CGI Programming Introduction – Perl

In the world of internet, many of the documents exchanged are encoded in HTML. The Web is a client-server system, client requests a document from browsers like IE, Firefox and the web servers like Apache will take care of it and return the required document to client. If the requests from client is plain text requests then the server just merely sends back the file contents. Sometimes, however, the web server runs  another program to return a document. So, the problem here is, how can the server run the program from server side?

The program run from server side can be handled in two ways. 1. The program is part of the web server process, like Java Servlet or mod_perl; or 2. the program is an external program and in this way we call it CGI. I don’t want to discuss the disadvantages of CGI here. I will just share my study note below about CGI.

A CGI request generally means the invocation of a newly created process on the server. It is important to understand that CGI program doesn’t run continuously, with the browser calling different parts of the program. Each request for a paritial URL corresponding to the program starts a new copy. The CGI program generates a page for that request, then quits.

 

In CGI, client has three typical methods to communicate with server.

1. GET. The GET method is the most common, indicating a simple request for a document.

With the GET method, values are encoded directly in the URL, leading to ugly URLs like this: E.g, http://www-abc.def.com/cgi-bin/abc/def/shopapps/bill_status.pl?reqid=12345

2. POST. The POST method submits form values. With the POST method, values are encoded in a separate part of the HTTP request that the client browser sends the server. Basically we will use the POST method to submit a login form.

E.g, http://www-abc.def.com/cgi-bin/abc/def/shopapps/login.pl

The GET and POST methods is different with each other:

Making a GET request for a particular URL once or multiple times should no different. That is to say, GET is for static informational requests. The HTTP protocol definition says that a GET request may be cached by the browser, the server, or a proxy. POST requests cannot be cached, because each request is independent and matters. Typically POST requests any changes or depends on the state of the server (query or update a database, login, etc.).

3. HEAD. The HEAD method supplies information about the document without actually fetching it.

 

Security

CGI programs allow anyone run a program on your system by default. To control the access, you might need to introduce a mechanism to control the access. I will share the way how to write to cookies to guarantee the security below.

 

HTML and Forms

In CGI program, we can embed HTML tags to create forms and generate nice HTML UI.

 

So let me conclude my study note here:

1. We can use CGI to request server to run external programs.

2. In CGI, it will use GET to get a document and a POST method to submit requests. The HEAD method will just tell us information about the document.

3. In CGI, we can use cookies to implement security control.

4. In CGI, we can embed HTML tags to create beautiful HTML UI.

 

Let me write a simple CGI script firstly,

#!/local/bin/perl -w

use strict;

use CGI qw(:all);

$incheader = `cat /u01/abc/header.inc`;
$ToolHead=”Luohua’s Shop”;

print “Content-type: text/html\n\n”;

print “<TITLE> $ToolHead </TITLE>\n”;

print “${incheader}”

print “<center><h1> $ToolHead </h1>”;

##### Done !!! #####

Below is snippet to implement the POST method using a form,

print “<form method=POST action=\”\” name=\”asubmit\” id=\”Requestshop\”>\n”;
print “<input type=hidden name=UID size=50 value=${cookieemail} >”;
print “<input type=hidden name=listSz size=2 value=${produclist} >”;
print “</form>\n”;

 

Below is snippet how to set cookies,

# interactive with database to check the credential, if it matches, then set cookies.
print “Set-Cookie: user=$user;domain=www-abc.def.com;path=/cgi-bin/abc/def/shopapps/bill_status.pl;expires=Mon, 15-Jul-2013 12:00:00 GMT\n”;
print “Set-Cookie: passwd=$passwd;domain=www-abc.def.com;path=/cgi-bin/cgi-bin/abc/def/shopapps/bill_status.pl;expires=Mon, 15-Jul-2013 12:00:00 GMT\n”;

Below is snippet how to clean cookies,

print “Set-Cookie: user= ;domain=www-abc.def.com;path=/cgi-bin/abc/def/shopapps/bill_status.pl;expires=Mon, 15-Jul-2013 12:00:00 GMT\n”;
print “Set-Cookie: passwd= ;domain=www-abc.def.com;path=/cgi-bin/abc/def/shopapps/bill_status.pl;expires=Mon, 15-Jul-2013 12:00:00 GMT\n”;