CGI, SSI, ASP and PHP

CGI, SSI, ASP and PHP The Common Gateway Interface E-Commerce Prof. Sheizaf Rafaeli

E-Busainess, Sheizaf Rafaeli

CGI E-Busainess, Sheizaf Rafaeli

How CGI Works • Recall discussion of clients vs. servers • The Common Gateway Interface (CGI) • is an agreement between HTTP server implementors about how to integrate such gateway scripts and programs • CGI programs are scripts written for the http server (httpd) • The specs for CGI (1.1 and 1.2) are at http://www.w3.org/hypertext/WWW/CGI/ E-Busainess, Sheizaf Rafaeli

Normal HTML vs. CGI • With Normal HTML, your browser receives HTML, and decodes it for presentation. Your browser also sends regular URL (pointer requests). • With CGI, your browser sends • PUT or GET • something else, not regular URL, • call for a program E-Busainess, Sheizaf Rafaeli

How CGI scripts work (2) • Your browser decodes the first part of the URL and contacts the server. • Your browser supplies the remainder of the URL to the server. • The server translates the URL into a path and file name. • The server realizes that the URL points to a program instead of a static file. E-Busainess, Sheizaf Rafaeli

How CGI scripts work (3) • The server prepares the environmentand launches the script. • The script executes and reads the environment variables and STDIN. • The script sends the proper MIME headers to STDOUT for the forthcoming content. • The script sends the rest of its output to STDOUT and terminates. E-Busainess, Sheizaf Rafaeli

How CGI scripts work (4) • Non-parsed Header (nph) scripts can bypass the server, sending stuff directly back to the browser • The server notices that the script has finished and closes the connection to your browser. NOTE: stateless, connectionless • Your browser displays the output from the script. E-Busainess, Sheizaf Rafaeli

Where CGI scripts live • CGI programs can reside anywhere, provided the location is recognized by the http server • “Anywhere” means on same machine or other, same directories or other • Best if set apart from document structure • Usually should be better protected, for fame, security, property reasons E-Busainess, Sheizaf Rafaeli

Programming Languages in CGI • Perl and C, C++ are the most common • Visual Basic and Java rapidly catching up • Many others used too • ASP, PHP, SSI • Tension (choice) between compiled vs. interpreted • Dimensions: • Portability, • Ease of learning, debugging • Speed, efficiency E-Busainess, Sheizaf Rafaeli

CGI vs. API and server specific technologies • API is emerging as one alternative to CGI • Less portable (not “common”) • “Behind” the server (httpd) • API more efficient, less compliant • Examples: Netscape ONE, Microsoft WindowsDNA, Oracle and others E-Busainess, Sheizaf Rafaeli

Calling a CGI script • CGI scripts can be invoked in a variety of ways. They can be called from • The <FORM> tag • <FORM METHOD=POST ACTION="/cgi-bin/myprogram.cgi"> • The anchor <A> tag • <A HREF="/cgi-bin/clicked.pl">Click Here</A> • The image <IMG> tag • <IMG SRC="/cgi-bin/cgi-image"> • As server side includes •  E-Busainess, Sheizaf Rafaeli

ASP, SSI and PHP alternatives • SSI (Server Side Includes): SSI lets you embed a number of special 'commands' into the HTML itself. When the server reads an SSI document, it looks for these commands and performs the necessary action. • PHP is a server-side scripting language. Like ASP, PHP script is processed by the Web server. After the server plays with the PHP code, it returns plain old HTML back to the browser. E-Busainess, Sheizaf Rafaeli

SSI and PHP alternatives • PHP HTML Embedding • SGML style: <? code ?> • XML style: <?php code ?> • ASP style: <% code %> • Javascript style: <script language="php">code</script> • <HTML><HEAD><TITLE>Search results for "<?php print $query; ?>"</TITLE></HEAD><BODY> E-Busainess, Sheizaf Rafaeli

The simplest (and available)Server-Side include • The basic format for the server-side include is as follows: •  • Possible SSI commands : • config, echo, include, exec , fsize , flastmod •  •  • Depends on server configuration • BEWARE!!! •  E-Busainess, Sheizaf Rafaeli

SSI example <HTML> <BODY> hello <BR>  <BR>This file is pretty big! it is   bytes <BR> or, in short   bytes <BR>  ò </BODY> </HTML> http://www-personal.umich.edu/~sheizaf/ssi.html hello ssi.html This file is pretty big! it is 326 bytes or, in short 1k bytes hello again! E-Busainess, Sheizaf Rafaeli

Some ASP examples • Hello world (see next slide) • Greeting, Session and Timehttp://elab-nt1.bus.umich.edu/sheizaf/Session_variables.asp • Environment Variableshttp://elab-nt1.bus.umich.edu/sheizaf/aspenvironment.asp(see slide) • Database Examplehttp://elab-nt1.bus.umich.edu/sheizaf/ASPDatabase.asp E-Busainess, Sheizaf Rafaeli

Hello, ASP World!My first script was created 7/24/00 E-Busainess, Sheizaf Rafaeli

E-Busainess, Sheizaf Rafaeli

The Form • The <FORM> tag is used to define the HTML to be used for user input • Most HTML calls CGI using forms • The tag's attributes specify • the program's name and location either locally or as a full URL • the type of encoding being used, • what method is being used to transfer the data • <FORM ACTION="url" METHOD=[POST|GET] ENCTYPE="..."> E-Busainess, Sheizaf Rafaeli

Each <INPUT> tag identifies TYPE of area, has a NAME, and could have a VALUE. Types include: text, checkbox, password reset and submit Textarea and Select are special cases For example: <INPUT TYPE="text" NAME="user" VALUE="Donald" SIZE=30> Elements in a formsee http://www.umich.edu/~cisdept/Grad/CIS742/cgi.forms.html E-Busainess, Sheizaf Rafaeli

Elements in a form (2) • Text areas are invoked using : • <TEXTAREA NAME=”yourwords" ROWS=10 COLS=50> • Selection menus are invoked using <SELECT NAME="Toppings" SIZE=4 MULTIPLE> <OPTION SELECTED>Cinnamon <OPTION>Cocoa <OPTION>Nutmeg <OPTION>Cloves <OPTION>Allspice <OPTION>Shaved Dark Chocolate <OPTION>Paprika </SELECT> E-Busainess, Sheizaf Rafaeli

Environment Variablesavailable to the CGI program • Remember that this is sessionless or “connectionless” • But: various pieces of information about: • the browser (type, what it can view, the remote host name etc) • the server (name and version, the port its running on, and so on) • and the CGI program itself (the program name and where it's located). • The server provides all of this information to the CGI program through environment variables. E-Busainess, Sheizaf Rafaeli

A simple environment variables program • ENVIRONMENT.PL: • #!/usr/local/bin/perlprint "Content-type: text/html\n\n";print "<html> <head>\n";print "<title>CGI Environment</title>\n"; print "</head>\n";print "<body>\n";print "<h1>CGI Environment</h1>\n"; foreach $env_var (keys %ENV) { print "<B>$env_var</B> = $ENV{$env_var}<BR>\n"; }print "</body> </html>\n"; E-Busainess, Sheizaf Rafaeli

A simple environment variables program (2) • Try running directly • http://cis519.bus.umich.edu/cgi-bin/environment.pl • And try submitting from a form: • http://www.umich.edu/~cisdept/Grad/CIS742/try.env.html E-Busainess, Sheizaf Rafaeli

The FORM HTML <HTML> <BODY> <H3>Here is a post button</H3> <FORM ACTION= "http://cobb.bus.umich.edu:443/cgi-bin/cis742/environment.pl" METHOD=POST> <INPUT TYPE="submit" NAME="action" VALUE="POST the command to get environment variables"> </FORM> <P> <H3>And here is a Get button</H3> <FORM ACTION="http://cobb.bus.umich.edu:443/cgi-bin/cis742/environment.pl” METHOD=GET> <INPUT TYPE="submit" NAME="action" Value="GET environment variables"> </FORM> </BODY> </HTML> E-Busainess, Sheizaf Rafaeli

CGI and Security • Secure the machine (telnet and other access) • Secure the Web-server (daemon) • Secure the location of the cgi scripts (write and read access) • Then: • Your program should do what you want and nothing more. • Don't give client more information than it needs to know. • Don't trust the client to give you the proper information. • Minimize potential damage if break-in does occur E-Busainess, Sheizaf Rafaeli

CGI and Security (2) • Generally, compiled preferable over interpreted • Beware of buffer flow (pointer after-effect) • Encrypting incoming and / or outgoing messages: • SSL • SHTTP E-Busainess, Sheizaf Rafaeli

CGI and Securityhopefully… E-Busainess, Sheizaf Rafaeli

CGI and client side processing E-Busainess, Sheizaf Rafaeli

“Packaged” CGI scripts (1) • There are thousands of scripts available • Try, for instance: • http://www.scriptsearch.com • http://bignosebird.com • http://www.tucows.com • CGI programming libraries are important for : • parsing • output E-Busainess, Sheizaf Rafaeli

“Packaged” CGI scripts (2) “ready made” • Like other providers, the UofM denies most users access to CGI directories • However, like many providers, UofM allows use of “prepackaged” applications. These include: • Finger, HtMail (forms-to-email), Imagemap, Swishgate, Counter, Survey, Guestbook (and loggate) • See http://www.umich.edu/~websvcs/umweb/wwwcgi.html E-Busainess, Sheizaf Rafaeli

“Hosted”, remotely hosted CGI services • Often as simple as cutting and pasting some html into your pages. Sometimes require registration. Ranging from quizzes, "quote of the day" programs, to advanced affiliate programs and advertising systems. • See, e.g., at: • http://www.hostedscripts.com • http://www.remotelyhosted.com E-Busainess, Sheizaf Rafaeli

CGI, SSI, ASP and PHP

CGI, SSI, ASP and PHP

Presentation Transcript

Animation and CGI

CGI

CGI

CGI

MySql, CGI, PHP, XML, RE, CSS

CGI and AJAX

CGI and ICM

CGI

Hypothermia and SSI

PHP/ASP

CGI

CGI vs ASP