INPUT type=checkbox name=home>Own a home<INPUT type=checkbox name=boat>Own a boat<INPUT type=checkbox name=car>Own a car<BR><TEXTAREA rows=5 cols=50 name=family>Please describe here the names and ages of people in your family and the number of cards you are requesting. </TEXTAREA><INPUT type=submit> <INPUT type=reset></FORM></BODY>

Output of showcgi.pl on Credit Form

Output of showcgi.pl on Credit Form (Pt II)

Output of showcgi.pl on Credit Form(Pt III)

Encoded Data

• When data is sent certain characters must be encoded, e.g. “, /, blank

• Each character has a hexidecimal equivalent, as shown previously

• The browser transforms special characters into their hexidecimal equivalents and the cgi script must transform back from hexidecimal to the character.

• Example: here is a form to capture a birthday. Slash must be encoded

<HTML><HEAD><TITLE>BIRTHDAY</TITLE></HEAD><BODY><H1>When is your birthday?</H1><FORM ACTION=/cgi-bin/birthday.pl METHOD=POST>Enter Birthday (mm/dd/yy): <INPUT NAME=birthday><BR>

<INPUT TYPE=submit><INPUT TYPE=reset></FORM></BODY></HTML>

Birthday Perl Script

#!/usr/usc/bin/perl$size_of_form_info =$ENV{‘CONTENT_LENGTH’};read(STDIN, $form_info, $size_of_form_info); $form_info =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack (“C”, hex ($1))/eg;#the above turns %2F into a slash#s is substitute, \dA-Fa-f looks for hex number and stores it in $1#pack and hex convert the value in $1 to ASCII, e evaluates second

part #of the substitute command as an expression, g replaces all

occurrences($field_name, $birthday) = split (/=/, $form_info);print “Content-type: text/plain”, “\n\n”;print “Your birthday is on: $birthday, right?”, “\n”; exit(0);