CGI Programming

CGI Programming • CGI.pm • Creating HTML pages with Perl • Forms processing • A general Web front end for Perl programs Some of These Slides Were Based on Previous Material by John Grefenstette BINF634 FALL 2013 - CGI PROGRAMMING

Web programming • Many web pages are static text files containing HTML (hypertext markup language) tags that tell the Browser how to display the page Browser(client) Web Server BINF634 FALL 2013 - CGI PROGRAMMING

<HTML> <HEAD> <TITLE>BINF 634. Bioinformatics Programming, Test Data 1</TITLE> </HEAD> <BODY bgcolor="#ffffff"> BINF 634 - Spring 2008 Test data and sample output for Programming Assignment 1: % seqstat.pl test1.fsa > test1.out Input: <a href="test1.fsa">test1.fsa</a> Output: <a href="test1.out">test1.out</a> % seqstat.pl test2.fsa > test2.out Input: <a href="test2.fsa">test2.fsa</a> Output: <a href="test2.out">test2.out</a> % seqstat.pl test3.fsa > test3.out Input: <a href="test3.fsa">test3.fsa</a> Output: <a href="test3.out">test3.out</a> % seqstat.pl H_influenzae.fsa > H_influenzae.out Input: <a href="H_influenzae.fsa">H_influenzae.fsa</a> Output: <a href="H_influenzae.out">H_influenzae.out</a> </BODY> </HTML> BINF634 FALL 2013 - CGI PROGRAMMING

BINF634 FALL 2013 - CGI PROGRAMMING

Browser(client) Web Server Perl program Data Server CGI programming Internet user's machine binf.gmu.edu • Goal: Enable users to access your program over the web • Advantages: • Portable • No need to distribute code • Enable users to access remote databases BINF634 FALL 2013 - CGI PROGRAMMING

CGI programming Idea: • Write Perl programs that create HTML pages dynamically Steps: • Create HTML forms for user input • Get user input from forms • Run algorithm • Create new HTML to display output BINF634 FALL 2013 - CGI PROGRAMMING

CGI programming CGI.pm • Perl module written by Lincoln Stein • Contains subroutines for creating HTML • so you don’t need to remember HTML syntax • Includes forms, and standard widgets • text fields, radio buttons, pull down menus, file uploads, etc. • Documentation: http://perldoc.perl.org/CGI.html http://www.wiley.com/legacy/compbooks/stein/ BINF634 FALL 2013 - CGI PROGRAMMING

Simple cgi program • The web browser can be configured to treat programs in certain directories as CGI scripts • Put CGI scripts in ~/public_html/cgi-bin • Make the script executable: % cd ~/public_html/cgi-bin % chmod 755 hello #!/usr/bin/perl -w # File: hello use strict; use warnings; use CGI qw(:standard); # module to output HTML commands print header; print start_html("My first CGI"); print "Hello, world!"; print end_html; exit; BINF634 FALL 2013 - CGI PROGRAMMING

Debugging CGI Programs • Debugging CGI programs can be tricky • Warnings and fatal error's are sent to system logs • You normally don’t see these system logs • Solutions: • Always check for compilations errors before running in a browser: % perl -c cgi_program • Include CARP module to send fatal errors to browser use CGI::Carp qw/fatalsToBrowser/; BINF634 FALL 2013 - CGI PROGRAMMING

Some formatting #!/usr/bin/perl -w # File: format # declare we want to use the CGI module with standard function set use CGI qw(:standard); # set fatal error message to the browser window use CGI::Carp qw/fatalsToBrowser/; # more elaborate HTML print header; print start_html("Test cgi"); print h1('A Simple Example'); # h1 is a level 1 header (large) print p; # outputs a paragraph break print "Hello, world!", p, "This is a new paragraph.", p; print em("This is italics font."); # em puts text into italics (emphasis) print "This is normal font."; # br outputs a line break print "Notice you you need a br to make a line break", br, "like this.", p; # hr gives a horizontal line across the page <HR> print "hr gives a horizontal rule like this:", br, hr; print "The end."; print end_html; exit; BINF634 FALL 2013 - CGI PROGRAMMING

A Virtual Clock #!/usr/bin/perl # File: time use strict; use warnings; use CGI qw(:standard); use CGI::Carp qw/fatalsToBrowser/; my $current_time = localtime; # localtime is a built-in function print header, start_html('A Virtual Clock'), h1('A Virtual Clock'), "The current time is $current_time.", hr, end_html; exit; BINF634 FALL 2013 - CGI PROGRAMMING

#!/usr/bin/perl # File: form use CGI qw(:standard); use CGI::Carp qw/fatalsToBrowser/; print header; print start_html('A Simple Form'); if (not defined param()) { print h1('A Simple Form'); print start_form; print "What's your name? "; print textfield('name'); print p; print "Pick your keywords:"; print p; print checkbox_group(-name=>'words', -values=>['biology','virus','computers','programs','lab'], -defaults=>['computers','lab']); print p; print "What's your favorite color? "; print popup_menu(-name=>'color', -values=>['red','green','blue','yellow']); print p; print submit; print end_form; print hr; } else { my $name = param('name'); my @keywords = param('words'); my $color = param('color'); print "Your name is $name"; print p; print "Your keywords are: @keywords"; print p; print "Your favorite color is $color"; print hr; } print end_html; BINF634 FALL 2013 - CGI PROGRAMMING

How to set up forms • Create form with start_form(); … end_form(); • Populate form with appropriate fields and buttons: print textfield(); print "What's your name? "; print textfield('name'); print checkbox_group(); print checkbox_group( -name=>'words', -values=>['biology','virus','computers','programs','lab'], -defaults=>['computers','lab']); print popup_menu(); print popup_menu(-name=>'color', -values=>['red','green','blue','yellow']); print reset(); # clears the form print submit(); # values sent through params() function BINF634 FALL 2013 - CGI PROGRAMMING

How it works • The name field is the key to access the values filled in or selected by the user • The values of these fields can be retrieved by calling the subroutineparam()with the desired key • When the program is called the first time by accessing its URL,param()returns an undefined value • When the submit button is pressed, the Perl program is run again, but nowparam() returns the values input to the named field in the form BINF634 FALL 2013 - CGI PROGRAMMING

More details • Each type of field and button on forms created through CGI.pm take several parameters: • name • size • label • default values (for menus and buttons) • Read documentation for CGI.pm, here • http://perldoc.perl.org/CGI.html BINF634 FALL 2013 - CGI PROGRAMMING

#!/usr/bin/perl # File: basecounter use CGI qw(:standard); use CGI::Carp qw/fatalsToBrowser/; print header; print start_html('A Base Counter'), h3('A Nucleotide Counter'), start_form, p, "Enter a DNA string in the text box below, and I will count the various bases for you.", p, "DNA string: ", textfield('dna'), p, reset, submit, end_form, hr; if (param()) { # this part is executed after user clicks SUBMIT button my $dna = param('dna'); # analyze the input data my $a = ($dna =~ tr/Aa//); my $t = ($dna =~ tr/Tt//); my $c = ($dna =~ tr/Cc//); my $g = ($dna =~ tr/Gg//); # output results to the HTML page print "The DNA is: $dna", p, "The base counts are: A = $a C = $c G = $g T = $t", p, hr; } print end_html; exit; BINF634 FALL 2013 - CGI PROGRAMMING

Template for CGI program (1) • Use this if you want to create HTML page, then add info when user clicks SUBMIT (like the Nucleotide counter): #!/usr/bin/perl use strict; use warnings; use CGI qw(:standard); use CGI::Carp qw/fatalsToBrowser/; print header; print start_html('Title of Web Page'); # put code to set up web page here print start_form; . . . print reset, submit, end_form, hr; if (param()) { # this part is executed after user clicks SUBMIT button } print end_html; exit; BINF634 FALL 2013 - CGI PROGRAMMING

Template for CGI program (2) #!/usr/bin/perl use strict; use warnings; use CGI qw(:standard); use CGI::Carp qw/fatalsToBrowser/; print header; print start_html('Title of Web Page'); if (not defined param()) { # this part is executed when the URL is entered into browser print start_form; . . . print reset, submit, end_form, hr; } else { # this part is executed after user clicks SUBMIT button } print end_html; exit; • Use this if you want to create HTML page, then display new page when user clicks SUBMIT (like the Simple Form): BINF634 FALL 2013 - CGI PROGRAMMING

Multipart Forms • Multipart forms allow a file field on the form • Use this to present user with a dialog box to select a local file to upload to the server • The Perl program can then access the uploaded copy of the file BINF634 FALL 2013 - CGI PROGRAMMING

#!/usr/bin/perl # File: basecounter2 use strict; use warnings; use CGI qw(:standard); use CGI::Carp qw/fatalsToBrowser/; my $url = "/jsolka/cgi-bin/basecounter2"; print header; print start_html('A Base Counter'), h3('A Nucleotide Counter'), start_multipart_form, p, "Click the button to choose a FASTA file:", br, filefield(-name=>'filename'), p, reset, submit('submit','Submit File'), hr, endform; if (param()) { my $filehandle = upload('filename'); # read whole file into @data array my @data = <$filehandle>; close $filehandle; # discard header line and put rest of file into $dna string shift @data; my $dna = join "", @data; $dna =~ s/\s//g; # analyze the input data my $a = ($dna =~ tr/Aa//); my $t = ($dna =~ tr/Tt//); my $c = ($dna =~ tr/Cc//); my $g = ($dna =~ tr/Gg//); # output results to the HTML page print "The DNA is: $dna", p, "The base counts are: A = $a C = $c G = $g T = $t", p, hr; print address( a({href=>$url},"Click here to submit another file.")); } print end_html; exit; BINF634 FALL 2013 - CGI PROGRAMMING

Wrapper: A Web Interface with CGI • We will design a Web Interface for Perl programs • Key Idea: Separate function (e.g. Perl program) from Interface • Method: • Write standalone Perl program that uses command line arguments • Write a separate Web Interface program (the wrapper) • The Interface • interacts with the user via the web • creates the input files needed • creates the command line args needed • calls the standalone Perl program, puts output in a file • displays the output on the web BINF634 FALL 2013 - CGI PROGRAMMING

Internet user's machine www.binf.gmu.edu Browser(client) Web Interface Input file Perl program Output file CGI programming Issues: • The web interface program is run by user "www", not you • So, the files are created by user "www" • The perl program is run by user "www" One solution: • The web interface script: • will create a directory owned by www • create an input file in this directory • run the perl program to create an output file • read the resulting output file and display it on the web page BINF634 FALL 2013 - CGI PROGRAMMING

#!/usr/bin/perl -T # File: wrapper # Author: Jeff Solka based on earlier version by John Grefenstette # # A simple web interface to the program named in the variable "program" below. # It is assumed that this program takes a single input file # as its command line argument. # use warnings; use strict; use CGI qw(:standard); use CGI::Carp qw/fatalsToBrowser/; # edit the following lines as needed: my $path = "/userhomes/faculty/jsolka/binf634"; # path to program directory my $prog = "words.pl"; # the program we want to run my $url = "/jsolka/cgi-bin/wrapper"; # the URL of this script my $dir = "/tmp/CGI-$$"; # working directory $ENV{PATH} = "/bin:/usr/bin"; # makes it OK to run other programs # Create an HTML form with a FILE FIELD: print header; print start_html('A Web Interface'), h3("A Web Interface for $prog"), start_multipart_form, p, "Click the button to choose the input file:", br, filefield('filename'), p, reset, submit('submit','Submit File'), endform; BINF634 FALL 2013 - CGI PROGRAMMING

# This part processes the form after the user clicks on "Submit" if (defined param()) { # get filehandle on file uploaded from internet my $filehandle = upload('filename'); if (not defined $filehandle) { # the user did not enter a file name print p, strong("Please complete file field."), p, address( a({href=>$url}, "Try again.")); exit; } # copy uploaded file to working directory mkdir $dir or die "Can't create directory $dir\n"; chdir $dir or die "Can't change to directory $dir\n"; print hr, p, "Working directory = $dir", p; my $infile = "in"; open FH, ">$infile" or die "Can't open $infile"; while (<$filehandle>) { s/\r//g; # convert end-of-line character to Unix print FH; } close $filehandle; close FH; # display the input file on the web page print hr, p, "Input file = $infile", p; print_file($infile); BINF634 FALL 2013 - CGI PROGRAMMING

# run the program on the input file and save the output my $outfile = "out"; # "$path/$prog" is the full path to the target Perl program my $command = "$path/$prog $infile > $outfile"; # run the given command print hr, p, "Executing: <PRE>$command</PRE>", p; system $command; # display the output on the web page print hr, p, "Output:", p; print_file($outfile); # clean up (comment out when debugging) system "rm -rf $dir"; # provide a link to run the wrapper again print hr, p; print address( a({href=>$url},"Click here to run the program again.")); } print end_html; exit; BINF634 FALL 2013 - CGI PROGRAMMING

sub print_file { my ($file) = @_; if (open(OUTFILE, "$file")) { my @output = <OUTFILE>; close OUTFILE; print "<PRE>"; # preformatted output foreach my $line (@output) { # convert any special HTML characters # change "&" to "&", "<" to "<", ">" to ">" $line = escapeHTML($line); print $line; } print '</PRE>'; # end preformatted output } else { print strong("Sorry, an error has occurred in reading the file \"$file\"."); } } BINF634 FALL 2013 - CGI PROGRAMMING

To Review: • CGI.pm provides subroutines for producing HTML documents dynamically • Put cgi programs in ~/public_html/cgi-bin so that the web server treats them as CGI • Make sure the cgi programs are executable by all Wrapper: • Put standalone perl script in a directory readable by user "www" • Edit the wrapper to point to the perl script BINF634 FALL 2013 - CGI PROGRAMMING

CGI.pm BINF634 FALL 2013 - CGI PROGRAMMING

CGI with Popup Window #!/usr/bin/perl use strict; use warnings; use CGI qw(:standard); use CGI::Carp qw/fatalsToBrowser/; print header; print start_html('Popup Window'); if (not defined param()) { print start_multipart_form(-target=>'_new'); print h3("Ask your Question"); print p, "What's your name? ", textfield('name'), p; print reset; print submit; print endform; } else { print h3("And the Answer is..."); print p, "Your name is ", param("name"), p; } print end_html; BINF634 FALL 2013 - CGI PROGRAMMING

Security in CGI Programming(See Ch 23 in Wall) • When accepting data from internet users, you must guard against malicious users -- see Chapter 23 for more details. • Never directly execute commands entered by remote users • take care with "system" commands • Be careful about writing to world-writable files • Our wrapper program makes sure the file do not already exist • Do not assume that uploaded files contain appropriate data • Perl provides some safeguards for CGI programs • Taint mode keeps track of possibly tainted data that has not been checked by the CGI script • To get taint mode: #!/usr/bin/perl -T BINF634 FALL 2013 - CGI PROGRAMMING

Taint Mode (-T) • In a CGI program, all values obtained from user input are considered tainted (dangerous) until untainted (re-written) by the program itself • Tainted values in certain operations, such as system calls, cause an exception in Taint Mode • Example: suppose the user inputs a seed value $seed for a random number generator, and your CGI program contains: #!/usr/bin/perl -T # Taint mode ... my $seed = param('seed'); system "$prog -s $seed > $outfile"; • This will cause an error because the user might have input something like $seed = "123 > xxx; rm -rf *" • So your system call would become: system "$prog -s 123 > xxx; rm -rf * > $outfile"; • This removes ALL FILES and DIRECTORIES!! BINF634 FALL 2013 - CGI PROGRAMMING

Untainting User Supplied data • Always use Taint mode (-T) in CGI program that collect user input • Untaint user-supplied data by checking that they contain the correct kind of data, and rewriting it • For example, this untaints the $seed value: if ($seed =~ /^(\d+)$/) { $seed = $1 } else { $seed = 123 }; • For some variables, you might only allow word characters, hyphens and dots: if ($database =~ /^([-\w.]+)$/) { $database = $1 } else { die "Bad database name: $database\n" }; • It is up to you to decide how to check the information -- Perl does not know what to legal form of the data should be • Be especially careful about user data that might contain quotes (' or ") or file names that contain "/" or "../". BINF634 FALL 2013 - CGI PROGRAMMING

CGI Programming

CGI Programming

Presentation Transcript

CGI Programming in Perl

CGI programming

Using Python for CGI programming

Concept, Design & Programming by Bernard Nicoll , CGI ( bernard.nicoll@cgi )

CGI Programming

CGI Programming with Python

More CGI programming ...

CGI Programming: Part 1

Basic Perl CGI Programming

CGI Programming Part 2

CGI programming using Perl

CGI Programming Languages

More CGI Programming

Python CGI programming

CGI programming

CGI Programming

CGI Programming

CGI programming using Perl

Basic Perl CGI Programming

CGI Programming

CGI Programming

Presentation Transcript

CGI Programming in Perl

CGI programming

Using Python for CGI programming

Concept, Design &amp; Programming by Bernard Nicoll , CGI ( bernard.nicoll@cgi )

CGI Programming

CGI Programming with Python

More CGI programming ...

CGI Programming: Part 1

Basic Perl CGI Programming

CGI Programming Part 2

CGI programming using Perl

CGI Programming Languages

More CGI Programming

Python CGI programming

CGI programming

CGI Programming

CGI Programming

CGI programming using Perl

Basic Perl CGI Programming

Concept, Design & Programming by Bernard Nicoll , CGI ( bernard.nicoll@cgi )