IT350 - Web andInternet
Lab 09 – CGI-powered forms
This week will be
anintroduction to CGI programming. To do this, you will go back to the HTML
form you created for yourwebsite back in Lab 02/03, and finally put some computation
behind it – toreally keep track of signups, orders, etc.
You originally created your
labin Lab02, though you should copy
yourwork from Lab03 instead, in order tobenefit from your later CSS additions.
Recall that in Lab02 you were directed to create some forms as follows:
- Form: you must create a form for users to sign up for
something. This form may be on any page – index.html, schedule.html, or a
new page you create. Pick what
works best for your site. Specifics:
Your form collects necessary information from
the usersuch as name, rank, SSN, e-mail address, leave address, leave phone
number, newaddress, new phone number, seating preferences (table number),
special dietaryrequests, working party, course title, course number, sport,
team name,ingredients, directions, etc as appropriate for your topic.
These forms should contain at least one
of each of these input types: hidden, submit,reset, text, password, checkbox,
radio button, text area, and select inputfields. Tip: for password, either
assume the user has an existing account orask them to create a password to be
used for possible changes to their requestlater.
You must create a folder on you Web
drivecalled"Lab09" (without the quotes) and store your work in
first order of business is to write a basic CGI program and get that
working to the point where it produces some output visible with a browser,
but does not yet read in any inputs. We’ll walk you through this part:
MS-Visual Studio 6.0 (do not use Visual Studio.Net)
a New Project as follows:
Pick Win32 Console Application
For Project name, type “Scripts”
Choose W:\Lab09 as your directory
Proceed, then choose to create an empty project
- Right-click on the following three links and then save them in
W:\Lab09\Scripts : Scripts.cpp, CGI.h,
Then in Visual Studio select Project->Add To Project->Files
and add Scripts.cpp. Repeat for
the other files.
- Take a look at CGI.h. This defines a number of helper
functions that you will find very useful.
You shouldn’t need it, but if you want you can see their
implementation in CGI.cpp.
and run your program. You should
see something like this (details may change):
a browser, fetch the URL http://www.mXXXXXX.it.cs.usna.edu/Lab09/Scripts/Debug/Scripts.exe
(normally you would place this in a cgi-bin directory by itself,
but it’s not necessary for our server, so easier to leave the file where
it is). You should see something
programs can be hard to debug, because things can go wrong in multiple
places – the server might not find or execute the CGI file, your form
might provide the wrong values, your program might go into an infinite
loop, the output of the CGI program might not be displayed in the browser
because of HTML errors, etc. To
make this a little easier, we are providing the following functionality:
IF you add a call to setCGIDebug() as the first thing in your main
function, then getQueryString()will ignore whatever input is provided
by GET or POST via the web server.
Instead, it will use the input string that you provide when you
call something like this setCGIDebug("name=John+Smith&pet=Alpaca").
Why is this good? Well, this
enables you to manually set the input, then run your program only in
Visual Studio – i.e. without opening up a web browser, without involving
the web server – where you can use the Visual Studio debugger if needed. Don’t forget to comment this line out
when you want to really run with the web server (through a browser).
now use this debugging functionality to add the ability for your program
to read in inputs. Open Scripts.cpp
and uncomment the line containing the call to setCGIDebug():
Now using the helper functions defined in CGI.h, add the
appropriate code to get the query string (getQueryString()), then more
code to obtain the values of the ‘name’ and ‘pet’ parameters. Add code to output these parameters so
that if you run your program (in Visual Studio), it looks something like
this (don’t worry about the exact layout, just something that grabs the
parameters and outputs them):
you have this working, comment out
the line with setCGIDebug(), re-compile, and re-build your
project. Try fetching the URL: http://www.mXXXXXX.it.cs.usna.edu/Lab09/Scripts/Debug/Scripts.exe?name=mary+jones&pet=tiger
. You should see something like this:
all of your files from Lab03 into your Lab09 directory.
should have a file form.html from Lab03.
Make sure it satisfies the original requirements for forms (given
in the introduction above). Then
modify the form (in your Lab09 directory) so that when you click submit,
it invokes your new CGI program. Modify
your CGI program so that it reads in some value from your form and
displays the value in its resultant HTML output.
check: Write C++ code to validate all of the input that your form
provides to your CGI program. If an
error is detected, your program should state explicitly what the error
was, and tell the user to hit the back button and try again (see extra
credit for a better approach). You may find it useful to go back to
Lab03/form.html, fill in some values, and click submit to see how your
data is received by the CGI program we gave you earlier. For the
validation you should at a minimum check the following:
all text fields are filled out (not empty)
at least one radio button is selected in each radio button set.
at least one checkbox is selected in each checkbox set.
that numeric inputs, if any, have a reasonable value. (BUT SEE
CLARIFICATON AT BOTTOM OF THIS PAGE)
Modify your C++ code so that, if the variables pass all the validation
tests above, the program prints out a friendly confirmation. This confirmation should display the
value of all the variables that were provided in a user-friendly
manner. For instance, “Your
reservation for 4 people has been confirmed. The details for this reservation are as
remainder of this lab requires dealing with File I/O. If you reach this point before this has
been discussed in class, you may wish to work on extra credit instead of
Modify your CGI program so that it logs the provided variables (query
string parameters) received by the form’s submission to a file called LOG.txt.
This shall be done by appending the data to an existing LOG.txt file you
create. Write to the log only if
the parameters pass all the validation checks that you wrote above. To get
this to work you may need to explicitly grant read/write privileges on
LOG.txt to web clients. The log
file should be stored in the same directory as your executable Scripts.exe
file – use getThisPath()
from CGI.cpp to find the path to this directory. In the log, print one
entry per line, separating different variables with tabs.
check: Next you will modify your script so that one part of the user's
input, such as name, credit card number, etc, will be checked against a
list of fraudulent values stored in a file on the web server called
"fraud-values.txt" This file should be in the same directory as
the CGI program – create a sample one that includes at least three
different values. Modify your
script so that it checks every submission against this file – you pick
exactly which field gets checked.
If your script finds a “fraud match”, the program should display a
nasty message to the user. Also, the activity should be recorded as a
fraud alert in the log file. If no
fraud match is found, record the correct submission in the log file as
usual. (ALSO SEE HINT AT BOTTOM ABOUT WHICH PART TO CHECK)
final step: create five links in your top-level default.htm page under
the heading “Lab09”
the name “Form”, make a link to your Lab09/form.html page
the name “Good submission” make a link to your Scripts.exe file with all
of form variables specified in the URL, such that variables all validate
and don’t trigger a fraud alert.
Hint: if your form uses the GET method (change this temporarily if
necessary), then you can create the needed URL for this by filling out
your form correctly and hitting submit.
the name “Fraud submission” make a link like the one above, but such that
one of the variables triggers a fraud alert.
the name “LOG.txt” make a link to your log file
the name “fraud-values.txt” make a link to your fraud-values.txt file.
When all is done you should have a site such that:
The user can fill out Lab09/form.html and click
submit,invoking your CGI program.
Validity checking: The CGI program checks
the values submitted and warns if any aremissing or invalid. If there is a validationproblem, the program
prints a detailed error message about the problem. Otherwise, it prints a friendly
confirmationmessage that mentions all the data that was provided.
Logging and fraud detection: if no
validation problems are found the programwill write something to the LOG
file. If one of the values triggers a
fraud alert, then an errormessage is written to the log (and a nasty message is
displayed to the user). Otherwise, all
of the parameters arewritten to the log.
You have the three links in default.htm that
You make appropriate use of functions to break
As always, you have appropriate comments. As a start, each function should have abrief
summary of its purpose and what it returns.
Your HTML web page
must be constructed using Notepad or a similar text-onlyeditor. The use
of programs such as Microsoft Word, Microsoft Frontpage,DreamWeaver,
ColdFusion, Mozilla Composer, etc. will be considered an honoroffense.
For a nominal amount of extra credit do some/all of the
(NOTE: saving a backup copy of your working lab is recommended before
your program finds a validation problem with an input (such as a missing
value or a number that is too big), a much better way to handle this is to
have your CGI program regenerate the table with all of the values provided
by the user filled in, and values that had a problem highlighted. Of course there should be a submit
button so the user can modify the values and resubmit back to the CGI
a new CGI program that reads your LOG file and generates a summary report
of the submissions. Be sure that
your LOG.txt has enough data in it to make this report at least a little
- Your main web page should be
called "form.html" (without the quotes).
- All of your files should be
in a folder called "Lab09" (without the quotes) on the W drive. Your
instructor will assume that your web pages are viewable at http://www.mXXXXXX.it.cs.usna.edu/Lab09/form.html
where XXXXXX is your alpha number. You may want to check that this URL is
viewable and that everything works correctly from a computer where somebody
else is logged in. If you've goofed and linked to a file on your X
drive, this will help you catch it!
- Turn in the following
hardcopy at the beginning of class on the due date, stapled together in
the following order (coversheet on top):
- A completed assignment
coversheet._ Your comments will help us
improve the course.
- A printout of the
source to your Scripts.cpp file.
- A printout of any C++
files that you created.
- A printout of your
Additional Hints/Clarifications (updated as the lab progresses)
of you noticed that if you have multiple checkboxes that are checked that
have the same name (say "hobby"), then a call to
only returns one of the values.
You could write a more comples getParam() to handle this. A
much easier approach is to change the checkboxes to have different names
"hobby1", "hobby2", ... This doesn't change the
functionality of the form. (This is not a problem for radio butons, since the user can only pick
one. In fact you would not want to change the names for such radio buttons, because then
the user could pick more than one at the same time).
- If you
make any functions that take a file stream as an argument, note that they
must be passed by reference, not value:
void myfunction(ifstream &fp,
...) // use this
void myfunction(ifstream fp, ...)
// not this stuff
you return to working on your lab, choose “Recent Workspaces” from the
file menu in Visual Studio and select your Scripts project. If you just open your Scripts.cpp file,
Visual Studio doesn’t know about the other files (CGI.cpp) that need to be
– don’t worry about checking that phone numbers or social security numbers
are reasonable. The intent of
checking “numeric inputs” was to check to make sure that the user didn’t
enter, for instance, “-5” for the number of people attending. If you have any such inputs, check
those. You can use the atoi()
function to convert a string to a number.
reading from “fraud-values.txt”, it’s much easier to read the values in properly
if you chose something that won’t have a space in it (like email address),
rather than a full name, because code like fin
>> inputVariable will stop reading when it reaches a space Recommended approach for this lab is to
avoid this problem by choosing values that won’t have spaces in them.
- If you’ve
followed our suggestions your executable script will be in the Lab09/Scripts/Debug
directory. Your LOG.txt and
fraud-values.txt should go there too.
forget to set the file permissions, especially on LOG.txt.
your code goes into an infinite loop when you try to read in “fraud-values.txt”
it probably means that the file is not being opened properly. Check to make sure the file is in the
correct directory and is spelled correctly. One good way to check this is to try
fetching the URL http://www.mXXXXXX.it.cs.usna.edu/Lab09/Scripts/Debug/fraud-values.txt
-- if you cant’ see the contents of
this in your web browser, then something is wrong. Check the spelling and make sure Windows
is not hiding an extra file extension from you.