Internet intrarnet CIS class 8
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (185.3 KB, 26 trang )
Internet / Intranet
CIS-536
Class 8
Perl / CGI Scripting
Class 8 Agenda
CGI Scripting
Perl
Telnet / UNIX
Lab Work
Telnet
Basic UNIX
Perl
2
CGI / Scripting
Scripts are Programs Run By the Server
CGI – Common Gateway Interface
Methodology For Server/Script Communication
Can Be Written in Any Language Supported By the Server
UNIX Origins
PERL is Most Common
Script Output is Returned to the Browser
Alternative Methodologies Exist
CGI is the Most Portable
PERL – Practical Extraction and Reporting Language
UNIX Based Scripting Language
Ported to Multiple Platforms
How Does Browser Know to Execute a Program?
Program is in a Script Directory
Typically cgi-bin (Apache)
Or By Extension (e.g. .pl, .cgi)
Scripts Must Have Executable Permissions
3
Scripting Features
Scripts Can Have Input Parameters
Passed as Part of URL : ? Argument (Query String)
Special Characters Passed as % Ascii Hex Values
Name/Value Pairs : Separated by &
Variable
Passed in HTTP Header
Name/Value Pairs
Method = Post
HTML Forms
Passed in Cookies
Netscape Origins, Now Widely Adopted
Name/Value Pairs Associated With a URL
Stored on Client Computer
Users May Turn off Cookies
Scripts Must Be Aware of How Parameters are Being Passed
Different Methodology to Access Each Method
Parameters Also Used to Maintain State Information
Help Track a “Session”
4
Scripting Issues
Security Concerns
No Limits on What CGI Scripts May Access
Potential to Execute Any System Command
Hacker Can Cause Serious and Unforeseen
Problems
Potential to Affect More Than Just Your Web Site
Many ISP’s Limit CGI Capabilities
Performance Concerns
CGI Scripts are Run as a Standalone Process
E.g. Interpreter is Loaded and Initialized Each Time
Alternative to Posting Forms
Mailto Option
5
Perl
Why Should I Learn Perl?
S/W Engineers Need to Be Adept at Picking Up New
Languages
Need a “Comfort Level” of Expertise
Ability to Write Basic Code
Ability to View/Modify Existing Code
Ability to Learn More as Needed
Develop Reference “Library”
Develop “Guru” Network
Large Public Archives of Perl Scripts
Perl Basics
Interpreted
Originally Used Primarily By UNIX Sys-Admins
“Public Domain”
The preferred language for CGI Scripts
PERL is Relatively Portable
Activestate ActivePerl (Windows / IIS)
UNIX specific scripts dominate (Uses UNIX O/S Commands)
6
Perl 101
C-like
Lines end with ;
Syntax of Print statement is very similar
Pointers and indirection
VB-like
Untyped (except for arrays)
Associative arrays
UNIX-like
“Tricks”
e.g. $a = <> retrieves a line of input from stdin
support for regular expressions
doublequotes vs. singlequotes
all examples must contain foo
Perl-Like
Variables begin with $
Comments begin with #
Subroutines Begin with &
Associative Arrays Begin with %
7
Perl 102
Powerful Features
Can run “command line” commands on O/S (system,
`xxx`)
Can create code on the fly (eval)
Subroutine Libraries
Powerful Features Make it a Target of Hackers
Print is the Most Important Command
Generate HTML Using Print Statements
print “text to print \n”
Don’t forget carriage returns: \n
First Line: #! /usr/local/bin/perl
Output has Mime content-type as first line, blank line
print “Content-type: text/html \n\n”;
8
A Simple Perl Example
#! /usr/local/bin/perl
# First Perl
$myname=“Evan”;
print <
<HTML>
<HEAD>
<TITLE>
</TITLE>
</HEAD>
<BODY>
END
print “<H1>This is $myname ’s Test Perl Script.</H1>\n”;
print “<H2>Hello World</H2>\n”;
print “</BODY>\n”;
print “</HTML>\n”;
9
Class Exercise: First Perl
Save This Locally as perl1.pl
Open a Command Prompt:
perl.exe perl1.pl
Once You Are Satisfied With the HTML Produced
Upload This via FTP to public_html/cgi-bin in your
ShoreNet Account
Remember to Transfer this In ASCII Mode!
Give the Script Execute Permissions For All
Right Button Click / chmod in WS_FTP
/>10
Telnet
Telnet is a Remote Login Protocol
Terminal Emulation
All Processing Occurs on Host
Command Line Interface
Port 23
Used Extensively for UNIX Machines /
Multiuser Systems
Why Do We Care?
Remote Administration of Web Site
Configuring Web Servers, Setting Permissions
11
Sample Telnet Session
telnet world.std.com
DNS Resolves the Name to an IP Address
Trying 192.74.137.5...
Connected to world.std.com.
Found the Telnet Server at This IP Address
Escape character is '^]'.
Host Information
UNIX System V.4 (world)
login: evan
Login Successful
Password: xxxxx
Last login: Sun Jan 23 16:03:36 from fxtc2-c.std.com
Welcome to The World! A 24 x 250MHZ CPU 2.5GB SGI
Challenge XL
UNIX Command Prompt
world%
12
UNIX - Background
UNIX Developed at AT&T Bell Labs – 1969
Multi-User / Multi-Tasking
Many Other Proprietary Operating Systems
Existed
Schools Adopted UNIX as “Teaching” Environment
Schools Made Significant Additions and Changes
Standardization Efforts
Culture of Sharing / Helping / Working Together
Free Software Foundation, etc.
Put Source-Code in Public Domain
Many Other “Free” Add-Ons / Extensions
LINUX
UNIX Expects Technical Competence
13
UNIX File Structure
Forward Slashes (/) to Separate Filenames, Directories
Case Sensitive File Names
Windows is Not
No Limit on Filename Size / Extensions
Extensions are by Convention
Root is “/”
User Home Directory is: “~/”
Symbolic Links / Aliases
Directories Can Be Spread Over Multiple Drives
Can Create Non-Hierarchical Structure
File Permissions
Read, Write, Execute
Separate Permissions for Owner, Group, All
Directories are Special Cases of Files
Execute Permissions = Able to Browse Directory
14
Common Basic UNIX Commands
pwd : List the current working directory
More filename : List the Contents of a File
ls : Lists the files in a directory
ls –l
Permissions: drwxrwxrwx
d – If this is a directory
r,w,x – Read, Write, Execute
Owner, Group, Public
Owner, Filesize, Timestamp, Filename
cd – change directory
cd ~/
Change to Your Root Directory
chmod
Changes Permissions
Don’t Use This Command Until You’re Sure About It
Can Open Up Serious Security Holes
15
More Unix Commands
man command
UNIX help
e.g. man ls
cat filename
List a file
command | more
All Output can be “piped” to Display one Screen at a
Time
e.g. cat filename | more
Carriage return – next page
q – quit
cp path1 path2
Copy a File
mv path1 path2
Move a File. Useful for Renaming a file
16
The UNIX chmod Command
“UNIX” Mode
chmod abc filename
Where a,b,c are digits from 0 to 7 (Bit Mask)
4 – Read, 2 – Write, 1 – Execute
a – owner, b – group, c- others
e.g. chmod 711 myscript.cgi
Sets permissions on file myscript.cgi so that:
It is readable, writable, and executable by
owner
It is executable by all others.
An “Easier” Way
chmod u=rwx,g=x,o=x
u – owner (user), g – group, o – other (Not Owner!)
r – read, w –write, x – execute
17
A Caveat
UNIX Culture – Developer Oriented
Read Access Often Given For Non-Confidential Files
User Responsibility to Not Abuse It
Be Respectful When Not in Your User Directory
18
Lab Work: Telnet
From a command prompt type: telnet
Connect/Remote System
Host Name: users.shore.net
Login: brinetxx [Your Shorenet Login]
Password: [Your Shorenet password]
ls –l
cd public_html
ls –l
cd bin
chmod perl1.pl 600
Try to access the Script Now
chmod perl1.pl 755
ls -l
cd ~/
ls –l
logout
19
Reference Material
CGI / PERL
Stein Chapter 9
/>Freeware ActivePerl Interpreter For Microsoft Platforms
/>ShoreNet’s CGI Reference Page
/>CGI/Perl Portal
/>A Perl tutorial
/>Free CGI Scripts (Matt’s Script Archive)
20
Processing Forms – The Server Side
Target of Forms is Usually a CGI Script
Script Requirements
1. Parse the Data
2. Process the Data
3. Return Data to the User
Raw HTML or Another Form
Data Flow Options
Each Script Handles a Specific Form
Form in Plain HTML
Script in Perl
One Script Handles Multiple Forms
Selects Action Based on Data Passed In
All in Perl
21
Scripting – Parsing Data
GET vs. PUT
Each Requires Different Logic
Parsing is Not Trivial
All Parameters Passed in On One Line
Each Name/Value Pair Separated by &
Name Separated From Value by =
Special Character Encoding Complicates It
E.g. Value May Contain &,=
Error Handling
Typically Use a Library to Parse Data
Public Domain
Cgi.pm – Perl5 Object Oriented
Used by Stein
Cgi-lib.pl – Basic Perl
Used by Schapiro
Others
22
CGI-LIB
/>Using This Library in Perl
Download Library From Website
Version 2.18 – Latest Version
More Robust
Supports Saving File Uploads as Files
Version 1.14 – Easier to Understand
Use This Version to Understand cgi-lib Code
Install it in cgi-bin Directory
Perl Code:
require (“cgi-lib.pl”);
&ReadParse();
More Perl Info
require – Includes Another File
%varname – Associative Arrays
Use Braces {} to Index, $ prefix
e.g. $varname { ‘keyname’ }
23
ReadParse Subroutine in cgi-lib
ReadParse Subroutine
Reads in Both Get and Put Data
Converts Encoding to Plain Text
Puts Key/Value Pairs in %in
%in is an Associative Array
To Access a Value:
$in { ‘keyname’ }
To Access Each Key/Value Pair
foreach $keyname (sort keys (%in))
print “$keyname $in {$keyname };
}
Example
24
In Class Exercise
Modify Last Weeks Script to Accept User Name via a
Form
Step 1: Install cgi-lib in Your bin Directory
Make Sure to Set Permissions Correctly
Step 2: Make a Copy of perl1.pl
Name it perl2.pl
Step 3: Edit perl2.pl
Add these lines:
require (“cgi-lib.pl”);
&ReadParse();
Replace $myname=‘xxx’; with
$myname = $in { ‘username’ };
Copy it to Your Shorenet cgi-bin directory
25
