1 / 31

15 – Web applications: Server-side code (ASP)

15 – Web applications: Server-side code (ASP). Session Aims & Objectives. Aims To introduce the fundamental ideas involved in server-side code Objectives, by end of this week’s sessions, you should be able to: create an asp web-page, including: HTML, and server-side VB script.

kelli
Download Presentation

15 – Web applications: Server-side code (ASP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 15 – Web applications:Server-side code (ASP)

  2. Session Aims & Objectives • Aims • To introduce the fundamental ideas involved in server-side code • Objectives,by end of this week’s sessions, you should be able to: • create an asp web-page, including: • HTML, and • server-side VB script

  3. Example: Logon (analysis) • SPECIFICATION • User Requirements • protection from fraud and invasion of privacy • Software Requirements • Functional: • logon page, user must type name and password • following pages can only be accessed after successful logon • Non-functionalshould be very difficult to hack • hotmail, Amazon, University portal, utility bills (gas, electricity, phone, internet), Travel (flights, ferry, car rental)

  4. Example: Logon (design) • Restrict access tohome page

  5. Example: Logon (code v1) Logon.htm • Using Client-side VB Script <html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="msg"></p> </body> </html> <script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft131" Then window.navigate "home.htm" Else msg.innerText = "Login details incorrect." End If End Sub </script> Home.htm <html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body> </html>

  6. Example: Login (Problem) • View Source – shows client-side script: Reveals bothusername & password

  7. Web Hardware and Software network connection Client Server Browser Application (MS Explorer, FireFox, Opera) Web-server Application (MS IIS, Apache)

  8. Request-Response Cycle Request Web-server Application (MS IIS, Apache) Browser Application (MS Explorer, Firefox) Logon.htm Response <html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="msg"></p> </body> </html> <script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft131" Then window.navigate "home.htm" Else msg.innerText = "Login details incorrect." End If End Sub </script> Client-side code:Code sent to Client Interpreted by browser

  9. Server-side Script (what) • ASP – active server pages • code not sent to client • code secure (can't be viewed by client) • executed on server • takes time – request-response cycle • requires server software (e.g. IIS) • ASP pages will NOT work by double clicking on file

  10. Example: Date Date.aspx • ASP code: • .aspx (not .htm) • VB (not vbscript) • variables have type • Now is current date and time (on server) • runat="server" gives server code access to object <script language="VB" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub </script> <html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body> </html>

  11. Request-Response Cycle Request date.aspx Browser Application (MS Explorer, Firefox) Web-server Application (MS IIS, Apache) <script language="VB" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub </script> <html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body> </html> Response <html> <head><title>Today's Date</title></head> <body> <p id="parD">The date today is Mon 9 Feb 2009</p> <p id="parT">The time now is 00:57</p> </body> </html> Server-side code: run on server(never sent to Client)

  12. View Source • Code executed at server • code is never sent to client • View, Source – does not show code:

  13. Data Types • Variant – all types of data • slow, memory hungry • Boolean – true or false (on/off, yes/no) • Integer – whole numbers (-32768 to 32768) • Long – whole numbers (large) • Single – decimal numbers • Double – decimal numbers (more precise) • String – text • Object – object instances

  14. Data Type Selection • Number of e.g. 4 Integer/LongRooms • Height e.g. 1.87m Single/Double • Surname e.g. Smith String • Car Reg e.g. XY55 ABC String

  15. Using data types • Variable declaration Dim x As Long • Parameters Sub Thing(boo As String, y As Long) • Functions Function IsTall() As Boolean

  16. Question: Data types • Declare a variable to store: • an animal's weight in kg (e.g. 34.6) • whether a person has a driving licence or not • the title of a book • a phone number (e.g. 01752 586225) Dim weight As Double Dim licence As Boolean Dim title As String Dim phone As String

  17. Example: AddNum (client-side) AddNum.htm <html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body> </html> <script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub </script>

  18. Example: AddNum (server-side) AddNum.aspx • input tags inside form • submit button:refreshes page (sending data to server) <script language="VB" runat="server"> Sub Page_Load() Dim N1 As Double Dim N2 As Double If Request.Form("btnAdd") > "" Then N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End If End Sub </script> <html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server" /> <p id="parRes" runat="server"></p> </form> </body> </html> • If btnAdd clicked

  19. Client-side vs. Server-side Code AddNum.htm AddNum.aspx <html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body> </html> <script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub </script> <script language="VB" runat="server"> Sub Page_Load() Dim N1 As Double Dim N2 As Double If Request.Form("btnAdd") > "" Then N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End If End Sub </script> <html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server" /> <p id="parRes" runat="server"></p> </form> </body> </html> Both use VB Script language (i.e. Sub, If, Dim, For, etc.)

  20. Example: Apples Apples.aspx <script runat="server" language="VB"> Sub Page_Load() If Request.Form("btnGo") > "" Then parRes.InnerHtml = parRes.InnerHtml & "<img src='Apple.gif' />" End If End Sub </script> <html> <head><title>Apples</title></head> <body> <form runat="server"> <input id="btnGo" type="submit" value="Go" runat="server" /> <p id="parRes" runat="server"></p> </form> </body> </html>

  21. Errors <script language="vbscript" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub parD.innerText = "" </script> <html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT"></p> </body> </html> vbscript cannot run at server (should be VB) Declaration expected(assignment must be in sub) parT is undefined(should have runat="server")

  22. Running your ASP pages • within Visual Studio • Run (play) button (F5) • only available to you on development PC • using Internet Information Services (IIS) • makes PC a server • page available to all computers on internet

  23. IIS - Installing Add/RemoveWindowsComponents IIS • IIS / personal web server on Windows CDStart, Settings, Control Panel, Add/Remove Programs

  24. IIS: Enabling/Disabling • Start, Settings, Control Panel, Administrative Tools, Internet Services Manager Stop Start

  25. IIS: Exposing pages • Put ASP pages in: • C:\INetPub\wwwRoot(this part of hard disk exposed to outside world) • Execute pages by putting: • localhost(in web browser, e.g. IE, means local machine) • ASP pages don't work by double-clicking

  26. IIS – Date.asp C:\INetPub\wwwRoot\Date.aspx localhost/test/date.aspx

  27. Tutorial Exercise: Login (client-side) • LEARNING OBJECTIVE:see how vulnerable client-side code is • Task 1: Get the Login (v1) example from the lecture working. • Task 2: Use view source – you should be able to see the code.

  28. Tutorial Exercise: Date • LEARNING OBJECTIVE:create an ASP page, including HTML and server-sideVB Script • Task 1: Get the Date example from the lecture working. • Task 2: Add code that displays good morning/afternoon/evening/night, depending on the time of day.

  29. Tutorial Exercise: Student Loan • LEARNING OBJECTIVE:create an ASP page, including HTML and server-sideVB Script from scratch to solve a problem • Task 1: Create a web page that allows the user to enter their salary and the computer calculates the annual and monthly payments for their student loan.Hint: Use your client-side code (from term 1), and the AddNum example from the lecture.

  30. Tutorial Exercise: Login (client-side) • LEARNING OBJECTIVE:create an ASP page, including HTML and server-sideVB Script from scratch to solve a problem • Task 1: Create a login page that uses server-side code to check the username and password entered by the user.Hint: Use the AddNum example as inspiration. Hint2: Use the following code to send the user to the homepage: Response.Redirect("Home.htm") • Task 2: Use view source – you should NOT be able to see the code.

  31. Tutorial Exercise: Apples • LEARNING OBJECTIVE:use variables with specific data types in ASP code • Task 1: Get the apples example (from the lecture) working. • Task 2: Modify your program so that the user enters a number, and the code adds that number of apple images. • Task 3: Modify your program so that the user enters another number, and the code adds a new line tag for that number of apples. Hint: Within the loop divide the number of apples by the second number, if the result is a whole number add a new line tag.

More Related