IT350 - Web and
Lab 10 – CGI Take Two
This week we have introduced
Perl. Now you will use your new
knowledge to create a very similar CGI program to last week’s lab, but using
Perl instead of C++. The goal is to:
- Gain experience with Perl programming
- Compare and contrast two different ways of doing CGI programming
(C++ vs. Perl).
You must create a folder on you Web drivecalled"Lab10"
(without the quotes) and store your work in that directory.
the entire lab so you see the requirements and know what is coming.
first order of business is to write a basic Perl program and get that
working to the point where it produces some output visible with a browser.
We’ll walk you through this part:
- Right-click on submit.pl and then save it
in W:\Lab10. (No “Scripts” directory needed)
a look at submit.pl. Get a general
feel for what it does. (Note: it
has a few bugs that you will correct in a moment).
a Windows command prompt. To do
this, click on the “Start” button at the lower left corner of your
screen, pick “Run”, then type “cmd” and hit
the following into the window that appears:
perl –c -w submit.pl
(the –c says to only check the file, don’t run it. the -w says to produce
last step should identify a few errors in the program. Fix them. Re-run perl
from the command line until you get no more errors. (Hint: all control
flow statements like if/while/for require curly braces around their body –
this is optional in most other languages).
fetching the URL http://www.mXXXXXX.it.cs.usna.edu/Lab10/submit.pl?name=Fred&age=72
You likely still have a logic bug in your
program that perl -w won’t catch. Fix the program so that fetching the
above link correctly produces the following output:
- Copy your
Lab09/form.html file (or whatever you called it) into Lab10. (You can copy more files if you like,
but to save space we suggest only copying what is necessary). Now modify the form so that when you
click submit, it invokes your submit.pl program instead of your old C++
based CGI program
submit.pl to read in some of the parameters used by your form and print
some of them out (eventually you will want all of them – for now just
verify with the browser that this works).
check: Modify submit.pl to validate some of your inputs. If
an error is detected, your program should state explicitly what the error
was, and tell the user to hit the back button and try again (see extra
credit for a better approach). Unlike
last week, you’re not required to check every value. The specific requirements are:
should check at least three different parameters (e.g. to ensure they are
not empty or have a reasonable value).
least one of your checks must involve a pattern match / regular
expression. See section 25.3 of
the book. You may also find the
validation in Figure 25.13 useful.
You can modify your form if you wish (to create a parameter that
is more amenable to validating with a pattern match).
Modify submit.pl so that, if the variables pass all the validation
tests above, the program prints out a friendly confirmation. This confirmation should display the
value of all the variables that were provided in a user-friendly
manner. For instance, “Your
reservation for 4 people has been confirmed. The details for this reservation are as
Modify submit.pl so that it logs the provided variables (query string
parameters) received by the form’s submission to a file called LOG.txt.
This shall be done by appending the data to an existing LOG.txt file you
create. Write to the log only if
the parameters pass all the validation checks that you wrote above. By
default, if you open file “LOG.txt” from your Perl script, it will appear in your top level W directory (not
inside Lab10 – this was a mistake in earlier lab writeup). Don’t
forget to set the permission on this file (and fraud-values.txt below).
check: Next you will modify your script so that one part of the user's
input, such as name, credit card number, etc, will be checked against a
list of fraudulent values stored in a file on the web server called
can use the same file as last week if you like – but move it to your top level W: directory (or
move to Lab10, then use “Lab10\fraud-values.txt” as the filename). Modify your script so that it checks
every submission against this file – you pick exactly which field gets
checked. If your script finds a
“fraud match”, the program should display a nasty message to the user.
Also, the activity should be recorded as a fraud alert in the log file. If no fraud match is found, record the
correct submission in the log file as usual.
links: create five links in your top-level default.htm page under the
heading “Lab10”. You may be able to
copy from Lab09 here, but be sure to change all Lab09’s to Lab10’s and
make sure it works.
the name “Form”, make a link to your Lab10/form.html page
the name “Good submission” make a link to your submit.pl file with all of
form variables specified in the URL, such that the variables all validate
and don’t trigger a fraud alert.
Hint: if your form uses the GET method (change this temporarily if
necessary), then you can create the needed URL for this by filling out
your form correctly and hitting submit.
the name “Fraud submission” make a link like the one above, but such that
one of the variables triggers a fraud alert.
the name “LOG.txt” make a link to your log file.
the name “fraud-values.txt” make a link to your fraud-values.txt file.
- LAST STEP: If you had your choice,
would you prefer to do this lab in C++ or Perl? Write one sentence on why in your
default.htm, just below the links you created above.
When all is done you should have a site such that:
The user can fill out Lab10/form.html and click submit, invoking your CGI program (submit.pl).
Validity checking: The CGI program checks
(some of) the values submitted and warns if they are missing
or invalid. If there is a validation problem,
the program prints a detailed error message about the problem. Otherwise, it prints a friendly confirmation message
that mentions all the data that was provided.
Logging and fraud detection: If no
validation problems are found the program will write something to the
LOG file. If one of the values triggers
a fraud alert, then an error message is written to the log (and a nasty message
is displayed to the user). Otherwise,
all of the parameters are written to the log.
You have the five links in default.htm that are described
You are not
required to use functions for this assignment, since we haven’t learned
Perl functions yet. But you may if you
As always, ensure you have appropriate
comments. In this case each major
section of your code should have a brief introductory comment.
Your HTML web page
must be constructed using Notepad or a similar text-onlyeditor. The
use of programs such as Microsoft Word, Microsoft Frontpage,DreamWeaver, ColdFusion, Mozilla Composer, etc. will be considered an honoroffense.
For a nominal amount of extra credit do some/all of the following:
(NOTE: saving a backup copy of your working lab is recommended before starting on
your program finds a validation problem with an input (such as a missing
value or a number that is too big), a much better way to handle this is to
have your CGI program regenerate the table with all of the values provided
by the user filled in, and values that had a problem highlighted. Of course there should be a submit
button so the user can modify the values and resubmit back to the CGI
a new CGI program (in Perl) that reads your LOG file and generates a
summary report of the submissions.
Be sure that your LOG.txt has enough data in it to make this report
at least a little interesting.
- Your main web page should be
called "form.html" (without the quotes).
- All of your files should be
in a folder called "Lab10" (without the quotes) on the W drive. Your
instructor will assume that your web pages are viewable at http://www.mXXXXXX.it.cs.usna.edu/Lab10/form.html
where XXXXXX is your alpha number. You may want to check that this URL is
viewable and that everything works correctly from a computer where
somebody else is logged in. If you've goofed and linked to a file on
your X drive, this will help you catch it!
- Turn in the following
hardcopy at the beginning of class on the due date, stapled together in
the following order (coversheet on top):
- A completed assignment
comments will help us improve the course.
- A printout of the
source to your submit.pl file.
Additional Hints/Clarifications (updated as the lab progresses)
checkboxes: as with last week, you could give each checkbox a unique name,
and call param() on each one. Or, if you write something like this:
the param() function will notice the result
should be an array (due to the @ symbol), and will return an array with
all of the “radio” checkboxes that were checked.
Perl makes it easy to read a whole line at a time, it doesn’t matter as
much if you have values in fraud-values.txt that contain a space (this was
a problem with C++).
forget to set the file permissions, especially on LOG.txt.
your code is not working, first run perl from
the command line (like you did in the beginning of the lab) to ensure
there are no syntax errors. Then,
add extra print() commands to see what parts of
the program are executing and what the values being used are.