1 cgicgi common gateway interface server-side programming lecture
TRANSCRIPT
![Page 1: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/1.jpg)
1
CGICGI
Common Gateway InterfaceCommon Gateway InterfaceCommon Gateway InterfaceCommon Gateway Interface
Server-side Server-side ProgrammingProgramming
Lecture
![Page 2: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/2.jpg)
Rich Internet Applications
An RIA is a web application that provides the client with the features and functionality of desktop applications
Requires transferring the processing from the server to the client
Javascript is one enabling technology for a RIA
![Page 3: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/3.jpg)
RIAs in the Internet client-server model
Client (browser) Web server
Client does all the processing (eg play videos as they come in)
Data (eg multimedia) stay on the server
HTTP request for resource
Server sends code but keeps data
![Page 4: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/4.jpg)
Some technologies that support RIA development
Javascript (and associated ECMA dialects) Adobe Flash
Flash player and IDE Java Applets and Java Webstart (see later) AJAX
Asynchronous JavaScript and XML
![Page 5: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/5.jpg)
Server-Side Programming
Lots of programs/applications designed to run on the machines on which they are installed
How can a remote client request access to these?
![Page 6: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/6.jpg)
CGI programming
CGI => Common Gateway Interface A protocol for interfacing local applications with
a web server Sequence of steps
Client sends URL request Program runs at the server side Output is collected and sent back to the client Often the output is an HTML “built” by the
server
![Page 7: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/7.jpg)
CGI using HTML and C language
Why do we need CGI? To read the information on the forms (HTML) To build a customised HTML response to users
To understand the concept lets use C at first...
CGI is completely independent of the language and OS
CGI is implemented in (almost) all webservers
![Page 8: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/8.jpg)
CGI programs can be written in any language supported by the server.
This includes compiled programming languages, such as C and C++; interpreted languages, such as Perl, Python, Ruby, and languages, such as Java, that lie somewhere in between.
![Page 9: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/9.jpg)
Hello World!#include <iostream>using namespace std;
int main(void) { cout << "Content-Type: text/html;charset=us-ascii\n\n";
/** Print the HTML response page to STDOUT. **/ cout << "<html>\n"; cout << "<head><title>CGI Output</title></head>\n"; cout << "<body>\n" ; cout << "<h1>Hello, world.</h1>\n"; cout << "this is my first CGI" << "\n"; cout << "</body>\n"; cout << "</html>\n"; return 0;}
Compile, then place the executable inside cgi-bin directory of xitamiTest using a browser, URL: http://localhost:8080/cgi-bin/helloworld
![Page 10: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/10.jpg)
How to submit data using forms
GETGET http://www.someurl/cgi-bin/script?
var1=1&var2=4 Web server has a special directory called cgi-bin Two variables:
var1=1 var2=4
Special characters are encoded ~ ~ would be encoded as %7E %7E (% followed by
ASCII code)
![Page 11: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/11.jpg)
GET GET
So variables from the forms go on URL The environment variable is:
$QUERY_STRING Most browsers limit the size of URLs (256
chars, some more, e.g., IE is 2083 chars) When you have too much data, use POSTPOST
instead...
![Page 12: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/12.jpg)
Multiply example – the HTMLHTML file
<form method="getget"
action="http://it026945/cgi-bin/testingcgi/multiply">
<div><label>Number 1: <input name="m" size="5"></label></div>
<div><label>Number 2: <input name="n" size="5"></label></div>
<div><input type="submit" value="Multiply"></div>
</form>
![Page 13: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/13.jpg)
Multiply example
Action="http://it026945/cgi-bin/testingcgi/multiply">
multiply is an executable under:/var/www/cgi-bin/
with x permissions for all!
Variables in URL:
After submission, URL becomes: http://it026945/cgi-bin/testingcgi/multiply?m=1&n=2
![Page 14: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/14.jpg)
Example
SERVER-SIDE: Response
CLIENT-SIDE
![Page 15: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/15.jpg)
Multiply example – the C file#include <stdio.h>#include <stdlib.h>#include <windows.h> //for Windows operating system – Sleep()
int main(void){char *data;long m,n;printf("%s%c%c\n","Content-Type:text/html;charset=iso-8859-1",13,10);printf("<TITLE>Multiplication results</TITLE>\n");printf("<H3>Multiplication results</H3>\n");data = getenv("QUERY_STRING");//here it is your data!!!if(data == NULL) printf("<P>Error!");else if(sscanf(data,"m=%ld&n=%ld",&m,&n)!=2)//check for 2 inputs printf("<P>Error! Invalid data.");else printf("<P>%ld * %ld = %ld.",m,n,m*n);//Sleep(1000); // uncomment that to see who runs the process...return 0;}
//from http://www.cs.tut.fi/~jkorpela/forms/cgic.html (July2010)
![Page 16: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/16.jpg)
Recall the sscanf()sscanf() function in C
• On success, the function returns the number of items successfully read.
• This count can match the expected number of readings or fewer, even zero, if a matching failure happens.
• In the case of an input failure before any data could be successfully read, EOF is returned.
int sscanf ( const char * str, const char * format, ...);
Read formatted data from string
![Page 17: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/17.jpg)
char * getenv ( const char * name );
Get environment string•Retrieves a C string containing the value of the environment variable whose name is specified as argument.
•If the requested variable is not part of the environment list, the function returns a NULL pointer.
•The string pointed by the pointer returned by this function shall not be modified by the program.
•The same memory location may be used in subsequent calls to getenv, overwriting the previous content.
getenv()getenv() function in C
![Page 18: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/18.jpg)
char * fgets ( char * str, int num, FILE * stream );
Get string from stream
Reads characters from stream and stores them as a C string into str until (num-1) characters have been read or either a newline or a the End-of-File is reached, whichever comes first.
A newline character makes fgets stop reading, but it is considered a valid character and therefore it is included in the string copied to str.
A null character is automatically appended in str after the characters read to signal the end of the C string.
fgets()fgets() function in C
![Page 19: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/19.jpg)
POSTPOST
(GET was originally used only to get data from server)
data is passed via standard input stream (stdin)
the length (in bytes) of the data passed via
$CONTENT_LENGTH. If the program reads more than the length,
...unpredictable behaviour may happen!
![Page 20: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/20.jpg)
Multiply example – the HTML file
<form method="postpost" action="http://it026945/cgi-bin/testingcgi/multiply">
<div><label>Number 1: <input name="m" size="5"></label></div>
<div><label>Number 2: <input name="n" size="5"></label></div>
<div><input type="submit" value="Multiply"></div>
</form>
![Page 21: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/21.jpg)
Multiply with POST – C file...#define MAXLEN 80int main(void){char *lenstr;char input[MAXLEN];long m,n, len;printf("%s%c%c\n","Content-Type:text/html;charset=iso-8859-1",13,10);lenstr = getenv("CONTENT_LENGTH");if(lenstr == NULL || sscanf(lenstr,"%ld",&len)!=1 || len > MAXLEN) printf("<P>There was an error in the content sent to Apache.");else { fgets(input, len+1, stdin); printf("<P>Form received by Apache.<br>"); printf("The form contains %ld bytes.<br>",len); printf("<P>Apache received this: %s <br>",input); if(sscanf(input,"m=%ld&n=%ld",&m,&n)!=2) printf("<P>An error occurred, both variables must be numeric."); else printf("<P><h3> %ld * %ld = %ld.</h3>",m,n,m*n);
}
return 0;
}
//adapted from http://www.cs.tut.fi/~jkorpela/forms/cgic.html (July2010)
![Page 22: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/22.jpg)
Self-generating form in C#include <stdio.h>#include <stdlib.h>int main(void){char *data;long m,n;
printf("%s%c%c\n","Content-Type:text/html;charset=iso-8859-1",13,10);printf("<form method = "get"
action=\"http://it026945/cgi-bin/testingcgi/multiply2\"><div><label>Multiplicand 1: <input name=\"m\" size=\"5\"></label></div><div><label>Multiplicand 2: <input name=\"n\" size=\"5\"></label></div><div><input type=\"submit\" value=\"Multiply!\"></div></form>");
printf("<H3>Multiplication results</H3>");data = getenv("QUERY_STRING");if(data == NULL) printf("<P>Error! Error in passing data from form to script.");else if(sscanf(data,"m=%ld&n=%ld",&m,&n)!=2) printf("<P>Error! Invalid data. Data must be numeric.");else printf("<P>The product of %ld and %ld is %ld.",m,n,m*n);return 0;}
![Page 23: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/23.jpg)
Self-generating form in CSelf-generating form in C#include <stdio.h>#include <stdlib.h>int main(void) {char *data;long m,n;static int flag=0;
printf("%s%c%c\n","Content-Type:text/html;charset=utf-8",13,10);printf("<form method = \"getget\" action=\"http://localhost:8080/cgi-bin/multiply2_utf8multiply2_utf8\"><div><label>Multiplicand 1: <input name=\"m\" size=\"5\"></label></div><div><label>Multiplicand 2: <input name=\"n\" size=\"5\"></label></div><div><input type=\"submit\" value=\"Multiply!\"></div></form>");printf("<H3>Multiplication results</H3>");data = getenvgetenv("QUERY_STRING");if(data == NULL) { if( !flag ){ printf("<P>nothing to compute yet."); } else {
printf("<P>Error! Error in passing data from form to script."); }
} else if(sscanfsscanf(data,"m=%ld&n=%ld",&m,&n)!=2) { printf("<P>Error! Invalid data. Data must be numeric.");} else { printf("<P>The product of %ld and %ld is %ld.",m,n,m*n); flag = 1;}return 0;
}
![Page 24: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/24.jpg)
Handling Special CharactersHandling Special Characters
void decodedecode(char *src, char *last, char *dest){
for(; src != last; src++, dest++) if(*src == '+') *dest = ' '; else if(*src == '%') { int code; if(sscanf(src+1, "%2x", &code) != 1) code = '?'; *dest = code; src +=2; } else *dest = *src; *dest = '\n'; *++dest = '\0';}
![Page 25: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/25.jpg)
Problems with CGIProblems with CGI
Each a time request is made, a new process is spawned on the server
This can quickly overwhelm sites that get a large number of hits
One solution is to install libraries directly callable by the web server
mod_perlmod_python
![Page 26: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/26.jpg)
CGI can be inefficient...CGI can be inefficient...
The executable is loaded in the server's memory every time it is called
Multiple copies API would be more efficient...
Bad idea to do that using C/C++ Unstable environment (crash the entire server)
Apache offers modules with Perl and Python APIs
Scripting languages such as ASP and PHP
![Page 27: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/27.jpg)
Security problems with CGISecurity problems with CGI
Program is running in your server... Suppose you want the user to run:
system "whois $username" ; But what if the user actually sends:
"john; rm -rf " system "whois john; rm -rf " ;
The administrator: “Oh dear!Where are all my files?”
In Linux
For Windows, http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
![Page 28: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/28.jpg)
Server-side programmingServer-side programming
Better to use a language specially designed for server-side programming
See PHP programming next...
![Page 29: 1 CGICGI Common Gateway Interface Server-side Programming Lecture](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649c7c5503460f949307a0/html5/thumbnails/29.jpg)
References
http://www.cs.tut.fi/~jkorpela/forms/cgic.html