2 Things we’ll learn and do • HTML5 – basics, tables, forms SY306 Web and Databases for Cyber Operations • Cascading Style Sheets • JavaScript, Dynamic HTML • CGI / Python Slide Set #9: CGI with Python • Databases – Relational Model • SQL (see online resources, e.g. • Web applications with database back-end http://www.tutorialspoint.com/python/index.htm) • Web based attacks (XSS, SQL injections,…) 1
CGI – What does it all look like? CGI Script Basics • Common Gateway Interface (CGI) – “Common”: Not specific to any operating system or language • Output file generated at runtime: 1. When a program executed as a CGI script, “standard output” is redirected to web server 2. Web server then redirects output to client's browser 2
How can CGI get data from user? Technique #1: Forms • User enters data via a form, submits • Web server directs data to a CGI program • Script receives data in one of two ways: 1. method = “get” 2. method = “post” Use language-specific method to get these inside CGI program Technique #2: URL with parameters <a href= “ http://www.usna.edu/CS/calendar/view.py?events=seminars ”> Seminars </a> 3
survey.py survey.html The Big Example Part 1 (the form) The Big Example Part 2 (CGI to receive) #!/usr/bin/env python3 (standard header stuff…) import cgi <body> import cgitb; cgitb.enable() form = cgi.FieldStorage() # instantiate only once! <h1> Welcome to The Ultimate Survey </h1> # get inputs from browser food = form.getvalue (“food”) <form method="post" action="set9_survey.py"> color = form.getvalue (“color”) <p> Favorite food: <input type="text" name="food" /> </p> # Save result in file. Use colon as separator <p> Favorite color: outfile = open ("favorites.txt","a") outfile.write(food + " : " + color + "\n") <label><input type="radio" name="color" value="red"/> Red outfile.close() </label> #generate output as feedback for the user <label><input type="radio" name="color" value="gold"/> Gold print ("Content-Type: text/html\n") </label> print ('''\ <label><input type="radio" name="color" value="blue"/> Blue <!DOCTYPE html> </label> <html> <head> </p> <meta charset = "utf-8"> <p><input type="submit" value="Submit" /> </p> <title>Survey Feedback</title> </head> <body> </form> <h1>Thank you for filling out our survey</h1> </body> <p>Your responses have been recorded as follows:</p> <ul> </html> ''') print (“< li>Favorite food: “ + food + “</ li >”) print (“< li>Favorite color: “ + color + “</ li >”) print (“</ ul></body></html >”) 4
survey_results.py The Big Example Part 3 (CGI to process) Exercise #1 #!/usr/bin/env python3 # read from file import cgi with open("favorites.txt","r") as lines: • Write Python script that will, given the URL import cgitb for line in lines: cgitb.enable() #skip the empty lines provided below, generate HTML that looks like the if line == "\n": #print response header continue screenshot print ("Content-Type: text/html") #remove the newline character and split by : print () # s = line[:-1].split(':') #solution 1 http://mope.academy.usna.edu/~adina/sy306/ice/ex1.py?maxNumber=5 line = line.strip() #solution 2 s = line.split (‘:’) #print start html part print ('''\ print ("<li>Favorite food: " + s[0] + " favorite color: **" + s[1] + "**</li>") <!DOCTYPE html> #if s[1] == "red": #this will not work if there are extra spaces <html> if s[1].find("red") >= 0: <head> nbRed = nbRed+1 <meta charset = "utf-8"> <title>Survey Results</title> print ("</ol>") </head> print ("<h1> There are " + str(nbRed) + " responses for color 'red'. </h1>") <body> ''') #print end html part print ('</body></html>') #start printing the results and count the number of red responses print ('<h1>Results so far</h1>') print ('<ol>') nbRed = 0 5
Exercise #2: Write Python script that accepts two numbers Gotchas from browser user, prints error if num2 is zero, otherwise outputs num1/num2. • Indentation – turn-off auto-indentation, make sure you use spaces, not tabs • Unix server – use UNIX line endings in script • File permissions – server needs to be able to r/w/x different files/folders – setfacl – m u:www-data:rwx LabX 6
Recommend
More recommend
