Understanding CGI in E-Business Web Development

CGI, SSI, ASP and PHP The Common Gateway Interface E-Commerce Prof. Sheizaf Rafaeli

E-Busainess, Sheizaf Rafaeli

CGI E-Busainess, Sheizaf Rafaeli

How CGI Works • Recall discussion of clients vs. servers • The Common Gateway Interface (CGI) • is an agreement between HTTP server implementors about how to integrate such gateway scripts and programs • CGI programs are scripts written for the http server (httpd) • The specs for CGI (1.1 and 1.2) are at http://www.w3.org/hypertext/WWW/CGI/ E-Busainess, Sheizaf Rafaeli

Normal HTML vs. CGI • With Normal HTML, your browser receives HTML, and decodes it for presentation. Your browser also sends regular URL (pointer requests). • With CGI, your browser sends • PUT or GET • something else, not regular URL, • call for a program E-Busainess, Sheizaf Rafaeli

How CGI scripts work (2) • Your browser decodes the first part of the URL and contacts the server. • Your browser supplies the remainder of the URL to the server. • The server translates the URL into a path and file name. • The server realizes that the URL points to a program instead of a static file. E-Busainess, Sheizaf Rafaeli

How CGI scripts work (3) • The server prepares the environmentand launches the script. • The script executes and reads the environment variables and STDIN. • The script sends the proper MIME headers to STDOUT for the forthcoming content. • The script sends the rest of its output to STDOUT and terminates. E-Busainess, Sheizaf Rafaeli

How CGI scripts work (4) • Non-parsed Header (nph) scripts can bypass the server, sending stuff directly back to the browser • The server notices that the script has finished and closes the connection to your browser. NOTE: stateless, connectionless • Your browser displays the output from the script. E-Busainess, Sheizaf Rafaeli

Where CGI scripts live • CGI programs can reside anywhere, provided the location is recognized by the http server • “Anywhere” means on same machine or other, same directories or other • Best if set apart from document structure • Usually should be better protected, for fame, security, property reasons E-Busainess, Sheizaf Rafaeli

Programming Languages in CGI • Perl and C, C++ are the most common • Visual Basic and Java rapidly catching up • Many others used too • ASP, PHP, SSI • Tension (choice) between compiled vs. interpreted • Dimensions: • Portability, • Ease of learning, debugging • Speed, efficiency E-Busainess, Sheizaf Rafaeli

CGI vs. API and server specific technologies • API is emerging as one alternative to CGI • Less portable (not “common”) • “Behind” the server (httpd) • API more efficient, less compliant • Examples: Netscape ONE, Microsoft WindowsDNA, Oracle and others E-Busainess, Sheizaf Rafaeli

Calling a CGI script • CGI scripts can be invoked in a variety of ways. They can be called from • The <FORM> tag • <FORM METHOD=POST ACTION="/cgi-bin/myprogram.cgi"> • The anchor <A> tag • <A HREF="/cgi-bin/clicked.pl">Click Here</A> • The image <IMG> tag • <IMG SRC="/cgi-bin/cgi-image"> • As server side includes •  E-Busainess, Sheizaf Rafaeli

ASP, SSI and PHP alternatives • SSI (Server Side Includes): SSI lets you embed a number of special 'commands' into the HTML itself. When the server reads an SSI document, it looks for these commands and performs the necessary action. • PHP is a server-side scripting language. Like ASP, PHP script is processed by the Web server. After the server plays with the PHP code, it returns plain old HTML back to the browser. E-Busainess, Sheizaf Rafaeli

SSI and PHP alternatives • PHP HTML Embedding • SGML style: <? code ?> • XML style: <?php code ?> • ASP style: <% code %> • Javascript style: <script language="php">code</script> • <HTML><HEAD><TITLE>Search results for "<?php print $query; ?>"</TITLE></HEAD><BODY> E-Busainess, Sheizaf Rafaeli

The simplest (and available)Server-Side include • The basic format for the server-side include is as follows: •  • Possible SSI commands : • config, echo, include, exec , fsize , flastmod •  •  • Depends on server configuration • BEWARE!!! •  E-Busainess, Sheizaf Rafaeli

SSI example <HTML> <BODY> hello <BR>  <BR>This file is pretty big! it is   bytes <BR> or, in short   bytes <BR>  ò </BODY> </HTML> http://www-personal.umich.edu/~sheizaf/ssi.html hello ssi.html This file is pretty big! it is 326 bytes or, in short 1k bytes hello again! E-Busainess, Sheizaf Rafaeli

Some ASP examples • Hello world (see next slide) • Greeting, Session and Timehttp://elab-nt1.bus.umich.edu/sheizaf/Session_variables.asp • Environment Variableshttp://elab-nt1.bus.umich.edu/sheizaf/aspenvironment.asp(see slide) • Database Examplehttp://elab-nt1.bus.umich.edu/sheizaf/ASPDatabase.asp E-Busainess, Sheizaf Rafaeli

Hello, ASP World!My first script was created 7/24/00 E-Busainess, Sheizaf Rafaeli

E-Busainess, Sheizaf Rafaeli

The Form • The <FORM> tag is used to define the HTML to be used for user input • Most HTML calls CGI using forms • The tag's attributes specify • the program's name and location either locally or as a full URL • the type of encoding being used, • what method is being used to transfer the data • <FORM ACTION="url" METHOD=[POST|GET] ENCTYPE="..."> E-Busainess, Sheizaf Rafaeli

Each <INPUT> tag identifies TYPE of area, has a NAME, and could have a VALUE. Types include: text, checkbox, password reset and submit Textarea and Select are special cases For example: <INPUT TYPE="text" NAME="user" VALUE="Donald" SIZE=30> Elements in a formsee http://www.umich.edu/~cisdept/Grad/CIS742/cgi.forms.html E-Busainess, Sheizaf Rafaeli

Elements in a form (2) • Text areas are invoked using : • <TEXTAREA NAME=”yourwords" ROWS=10 COLS=50> • Selection menus are invoked using <SELECT NAME="Toppings" SIZE=4 MULTIPLE> <OPTION SELECTED>Cinnamon <OPTION>Cocoa <OPTION>Nutmeg <OPTION>Cloves <OPTION>Allspice <OPTION>Shaved Dark Chocolate <OPTION>Paprika </SELECT> E-Busainess, Sheizaf Rafaeli

Environment Variablesavailable to the CGI program • Remember that this is sessionless or “connectionless” • But: various pieces of information about: • the browser (type, what it can view, the remote host name etc) • the server (name and version, the port its running on, and so on) • and the CGI program itself (the program name and where it's located). • The server provides all of this information to the CGI program through environment variables. E-Busainess, Sheizaf Rafaeli

A simple environment variables program • ENVIRONMENT.PL: • #!/usr/local/bin/perlprint "Content-type: text/html\n\n";print "<html> <head>\n";print "<title>CGI Environment</title>\n"; print "</head>\n";print "<body>\n";print "<h1>CGI Environment</h1>\n"; foreach $env_var (keys %ENV) { print "<B>$env_var</B> = $ENV{$env_var}<BR>\n"; }print "</body> </html>\n"; E-Busainess, Sheizaf Rafaeli

A simple environment variables program (2) • Try running directly • http://cis519.bus.umich.edu/cgi-bin/environment.pl • And try submitting from a form: • http://www.umich.edu/~cisdept/Grad/CIS742/try.env.html E-Busainess, Sheizaf Rafaeli

The FORM HTML <HTML> <BODY> <H3>Here is a post button</H3> <FORM ACTION= "http://cobb.bus.umich.edu:443/cgi-bin/cis742/environment.pl" METHOD=POST> <INPUT TYPE="submit" NAME="action" VALUE="POST the command to get environment variables"> </FORM> <P> <H3>And here is a Get button</H3> <FORM ACTION="http://cobb.bus.umich.edu:443/cgi-bin/cis742/environment.pl” METHOD=GET> <INPUT TYPE="submit" NAME="action" Value="GET environment variables"> </FORM> </BODY> </HTML> E-Busainess, Sheizaf Rafaeli

CGI and Security • Secure the machine (telnet and other access) • Secure the Web-server (daemon) • Secure the location of the cgi scripts (write and read access) • Then: • Your program should do what you want and nothing more. • Don't give client more information than it needs to know. • Don't trust the client to give you the proper information. • Minimize potential damage if break-in does occur E-Busainess, Sheizaf Rafaeli

CGI and Security (2) • Generally, compiled preferable over interpreted • Beware of buffer flow (pointer after-effect) • Encrypting incoming and / or outgoing messages: • SSL • SHTTP E-Busainess, Sheizaf Rafaeli

CGI and Securityhopefully… E-Busainess, Sheizaf Rafaeli

CGI and client side processing E-Busainess, Sheizaf Rafaeli

“Packaged” CGI scripts (1) • There are thousands of scripts available • Try, for instance: • http://www.scriptsearch.com • http://bignosebird.com • http://www.tucows.com • CGI programming libraries are important for : • parsing • output E-Busainess, Sheizaf Rafaeli

“Packaged” CGI scripts (2) “ready made” • Like other providers, the UofM denies most users access to CGI directories • However, like many providers, UofM allows use of “prepackaged” applications. These include: • Finger, HtMail (forms-to-email), Imagemap, Swishgate, Counter, Survey, Guestbook (and loggate) • See http://www.umich.edu/~websvcs/umweb/wwwcgi.html E-Busainess, Sheizaf Rafaeli

“Hosted”, remotely hosted CGI services • Often as simple as cutting and pasting some html into your pages. Sometimes require registration. Ranging from quizzes, "quote of the day" programs, to advanced affiliate programs and advertising systems. • See, e.g., at: • http://www.hostedscripts.com • http://www.remotelyhosted.com E-Busainess, Sheizaf Rafaeli

Understanding CGI in E-Business Web Development

Understanding CGI in E-Business Web Development

Presentation Transcript

Animation and CGI

CGI

CGI

CGI

MySql, CGI, PHP, XML, RE, CSS

CGI and AJAX

CGI and ICM

CGI

Hypothermia and SSI

PHP/ASP

CGI

CGI vs ASP