Simple but Useful Web Applications with your Favorite Scripting Language Hands-on Lab - Part 2 of 2

Transcript

1. Web applications using your favorite scripting language (Hands-On Lab) –

   part 2 Matthew Finlayson IBM Corporation August 25, 2009 3:00 – 4:00 PM Share Session 2259

2. * All other products may be trademarks or registered trademarks

   of their respective companies. Java and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation. UNIX is a registered trademark of The Open Group in the United States and other countries. SET and Secure Electronic Transaction are trademarks owned by SET Secure Electronic Transaction LLC. Notes: - Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. - IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply. - All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. - This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area. - All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. - Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. - Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography. The following are trademarks of the International Business Machi The following are trademarks of the International Business Machines Corporation in the United States and/or other countries. nes Corporation in the United States and/or other countries. IBM* IBM eServer IBM e(logo)server* IBM logo* Language Environment* MVS On demand business logo OS/390* Parallel Sysplex* RACF* System z9 z/Architecture z/OS* zSeries* * Registered trademarks of IBM Corporation Trademarks

3. For the exercises in this lab and to view a

   copy of this presentation, open a browser and go to the following page: http://mvs1.centers.ihost.com:8420/~finlay This page contains links to information you will need for the lab exercises as well as links for Part I (session 2258) Note: This page will be referred to as the "Lab Home Page" To get started

4. This lab session is a follow-up to lab session 2258

   (Web Applications with your Favorite Scripting Language). The session is intended for those who would like to learn more advanced techniques such as using cookies, designing interactive forms, and basic JavaScripting. It is also for those who would like to continue enhancing the web application they began in session 2258. Note: This lab uses the IBM HTTP Server (IHS) Powered by Apache, however, most of the generic concepts presented also apply to the original IHS. Session Abstract

5. Goals of this presentation Build on the knowledge gained in

   Part I Focus on some miscellaneous, but particularly useful, topics for basic CGI programming Reinforce any subjects discussed in Part I Specifically, will be covering the following: Writing and reading from the filesystem Password protecting directories Trick for preventing external linking Using cookies Redisplay form data Simple JavaScript example

6. Not covered in this presentation Complete specs on protocols (HTTP,

   HTML, CGI, Apache server configuration, etc) Simply not enough time and not really needed for level of this course. Detailed programming instruction Again, not enough time. Will provide examples and leave further education up to you and your interest. Security issues Will touch on because important, but presumption is that scope of application is internal use, intranet, etc.

7. Writing to a file We can use php to write

   to a text file. The fwrite function allows data to be written to any type of file. Fwrite's first parameter is the file handle and its second parameter is the string of data that is to be written. Just give the function those two bits of information and you're good to go! $myFile = "testFile.txt"; $fh = fopen($myFile, 'w') or die("can't open file"); $stringData = ”Some Text\n"; fwrite($fh, $stringData); fclose($fh);

8. Same thing in perl $data_file=”testFile.txt"; open(DAT, $data_file) || die("Could not

   open file!"); close(DAT);

9. Reading from a file The fread function is the staple

   for getting data out of a file. The function requires a file handle, which we have, and an integer to tell the function how much data, in bytes, it is supposed to read. If you wanted to read all the data from the file, then you need to get the size of the file. The filesize function returns the length of a file, in bytes, which is just what we need! The filesize function requires the name of the file that is to be sized up. $myFile = "testFile.txt"; $fh = fopen($myFile, 'r'); $theData = fread($fh, filesize($myFile)); fclose($fh); echo $theData;

10. Same thing in perl $data_file=”testFile.txt"; open(DAT, $data_file) || die("Could not

    open file!"); @raw_data=<DAT>; print @raw_data; close(DAT);

11. In this exercise, you save and read form data from

    a file Go to the Lab Home Page and click on exercise 4 Exercise 4: Reading and writing a file

12. Using .htaccess files to password protect a directory Distributed (directory-level)

    configuration files-- provide a way to make configuration changes on a per-directory basis. Default name is .htaccess (note the dot). We will use them to demonstrate how to password protect a directory. When you see a password box like the one on the right, it was created using .htaccess Applies to all sub-directories

13. Steps to password protect a directory Create .htaccess file in

    directory you want to protect. Example: AuthUserfile /shareuser/finlay/austin_09/.htpasswd AuthGroupfile /dev/null AuthName "SHARE Lab Password Protected Directory" AuthType Basic require user username Generate user/password in .htpasswd file Use htpasswd utility Ex: htpasswd .htpasswd username

14. In this exercise, you will password protect a directory using

    .htaccess file. Go to the Lab Home Page and click on exercise 5 Exercise 5: password protect a directory

15. Web cookies Small bits of data (less than or equal

    to 4K) which can be sent to a web browser and later retrieved by the server unchanged. Keep in mind that some people don't trust them and disable them because they are used maliciously for tracking or because they have mistaken understandings of what they do. Normally, web-transactions are stateless, cookies allow preservation of data across sessions Cookies can be set to expire immediately, after a set time, or indefinitely Servers can only retrieve cookies set by them. There are some security exposures for CGI programs that trust them too much

16. How to set a cookie The CGI program sends a

    "set-cookie" request: Example: To set a cookie with name "cgilab" and value "S2996" with expiration date of ”March 2, 2009, 4:00:00 GMT": in Perl (or php): print "Set-Cookie: cgilab=S2996; expires=Monday, 02-Mar-2009 4:00:00 GMT\n"; in PHP with setcookie() function: $time=time()+3600; // expire in one hour setcookie("cgilab","S2996",$time);

17. How to read a cookie Only the cookies associated with

    the requesting domain are returned. Cookies are stored by the server in the environment variable 'HTTP_COOKIE' which has the format: var1=value1; var2=value2; ... Can be read and parsed from HTTP_COOKIE or can use built-in functions. For example: in PHP, cookies are automatically parsed into the _COOKIE hash.

18. In this exercise, you will write a CGI program to

    set a cookie and a program to read the cookie. Go to the Lab Home Page and click on exercise 6 Exercise 6: Set and read a cookie

19. Redisplaying Form Data For html forms that validate data, you

    want to be able to redisplay data that has already been entered. It's not very friendly to make people re-enter data You may want to display a specific error message To do this, we do two things: Generate html in our CGI app Use the "value=" attribute Go to the Lab Home Page and click on exercise 7

20. A simple javascript example JavaScript allows "client-side" processing Shifts load

    to browser instead of server Faster for client Not always as user-friendly Often Used for: Auto-completion of forms (ex: "use same billing address") Validation of fields prior to submitting Go to the Lab Home Page and click on exercise 8