18 – Web applications: Server-side code (ASP)

Session Aims & Objectives To introduce the fundamental ideas involved in server-side code Objectives, by end of this week’s sessions, you should be able to: create an asp web-page, including: HTML, and server-side VB

Example: Logon (analysis) SPECIFICATION User Requirements protection from fraud and invasion of privacy Software Requirements Functional: logon page, user must type name and password following pages can only be accessed after successful logon Non-functional should be very difficult to hack hotmail, Amazon, University portal, utility bills (gas, electricity, phone, internet), Travel (flights, ferry, car rental)

Example: Logon (design) Restrict access to home page

Example: Logon (code v1) Logon.htm Using Client-side VB Script <html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="msg"></p> </body> </html> <script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft131" Then window.navigate "home.htm" Else msg.innerText = "Login details incorrect." End If End Sub </script> Home.htm <html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body> </html>

Example: Login (Problem) View Source – shows client-side script: Reveals both username & password

Web Hardware and Software Server Client network connection Browser Application (MS Explorer, FireFox, Opera) Web-server Application (MS IIS, Apache)

Request-Response Cycle Browser Application (MS Explorer, Firefox) Web-server Application (MS IIS, Apache) Logon.htm Response <html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="msg"></p> </body> </html> <script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft131" Then window.navigate "home.htm" Else msg.innerText = "Login details incorrect." End If End Sub </script> Client-side code: Code sent to Client Interpreted by browser

Server-side Script (what) ASP – active server pages code not sent to client code secure (can't be viewed by client) executed on server takes time – request-response cycle requires server software (e.g. IIS) ASP pages will NOT work by double clicking on file

Example: Date ASP code: .aspx (not .htm) VB (not vbscript) Date.aspx ASP code: .aspx (not .htm) VB (not vbscript) variables have type Now is current date and time (on server) runat="server" gives server code access to object <script language="VB" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub </script> <html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body> </html>

Request-Response Cycle date.aspx Request Browser Application (MS Explorer, Firefox) Web-server Application (MS IIS, Apache) <script language="VB" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub </script> <html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body> </html> Response <html> <head><title>Today's Date</title></head> <body> <p id="parD">The date today is Mon 9 Feb 2009</p> <p id="parT">The time now is 00:57</p> </body> </html> Server-side code: run on server (never sent to Client)

View Source Code executed at server View, Source – does not show code: code is never sent to client View, Source – does not show code:

Data Types Variant – all types of data slow, memory hungry Boolean – true or false (on/off, yes/no) Integer – whole numbers (-32768 to 32768) Long – whole numbers (large) Single – decimal numbers Double – decimal numbers (more precise) String – text Object – object instances

Data Type Selection Number of e.g. 4 Integer/Long Rooms Height e.g. 1.87m Single/Double Surname e.g. Smith String Car Reg e.g. XY55 ABC String

Using data types Variable declaration Dim x As Long Parameters Sub Thing(boo As String, y As Long) Functions Function IsTall() As Boolean

Question: Data types Declare a variable to store: Dim weight As Double an animal's weight in kg (e.g. 34.6) whether a person has a driving licence or not the title of a book a phone number (e.g. 01752 586225) Dim weight As Double Dim licence As Boolean Dim title As String Dim phone As String

Example: AddNum (client-side) AddNum.htm <html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body> </html> <script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub </script>

Example: AddNum (server-side) AddNum.aspx <script language="VB" runat="server"> Sub Page_Load() Dim N1 As Double Dim N2 As Double If Request.Form("btnAdd") > "" Then N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End If End Sub </script> <html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server" /> <p id="parRes" runat="server"></p> </form> </body> </html> If btnAdd clicked input tags inside form submit button: refreshes page (sending data to server)

Client-side vs. Server-side Code AddNum.htm AddNum.aspx <html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body> </html> <script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub </script> <script language="VB" runat="server"> Sub Page_Load() Dim N1 As Double Dim N2 As Double If Request.Form("btnAdd") > "" Then N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End If End Sub </script> <html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server" /> <p id="parRes" runat="server"></p> </form> </body> </html> Both use VB Script language (i.e. Sub, If, Dim, For, etc.)

Example: Apples Apples.aspx <script runat="server" language="VB"> Sub Page_Load() If Request.Form("btnGo") > "" Then parRes.InnerHtml = parRes.InnerHtml & "<img src='Apple.gif' />" End If End Sub </script> <html> <head><title>Apples</title></head> <body> <form runat="server"> <input id="btnGo" type="submit" value="Go" runat="server" /> <p id="parRes" runat="server"></p> </form> </body> </html>

Errors vbscript cannot run at server (should be VB) <script language="vbscript" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub parD.innerText = "" </script> <html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT"></p> </body> </html> vbscript cannot run at server (should be VB) Declaration expected (assignment must be in sub) parT is undefined (should have runat="server")

Running your ASP pages within Visual Studio Run (play) button (F5) only available to you on development PC using Internet Information Services (IIS) makes PC a server page available to all computers on internet

Add/Remove Windows Components IIS - Installing IIS / personal web server on Windows CD Start, Settings, Control Panel, Add/Remove Programs Add/Remove Windows Components IIS

IIS: Enabling/Disabling Start, Settings, Control Panel, Administrative Tools, Internet Services Manager Start Stop

IIS: Exposing pages Put ASP pages in: Execute pages by putting: C:\INetPub\wwwRoot (this part of hard disk exposed to outside world) Execute pages by putting: localhost (in web browser, e.g. IE, means local machine) ASP pages don't work by double-clicking

IIS – Date.asp C:\INetPub\wwwRoot\Date.aspx localhost/test/date.aspx

Tutorial Demo: First.htm Create a new text file in web server's root folder: Open Windows Explorer (My Computer) Ensure folders are displayed Navigate to: C:\INetPub\wwwRoot Right click on the background Click New Click Text Document Rename file Right click Click Rename Type file name (First.htm) Click Yes (when asked to confirm change of extension)

Tutorial Demo: First.htm Put some code in the file: Right Click on the file Click Open with Notepad Type the following code: <html> <head><title></title></head> <body> Hello world! </body> </html> View the file Open Internet Explorer Navigate to: http://localhost/First.htm

Tutorial Demo: First.htm View each others' pages In your browser, type: http://SMB109xx/First.htm where xx is the machine number of someone else's computer you should see their page See changes take effect: One person change their page (colour, etc.) Other person refresh browser you should see changes

Tutorial Demo: Date.aspx Create a web-site page (same as before): Open Visual Studio 2005 Click the File menu Click the New Web Site… item Click the Browse button Select an existing folder to put your work in Type the name of a subfolder Click Yes to create the subfolder Click Empty Web Site Click OK

Tutorial Demo: Date.aspx Create a new aspx page: Click Add New Item icon on tool bar Double Click html page icon Right click file Click Rename item Change name (date.aspx) Click Yes to confirm extension change Paste the code in from the lecture slides Click the Run button

Tutorial Exercise: Login (client-side) LEARNING OBJECTIVE: see how vulnerable client-side code is Task 1: Get the Login (v1) example from the lecture working. Task 2: Use view source – you should be able to see the code.

Tutorial Exercise: Date LEARNING OBJECTIVE: create an ASP page, including HTML and server-side VB Script Task 1: Get the Date example from the lecture working. Task 2: Add code that displays good morning/afternoon/evening/night, depending on the time of day.

Tutorial Exercise: Student Loan LEARNING OBJECTIVE: create an ASP page, including HTML and server-side VB Script from scratch to solve a problem Task 1: Create a web page that allows the user to enter their salary and the computer calculates the annual and monthly payments for their student loan. Hint: Use your client-side code (from term 1), and the AddNum example from the lecture.

Tutorial Exercise: Login (client-side) LEARNING OBJECTIVE: create an ASP page, including HTML and server-side VB Script from scratch to solve a problem Task 1: Create a login page that uses server-side code to check the username and password entered by the user. Hint: Use the AddNum example as inspiration. Hint2: Use the following code to send the user to the homepage: Response.Redirect("Home.htm") Task 2: Use view source – you should NOT be able to see the code.

Tutorial Exercise: Apples LEARNING OBJECTIVE: use variables with specific data types in ASP code Task 1: Get the apples example (from the lecture) working. Task 2: Modify your program so that the user enters a number, and the code adds that number of apple images. Task 3: Modify your program so that the user enters another number, and the code adds a new line tag for that number of apples. Hint: Within the loop divide the number of apples by the second number, if the result is a whole number add a new line tag.