What are CGI programs?

Many web pages are simply files containing static HTML. When a web browser requests a page from a web server, a file is copied back to the browser. Each time you load the page, it has exactly the same content.

A CGI program lets you process data received from a client on the web server and dynamically generate HTML. The most common use is to process the data entered into a web form and to generate a response that's sent back to the browser.

The way CGI programs are executed depends on the particular web server being used and the platform on which it's running. Grove is a Unix system running the Apache web server, so the way CGI programs are run is dictated by that environment and the way this particular web server is configured.

A CGI program on grove can be written in any language that will run in a Unix environment. That includes C, C++, or any of the Unix scripting languages. The scripting language perl is available on grove and is a popular language for making CGI programs.

This short note does attempt to explain everything you need to know about writing CGI programs to process web forms. You should consult one of the many books on that subject. This note does explain the two methods for running CGI scripts that are available on grove.

Some warnings!

On some web servers, CGI programs do not run in your account. Then usually run in a special "nobody" account. This means that CGI programs can't write files into your directory or damage existing files. This is not true on grove! CGI programs run as if you logged in and ran the program on your account. You have full access to the files in your directory and a carelessly written program could damage any of your files.

When you have CGI programs in your web directory, they can potentially be executed from anywhere in the world. They will run in your account and could read or write any file in your directory. If improperly written, they can expose your account to accidental or malicious damage.

You are responsible for what happens in your grove account. It's up to you to make sure that your CGI programs aren't used to violate any local, state, or federal laws, and that they do not violate local computer policies. See the document Policies for use of computers at UF.

In short, writing CGI programs should be done cautiously and by someone familiar with the Unix environment and aware of the possible security problems associated with CGI programs.

The .cgi file method

On grove, we have enabled a feature of the Apache web server that lets you execute CGI scripts in your directory as if they were running in your account. The requirements are:

• The file must be stored in your public_html subdirectory or in a subdirectory of public_html.
• The name of the file must be something.cgi.
• The file must be executable.

As a short example, use any text editor to create this file named hello.cgi in your public_html subdirectory:

#!/usr/bin/sh
echo "Content-type: text/html"
echo
echo "<html>"
echo "Hello"
echo "</html>"

Make sure that file is executable:

chmod u+x hello.cgi

You should be able to run it on grove under Unix and will display the HTML it will generate:

./hello.cgi
Content-type: text/html

<html>
Hello
</html>

You can execute this file using a URL like this:

http://grove.ufl.edu/~your-username/hello.cgi

If you've done everything correctly, your web browser should display the word "Hello".

The cgiwrap method

Another method for executing a CGI program in your web directory is to use a CGI program called cgiwrap. The requirements for this method are:

• The file must be stored in the subdirectory public_html/cgi-bin or another subdirectory of this directory.
• The CGI file can be named anything.
• The file must be executable.

First, if you haven't already done so, create your cgi-bin subdirectory and set the proper permissions:

cd ~/public_html
mkdir cgi-bin
chmod go+rx cgi-bin

Then use any text editor to create the file named hello in the directory public_html/cgi-bin:

#!/usr/bin/sh
echo "Content-type: text/html"
echo
echo "<html>"
echo "Hello"
echo "</html>"

After creating the file, make sure it's executable:

chmod u+x hello

The URL to run the script using cgiwrap is:

http://grove.ufl.edu/cgi-bin/cgiwrap/your-username/hello

There are two advantages to using the cgiwrap instead of the .cgi file method:

• There is a debugging option that can provide helpful information if you're having trouble getting your CGI program to work correctly.
• The cgiwrap facility is also available at nersp.nerdc.ufl.edu so you can use this method at either location.

  If your CGI program isn't written correctly, it's not always easy to find the problem. You can use cgiwrapd to run your program and information about the execution that may be useful to you will be displayed. It only takes a slight change in the URL:

  http://grove.ufl.edu/cgi-bin/cgiwrapd/your-username/hello

  For additional documention on cgiwrap, see the Unix manual page by typing this command:

  man cgiwrap

  Using CGI programs in web pages

  The most common use of CGI programs is to process data entered in forms or queries. Here's a simple example of the use of the HTML FORM tag to ask the brower user for their name:

  <FORM METHOD=POST ACTION="http://grove.ufl.edu/~your-username/form.cgi">
  Enter your name:
  <INPUT TYPE="TEXT" NAME="fullname">
  </FORM>
  

  When the user clicks on the submit button, the CGI program form.cgi is executed and can read and process the form data.

  If you're using cgiwrap to provide your CGI program, the "action" specifiation might look like this:

  ACTION="http://grove.ufl.edu/cgi-bin/cgiwrap/your-username/form">
  

  Sample CGI program

  One of the most popular methods for writing a CGI program is to use perl. A perl program is a text file that is interpreted by the perl shell. This is sample CGI program written in perl. It shows how form data is read and processed by a perl script.

  #!/usr/local/bin/perl
  #
  #	Sample CGI program in perl
  #
  
  $|=1;					# force unbuffered output
  
  #	Output must be HTML
  
  print "Content-type: text/html\r\n";
  print "\r\n";
  print "<HTML>\r\n";
  
  #	print some interesting environment variables
  
  print "<B>Some environment
  variables:</B><BR><BR>\r\n";
  print "REQUEST_METHOD = ", $ENV{'REQUEST_METHOD'}, "<BR>\r\n";
  print "CONTENT_LENGTH = ", $ENV{'CONTENT_LENGTH'}, "<BR>\r\n";
  print "REMOTE_HOST = ", $ENV{'REMOTE_HOST'}, "<BR>\r\n";
  print "REMOTE_ADDR = ", $ENV{'REMOTE_ADDR'}, "<BR>\r\n";
  
  #	Get the length of form data
  
  print "<BR><BR><B>Form
  data:</B><BR><BR>\r\n";
  $len = $ENV{'CONTENT_LENGTH'};
  
  #	length or form data must be a number
  
  unless ($len =~ m/^\d+$/) {
     print "No form data to process<BR>\r\n";
     exit;
  }
  
  #	read in form data string
  
  read (STDIN, $input, $len) || die;
  
  #	convert +'s to blanks, and convert special characters
  #	in hex to the proper character.
  
  $input =~ tr/+/ /;
  $input =~ s/\%([a-fA-F0-9]{2})/pack("C", hex($1))/eg;
  
  #	split into the name/value pairs
  
  @pairs = split('&', $input);
  
  #	look at each name/value pair
  
  foreach $item (@pairs) {
     ($name, $value) = split('=', $item);
     print "$name=\"$value\"<BR>\r\n";
  }