Server-Side Programs and Perl 5 : Server-Side Programs and Perl 5 Outline
Server-Side Includes (SSI)
Common Gateway Interface (CGI)
3 Introduction to Perl
String Processing and Regular Expressions
4 Viewing Client/Server Environment Variables
5 Form Processing and Business Logic
Verifying a Username and Password
Code
7 Cookies and Perl
1 Server-Side Includes : 1 Server-Side Includes Web offers ability to track
Where client coming from
What client views on your site
Where client goes after your site
Tracking Web data important, allows webmasters to
Know which sites visited most frequently
Know how effective advertisements and products are
Server-side includes (SSIs)
Commands embedded in HTML documents
Provide for content creation
Allow inclusion of current time, date or even contents of different HTML documents
1 Server-Side Includes (II) : 1 Server-Side Includes (II) SSI commands
Execute CGI scripts on a server
Are capable of connecting to an ODBC data source
Use to create customized Web pages depending for certain conditions
Document containing SSI commands has .shtml file extension
EXEC CGI command
Issued to execute a Perl script before document sent to client
Example:
Executes the Perl script counter.pl, located in /cgi-bin directory on server
1 Server-Side Includes (III) : 1 Server-Side Includes (III) ECHO command
Used to display variable information
Is followed by the keyword VAR and variable’s constant name
Example:
Returns the current local time
Other variables
DATE_GMT
Contains current Greenwich Mean Time
DOCUMENT_NAME
Contains name of current document
Many more Apache Tutorial
1 Server-Side Includes (III) : 1 Server-Side Includes (III) EXEC CGI command
Used to include CGI program output
Example follows
To see what our servers (at Dal FCS) do see
examples/SSI/test1.shtml (what the client gets)
examples/SSI/test1.source (code at the server)
Slide6 : 14 Execute Perl script counter.pl using EXEC CGI statement
18 Use ECHO VAR statements to display environmental variables
Slide7 : Continue printing environmental variables using ECHO VAR statements
Slide8 : Script Output
Slide9 : 5. Open counter.dat, assign to filehandle COUNTREAD
7. Increment data in COUNTREAD
8. Close COUNTREAD
6. Assign data contained in file counter.dat to variable $data
17. Use for structure to output number of page hits using number images
1 SSI (Perl preview) : 1 SSI (Perl preview) Perl scripts can access and modify other files
open() function
Form: open(fileHandle, ">fileName");
> discards any data in file, creates new file if does not exist
>> append mode
Returns false on error
File handles do not need type ($,@,%)
While file open, referenced using fileHandle
Close file using the close() statement
Format: close(fileHandle);
Error checking:
open(COUNTREAD, "counter.dat") || die "opening 'counter.dat': $!";
See die.pl and warn.pl examples
1 SSI (Perl preview) : 1 SSI (Perl preview) print statement can redirect output to a file
print COUNTWRITE $data;
Assigns $data to file pointed to by COUNTWRITE
If the file is open for writing already
1 SSI (Perl preview II) : 1 SSI (Perl preview II) length() function
Returns length of string
substr( expr, len, offset ) function
Similar to JavaScript’s substr function
First argument (expr)
Specifies string from which to take a substring
Second argument (offset)
Specifies offset in characters from beginning of the string
Third argument (len)
Specifies length of substring to return
2 Common Gateway Interface (CGI) : 2 Common Gateway Interface (CGI) Server-side programming
Process data on the server to increase communication between clients and servers
Create interactive applications
Client-side scripting
Not always sufficient when building truly interactive Web-based applications
HyperText Transfer Protocol (HTTP)
Used for communication between Web browsers and servers
Universal Resource Locator (URL)
Used by browsers (clients) to specify name of server from which to request data
2 Common Gateway Interface (CGI) (II) : 2 Common Gateway Interface (CGI) (II) HTTP GET command
By issuing command, client directs server to send specific data to browser
CGI
Lets HTTP clients interact with programs across a network through a Web server
A standard for interfacing applications with a Web server
CGI applications
Can be written in many different programming languages
Often reside in the directory /cgi-bin
Within Web server
Permission granted by webmaster to allow specific programs to be executed on the server
2 Common Gateway Interface (CGI) (III) : 2 Common Gateway Interface (CGI) (III) Interaction methods
Standard input (keyboard)
Standard output (screen)
Web browser
Take info from user
Using HTTP, sends info to a Web server
Server-side CGI program executed
Standard output from server-side applications or scripts redirected or piped to CGI
Output sent from CGI over the Internet to client for rendering
CGI is an interface
Cannot be directly programmed
Script or executable program must be used to interact with it
2 Common Gateway Interface (CGI) (IV) : 2 Common Gateway Interface (CGI) (IV) Data path of a typical CGI-based application
2 CGI Binaries at FCS : 2 CGI Binaries at FCS On borg
Must be in ~/public_html/cgi-bin/ directory
Must end with .cgi no matter what language they're in
Use http://borg.cs.dal.ca
We run suexec
CGI programs are opened by http daemon
CGI programs are run by the owner
Your CGI programs have your permissions
Other options: setuid, run as http (or nobody)
See examples/CGI/about.pl
2 Configuring Personal Web Server (PWS) for Perl/CGI : 2 Configuring Personal Web Server (PWS) for Perl/CGI To run CGI with PWS
Several modifications must be made in the Windows Registry
PWS must be enabled to execute Perl scripts – does not by default
For detailed instructions on procedure to update Windows Registry to handle Perl scripts
See section 3 in Deitel, et al. (on reserve in Killam Library)
3 Introduction to Perl : 3 Introduction to Perl Perl (Practical Extraction and Report Language)
High-level programming language
Developed by Larry Wall in 1987
Trained as a linguist
A systems admin at NASA
Rich, easy-to-use text-processing capabilities
Alternative to the tricky C programming language
Powerful alternative to Unix shell scripts
Lots of built-in functionality
TMTOWTDI
3 Introduction to Perl : 3 Introduction to Perl Current version: Perl 5.8
Programming Perl (1st ed.) was about Perl 4
Perl 5 is a complete rewrite
An entirely new language
Good choice for programming server side WWW
Most popular language for doing so today
Is under continuous update by the online Perl community
Stays competitive with newer server-side technologies
Programmer driven
Extensible by modular objects
Can even search the online object-base to find newer versions
3 Introduction to Perl (II) : 3 Introduction to Perl (II) Perl initially developed for Unix platform
Always intended to be a cross-platform computer language
ActivePerl
Version of Perl for Windows
Free download at http://www.activestate.com
Includes the core Perl package
Predefined functionality expected to behave the same across all platforms
Perl Interpreter — perl — placed in bin directory
Loaded into memory each time Perl program invoked
Extension of Perl programs is .pl
Associated with Perl interpreter by default
Perl program execution
Type perl –w followed by filename of Perl source code at command line (Unix or DOS prompt)
3 Introduction to Perl (III) : 3 Introduction to Perl (III) Perl command line switches (case sensitive)
3 Introduction to Perl (IV) : 3 Introduction to Perl (IV) Comment character #
Goes at beginning of every line with comment
Function print
Outputs text indicated by quotation marks (“…”)
Escape sequences
E.g. \n, \t, \a
Newline, tab, alert
Statements terminated with semicolons (;)
Exception: where braces ({}) used to denote block of code
Slide24 : 1.1 Print Statement Welcome to Perl!
3 Introduction to Perl (V) : 3 Introduction to Perl (V) Perl contains set of data types
Represent different kinds of information
Each variable name has special character preceding it
$ - variable contains scalar value
Strings, integer numbers and floating-point numbers
@ - indexed array
Uses an integer (called an index) to reference array elements
% - hash (associative array)
Uses keys that are strings to reference individual array elements
Variables should be initialized before being used
Variable names in strings
Serve as place-holders for values they represent
If have no declared value – set to undef (empty) value
Slide26 : 1.1 Demonstrate variable in string before initialization
1.2 Demonstrate addition involving variable using print statements
1.3 Add integer to string and print result
Add integer to string and print result Using a variable before initializing: Adding uninitialized variable num to 5 yields: 5. The value of variable a is: 5 Variable a after adding 5 is 10. Adding a string to an integer yields: 10 Adding an integer to a string yields: 7
3 Introduction to Perl (VI) : 3 Introduction to Perl (VI) Perl can store arrays
Arrays divided into elements
Each can contain an individual scalar variable
Array definition
@arrayName = (“element1”, “element2”, …, “elementN”);
First array element is [0]
Just like C, C++, etc.
Could be changed in Perl 4 but should not in Perl 5
3 Introduction to Perl (VII) : 3 Introduction to Perl (VII) Arrays
Elements are referenced as scalar values with element number in square brackets ([])
@ refers to array as a whole, $ refers to elements
Example: $array[2]
Refers to the third element in @array
Range Operator – “..”
Used to store all values between given arguments
Example: @array2 = (A..Z);
Creates array @array2 containing all capital letters in alphabet (all letters between A and Z)
Slide29 : 1.1 Define array @array
2.1 Print contents of @array
2.2 Print third element of @array
3.1 Define array @array2
3.2 Explain and print contents of @array2 The array contains: Bill Bobby Sue Michelle Third element: Sue The range operator is used to store all letters from capital A to Z: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
3 Introduction to Perl (VIII) : 3 Introduction to Perl (VIII) In addition to core Perl package
Add-ons called packages provide additional functionality
Packages
Often provide platform specific features
Are available at
http://www.cpan.org
http://www.activestate.com/packages
3 String Processing and Regular Expressions : 3 String Processing and Regular Expressions Processing textual data easily and efficiently
One of Perl’s most powerful capabilities
Usually done through use of regular expressions
Patterns of characters used to search through text files and databases
Allows large amounts of text to be searched using relatively simple expressions
eq equality operator
Tests whether two strings are equivalent
example: if ($hello eq "Good Morning")…
Keyword my
Designates variable only valid for block of code in which it is declared
Slide32 : 1.1 Declare variables using my
2.1 Test string variable-string equality
2.2 Print appropriate result
3.1 Test second variable
3.2 Print appropriate result Test matches Test. Testing does not match Test.
3 my and local : 3 my and local Keyword my
Designates variable only valid for block of code in which it is declared
In Perl 4 was done by local
my creates local variables
local creates local copy & then restores it on exit
See following program …
3 my and local (program) : 3 my and local (program) $lo = 'global';
$m = 'global';
A();
sub A {
local $lo = 'string';
my $m = 'string';
B();
}
sub B {
print "B ", ($lo eq 'string' ?'can' :'cannot'),
" see the value of lo set by A.\n";
print "B ", ($m eq 'string' ?'can' :'cannot'),
" see the value of m set by A.\n";
}
-------------------------------------------------------------
B can see the value of lo set by A.
B cannot see the value of m set by A.
3 String Processing and Regular Expressions (II) : 3 String Processing and Regular Expressions (II) eq operator
Cannot be used to search through a series of words
String binding ‘operator’ =~
Tests whether match for a string is found within a single string or series of words
Example
$search =~ /Test/;
Searches for word test within indicated string
$string =~ s/Regular/regular/g;
Makes the substitution operation work on $string, instead of $_
3 String Processing and Regular Expressions (III) : 3 String Processing and Regular Expressions (III) Some meta/modifying characters
^ – indicates beginning of a line
$ – indicates end of a line (matches \n)
\b – indicates word boundary
\w – matches any alphanumeric character and underscore [a-z_A-Z0-9]
Other modifying characters
Slide37 : 1.1 Test for word ‘Test’ in string, print result
2.1 Test for word ‘Test’ at beginning on string, print result
3.1 Test for word ‘Test’ at end of string, print result
4.1 Test for word in string ending with letters ‘es’, print result Test was found. Test was found at the beginning of the line. Word ending in es: matches
4 Viewing Client/Server Environment Variables : 4 Viewing Client/Server Environment Variables Knowing info about client very useful to system administrators
CGI environment variables
Contains info about client
Web browser being used
Version of CGI server running
HTTP host, HTTP connection
Much more (we'll see example shortly)
use statement
Includes predefined library packages in programs
4 Viewing Client/Server Environment Variables (II) : 4 Viewing Client/Server Environment Variables (II) CGI Library
Included to provide functionality that makes it easier to write HTML sent to Web browser
Contains keywords that represent HTML tags
foreach loop
Iterates through keys in given hashtable, performs indicated actions
foreach $key (sort keys %ENV)
Iterates through %ENV hashtable
Built-in table in Perl that contains names and values of all CGI environment variables
sort function
returns list in lexographical order
Assigns current key to $key and performs indicated actions
Slide40 : 1.1 use standard CGI library
2.1 Print top of HTML Table
3.1 Use foreach function to sort through keys in %ENV hashtable
3.2 Print current keys in table
4.1 Close table
Slide41 : Script Output
4 env.cgi : 4 env.cgi Source: .../examples/perl/env.pl.source
Execute
4 Taint mode : 4 Taint mode When in taint mode perl won't let you user input to open files, etc.
Taint mode on when running as CGI or with –T switch
-T must be first switch, use –Tw to get both T and w
To remove taint from variables
Use regular expression backreferences
$file = param("filename"); # input from CGI form
if ( $file !~ /^([\w.-]+)$/ ) {
die "filename `$file´ has invalid characters\n";
} else {
$file = $1;
}
4 CGI Binaries at FCS : 4 CGI Binaries at FCS On borg
Must be in ~/public_html/cgi-bin/ directory
Must end with .cgi no matter what language they're in
Use http://borg.cs.dal.ca
5 Form Processing and Business Logic : 5 Form Processing and Business Logic HTML FORMs
1. Allow users to enter data
2. Data sent to Web server for processing
3. Program processes data
Allows users to interact with server
Vital to electronic commerce
FORM element
Indicates what action should occur when user submits form
Attribute: ACTION = "cgi-bin/form.pl"
Directs server to execute form.pl Perl script
Example
Slide46 : 1.1 Open FORM
1.2 Define FORM attributes
1.3 Insert and define form INPUT elements
1.4 Specify correct input format
Slide47 : 1.5 Continue inserting and defining form INPUT element
1.6 Close FORM element
Slide48 : Script Output
5 Form Processing and Business Logic (II) : 5 Form Processing and Business Logic (II) Retrieving data from form output
Assign to variables
Example: Assign data from form INPUT OS to variable $os
$os = param(OS);
Testing for correct form input
Example: Make sure phone number in format (555)555-5555
if ( $phone =~ / \( \d{3} \) \d{3} - \d{3} /x ) { actions }
d{n} tests for n characters
\ is escape character
Close-bracket (‘)’) character is used in Perl statements, needs escape character ‘\’ to appear as part of search test string
Slide50 : 1.1 use standard CGI library
2.1 Assign form field values to variables
3.1 Test for correct phone number input form using if structure
3.2 Indicate actions to be performed if test returns TRUE result
Slide51 : 3.3 Finish inputting if structure actions and close structure
4.1 Set actions to be performed if if structure returns a FALSE value
Slide52 : Script Output 1
Slide53 : Script Output 2
6 Verifying Username & Password : 6 Verifying Username & Password Often desirable to have private Web site
Developers often employ username and password authentication to implement privacy
In reality we would use the server software to do this
We'll see an example with perl
Upcoming files
verify.html – HTML document client browser displays
password.pl – Perl script that verifies username and password inputted by client and performs appropriate actions
data.txt – Text file containing username and password combinations (unencrypted for simplicity)
6 Verifying Username & Password (II) : 6 Verifying Username & Password (II) If file cannot be opened
Use function die to exit program and print message
while
Executes structure while still information in fileHandle
Assigns a line at a time to $_
split function
Read contents of a file into an array
@arrayName = split(/\n/)
Creates array arrayName, creates new array entry after every \n character
Access array elements and split into two parts
foreach $entry (@data) {…}
Performs indicated action on every entry in array @data
Subsequently assigns entry information to $entry
6 Verifying a Username and Password (III) : 6 Verifying a Username and Password (III) split array into two parts
($name, $pass) = split(/,/, $entry)
Assigns username string of current entry to $name
Assigns password string of current entry to $pass
6 Verifying a Username and Password (III) : 6 Verifying a Username and Password (III) Perl has logical and (&&) and or (||) operators
Same format as other languages
Example:
if ($userverified && $passwordverified) {…}
Evaluates to true if both variable values are true
Short-circuit evaluation
String context: true is any non-empty string
Numeric context: true is any non-zero number
String "0" is false!
String "00" is true!
6 Verifying a Username and Password (III) : 6 Verifying a Username and Password (III) sub functionName {…}
Sets actions of user-defined function functionName
User-defined functions accessed:
&functionName — old style, not used much
functionName() — preferred form, allows for extras
Slide59 : 1.1 Print instructions
2.1 Open FORM and define ACTION attribute
3.1 Open HTML TABLE
Slide60 : 3.2 Insert and define INPUT elements for username and password
3.3 Insert INPUT submit button
3.4 Close TABLE and FORM elements
Slide61 : Script Output
Slide62 : 1.1 Open data.txt and assign to FILE
1.2 Enter text to be printed if the file cannot be accessed using die function
2.1 Open while structure
3.1 Create @data array using FILE
3.2 Split each entry into NAME and PASS entries
3.3 Use if structure to verify username and password and perform appropriate actions
Slide63 : 3.4 Close while structure
4.1 Use if structures to call user-defined programs depending on outcome of password verification
5.1 Define accessgranted function
5.2 Print ‘permission granted’ message
Slide64 : 6.1 Define wrongpassword function
6.2 Print ‘invalid password’ message
7.1 Define accessdenied function
7.2 Print ‘access denied’ message
Slide65 : Data.txt
1.1 Input username and password combinations using format:
username,password/n
6 Verifying a Username and Password (IV) : 6 Verifying a Username and Password (IV) See example Fig_27_25.pl
Slide67 : Script Output
6.5 Sending E-Mail From a Web Browser : 6.5 Sending E-Mail From a Web Browser Email
One of most frequently used capabilities of the Internet
Can be sent directly from browser using Perl script
Net package’s Simple Mail Transfer Protocol (SMTP)
Use this SMTP functionality to send email
code: use Net::SMTP;
Email cannot be sent without a valid smtp server
Server name client uses is usually text after the ‘@’ in your client’s email address
6.5 Sending E-Mail From a Web Browser : 6.5 Sending E-Mail From a Web Browser Create a new instance of a mail server object
smtp = Net::SMTP->new($mailserver);
-> is Perl’s scope operator
Equivalent to ‘.’ in JavaScript
datasend function
Tells mail server that a command is being issued
smtp->quit;
Closes connection to smtp server
Slide70 : 1.1 Open FORM and define ACTION attribute
2.1 Inset and define INPUT submit image
2.2 Insert text INPUTs for other email field categories
Slide71 : 2.3 Insert and define remaining INPUT elements for email fields
2.4 Insert and define TEXTAREA for body of email message
Slide72 : 1.1 Close TABLE and FORM tags Script Output
Slide73 : 1.1 use SMTP
1.2 use CGI standard library
2.1 Set local variable values to user form inputs
3.1 print ‘request processed’ message
4.1 Connect to SMTP server
4.2 Form email message using data(), datasend() and dataend() functions
4.3 quit smtp server
Slide74 : Script Output
7 Cookies : 7 Cookies What? Client-side storage for server-side use
Why? To save state information
How?
When server sends document is can also send a cookie
When client requests document it can also send back cookie with request
7 Cookies : 7 Cookies Some Details
Server sends ‘Set-Cookie:’ header
NAME = VALUE is required
Parameters separated by semicolons (;)
Optional parameters
Expires=
When the cookie ceases to be (crumbles)
If not set then expiry is end of browser process
Domain=
Site to send cookie back to
Path=
What file (directory) it applies to
Secure=
Do not send with unsecured protocol
7 Cookies : 7 Cookies Some More Details
Multiple set-cookie headers allowed
Cookies can overwrite each other
Expires times in the past are used to delete cookies
Limits:
300 cookies
4 Kb per cookie
20 cookies per server or domain
7 Cookies : 7 Cookies Examples from the draft specification
7 Cookies : 7 Cookies
7 Cookies and Perl (II) : 7 Cookies and Perl (II) To set a cookie using plain Perl
Set variable values to user input strings
Set cookie setup info
$expires – expiration date of cookie
$path – location on clients computer to store cookie
$server_domain – IP address of your server
print "set-cookie: "; …
set information to be stored in cookie using print statement
Repeat as needed to store all information in cookie
7 Cookies and Perl (III) : 7 Cookies and Perl (III) Internet Explorer stores cookies
Text file added to Temporary Internet Files directory
Filename: Cookie:administrator@ip.number
Slide82 : 1.1 Enter text instructions
2.1 Open FORM and define ACTION attribute
2.2 Insert and define INPUT fields
2.3 Insert INPUT submit button
2.4 Close FORM area
Slide83 : Script Output
Slide85 : Script Output
7 Cookies and Perl (IV) : 7 Cookies and Perl (IV) Cookies are read from client machine using Perl
Subroutine readCookies returns the information stored in cookies sent to client from server ip address
Information read with statement
$ENV{'HTTP_COOKIE'}
Cookie information can be read by
Storing information in hash array
Splitting fields
Displaying information
Display cookie output in table for organization
Slide87 : 1.1 use CGI standard library
1.2 print header
2.1 Call function readCookies to and store info in %cookie
3.1 Use foreach structure to output cookie info
4.1 Define function readCookies
4.2 Put cookie information into an array
Slide88 : 4.3 Split cookie entry names and values
4.4 Return information for output
Slide89 : Script Output
7 Cookies and CGI.pm : 7 Cookies and CGI.pm use CGI qw(:standard);
my $cookie = cookie(-name=>'regular',
-value=>'chip');
print header(-cookie=>$cookie);
---------------------------------------
Set-cookie: regular=chip
Content-type: text/html
Examples