(see online resources, e.g.SY306 Web and Databases for Cyber Operations Slide Set #9: CGI with Python 2 Things well learn and do HTML5 basics, tables, forms Cascading Style Sheets JavaScript, Dynamic HTML CGI / Python Databases Relational Model SQL Web applications with database back-end Web based attacks (XSS, SQL injections,) FLASHBACK CGI What does it all look like? CGI Script Basics Common Gateway Interface (CGI) Common: Not specific to any operating system or language Output file generated at runtime: 1.When a program executed as a CGI script, standard output is redirected to web server 2.Web server then redirects output to client's browser How can CGI get data from user? Technique #1: Forms User enters data via a form, submits Web server directs data to a CGI program Script receives data in one of two ways: 1.method = get 2.method = post Use language-specific method to get these inside CGI program Technique #2: URL with parameters Seminars The Big Example Part 1 (the form) (standard header stuff) Welcome to The Ultimate Survey Favorite food: Favorite color: Red Gold Blue survey.html The Big Example Part 2 (CGI to receive) #!/usr/bin/env python3 import cgi import cgitb; cgitb.enable() form = cgi.FieldStorage() # instantiate only once! # get inputs from browser food = form.getvalue(food) color = form.getvalue(color) # Save result in file. Use colon as separator outfile = open ("favorites.txt","a") outfile.write(food + " : " + color + "\n") outfile.close() #generate output as feedback for the user print ("Content-Type: text/html\n") print ('''\ Survey Feedback Thank you for filling out our survey Your responses have been recorded as follows: ''') print ( Favorite food: + food + ) print ( Favorite color: + color + ) print ( ) survey.py Exercise #1 Write Python script that will, given the URL provided below, generate HTML that looks like the screenshot The Big Example Part 3 (CGI to process) survey_results.py #!/usr/bin/env python3 import cgi import cgitb cgitb.enable() #print response header print ("Content-Type: text/html") print () #print start html part print ('''\ Survey Results ''') #start printing the results and count the number of red responses print (' Results so far ') print (' ') nbRed = 0 # read from file with open("favorites.txt","r") as lines: for line in lines: #skip the empty lines if line == "\n": continue #remove the newline character and split by : # s = line[:-1].split(':') #solution 1 line = line.strip() #solution 2 s = line.split(:) print (" Favorite food: " + s[0] + " favorite color: **" + s[1] + "** ") #if s[1] == "red": #this will not work if there are extra spaces if s[1].find("red") >= 0: nbRed = nbRed+1 print (" ") print (" There are " + str(nbRed) + " responses for color 'red'. ") #print end html part print (' ') Exercise #2: Write Python script that accepts two numbers from browser user, prints error if num2 is zero, otherwise outputs num1/num2. Gotchas Indentation turn-off auto-indentation, make sure you use spaces, not tabs If Notepad++: Settings Preferences MISC. auto-indent NOT SELECTED Unix server use UNIX line endings in script If Notepad++: Settings Preferences New Document/Default Directory New Document UNIX If Notepad++: Edit EOL Conversion Unix format File permissions server needs to be able to r/w/x different files/folders setfacl m u:www-data:rwx LabX