340 likes | 357 Views
Learn how to create dynamic content with Perl CGI scripts. Explore CGI module, processing parameters, and HTML components. Set up scripts and execute them for interactive web pages. Discover the power of Perl in CGI scripting.
E N D
itec 400Perl CGI George Vaughan Franklin University
Topics • Perl CGI • CGI • CGI Scripts in Apache • Perl CGI Module (CGI.pm) • Processing Parameters • Tag Attributes • Other HTML Components • Linux Network Services • xinetd • sshd
CGI • CGI Stands for ‘Common Gateway Interface’ • HTML files on the server provide ‘static’ content. • CGI scripts are one of several techniques for providing dynamic content. • CGI scripts can be used for transaction processing on the Web.
CGI • CGI scripts are programs that run on the server. • CGI scripts generate context sensitive HTML output which is then sent to the browser. • CGI scripts can process user requests or parameters sent form the browser to the server.
Perl CGI Scripts • CGI scripts can be written in a variety of languages, including Shell and Perl. • Perl is the preferred language for writing CGI scripts due to its text processing power. • The script prints strings to standard out. These strings usually contain HTML tags and web content. • Strings can get complicated since HTML tags also use punctuation such as double quotes.
Perl CGI Module (CGI.pm) • You do not need the Perl CGI module (CGI.pm) to write CGI script in Perl. • However, CGI.pm provides a lot of CGI support to Perl scripts, such as: • Environment information • Form Input • File Uploads • HTML generation • Error Handling • We will see some of these features in upcoming examples…
Creating CGI Scripts • On Einstein, you can execute CGI scripts within your home directory. • Set up the the following directories, as follows: • cd $HOME • mkdir public_html • chmod 705 public_html • cd $HOME/public_html • mkdir itec400 • chmod 705 itec400 • cd $HOME/public_html/itec400 • mkdir CGI • chmod 705 CGI • You will place your CGI scripts in this CGI directory. • If you have a scripts named myScript.cgi in the CGI directory, you can execute them by typing the following URL in your browser: http://cs.franklin.edu/~your-login-id/itec400/CGI/myScript.cgi • For example, since my login id is ‘vaughang’, I would use: http://cs.franklin.edu/~vaughang/itec400/CGI/myScript.cgi
examples • In the next several slides we will study examples: ex1420.cgi and ex1420.cgi • ex1410.cgi is an example of using the object-oriented interface of the CGI module. • ex1420.cgi is an example of using the function-oriented interface of the CGI module. • Although the function-oriented interface is cleaner, you only have access to the default CGI object. • With the object-oriented interface you can have many CGI objects simultaneously. • CGI objects may also be saved in files or databases to preserve state.
0001: #!/usr/bin/perl -w 0002: 0003: use CGI; 0004: 0005: $cgi = new CGI; 0006: $time = localtime; 0007: 0008: print $cgi->header, 0009: $cgi->start_html("George's World"), 0010: $cgi->h1("Hello World!"), 0011: $cgi->h1("Local Server Time:"), 0012: $cgi->h1("$time"), 0013: $cgi->end_html; Notes: Line 3: Use the CGI perl module Line 5: Instantiant an object of type CGI Line 6: Get local time Line 8-13: Big print statement Line 8: generate HTML for header. Line 9: Generate HTML for title Lines 10-12: Generate HTML for level 1 header Line 13: Generate HTML to complete web page ex1410.cgi
ex1410.cgi • Generated HTML from ex1410.cgi 0001: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> 0002: <html><head><title>George's World</title> 0003: </head><body> 0004: <h1>Hello World!</h1> 0005: <h1>Local Server Time:</h1> 0006: <Sun Dec 5 20:14:35 2004</h1> 0007: </body></html>
0001: #!/usr/bin/perl -w 0002: 0003: use CGI ":standard"; 0004: 0005: $time = localtime; 0006: 0007: print header, 0008: start_html("George's World"), 0009: h1("Hello World!"), 0010: h1("Local Server Time:"), 0011: h1("$time"), 0012: end_html; Line 3: Use the CGI module with the “function-oriented” interface. This code produces the same results as ex1410.cgi ex1420.cgi
Processing Parameters • With CGI.pm, we can process URL parameters that have been submitted to us from the browser. • We can read the value of a parameter named ‘myParam’: $value = param(“myParam”); • The next example illustrates this…
ex1430.cgi • When I first go to the web page, this is what I see • The CGI script has a text field for me to type in the login Name.
ex1430.cgi • In this example, I type ‘apache’ as an example and press the enter key.
ex1430.cgi • The CGI script produces a listing of all processes owned by user ‘apache’
0001 #!/usr/bin/perl -w 0002 0003 use CGI; 0004 0005 use CGI ":standard"; 0006 0007 print header, 0008 start_html("ex1430"), 0009 h1("Active Processes for A User"), 0010 start_form, 0011 "Login Name: ", 0012 textfield("logname"), 0013 submit, 0014 end_form, 0015 hr; 0016 Line 10: Create form Line 12: Create an input field Line 13: Create a submit button Line 14: End the form Line 15: Generate a horizontal rule ex1430.cgi
0017 if ($logname = param("logname")) { 0018 open(PS_LIST, "ps -ef | egrep ^$logname |"); 0019 while ($line=<PS_LIST>) { 0020 print $line, p; 0021 } 0022 print hr; 0023 } Line 17: Test if ‘logname’ was set Line 18: Create an input pipe Line 19: print each line, followed by a new paragraph Line 22: print another horizontal rule. ex1430.cgi
Tag Attributes • Many HTML Tags have attribute-value pairs within the tag itself, example: <H1 ALIGN=“LEFT”>Hello World!</H1> • Such a tag can be generated by invoking the following CGI member function: h1({-align=>left}, “Hello World!”) • Curly braces are used to distinguish between attributes and contents.
Other HTML Components • CGI.pm provides functions for creating: • check boxes • groups of check boxes • groups of radio buttons • scrolling lists • pop-up menus • The next example, ex1440.cgi illustrates the use of radio buttons with CGI.pm…
ex1440.cgi • When I go to the web page, the CGI script generates a text field for me to enter a decimal number
ex1440.cgi • When I enter the decimal number ‘123456’ and press the ENTER key, the CGI script produces the following result…
0001 #!/usr/bin/perl -w 0002 0003 use CGI; 0004 0005 use CGI ":standard"; 0006 0007 print header, 0008 start_html("ex1440"), 0009 h1({-align=>center}, 0010 "Number Converter"), 0011 start_form, 0012 "Decimal Number: ", 0013 textfield("number"), 0014 p, 0015 radio_group( 0016 -name=>'base', 0017 -values=>['octal','hex'], 0018 -default=>'hex'), Line 8: Create a centered, level 1 header Line 15: create a group of radio buttons: button group name= base 2 buttons default button is ‘hex’ ex1440.cgi
0019 p, 0020 submit, 0021 end_form, 0022 hr; 0023 0024 if ($number = param("number")) { 0025 $base = param("base"); 0026 if ($base eq "hex") { 0027 printf("%d (dec) = %x (hex)", 0028 $number, $number); 0029 } 0030 else { 0031 printf("%d (dec) = %o (octal)", 0032 $number, $number); 0033 } 0034 print hr; 0035 } Line 24: Only process request if user entered a number. Line 26: based on radio button selection, print value either in hex or octal. ex1440.cgi
Linux Network Services • The following discussion is based on Red Hat 9.0 (may be applicable to other distributions) • Focus will be on telnet and ftp
xinetd • Historically, each network service is supported by its own daemon process or processes. • A telnet daemon would support the telnet service, the ftp daemon would support the ftp process, etc. • Many daemons are running, often not being used. • Each service had to worry about security from the point of connection
xinetd • inetd (precursor to xinetd) was created to address the issue of the abundance of network service daemons. • inetd was designed to listen on ports for network service requests. • when a request arrived at a port, inetd would fork the appropriate process (ftp, telnet, etc) to service the request. • Therefore services like ftp, telnet, etc were no longer daemons - they are now transient processes.
xinetd • xinetd stands for eXtended InterNET services Daemon. • Created by Panos Tsirigotis at the University of Colorado. • More secure than inetd - designed to prevent Denial of Service attacks. • Can control access by: • address of remote host • time of access • name of remote host • domain of remote host • xinetd is sometimes referred to as the “super-server”.
0001: # 0002: # Simple configuration file for xinetd 0003: # 0004: # Some defaults, and include /etc/xinetd.d/ 0005: 0006: defaults 0007: { 0008: instances = 60 0009: log_type = SYSLOG authpriv 0010: log_on_success = HOST PID 0011: log_on_failure = HOST 0012: cps = 25 30 0013: } 0014: 0015: includedir /etc/xinetd.d 0016: xinetd is the name of the daemon process. xinetd config file: /etc/xinetd.conf instances: max number of simultaneous servers for a given service cps: first number is max connections per second second number is number of seconds to wait before re-enabling service after cps has been exceeded. xinetd.conf
xinetd.d • In addition to having a config file for the xinetd daemon itself, each supported service (ftp, telnet, etc) has its own config file in /etc/xinetd.d [root@localhost xinetd.d]# ls amanda cups-lpd eklogin ipop3 pop3s services time amandaidx daytime finger klogin rexec sgi_fam time-udp amidxtape daytime-udp gssftp krb5-telnet rlogin swat chargen dbskkd-cdb imap kshell rsh talk chargen-udp echo imaps ktalk rsync telnet comsat echo-udp ipop2 ntalk servers tftp
xinetd.d • Example: What follows is the configuration file for telnet: 0001: # default: on 0002: # description: The telnet server serves telnet sessions; it uses \ 0003: # unencrypted username/password pairs for authentication. 0004: service telnet 0005: { 0006: flags = REUSE 0007: socket_type = stream 0008: wait = no 0009: user = root 0010: server = /usr/sbin/in.telnetd 0011: log_on_failure += USERID 0012: disable = no 0013: } 0014:
SSHD • SSHD - OpenSSH SSH daemon • replaces rsh and rlogin • forks a new sshd daemon for each new connection • communication is encrypted • used on einstein and can comes configured on RedHat 9.0
SSHD • SSHD supports: • ssh • similar to telnet • client uses tool like putty (Windows), ssh (Linux/Unix) • secure ftp • similar to ftp • client uses tool like winscp2 (Windows), sftp (Linux, Unix)
References • CGI Programming with Perl by Scott Guelich, Shishir Gundavarum, and Gunther Birznieks, 2000. • http://www.perldoc.com/perl5.6.1/lib/CGI.html • http://www.xinetd.org/faq.html • http://www.linuxfocus.org/English/November2000/article175.shtml • http://www.macsecurity.org/resources/xinetd/tutorial.shtml • http://www.bgw.org/tutorials/operating_systems/linux/inetd_tour.php3