1. The Common Gateway Interface (CGI)

1.1 What Is CGI?

As you traverse the vast frontier of the World Wide Web, you will come across documents that make you wonder, “How did they do this?” These documents could consist of, among other things, forms that ask for feedback or registration information, imagemaps that allow you to click on various parts of the image, counters that display the number of users that accessed the document, and utilities that allow you to search databases for particular information. In most cases, you'll find that these effects were achieved using the Common Gateway Interface, commonly known as CGI.

One of the Internet's worst-kept secrets is that CGI is astoundingly simple. That is, it's trivial in design, and anyone with an iota of programming experience can write rudimentary scripts that work. It's only when your needs are more demanding that you have to master the more complex workings of the Web. In a way, CGI is easy the same way cooking is easy: anyone can toast a muffin or poach an egg. It's only when you want a Hollandaise sauce that things start to get complicated.

CGI is the part of the Web server that can communicate with other programs running on the server. With CGI, the Web server can call up a program, while passing user-specific data to the program (such as what host the user is connecting from, or input the user has supplied using HTML form syntax). The program then processes that data and the server passes the program's response back to the Web browser.

CGI isn't magic; it's just programming with some special types of input and a few strict rules on program output. Everything in between is just programming. Of course, there are special techniques that are particular to CGI, and that's what this book is mostly about. But underlying it all is the simple model shown in Figure 1.1.

Figure 1.1: Simple diagram of CGI

1.2 CGI Applications

CGI turns the Web from a simple collection of static hypermedia documents into a whole new interactive medium, in which users can ask questions and run applications. Let's take a look at some of the possible applications that can be designed using CGI.

Forms

One of the most prominent uses of CGI is in processing forms. Forms are a subset of HTML that allow the user to supply information. The forms interface makes Web browsing an interactive process for the user and the provider. Figure 1.2 shows a simple form.

Figure 1.2: Simple form illustrating different widgets

As can be seen from the figure, a number of graphical widgets are available for form creation, such as radio buttons, text fields, checkboxes, and selection lists. When the form is completed by the user, the Submit Order! button is used to send the information to the server, which executes the program associated with the particular form to “decode” the data.

Generally, forms are used for two main purposes. At their simplest, forms can be used to collect information from the user. But they can also be used in a more complex manner to provide back-and-forth interaction. For example, the user can be presented with a form listing the various documents available on the server, as well as an option to search for particular information within these documents. A CGI program can process this information and return document(s) that match the user's selection criteria.

Chapter 4, Forms and CGI, discusses forms in detail, and Chapter 7, Advanced Form Applications, shows examples of incorporating forms into several robust applications.

Gateways

Web gateways are programs or scripts used to access information that is not directly readable by the client. For example, say you have an Oracle database that contains baseball statistics for all the players on your company team and you would like to provide this information on the Web. How would you do it? You certainly cannot point your client to the database file (i.e., open the URL associated with the file) and expect to see any meaningful data.

CGI provides a solution to the problem in the form of a gateway. You can use a language such as oraperl (see Chapter 9, Gateways, Databases, and Search/Index Utilities, for more information) or a DBI extension to Perl to form SQL queries to read the information contained within the database. Once you have the information, you can format and send it to the client. In this case, the CGI program serves as a gateway to the Oracle database, as shown in Figure 1.3.

Figure 1.3: A gateway to a database

Similarly, you can write gateway programs to any other Internet information service, including Archie, WAIS, and NNTP (Usenet News). Chapter 10, Gateways to Internet Information Servers, shows examples of interacting with other Internet services. In addition, you can amplify the power of gateways by using the forms interface to request a query or search string from the user to retrieve and display dynamic, or virtual, information. We will discuss these special documents next.

Virtual Documents

Virtual, or dynamic, document creation is at the heart of CGI. Virtual documents are created on the fly in response to a user's information request. You can create virtual HTML, plain text, image, and even audio documents. A simple example of a virtual document could be something as trivial as this:

Welcome to Shishir's WWW Server!
You are visiting from diamond.com. The load average on this machine is 1.25.
Happy navigating!

In this example, there are two pieces of dynamic information: the alphanumeric address (IP name) of the remote user and the load average on the serving machine. This is a very simple example, indeed!

On the other hand, very complex virtual documents can be created by writing programs that use a combination of graphics libraries, gateways, and forms. As a more sophisticated example, say you are the manager of an art gallery that specializes in selling replicas of ancient Renaissance paintings and you are interested in presenting images of these masterpieces on the Web. You start out by creating a form that asks for user information for the purpose of promotional mailings, presents a search field for the user to enter the name of a painting, as well as a selection list containing popular paintings. Once the user submits the form to the server, a program can email the user information to a certain address, or store it in a file. And depending on the user's selection, either a message stating that the painting does not exist or an image of the painting can be displayed along with some historical information located elsewhere on the Internet.

Along with the picture and history, another form with several image processing options to modify the brightness, contrast, and/or size of the picture can be displayed. You can write another CGI program to modify the image properties on the fly using certain graphics libraries, such as gd, sending the resultant picture to the client.

This is an example of a more complex CGI program using many aspects of CGI programming. Several such examples will be presented in this book.

1.3 Some Working CGI Applications

What better way to learn about CGI than to see actual programs in action? Here are the locations of some of the more impressive CGI programs on the Web:

• Lycos World Wide Web Search

  Located at http://www.lycos.com/, this server allows the user to search the Web for specific documents. Lycos returns a dynamic hypertext document containing the documents that match the user's search criteria.

• Coloring Book

  An entertaining application that displays an image for users to color. It can be accessed at http://www.ravenna.com/coloring.

• ArchiePlex Gateway

  A gateway to the Archie search server. Allows the user to search for a specific string and returns a virtual hypertext document. This useful gateway is located at http://pubweb.nexor.co.uk/public/archie/archieplex/archieplex.html. A simple Archie gateway is presented in Chapter 10, Gateways to Internet Information Servers.

• Guestbook with World Map

  A guestbook is a forms-based application that allows users to leave messages for everyone to see. Though there are numerous guestbooks on the Web, this is one of the best. You can access it at http://www.cosy.sbg.ac.at/rec/guestbook.

• Japanese <-> English Dictionary

  A sophisticated CGI program that queries the user for an English word, and returns a virtual document with graphic images of an equivalent Japanese word, or vice versa. It can be accessed at http://www.wg.omron.co.jp/cgi-bin/je?SASE=jfiedl.html or at http://enterprise.ic.gc.ca/cgi-bin/j-e.

Although most of these documents are curiosities, they illustrate the powerful aspects of CGI. The interface allows for the creation of highly effective virtual documents using forms and gateways.

1.4 Internal Workings of CGI

So how does the whole interface work? Most servers expect CGI programs and scripts to reside in a special directory, usually called cgi-bin, and/or to have a certain file extension. (These configuration parameters are discussed in the Configuring the Server section in this chapter.) When a user opens a URL associated with a CGI program, the client sends a request to the server asking for the file.

For the most part, the request for a CGI program looks the same as it does for all Web documents. The difference is that when a server recognizes that the address being requested is a CGI program, the server does not return the file contents verbatim. Instead, the server tries to execute the program. Here is what a sample client request might look like:

GET /cgi-bin/welcome.pl HTTP/1.0
Accept: www/source
Accept: text/html
Accept: image/gif
User-Agent: Lynx/2.4 libwww/2.14
From: shishir@bu.edu

This GET request identifies the file to retrieve as /cgi-bin/welcome.pl. Since the server is configured to recognize all files inf the cgi-bin directory tree as CGI programs, it understands that it should execute the program instead of relaying it directly to the browser. The string HTTP/1.0 identifies the communication protocol to use.

The client request also passes the data formats it can accept (www/source, text/html, and image/gif), identifies itself as a Lynx client, and sends user information. All this information is made available to the CGI program, along with additional information from the server.

The way that CGI programs get their input depends on the server and on the native operating system. On a UNIX system, CGI programs get their input from standard input (STDIN) and from UNIX environment variables. These variables store such information as the input search string (in the case of a form), the format of the input, the length of the input (in bytes), the remote host and user passing the input, and other client information. They also store the server name, the communication protocol, and the name of the software running the server.

Once the CGI program starts running, it can either create and output a new document, or provide the URL to an existing one. On UNIX, programs send their output to standard output (STDOUT) as a data stream. The data stream consists of two parts. The first part is either a full or partial HTTP header that (at minimum) describes what format the returned data is in (e.g., HTML, plain text, GIF, etc.). A blank line signifies the end of the header section. The second part is the body, which contains the data conforming to the format type reflected in the header. The body is not modified or interpreted by the server in any way.

A CGI program can choose to send the newly created data directly to the client or to send it indirectly through the server. If the output consists of a complete HTTP header, the data is sent directly to the client without server modification. (It's actually a little more complicated than this, as we will discuss in Chapter 3, Output from the Common Gateway Interface.) Or, as is usually the case, the output is sent to the server as a data stream. The server is then responsible for adding the complete header information and using the HTTP protocol to transfer the data to the client.

Here is the sample output of a program generating an HTML virtual document, with the complete HTTP header:

HTTP/1.0 200 OK
Date: Thursday, 22-February-96 08:28:00 GMT
Server: NCSA/1.4.2
MIME-version: 1.0
Content-type: text/html
Content-length: 2000
<HTML>
<HEAD><TITLE>Welcome to Shishir's WWW Server!</TITLE></HEAD>
<BODY>
<H1>Welcome!</H1>
.
.
</BODY>
</HTML>

The header contains the communication protocol, the date and time of the response, the server name and version, and the revision of the MIME protocol.[1] Most importantly, it also consists of the MIME content type and the number of characters (equivalent to the number of bytes) of the enclosed data, as well as the data itself. Now, the output with the partial HTTP header:

Content-type: text/html
<HTML>
<HEAD><TITLE>Welcome to Shishir's WWW Server!</TITLE></HEAD>
<BODY>
<H1>Welcome!</H1>
.
.
</BODY>
</HTML>

In this instance, the only header line that is output is the Content-type header, which describes the MIME format of the output. Since the output is in HTML format, text/html is the content type that is declared.

Most CGI programmers prefer to supply only a partial header. It is much simpler to output the format and the data than to formulate the complete header information, which can be left to the server. However, there are times when you need to send the information directly to the client (by outputting a complete HTTP header), as you will see in Chapter 3, Output from the Common Gateway Interface.

1.5 Configuring the Server

Before you can run CGI programs on your server, certain parameters in the server configuration files must be modified. If you are using either the NCSA or CERN HTTP server, you need to first set the ServerRoot directive in the httpd.conf file to point to the directory where the server software is located:

ServerRoot          /usr/local/etc/httpd

Running CGI Scripts

On the NCSA server, the ScriptAlias directive in the server resource map file (srm.conf) indicates the directory where the CGI scripts are placed.

ScriptAlias          /cgi-bin/        /usr/local/etc/httpd/cgi-bin/

For example, if a user accesses the URL:

http://your_host.com/cgi-bin/welcome

the local program:

/usr/local/etc/httpd/cgi-bin/welcome

will be executed by the server. You can have multiple directories to hold CGI scripts:

ScriptAlias          /cgi-bin/        /usr/local/etc/httpd/cgi-bin/
ScriptAlias          /my-cgi-bin/     /usr/local/etc/httpd/my-cgi-bin/

You might wonder why all CGI programs must be placed in distinct directories. The most important reason for this is system security. By having all the programs in one place, a server administrator can control and monitor all the programs being run on the system. However, there are directives that allow programs to be run outside of these directories, based on the file extension. The following directives, when placed in the srm.conf configuration file, allow the server to execute files containing .pl, .sh, or .cgi extensions.

AddType       application/x-httpd-cgi          .pl   .sh   .cgi

However, this could be very dangerous! By globally enabling all files ending in certain extensions, there is a risk that novice programmers might write programs that violate system security (e.g., printing the contents of important system files to standard output).

On the CERN server, setting up the CGI directory is done in the httpd.conf file, using the following syntax:

Exec            /cgi-bin/*                /usr/local/etc/httpd/cgi-bin

1.6 Programming in CGI

You might wonder, “Now that I know how CGI works, what programming language can I use?” The answer to that question is very simple: You can use whatever language you want, although certain languages are more suited for CGI programming than others. Before choosing a language, you must consider the following features:

• Ease of text manipulation
• Ability to interface with other software libraries and utilities
• Ability to access environment variables (in UNIX)

Let's look at each of these features in more detail. Most CGI applications involve manipulating text (as you will see throughout this book) some way or another, so inherent pattern matching is very important. For example, form information is usually “decoded” by splitting the string on certain delimiters.

The ability of a language to interface with other software, such as databases, is also very important. This greatly enhances the power of the Web by allowing you to write gateways to other information sources, such as database engines or graphic manipulation libraries.

Finally, the last attribute that must be taken into account is the ease with which the language can access environmental variables. These variables constitute the input to the CGI program, and thus are very important.

Some of the more popular languages for CGI programming include AppleScript, C/C++, C Shell, Perl, Tcl, and Visual Basic. Here is a quick review of the advantages and, in some cases, disadvantages of each one.

AppleScript (Macintosh Only)

Since the advent of System 7.5, AppleScript is an integral part of the Macintosh operating system (OS). Though AppleScript lacks inherent pattern-matching operators, certain extensions have been written to make it easy to handle various types of data. AppleScript also has the power to interface with other Macintosh applications through AppleEvents. For example, a Mac CGI programmer can write a program that presents a form to the user, decode the contents of the form, and query and search a Microsoft FoxPro database directly through AppleScript.

C/C++ (UNIX, Windows, Macintosh)

C and C++ are very popular with programmers, and some use them to do CGI programming. These languages are not recommended for the novice programmer; C and C++ impose strict rules for variable and memory declarations, and type checking. In addition, these languages lack database extensions and inherent pattern-matching abilities, although modules and functions can be written to achieve these functions.

However, C and C++ have a major advantage in that you can compile your CGI application to create a binary executable, which takes up fewer system resources than using interpreters (like Perl or Tcl) to run CGI scripts.

C Shell (UNIX Only)

C Shell lacks pattern-matching operators, and so other UNIX utilities, such as sed or awk, must be used whenever you want to manipulate string information. However, there is a software tool, called uncgi and written in C, that decodes form data and stores the information into shell environment variables, which can be accessed rather easily. Obviously, communicating with a database directly is impossible, unless it is done through a foreign application. Finally, the C Shell has some serious bugs and limitations that make using it a dangerous proposition for the beginner.

Perl (UNIX, Windows, Macintosh)

Perl is by far the most widely used language for CGI programming! It contains many powerful features, and is very easy for the novice programmer to learn. The advantages of Perl include:

• It is highly portable and readily available.
• It contains extremely powerful string manipulation operators, as well as functions to deal with binary data.
• It contains very simple and concise constructs.
• It makes calling shell commands very easy, and provides some useful equivalents of certain UNIX system functions.
• There are numerous extensions built on top of Perl for specialized functions; for example, there is oraperl(or the DBI Extensions), which contains functions for interfacing with the Oracle database.

Because of these overwhelming advantages, Perl is the language used for most of the examples throughout this book.

To whet your appetite slightly, here is an example of a CGI Perl program that creates the simple virtual document presented in the Virtual Documents section that appeared earlier in this chapter:

#!/usr/local/bin/perl
print "Content-type: text/plain","\n\n";
print "Welcome to Shishir's WWW Server!", "\n";
$remote_host = $ENV{'REMOTE_HOST'};
print "You are visiting from ", $remote_host, ". ";
$uptime = `/usr/ucb/uptime` ;
($load_average) = ($uptime =~ /average: ([^,]*)/);
print "The load average on this machine is: ", $load_average, ".", "\n";
print "Happy navigating!", "\n";
exit (0);

The first line of the program is very important. It tells the server to run the Perl interpreter located in /usr/local/bin to execute the program.

Simple print statements are used to display information to the standard output. This CGI program outputs a partial HTTP header (the one Content-type header). Since this script generates plain text and not HTML, the content type is text/plain.

Two newlines (\n) are output after the header. This is because HTTP requires a blank line between the header and body. Depending on the platform, you may need to output two carriage-return and newline combinations (\r\n\r\n).

The first print statement after the header is a greeting. The second print statement after the header displays the remote host of the user accessing the server. This information is retrieved from the environmental variable REMOTE_HOST.

As you peruse the next bit of code, you will see what looks like a mess! However, it is a combination of very powerful search operators, and is called a regular expression (or commonly known as regexp)--see the expression below. In this case, the expression is used to search the output from the UNIX command uptime for a numeric value that is located between the string “average:” and the next comma.

Finally, the last statement displays a good luck message.

Tcl (UNIX Only)

Tcl is gaining popularity as a CGI programming language. Tcl consists of a shell, tclsh, which can be used to execute your scripts. Like Perl, tclsh also contains simple constructs, but is a bit more difficult to learn and use for the novice programmer. Like Perl, Tcl contains extensions to databases and graphic libraries. It also supports regular expressions, but is quite inefficient in handling these expressions at compile time, especially when compared to Perl.

Visual Basic (Windows Only)

Visual Basic is to Windows what AppleScript is to the Macintosh OS as far as CGI programming is concerned. With Visual Basic, you can communicate with other Windows applications such as databases and spreadsheets. This makes Visual Basic a very powerful tool for developing CGI applications on a PC, and it is very easy to learn. However, Visual Basic lacks powerful string manipulation operators.

1.7 CGI Considerations

Now that we have decided on a language for CGI programming, let's look at some considerations that need to be taken to create effective virtual documents.

First and most importantly, you need to understand what kind of information is to be presented. If it is plain text or HTML, there is no problem. However, if the data is unreadable by the client, a gateway has to be written to effectively translate that data.

This leads to another important matter: The original (or “unreadable”) data has to be organized in such a way that it will be easy for the gateway to read from and write to the data source. Once you have the gateway and you can retrieve data, you can present it in numerous ways. For example, if the data is numerical in nature, you can create virtual graphs and plots using various utility software. On the other hand, if the data consists of graphical objects, you can modify the information using numerous graphic manipulation tools.

In summary, you need to think about what you want to present and how to prevent it long before the actual process of implementing CGI programs. This will ensure the creation of effective virtual documents.

1.8 Overview of the Book

The main theme throughout this book is the design and creation of virtual hypermedia documents. A few things to note are:

• All of the examples in the book are in Perl (mostly v4.0, but they should run without problems on v5.0), although some of the common modules are presented in the numerous languages mentioned above.
• When applicable, configuration details are slanted toward the NCSA server, as it is the most commonly used Web server on the Internet.
• The phrases “CGI programs” and “CGI scripts” will be used interchangeably throughout the book.

Chapters 2 through 5 cover the client-server interaction, including a look at the environmental variables, working with forms, and server-side includes (SSI).

From there, we discuss CGI programs that return virtual documents using various MIME content types in Chapter 6, Hypermedia Documents. Dynamic graphic image creation is the highlight of this chapter.

Chapters 7 through 10 cover forms and gateways with a vast number of advanced examples. The creation of static and dynamic forms, as well as communication with various databases and Internet information servers, is presented in great detail.

Chapter 11, Advanced and Creative CGI Applications walks through the design and implementation of a number of advanced CGI applications.

Finally, Chapter 12, Debugging and Testing CGI Applications covers techniques for debugging your CGI programs, and lists some common mistakes and methods for finding your programming errors.

The book also includes appendices with a Frequently Asked Questions list for Perl and CGI, a quick reference for regular expressions (since many examples depend heavily on the use of regular expressions in Perl), an overview of CGI::* modules for Perl 5, an overview of the CGI Lite library, and a list of resources and URLs for more information and CGI-related software.