Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 21 Common Gateway Interface CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.

Published byAmberly Parrish Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 21 Common Gateway Interface CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger."— Presentation transcript:

1 Lecture 21 Common Gateway Interface CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger

2 Common Gateway Interface CGI is a standard mechanism for: – Associating URLs with programs that can be run by a web server – A protocol (of sorts) for how the request is passed to the external program – How the external program sends the response to the client CGI 2

3 CGI Programming CGI 3 CLIENT HTTP SERVER CGI Program http request http response setenv(), dup(), fork(), exec(),...

4 CGI URLs There is mapping between URLs and CGI programs provided by a web sever – The exact mapping is not standardized web server admin can set it up Typically: – requests that start with /CGI-BIN/, /cgi-bin/ or /cgi/, etc. not to static documents CGI 4

5 HTTP Server - CGI Interaction CGI 5 HTTP SERVER CGI Program stdin stdout Environment Variables

6 Environment Variables The web server sets some environment variables with information about the request The web server fork()s and the child process exec()s the CGI program The CGI program gets information about the request from environment variables CGI 6

7 STDIN, STDOUT Before calling exec(), the child process sets up pipes so that – stdin comes from the web server and – stdout goes to the web server In some cases part of the request is read from stdin Anything written to stdout is forwarded by the web server to the client CGI 7

8 Request Method: Get GET requests can include a query string as part of the URL: GET /cgi-bin/login?mgunes HTTP/1.0 CGI 8 Request Method Resource Name Delimiter Query String

9 Simple GET queries - ISINDEX You can put an tag inside an HTML document – The browser will create a text box that allows the user to enter a single string If an ACTION is specified in the ISINDEX tag, when the user presses Enter, – a request will be sent to the server specified as ACTION CGI 9

10 ISINDEX Example Enter a string: Press Enter to submit your query. If you enter the string “blahblah”, – the browser will send a request to the http server at foo.com that looks like this: GET /search.cgi?blahblah HTTP/1.1 CGI 10

11 What the CGI sees The CGI Program gets REQUEST_METHOD using getenv: char *method; method = getenv(“REQUEST_METHOD”); if (method==NULL) … /* error! */ CGI 11

12 Getting the GET If the request method is GET: if (strcasecmp(method,”get”)==0) The next step is to get the query string from the environment variable QUERY_STRING char *query; query = getenv(“QUERY_STRING”); CGI 12

13 Send back http Response and Headers CGI program can send back a http status line : printf(“HTTP/1.1 200 OK\r\n”); and headers: printf(“Content-type: text/html\r\n”); printf(“\r\n”); CGI 13

14 Important! CGI program doesn’t have to send a status line – HTTP server will do this for you if you don’t CGI program must always send back at least one header line indicating the data type of the content – usually text/html The web server will typically throw in a few header lines of it’s own – Date, Server, Connection CGI 14

15 Simple GET handler int main() { char *method, *query; method = getenv(“REQUEST_METHOD”); if (method==NULL) … /* error! */ query = getenv(“QUERY_STRING”); printf(“Content-type: text/html\r\n\r\n”); printf(“ Your query was %s \n”, query); return(0); } CGI 15

16 URL-encoding Browsers use an encoding when sending query strings that include special characters – Most nonalphanumeric characters are encoded as a ‘%’ followed by 2 ASCII encoded hex digits ‘=’ (which is hex 3D) becomes “%3D” ‘&’ becomes “%26” – The space character ‘ ’ is replaced by ‘+’. – The ‘+’ character is replaced by “%2B” “foo=6 + 7” becomes “foo%3D6+%2B+7” CGI 16

17 Security!!! It is a very bad idea to build a command line containing user input! What if the user submits: “ ; rm -r *;” grep ; rm -r *; /usr/dict/words CGI 17

18 Beyond ISINDEX - Forms Many Web services require more than a simple ISINDEX HTML includes support for forms: – lots of field types – entire contents of form must be stuck together and put in QUERY_STRING by the Web server CGI 18

19 Form Fields Each field within form has a name and a value The browser creates a query that – includes a sequence of “name=value” substrings and – sticks them together separated by the ‘&’ character If user types in “Mehmet H.” as the name and “none” for occupation, – the query would look like this: “name=Mehmet+H%2E&occupation=none” CGI 19

20 HTML Forms Each form includes a METHOD that determines what http method is used to submit the request Each form includes an ACTION that determines where the request is made CGI 20

21 An HTML Form Name: Occupation: CGI 21

22 What a CGI will get query (from the environment variable QUERY_STRING) will be – a URL-encoded string containing the name,value pairs of all form fields The CGI must decode the query and separate the individual fields CGI 22

23 HTTP Method: POST GET method delivers data as part of URI POST method delivers data as the content of a request If REQUEST_METHOD is a POST, – the query is coming in STDIN The environment variable CONTENT_LENGTH tells us how much data to read CGI 23

24 Possible Problem char buff[100]; char *clen = getenv(“CONTENT_LENGTH”); if (clen==NULL) /* handle error */ int len = atoi(clen); if (read(0,buff,len)<0) … /* handle error */ pray_for(!hacker); CGI 24

25 GET vs. POST When using forms it’s generally better to use POST: – there are limits on the maximum size of a GET query string environment variable – a post query string doesn’t show up in the browser as part of the current URL CGI 25

26 CGI script example CGI 26

27 HTML for Forms cgi-test This is a sample page to read two data items from the web page: First name= Last name= CGI 27 Parameters passed as arguments xfirst and xlast

28 Perl - CGI script #!/usr/bin/perl print “Content-Type: text/html\n\n”; print “ \n”; print “ Sample PERL script \n”; print “ \n”; print “ Query_string is $ENV{'QUERY_STRING'}\n”; foreach ( split( /&/, $ENV{'QUERY_STRING'}) ) { ( $key, $val ) = split( /=/, $_, 2 ); $tmp{$key} = $val; } print “ First name is $tmp{'xfirst'} \n”; print “ Last name is $tmp{'xlast'} \n”; print “ \n” CGI 28 Perl program reads parameters as xfirst&xlast from $ENV (environment) into QUERY_STRING Output of Perl is the syntax of an HTML page that is displayed

29 CGI Sessions

30 Typical FORM CGI setup User fills out a form and presses submit CGI program gets a set of name,value pairs – one for each form field CGI decides what to do based on the name,value pairs – sometimes creates a new form based on the submission CGI Sessions 30

31 Sessions Many web sites allow you to establish a session – you identify yourself to the system – now you can visit lots of pages, add stuff to shopping cart, establish preferences, etc CGI Sessions 31

32 State Information Each HTTP request is unrelated to any other – as far as the Web server is concerned Each new request to a CGI program starts up a brand new copy of the CGI program Providing sessions requires keeping state information CGI Sessions 32

33 Session Conversation CGI Sessions 33 Client Client Hi! I'm Joe. Server Server Hi Joe (it's him again) Welcome Back... Hi Joe (it's him again) Welcome Back... I wanna buy a cookie. OK Joe, it will be there tomorrow. CGI1 CGI2

34 Hidden Field Usage One way to propagate state information is to use hidden fields User identifies themselves to a CGI program – fills out a form CGI sends back a form that contains hidden fields that identify the user or session CGI Sessions 34

35 Hidden does not mean secure! Anyone can look at the source of an HTML document – hidden fields are part of the document! If a form uses GET, all the name/value pairs are sent as part of the URI – URI shows up in the browser as the location of the current page CGI Sessions 35

36 Revised Conversation Initial form has field for user name GET /cgi1?name=joe HTTP/1.0 CGI1 creates order form with hidden field GET/cgi2?name=joe&order=cookie HTTP/1.0 CGI Sessions 36

37 Session Keys Many Web based systems use hidden fields that identify a session When the first request arrives, system generates a unique session key and stores it in a database Session key can be included in all forms/links generated by the system – as a hidden field or embedded in a link CGI Sessions 37

38 Session Key Properties Must be unique Should expire after a while Should be difficult to predict – typically use a pseudo-random number generator seeded carefully CGI Sessions 38

39 HTTP Cookies A "cookie' is a name,value pair that a CGI program can ask the client to remember Client sends this name,value pair along with every request to the CGI We can also use "cookies" to propagate state information CGI Sessions 39

40 Set-Cookie Header Options Cookies are set using HTTP headers The general form of the Set-Cookie header is: Set-Cookie: name=value; options The options include: – expires=... – domain=... – path=... CGI Sessions 40

41 Set-Cookie Fields Many options can be specified – separated by ";" Set-Cookie: a=blah; path=/; domain=.cse.unr.edu; expires=Thursday, 10-May-2010 12:00:00 2010 CGI Sessions 41 All must be on one line!

42 CGI cookie creation A CGI program can send back any number of HTTP headers – can set multiple cookies Content-Type is required! printf("Content-Type: text/html\r\n"); printf("Set-Cookie: prefs=nofrms\r\n"); printf("Set-Cookie: Java=yes\r\n"); printf("\r\n"); … now sends document content CGI Sessions 42

43 Getting HTTP Cookies Browser sends each cookie as a header: Cookie: prefs=nofrms Cookie: Java=OK Web server gives cookies to CGI program via an environment variable – or STDIN CGI Sessions 43

44 Multiple Cookies There can be more than one cookie Web Server puts them all together prefs=nofrms; Java=OK and puts this string in the environment variable: HTTP_COOKIE Each cookie can be up to 4k bytes One "site" can store up to 20 cookies on a user's machine CGI Sessions 44

45 Cookies and Privacy Cookies can't be used to: – send personal information to a web server without the user knowing about it – be used to send viruses to a browser – find out what other web sites a user has visited* – access a user's hard disk * although they can come pretty close to this! CGI Sessions 45

46 Some Issues Persistent cookies take up space on user's hard disk Can be used to track your behavior within a web site – This information can be sold or shared Cookies can be shared by cooperating sites – advertising agencies do this CGI Sessions 46

Download ppt "Lecture 21 Common Gateway Interface CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger."

Similar presentations

Web forms and CGI scripts Dr. Andrew C.R. Martin

Web forms and CGI scripts Dr. Andrew C.R. Martin
CGI & HTML forms -05-. CGI Common Gateway Interface  A web server is only a pipe between user-agents  and content – it does not generate content.

CGI & HTML forms CGI Common Gateway Interface  A web server is only a pipe between user-agents  and content – it does not generate content.
Lecture 14 HTML Forms CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.

Lecture 14 HTML Forms CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
JavaScript Forms Form Validation Cookies CGI Programs.

JavaScript Forms Form Validation Cookies CGI Programs.
1 Web Sessions It's all an illusion (at the HTTP layer)

1 Web Sessions It's all an illusion (at the HTTP layer)
Pass data1 Passing data from an HTML page to a program Dr Jim Briggs.

Pass data1 Passing data from an HTML page to a program Dr Jim Briggs.
PZ15A Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ15A - The Internet Programming Language Design and.

PZ15A Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ15A - The Internet Programming Language Design and.
Lecture 15 CGI Sessions Perl CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger and Shwen Ho.

Lecture 15 CGI Sessions Perl CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger and Shwen Ho.
Python and Web Programming

Python and Web Programming
USER INTERACTIONS: FORMS

USER INTERACTIONS: FORMS
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
Lecture 13 Dynamic Web Servers & Common Gateway Interface CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.

Lecture 13 Dynamic Web Servers & Common Gateway Interface CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.
 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.

 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.
CGI. CGI Programming What is CGI? –Common Gateway Interface A means of running an executable program via the Web. CGI is not a Perl-specific concept.

CGI. CGI Programming What is "CGI"? –Common Gateway Interface A means of running an executable program via the Web. CGI is not a Perl-specific concept.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
CGI Programming Languages Web Based Software Development July 21, 2005 Song, JaeHa.

CGI Programming Languages Web Based Software Development July 21, 2005 Song, JaeHa.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Emlékeztető December 1.-én pótoljuk az elmaradt előadást (nov. 24-ről) az A/1 228-as teremben 16-18-ig December 8.-án tartjuk a pótZH-t a sikertelen ZH-t.

Emlékeztető December 1.-én pótoljuk az elmaradt előadást (nov. 24-ről) az A/1 228-as teremben ig December 8.-án tartjuk a pótZH-t a sikertelen ZH-t.

Similar presentations

Ads by Google