21 – Web applications: Server-side code (ASP)
Session Aims & Objectives To introduce the fundamental ideas involved in server-side code Objectives, by end of this week’s sessions, you should be able to: add dynamic server-side functionality, using VB Script
Web Hardware and Software Server Client network connection Browser Application (MS Explorer, Netscape) Web-server Application (MS IIS, Apache)
Request-Response Cycle <html> <head> <title>Mark Dixon's web site</title> </head> <body background="BackGround.JPG"> <font size=+3><center><b><p>Mark Dixon's web site</b></center> <font size=+2> <p>Welcome to my web server. Please select from the following list: <ul> <li><a href="./Soft131/Index.htm">Soft131: Introduction to programming for Multimedia and Internet applications.</a> </ul> </font> </body> </html> Response Browser Application (MS Explorer, Netscape) Web-server Application (MS IIS, Apache) http://mdixon.soc.plym.ac.uk/ Request
Server-side Script (what) ASP – active server pages executed on server takes time – request-response cycle requires server software (e.g. IIS) not sent to client secure (can't be viewed by client) results (response) sent to client pages will NOT work by double clicking on file
Server-side Script (IIS) IIS / personal web server on Windows CD Start, Settings, Control Panel, Add/Remove Programs Add/Remove Windows Components IIS
Enabling/Disabling IIS Start, Settings, Control Panel, Administrative Tools, Internet Services Manager Start Stop
Server-side Script (how) Date.asp ASP code: .asp (not .htm) between <% and %> Response object: page sent back to client write method: adds text to response object Date() function: current date (server) <html> <head> <title>Today's date</title> </head> <body> <p>The date today is <% Response.Write Date() & "<br>" %> <p>The time is currently Response.Write Time() & "<br>" </body> </html>
Form Submission action attribute submit button Login.htm <html> <head> <title>Login</title> </head> <body> <p>Please login: <form name="frmLogin" action="LoginCheck.asp" method=post> Username:<input name="txtUserName" type="text"><br> Password:<input name="txtPassWord" type="password"><br> <input name="btnLogin" type="submit" value="Login"> </form> </body> </html>
Form Processing LoginCheck.asp <html> <head> <title>Login</title> </head> <body> <% If Request.Form("txtUserName") = "George" Then Response.Write "Login successful." Else Response.Write "Invalid user name." End If %> </body> </html>
View Source Code executed at server View, Source – does not show code: code is never sent to client View, Source – does not show code:
Code Execution LoginCheck.asp Response Server SW (IIS) <html> <head> <title>Login</title> </head> <body> <% If Request.Form("txtUserName") = "George" Then Response.Write "Login successful." Else Response.Write "Invalid user name." End If %> </body> </html> LoginCheck.asp <html> <head> <title>Login</title> </head> <body> Invalid user name. </body> </html> Response Server SW (IIS)
Maintaining State between pages Problem want to protect all pages from unauthorised access need to store record of successful login Variables only persist for duration of page
Maintaining State (persistent) Cookies (not covered in Soft131) stored on users’ (client) hard drive persists between sessions Database/file (covered in next lecture) stored on server hard drive
Maintaining State (temporary) Forms and Self Posting Query Strings Useful for passing information between pages Session object exists for current session clears if user closes browser clears after 20 mins of inactivity
Maintaining State: Self Posting <http> <head> <title>Multiply</title> <% Dim tmpRes Dim tmpNum1 Dim tmpNum2 If Request.Form("txtNum1") <> "" And Request.Form("txtNum2") <> "" Then tmpNum1 = CDbl(Request.Form("txtNum1")) tmpNum2 = CDbl(Request.Form("txtNum2")) tmpRes = tmpNum1 * tmpNum2 End If %> </head> <body> <form name="frmDefault" action=Multiply.asp method=post> <p><input name=txtNum1 type=text size=5 maxlength=5 value=<%=tmpNum1%>> <input name=txtNum2 type=text size=5 maxlength=5 value=<%=tmpNum2%>> <p><input name=btnCalc type=submit value=Calc> </form> <p><%=tmpRes%> </body> </http> Multiply.asp Only do calc if first load Post to Self
Maintaining State: Query Strings Data can be added to end of URL: http://localhost/page.asp?Surname=Bob ASP code can use this data: Request.QueryString("Surname") would return the value "Bob" Form method=get data automatically added to query string Query String
Example: Date-Time Menu.asp DateTime.asp <html> <head> <body> <p>What background colour do you want for you date information? <br><a href=DateTime.asp?Colour=yellow>Yellow</a> <br><a href=DateTime.asp?Colour=cyan>Light Blue</a> </body> </html> Menu.asp <html> <head> </head> <body bgcolor=<%=request.querystring("Colour")%>> <p>The date is <%=date()%>. <p>The time is <%=time()%>. </body> </html> DateTime.asp
Maintaining State: Session Object Session variable all strings Abandon method deletes all session variables Redirect method redirects browser to specified page <html> <head> <title>Login</title> </head> <body> <% If Request.Form("txtUserName") = "George" Then Session("LoginOK") = "Yes" Response.Redirect "Home.asp" Else Session.Abandon If Request.Form("txtUserName") <> "" Then Response.Write "Invalid user name, please try again." End If %> <p>Please login: <form name="frmLogin" action="Login.asp" method=post> Username:<input name="txtUserName" type="text"><br> Password:<input name="txtPassWord" type="password"><br> <input name="btnLogin" type="submit" value="Login"> </form> </body> </html> Login.asp
Maintaining State: Session Object Home.asp <html> <head> <title></title> <% If Session("LoginOK") <> "Yes" Then Response.Redirect "Login.asp" End If %> </head> <body> <center><b>Home Page</b></center> <p>Welcome to my home page. </body> </html> ASP code to check for successful login
Reference: Server Object Model Request object: calling web page Form: used to get form data from page QueryString: used to get data from address (?) Response object: web page sent back Write: used to put text into web page Redirect: used to navigate to other page Clear: erases all HTML in web page Session object: store data between pages Abandon: clears session data