CGI & HTML forms

CGI & HTML forms

-05-

CGI

Common Gateway Interface A web server is only a pipe between user-agents and content – it does not generate content

CGI

Common Gateway Interface A web server is only a pipe between user-agents and content – it does not generate content Works well with static content (e.g. html files)

CGI

Common Gateway Interface A web server is only a pipe between user-agents and content – it does not generate content Works well with static content, but what about dynamic content?

CGI

Common Gateway Interface A web server is only a pipe between user-agents and content – it does not generate content Works well with static content, but what about dynamic content? A web server needs to delegate content generation to third party applications

CGI

Common Gateway Interface A web server is only a pipe between user-agents and content – it does not generate content Works well with static content, but what about dynamic content? A web server needs to delegate content generation to third party applications Common Gateway Interface is a standard protocol which defines how to delegate content generation from a web server to a console application

CGI

Common Gateway Interface If dynamic content generation is required, the web server invokes console applications as commands

CGI

Common Gateway Interface If dynamic content generation is required, the web

These console applications are often called CGI scripts

Although they can be written in any programming language, scripting languages are often used

server invokes console applications as commands

CGI

Common Gateway Interface If dynamic content generation is required, the web

These console applications are often called CGI scripts

Although they can be written in any programming language, scripting languages are often used

server invokes console applications as commands

For example: wikipediaUser makes a requests for an entry

The web server activates a script which transforms the source of the entry into an HTML document and sends the result to the user

CGI

Common Gateway Interface How do you tell a server to invoke an application rather than send back its source code/binary form?

CGI

Common Gateway Interface

The CGI scripts are placed in a special directory recognized by the web server

How do you tell a server to invoke an application rather than send back its source code/binary form?

CGI



Once there is a request for a resource in that directory, the web server knows to invoke the script/executable rather than return its content


CGI




Usually the directory is called cgi-bin under the web server’s path


CGI




Usually the directory is called cgi-bin under the web server’s path

For security reasons only webmasters can update this directory or make it active


CGI

CGI specification

(e.g. search query) is passed to the command

CGI defines how information about the request

CGI

CGI specification



CGI

CGI specification

The web server sets the environment variables with proper information



CGI

CGI specification


If there is additional content (e.g. a PUT method), then it is passed using stdin



CGI

CGI specification



CGI sets rules for the CGI script output and how it needs to be handled by the web server



CGI

CGI specification



CGI sets rules for the CGI script output and how

The response is written to stdout

it needs to be handled by the web server



CGI

CGI specification





There are two types of response: NPH and CGI


CGI

CGI mechanism

CGI Script execution

CGI

CGI mechanism

The web server acts like an application gateway

CGI

CGI mechanism

The web server acts like an application gateway as follows:

1. Receives the request from a client


CGI

CGI mechanism



2. Selects a CGI script to handle the request


CGI

CGI mechanism




3. Converts the client’s request to a CGI request and sets the environment variables


CGI

CGI mechanism





4. Executes the script (request data might not be immediately available through stdin)


CGI

CGI mechanism





4. Executes the script (request data might not be immediately available through stdin)

5. Converts the CGI response into a response to the client


CGI

CGI mechanism



Web server CGI script

CGI Request

Response

User

Request

CGI Response

CGI

CGI mechanism


The web server MAY act in a “non-transparent” manner, modifying the request or response in order to provide some additional service (e.g. media type transformation or protocol reduction)


CGI

CGI mechanism



The web server has to conform to the client’s request protocol, even if the CGI script fails to


CGI

CGI mechanism



The web server has to conform to the client’s request protocol, even if the CGI script fails to

If authentication is involved, the script can be invoked only if access is granted


CGI

CGI mechanism CGI Script selection

CGI

CGI mechanism

The CGI script is selected based on the request URI

CGI Script selection

CGI

CGI mechanism


The script may match the whole or a leading part of the hierarchical part


CGI

CGI mechanism



The remainder of the path, if any, is a resource or sub-resource identifier to be interpreted by the script


CGI

CGI mechanism



The remainder of the path, if any, is a resource or sub-resource identifier to be interpreted by the script

Several paths may be associated with the same script


CGI

CGI Request

CGI

CGI Request

The variables contain data about the request passed from the server to the script

Meta-variables passed as environment variables

CGI

CGI Request


They are identified by case-insensitive names; there cannot be two different variables whose names differ in case only


CGI

CGI Request



Usually they appear as capitals with underscores (e.g. PATH_INFO)


CGI

CGI Request



Usually they appear as capitals with underscores (e.g. PATH_INFO)

A missing environment variable is equivalent to a zero-length (NULL) value; it is impossible to tell if the value is NULL or missing


CGI

CGI Request

Some variables are set for every request, some don’t


CGI

CGI Request


Variables set for every request


CGI

CGI Request


Variables set for every request

SERVER_SOFTWAREThe name and version of the web server

SERVER_NAMEThe server's hostname or IP address

GATEWAY_INTERFACEThe revision of the CGI specification to which this server complies (e.g. CGI/1.1)


CGI

CGI Request


Request specific variables


CGI

CGI Request



SERVER_PROTOCOLThe name and revision of the protocol this request came in with (e.g. HTTP/1.1)

SERVER_PORTThe port number to which the request was sent

REQUEST_METHODThe method with which the request was made (e.g. POST)


CGI

CGI Request



REMOTE_ADDRThe IP address of the client

REMOTE_HOSTThe hostname of the client the request


CGI

CGI Request



PATH_INFOIdentifies the resource or sub-resource derived from the portion of the URI path hierarchy following the part that identifies the script itself

PATH_TRANSLATEDThe server provides a translated version of PATH_INFO, which takes the path and does any virtual-to-physical mapping to it


CGI

CGI Request



QUERY_STRINGThe part of the request URI which follows the first ?

This string is added either by an HTML form with a GET method or by an HTML anchor

This string is encoded in the standard URL format – spaces are replaced by “+” and special characters are encoded with %xx (hex value)

for example: “ur/ a%&” “ur%2F+a%25%26”


CGI

CGI Request


HTTP_* variables

The web server may choose to pass some of the headers it received to the script


CGI

CGI Request


HTTP_* variables

The web server may choose to pass some of the headers it received to the script

Each such header is passed through an environment variable which name is composed in the following way: starts with “HTTP_” and then the HTTP header name, converted to upper case with occurrences of “-” replaced with “_”

for example: HTTP_USER_AGENTHTTP_ACCEPT


CGI

CGI Request

The request data (for methods PUT and POST) is passed in stdin

Message body

CGI

CGI Request

The request data (for methods PUT and POST) is passed in stdin

The script should expect to read data from stdin only if the variable CONTENT_LENGTH is not NULL; do not expect end-of-file after reading CONTENT_LENGTH bytes

CONTENT_TYPE should be supplied as well

Message body

CGI

CGI vs. NPH Response

CGI


These are scripts to which the server passes all responsibility for response processing

The script’s output is sent to the client unmodified

NPH (non-parsed header) Response

CGI


These are scripts to which the server passes all responsibility for response processing

The script’s output is sent to the client unmodified

NPH (non-parsed header) Response

The response generated by the client is handled by the web server before being sent to the client

Some special action by the web server might be required

CGI Response

CGI

CGI Response

The response has a message-header and a message-body, separated by a blank line (just like HTTP)

The message-header contains one or more header fields

The body may be NULL

General structure

CGI

CGI Response




General structure

CGI; Extension; Protocol

Three different types of a response header

CGI

CGI Response




General structure


Interpreted by the server; At least one CGI header must be present


CGI

CGI Response




General structure


Included in the response returned to the client


CGI

CGI Response

Content-Type; Location; Status

CGI headers

CGI

CGI Response


The content type of the message body (if exists)

Syntax: Content-Type: <media-type>

Example: Content-Type: text/html

CGI headers

CGI

CGI Response


This is used to specify to the server that the script is returning a reference to a document rather than an actual document

Syntax: Location: URI | <local absolute path>

Example: Location: http://www.amazon.comLocation: /images/logo.gif

CGI headers

CGI

CGI Response


Used to indicate to the server what status code it should use in the response message

Syntax: Status: <3-digit code>

Example: Status: 200

CGI headers

CGI

CGI Response


CGI headers

Response typesDocument response; Local redirect; Client redirect

CGI

CGI Response


CGI headers


The CGI script returns a document to the user

The script MUST include a Content-Type header field

The script might return a Status header; if omitted, the web server assumes 200 OK

CGI

CGI Response


CGI headers


A local redirection is indicated to the web server by providing a Location header with local URL

The server MUST generate the response that it would have produced in response to a request containing the local URL

The script MUST NOT return any other header fields or a message-body

CGI

CGI Response


CGI headers


A client redirection is indicated to the web server by providing a Location header with absolute URL

The server MUST generate a 302 Found HTTP response

The script MUST not provide any other header fields, except for server-defined Extension headers

CGI

CGI Response

The script might generate a data attachment

The server MUST read all the data provided by the script, until the script sends the end-of-file symbol

Message body

CGI

CGI summary A web server is only a pipe between user-agents and content – it does not generate content Works well with static content, but what about dynamic content? A web server needs to delegate content generation to third party applications Common Gateway Interface is a standard protocol which defines how to delegate content generation from a web server to a console application



CGI

CGI summary





There are two types of response: NPH and CGI


CGI scripts generate content based on data

CGI

Input for CGI scripts

It might be meta-data, such as user-agent or user’s


CGI


IP address; no user interaction required



CGI


It is possible to have user interaction which yields user generated data




CGI


It is possible to have user interaction which yields user generated data


HTML forms – a convenient way to generate user input

For example, shipping information or credit card details

A form is created by using the <form> element

CGI

HTML forms

A form is created by using the <form> element A form is an area that contains form controls

CGI

HTML forms

Form controls are elements that allow the user to enter information (e.g. text fields, drop-down menus, radio buttons, checkboxes, …)


CGI

HTML forms


Users set the values of form controls and submitControl modification is achieved though entering text, selecting menu items, etc…


CGI

HTML forms



Then, the form is submitted to an agent (e.g. a web server) for processing

It is a block-level element A form is an area that contains form controls

CGI

The <form> element

It contains: normal content, markup, controls, and labels

HTML forms

Example (html)<form action=“http://somesite.com/prog/adduser” method=“post”>

Username: <input type="text" name=“user” /> <br />

E-mail: <input type="text" name=“email” /> <br />

<input type=“checkbox” name=“skip”> Skip intro <br />

<input type=“submit” value=“Enter” />

</form>

The <form> element

HTML forms

Example (browser)

The <form> element


CGI

The <form> element


The layout of the form depends on its contents


CGI

The <form> element


The layout of the form depends on its contents Two important attributes

action Specifies the resource URI which is used to process the form data


CGI

The <form> element


The layout of the form depends on its contents Two important attributes

action Specifies the resource URI which is used to process the form data

method Specifies which HTTP method will be used to submit the form data

HTML forms






</form>

The <form> element

Users interact with forms through named controls

CGI

Form controls

Each control has a control name


CGI

Form controls


Each control has an initial value and a current value (strings); at first the current value is set to the initial value and is then modified through user interaction

If a form is reset, the current value of each control becomes the initial value again

HTML forms






</form>

The <form> element


CGI

Form controls


Each control has an initial value and a current value (strings); at first the current value is set to the initial value and is then modified through user interaction

If a form is reset, the current value of each control becomes the initial value again

Control types: buttons, checkboxes, radio buttons, menus, text input, files select, hidden controls

On submit, the form data is processed in steps

CGI

Form submission

1. Identify successful controls

2. Build a form data set

3. Encode the form data set

4. Submit the encoded form data set


CGI

Form submission





A successful control is valid for submission

It must have a control name and a current value

It cannot be disabled


CGI

Form submission





A data set is a sequence of control-name/current-value pairs

Only successful controls are paired


CGI

Form submission





The data is encoded

The default encoding is URL encoding


CGI

Form submission





The data is sent to the processing resource

The resource is identified by the action attribute

The method used is identified by the method attribute

If method=“GET”

CGI

Form submission

The user agent constructs a URI by taking the value of action, appending a “?” to it, and then appending the form data set

The user agent then traverses the link to this URI. In this scenario, form data are restricted to ASCII codes

If method=“GET”

CGI

Form submission

The user agent constructs a URI by taking the value of action, appending a “?” to it, and then appending the form data set

The user agent then traverses the link to this URI. In this scenario, form data are restricted to ASCII codes

If method=“POST”Instead of appending the encoded form data set to the URI, it is sent as the body of the message

Content-Length is set to the length of the data set, and Content-Type is set to application/x-www-form-urlencoded


CGI

HTML forms summary



Then, the form is submitted to an agent (e.g. a web server) for processing

Documents

CGI & HTML forms