November 18, 2006
About Python
<a href="http://25f6akwb3kqffkcmzlnrxm9u9u.hop.clickbank.net/" style="font-family:arial;font-size:14px;text-decoration:underline;color:#006699;" target="_top">Tru-Guru Home Biz Mastery - High Conversion.</a>
Python is an interpreted, general-purpose high-level programming language whose design philosophy emphasizes code readability. Python aims to combine "remarkable power with very clear syntax", and its standard library is large and comprehensive. Its use of indentation for block delimiters is unusual among popular programming languages.
Python supports multiple programming paradigms, primarily but not limited to object oriented, imperative and, to a lesser extent, functional programming styles. It features a fully dynamic type system and automatic memory management, similar to that of Scheme, Ruby, Perl, and Tcl. Like other dynamic languages, Python is often used as a scripting language, but is also used in a wide range of non-scripting contexts.
The reference implementation of Python (CPython) is free and open source software and has a community-based development model, as do all or nearly all of its alternative implementations. CPython is managed by the non-profit Python Software Foundation.
Python interpreters are available for many operating systems, and Python programs can be compiled into stand-alone executable code for those systems, using tools included with the interpreter installation package.
<DIV class=content>
<P>This tutorial covers two web programming models that can be used with Python:
the CGI standard and mod_python.</P>
<P>As a general rule if you are in a shared host environment then your only
option will be to run python scripts as CGI. Some specialized hosting providers
will let you use and configure mod_python. Mod_python's performance and
flexibility is much superior to CGI.</P>
<P>There is no need to read the mod_python section if you want CGI and vice
versa. They are not related to each other. To follow this tutorial it is
required that you have a basic Python programming knowledge. If you need to
learn how to program visit the <A
href="http://programming-crash-course.com">Python Tutorial</A> first.</P>
<P>Please post any doubt, suggestion or critique at the <A
href="http://codepoint.net/index.php/board,7.0.html" target=pcc>Web Python
Board</A> and help making this a better tutorial.</P>
November 18, 2006
CGI
<P>Some host providers only let you run CGI scripts in a certain directory,
often named<SPAN class=fixed> cgi-bin</SPAN>. In this case all you have to do to
run the script is to call it like this:</P>
<P><SPAN class=fixed
style="FONT-SIZE: small">http://my_server.tld/cgi-bin/my_script.py</SPAN></P>
<P>The script will have to be made executable by "others". Give it a 755
permission or check the executable boxes if there is a graphical FTP
interface.</P>
<P>Some hosts let you run CGI scripts in any directory. In some of these hosts
you don't have to do anything to configure the directories. In others you will
have to add these lines to a file named<SPAN class=fixed> .htaccess </SPAN>in
the directory you want to run CGI scripts from:</P><PRE class=program>Options +ExecCGI
AddHandler cgi-script .py</PRE>
<P>If the file does not exist create it. All directories below a directory with
a .htaccess file will inherit the configurations. So if you want to be able to
run CGI scripts from all directories create this file in the document root.</P>
<P>If you are using your own server then probably you won't need to do anything
to run a CGI script at the<SPAN class=fixed> cgi-bin </SPAN>directory. Just make
sure there is a line like the next in<SPAN class=fixed> httpd.conf </SPAN>and
that it is not commented. The trailing slashs are required.</P><PRE class=program>ScriptAlias /cgi-bin/ "/path/to/cgi-bin/directory/"</PRE>
<P>If you are using the line above and want html files to be handled correctly
in the cgi-bin directory add the next to<SPAN class=fixed> httpd.conf</SPAN>. No
trailing slash.</P><PRE class=program><Directory /path/to/cgi-bin/directory>
AddHandler default-handler .html .htm
</Directory></PRE>
<P>To run a script saved at the root:</P>
<P><SPAN class=fixed
style="FONT-SIZE: small">http://my_server.tld/my_script.py</SPAN></P>
<P>If it was saved in some directory:</P>
<P><SPAN class=fixed
style="FONT-SIZE: small">http://my_server.tld/some_dir/some_subdir/my_script.py</SPAN></P>
<P>If your desktop is the server then execute it like this:</P>
<P><SPAN class=fixed
style="FONT-SIZE: small">http://localhost/cgi-bin/my_script.py</SPAN></P>
<P>In Windows, sometimes Apache will listen on port 8080. In this case the above
address will be written with the port:</P>
<P><SPAN class=fixed style="FONT-SIZE: small">http://localhost:<SPAN
style="FONT-WEIGHT: bold">8080</SPAN>/cgi-bin/my_script.py</SPAN></P>
<P>Make sure all text files you upload to the server are uploaded as text (not
binary), specially if you are in Windows, otherwise you will have problems.</P>
November 18, 2006
Hello World
<P>This is the classical "Hello World" in python CGI fashion:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html</SPAN><SPAN class=syntax13>"</SPAN>
<SPAN class=syntax8>print</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14><html></SPAN>
<SPAN class=syntax14><body></SPAN>
<SPAN class=syntax14><h2>Hello</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>World!</h2></SPAN>
<SPAN class=syntax14></body></SPAN>
<SPAN class=syntax14></html></SPAN>
<SPAN class=syntax14>"""</SPAN></PRE>
<P>To test your setup save it with the<SPAN class=fixed> .py </SPAN>extension,
upload it to your server as text and make it executable before trying to run
it.</P>
<P>The first line of a python CGI script sets the path where the python
interpreter will be found in the server. Ask your provider what is the correct
one. If it is wrong the script will fail. Some examples:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/python</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/python2.3</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/python2.4</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!c:\Python24\python.exe</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!c:\Python25\python.exe</SPAN></PRE>
<P>The first 3 lines above are Linux paths and the last 2 are Windows paths.</P>
<P>It is necessary that the script outputs the HTTP header. The HTTP header
consists of one or more messages followed by a blank line. If the output of the
script is to be interpreted as HTML then the content type will be<SPAN
class=fixed> text/html</SPAN>. The blank line signals the end of the header and
is required.</P><PRE class=program><SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html</SPAN><SPAN class=syntax13>"</SPAN>
<SPAN class=syntax8>print</SPAN></PRE>
<P>Many times the blank line will be written as<SPAN class=fixed> \n</SPAN>:</P><PRE class=program><SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html\n</SPAN><SPAN class=syntax13>"</SPAN></PRE>
<P>If you change the content type to<SPAN class=fixed> text/plain </SPAN>the
browser will not interpret the script's output as HTML but as pure text and you
will only see the HTML source. Try it now to never forget. A page refresh may be
necessary for it to work.</P>
<H3>Client versus Server</H3>
<P>All python code will be executed at the server only. The client's agent (for
example the browser) will never see a single line of python. Instead it will
only get the script's output. This is something realy important to
understand.</P>
<P>When programming for the Web you are in a client-server environment, that is,
do not make things like trying to open a file in the client's computer as if the
script were running there. It isn't.</P>
November 18, 2006
Debugging
<P>To catch syntax error messages run the script in a local shell before
uploading to the server. Header errors are hard to catch unless you have access
to the server logs. In case you have, look for<SPAN class=fixed> error_log
</SPAN>and<SPAN class=fixed> access_log </SPAN>in Linux and for<SPAN
class=fixed> error.log </SPAN>and<SPAN class=fixed> access.log </SPAN>in
Windows.</P>
<P>For a nice exceptions report there is the<SPAN class=fixed> cgitb
</SPAN>module. It will show a traceback inside a context. The default output is
sent to standard output as HTML:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html</SPAN><SPAN class=syntax13>"</SPAN>
<SPAN class=syntax8>print</SPAN>
<SPAN class=syntax8>import</SPAN> cgitb; cgitb.<SPAN class=syntax6>enable</SPAN>()
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax5>1</SPAN><SPAN class=syntax18>/</SPAN><SPAN class=syntax5>0</SPAN></PRE>
<P>The<SPAN class=fixed> handler() </SPAN>method can be used to handle only the
catched exceptions:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html</SPAN><SPAN class=syntax13>"</SPAN>
<SPAN class=syntax8>print</SPAN>
<SPAN class=syntax8>import</SPAN> cgitb
<SPAN class=syntax8>try</SPAN>:
f <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>open</SPAN>(<SPAN class=syntax13>'</SPAN><SPAN class=syntax13>non-existent-file.txt</SPAN><SPAN class=syntax13>'</SPAN>, <SPAN class=syntax13>'</SPAN><SPAN class=syntax13>r</SPAN><SPAN class=syntax13>'</SPAN>)
<SPAN class=syntax8>except</SPAN>:
cgitb.<SPAN class=syntax6>handler</SPAN>()</PRE>
<P>There is also the option for a crude approach making the header "text/plain"
and setting the standard error to standard out:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/plain</SPAN><SPAN class=syntax13>"</SPAN>
<SPAN class=syntax8>print</SPAN>
<SPAN class=syntax8>import</SPAN> sys
sys.stderr <SPAN class=syntax18>=</SPAN> sys.stdout
f <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>open</SPAN>(<SPAN class=syntax13>'</SPAN><SPAN class=syntax13>non-existent-file.txt</SPAN><SPAN class=syntax13>'</SPAN>, <SPAN class=syntax13>'</SPAN><SPAN class=syntax13>r</SPAN><SPAN class=syntax13>'</SPAN>)</PRE>
<P>Will output this:</P><PRE>Traceback (most recent call last):
File "/var/www/html/teste/cgi-bin/text_error.py", line 6, in ?
f = open('non-existent-file.txt', 'r')
IOError: [Errno 2] No such file or directory: 'non-existent-file.txt'</PRE>
<P><SPAN style="FONT-WEIGHT: bold; COLOR: red">Warning:</SPAN> These techniques
expose information that can be used by an attacker. Use it only while
developing/debugging. Once in production disable them.
November 18, 2006
Forms
<P>The<SPAN class=fixed> FieldStorage </SPAN>class of the<SPAN class=fixed> cgi
</SPAN>module has all that is needed to handle submited forms.</P><PRE class=program><SPAN class=syntax8>import</SPAN> cgi
form <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>FieldStorage</SPAN>() <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>instantiate</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>only</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>once!</SPAN></PRE>
<P>It is transparent to the programmer if the data was submited by GET or by
POST. The interface is exactly the same.</P>
November 18, 2006
Unique field names
<P>Suppose we have this HTML form which submits a field named<SPAN class="fixed"> name</SPAN>
to a python CGI script named<SPAN class="fixed"> process_form.py</SPAN>:</P>
<PRE class="program"><SPAN class=syntax17><</SPAN><SPAN class=syntax17>html</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>body</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>form</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>method</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>get</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>action</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>process_form.py</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN>
Name: <SPAN class=syntax17><</SPAN><SPAN class=syntax17>input</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>type</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>text</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>name</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>name</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>input</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>type</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>submit</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>value</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Submit</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>form</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>body</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>html</SPAN><SPAN class=syntax17>></SPAN></PRE>
<P>This is the<SPAN class="fixed"> process_form.py </SPAN>script:</P>
<PRE class="program"><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> cgi
form <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>FieldStorage</SPAN>() <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>instantiate</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>only</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>once!</SPAN>
name <SPAN class=syntax18>=</SPAN> form.<SPAN class=syntax6>getfirst</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>name</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>empty</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Avoid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>script</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>injection</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>escaping</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>user</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>input</SPAN>
name <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>escape</SPAN>(name)
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>Content-Type:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>text/html\n</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><p>The</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>submitted</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>name</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>was</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>"%s"</p></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> name</PRE>
<P>The<SPAN class="fixed"> getfirst() </SPAN>method returns the first value of the
named field or a default or<SPAN class="fixed"> None </SPAN>if no field with
that name was submited or if it is empty. If there is more than one field with
the same name only the first will be returned.</P>
<P>If the HTML form method is changed from get to post the process_form.py script
will be the same.</P>
<P>If the user inputed data is to be shown in a HTML document then it is necessary
to escape it from HTML tags or else everything inside<SPAN class="fixed"> < > </SPAN>
will be interpreted by the HTML parser including javascript code like<BR>
<SPAN class="fixed"><script type="text/javascript"> malicious code here
</script></SPAN></P>
<P>The<SPAN class="fixed"> cgi.escape() </SPAN>method will transform the above into
safe HTML text:<BR>
<SPAN class="fixed">&lt;script type="text/javascript"&gt; malicious code
here &lt;/script&gt;</SPAN></P>
<P>
This is useful not only to prevent script injection but also to make it
possible to display HTML source code as has just been done above.
November 18, 2006
Multiple field names
<P>If there is more than one field with the same name like in HTML input check
boxes then the method to be used is<SPAN class=fixed> getlist()</SPAN>. It will
return a list containing as many items (the values) as checked boxes. If no
check box was checked the list will be empty.</P>
<P>Sample HTML with check boxes:</P><PRE class=program><SPAN class=syntax17><</SPAN><SPAN class=syntax17>html</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>body</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>form</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>method</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>post</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>action</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>process_check.py</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN>
Red<SPAN class=syntax17><</SPAN><SPAN class=syntax17>input</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>type</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>checkbox</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>name</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>color</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>value</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>red</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN>
Green<SPAN class=syntax17><</SPAN><SPAN class=syntax17>input</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>type</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>checkbox</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>name</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>color</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>value</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>green</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>input</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>type</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>submit</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>value</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Submit</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>form</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>body</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>html</SPAN><SPAN class=syntax17>></SPAN></PRE>
<P>And the corresponding process_check.py script:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> cgi
form <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>FieldStorage</SPAN>()
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>getlist()</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>returns</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>list</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>containing</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>values</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>fields</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>with</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>given</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>name</SPAN>
colors <SPAN class=syntax18>=</SPAN> form.<SPAN class=syntax6>getlist</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>color</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html\n</SPAN><SPAN class=syntax13>"</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><html><body></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>The</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>colors</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>list:</SPAN><SPAN class=syntax13>‘</SPAN>, colors
<SPAN class=syntax8>for</SPAN> color <SPAN class=syntax8>in</SPAN> colors:
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p></SPAN><SPAN class=syntax13>‘</SPAN>, cgi.<SPAN class=syntax6>escape</SPAN>(color), <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></body></html></SPAN><SPAN class=syntax13>‘</SPAN></PRE>
November 18, 2006
File Upload
<P>The python scripts in this page and in the next one will try to save an
uploaded file in a directory named<SPAN class=fixed> files </SPAN>in the
directory where it is running. If the directory where the script is running
is<SPAN class=fixed> /path/to/dir </SPAN>then the<SPAN class=fixed>
/path/to/dir/files </SPAN>directory must exist. If it does not it will fail.</P>
<P>To upload a file the HTML form must have the<SPAN class=fixed> enctype
</SPAN>attribute set to<SPAN class=fixed> multipart/form-data</SPAN>. The<SPAN
class=fixed> input </SPAN>tag with the<SPAN class=fixed> file </SPAN>type will
create a "Browse" button.</P><PRE class=program><SPAN class=syntax17><</SPAN><SPAN class=syntax17>html</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>body</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>form</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>enctype</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>multipart/form-data</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>action</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>save_file.py</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>method</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>post</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>p</SPAN><SPAN class=syntax17>></SPAN>File: <SPAN class=syntax17><</SPAN><SPAN class=syntax17>input</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>type</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>file</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>name</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>file</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>p</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>p</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>input</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>type</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>submit</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17> </SPAN><SPAN class=syntax17>value</SPAN><SPAN class=syntax18>=</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>Upload</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>p</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>form</SPAN><SPAN class=syntax17>></SPAN>
<SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>body</SPAN><SPAN class=syntax17>></SPAN><SPAN class=syntax17><</SPAN><SPAN class=syntax17>/</SPAN><SPAN class=syntax17>html</SPAN><SPAN class=syntax17>></SPAN></PRE>
<P>The<SPAN class=fixed> getfirst() </SPAN>and<SPAN class=fixed> getlist()
</SPAN>methods will only return the file(s) content. To also get the filename it
is necessary to access a nested<SPAN class=fixed> FieldStorage </SPAN>instance
by its index in the top<SPAN class=fixed> FieldStorage </SPAN>instance.</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> cgi, os
<SPAN class=syntax8>import</SPAN> cgitb; cgitb.<SPAN class=syntax6>enable</SPAN>()
<SPAN class=syntax8>try</SPAN>: <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Windows</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>needs</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>stdio</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>set</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>for</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>binary</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>mode.</SPAN>
<SPAN class=syntax8>import</SPAN> msvcrt
msvcrt.setmode (<SPAN class=syntax5>0</SPAN>, os.O_BINARY) <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>stdin</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>=</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>0</SPAN>
msvcrt.setmode (<SPAN class=syntax5>1</SPAN>, os.O_BINARY) <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>stdout</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>=</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>1</SPAN>
<SPAN class=syntax8>except</SPAN> <SPAN class=syntax10>ImportError</SPAN>:
<SPAN class=syntax8>pass</SPAN>
form <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>FieldStorage</SPAN>()
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>A</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>nested</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>FieldStorage</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>instance</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>holds</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>file</SPAN>
fileitem <SPAN class=syntax18>=</SPAN> form[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>file</SPAN><SPAN class=syntax13>‘</SPAN>]
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Test</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>if</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>file</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>was</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>uploaded</SPAN>
<SPAN class=syntax8>if</SPAN> fileitem.filename:
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>strip</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>leading</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>path</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>from</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>file</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>name</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>avoid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>directory</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>traversal</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>attacks</SPAN>
fn <SPAN class=syntax18>=</SPAN> os.path.<SPAN class=syntax6>basename</SPAN>(fileitem.filename)
<SPAN class=syntax9>open</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>files/</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> fn, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>wb</SPAN><SPAN class=syntax13>‘</SPAN>).<SPAN class=syntax6>write</SPAN>(fileitem.<SPAN class=syntax9>file</SPAN>.<SPAN class=syntax6>read</SPAN>())
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>The</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>file</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> fn <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>was</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>uploaded</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>successfully</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>else</SPAN>:
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>No</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>file</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>was</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>uploaded</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>Content-Type:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>text/html\n</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><p>%s</p></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (message,)</PRE>
<P>A directory traversal attack is one where the attacker submits a file with a
leading path like in<SPAN class=fixed> ../../attacker_program</SPAN>. This way
he can save a program wherever the Apache user has write permission. Or read a
file if the target script reads files.
November 18, 2006
Big File Upload
<P>To handle big files without using all the available memory a generator can be
used. The generator will return the file in small chunks:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> cgi, os
<SPAN class=syntax8>import</SPAN> cgitb; cgitb.<SPAN class=syntax6>enable</SPAN>()
<SPAN class=syntax8>try</SPAN>: <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Windows</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>needs</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>stdio</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>set</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>for</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>binary</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>mode.</SPAN>
<SPAN class=syntax8>import</SPAN> msvcrt
msvcrt.setmode (<SPAN class=syntax5>0</SPAN>, os.O_BINARY) <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>stdin</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>=</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>0</SPAN>
msvcrt.setmode (<SPAN class=syntax5>1</SPAN>, os.O_BINARY) <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>stdout</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>=</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>1</SPAN>
<SPAN class=syntax8>except</SPAN> <SPAN class=syntax10>ImportError</SPAN>:
<SPAN class=syntax8>pass</SPAN>
form <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>FieldStorage</SPAN>()
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Generator</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>buffer</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>file</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>chunks</SPAN>
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>fbuffer</SPAN>(f, chunk_size<SPAN class=syntax18>=</SPAN><SPAN class=syntax5>10000</SPAN>):
<SPAN class=syntax8>while</SPAN> <SPAN class=syntax10>True</SPAN>:
chunk <SPAN class=syntax18>=</SPAN> f.<SPAN class=syntax6>read</SPAN>(chunk_size)
<SPAN class=syntax8>if</SPAN> <SPAN class=syntax8>not</SPAN> chunk: <SPAN class=syntax8>break</SPAN>
<SPAN class=syntax8>yield</SPAN> chunk
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>A</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>nested</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>FieldStorage</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>instance</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>holds</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>file</SPAN>
fileitem <SPAN class=syntax18>=</SPAN> form[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>file</SPAN><SPAN class=syntax13>‘</SPAN>]
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Test</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>if</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>file</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>was</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>uploaded</SPAN>
<SPAN class=syntax8>if</SPAN> fileitem.filename:
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>strip</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>leading</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>path</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>from</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>file</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>name</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>avoid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>directory</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>traversal</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>attacks</SPAN>
fn <SPAN class=syntax18>=</SPAN> os.path.<SPAN class=syntax6>basename</SPAN>(fileitem.filename)
f <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>open</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>files/</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> fn, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>wb</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax5>10000</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Read</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>file</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>chunks</SPAN>
<SPAN class=syntax8>for</SPAN> chunk <SPAN class=syntax8>in</SPAN> <SPAN class=syntax6>fbuffer</SPAN>(fileitem.<SPAN class=syntax9>file</SPAN>):
f.<SPAN class=syntax6>write</SPAN>(chunk)
f.<SPAN class=syntax6>close</SPAN>()
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>The</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>file</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> fn <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>was</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>uploaded</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>successfully</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>else</SPAN>:
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>No</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>file</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>was</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>uploaded</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>Content-Type:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>text/html\n</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><p>%s</p></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (message,)</PRE>
November 18, 2006
Shell Commands
<P>It is possible to execute shell commands through CGI. The<SPAN class=fixed>
subprocess.Popen </SPAN>class is what is necessary. This module is new in python
2.4. <SPAN class=fixed>os.popen4</SPAN> can also be used if a hosting provider
does not offer 2.4.</P>
<P>The script in this page is for educational purposes only. Read the <A
href="#warning">warning</A>. If you need a CGI Shell use the one on the next
page.</P>
<P>This handy<SPAN class=fixed> getshellcmd.py </SPAN>script gets anything in
its query string and execute it as a shell command. It works for Unix with a
bash shell only.</P><PRE class=fixed><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/python2.4</SPAN>
<SPAN class=syntax8>import</SPAN> cgitb; cgitb.<SPAN class=syntax6>enable</SPAN>()
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>subprocess</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>module</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>new</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>2.4</SPAN>
<SPAN class=syntax8>import</SPAN> os, urllib, subprocess <SPAN class=syntax8>as</SPAN> sub
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Retrieve</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>command</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>from</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>query</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>string</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>and</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>unencode</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>escaped</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>%xx</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>chars</SPAN>
str_command <SPAN class=syntax18>=</SPAN> urllib.<SPAN class=syntax6>unquote</SPAN>(os.environ[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>QUERY_STRING</SPAN><SPAN class=syntax13>‘</SPAN>])
p <SPAN class=syntax18>=</SPAN> sub.<SPAN class=syntax6>Popen</SPAN>([<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>/bin/bash</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>-c</SPAN><SPAN class=syntax13>‘</SPAN>, str_command],
stdout<SPAN class=syntax18>=</SPAN>sub.PIPE, stderr<SPAN class=syntax18>=</SPAN>sub.STDOUT)
output <SPAN class=syntax18>=</SPAN> urllib.<SPAN class=syntax6>unquote</SPAN>(p.stdout.<SPAN class=syntax6>read</SPAN>())
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>Content-Type:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>text/html\n</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><pre></SPAN>
<SPAN class=syntax14>$</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>%s</SPAN>
<SPAN class=syntax14>%s</SPAN>
<SPAN class=syntax14></pre></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (str_command, output)</PRE>
<P>Say you want to install Django in your site. Without this script you would
have to download it to your local host, decompress it, and upload the
uncompressed files by FTP.</P>
<P>With CGI you download it using curl or wget directly to a directory in your
site‘s hierarchy like a tmp directory:</P>
<P><SPAN class=fixed
style="FONT-SIZE: small">http://my_site.tld/getshellcmd.py?curl -o
tmp/Django-0.95.tar.gz
http://media.djangoproject.com/releases/0.95/Django-0.95.tar.gz</SPAN></P>
<P>The above is one only line. And the output in the browser:</P><PRE style="FONT-SIZE: 10px">$ curl -o tmp/Django-0.95.tar.gz http://media.djangoproject.com/releases/0.95/Django-0.95.tar.gz
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 1257k 0 2479 0 0 7042 0 0:03:02 0:00:00 0:03:02 7042
4 1257k 4 62727 0 0 98k 0 0:00:12 0:00:00 0:00:12 217k
32 1257k 32 404k 0 0 241k 0 0:00:05 0:00:01 0:00:03 303k
49 1257k 49 623k 0 0 235k 0 0:00:05 0:00:02 0:00:02 270k
78 1257k 78 983k 0 0 271k 0 0:00:04 0:00:03 0:00:01 299k
100 1257k 100 1257k 0 0 309k 0 0:00:04 0:00:04 0:00:00 338k</PRE>
<P>Four seconds to download 1,257k in my host provider. Now to untar it issue
the<SPAN class=fixed> tar </SPAN>command as the query string:</P>
<P><SPAN class=fixed
style="FONT-SIZE: small">http://my_site.tld/getshellcmd.py?tar -xzvf
tmp/Django-0.95.tar.gz</SPAN></P>
<P>Depending on the host absolute directory paths should be declared.</P>
<P><SPAN id=warning style="FONT-WEIGHT: bold; COLOR: red">Warning:</SPAN> If you
ever use this sample code save it with another name and chmod it to 600
immediately after its use. Otherwise any one in the whole world will be able to
execute whatever he wants in your host.</P>
November 18, 2006
Safer CGI Shell
<P>This is a CGI Shell for Unix servers with a bash shell. It has authentication
and state management. It needs the <A
href="http://webpython.codepoint.net/a_session_class">session module</A>. The
latest version can be <A
href="http://cgpy-shell.googlecode.com/svn/trunk/">downloaded</A> from the <A
href="http://code.google.com/p/cgpy-shell/">project‘s site</A>. Get help in <A
href="http://codepoint.net/index.php/topic,33.0.html">this topic</A>.</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/python2.4</SPAN>
<SPAN class=syntax8>import</SPAN> cgitb; cgitb.<SPAN class=syntax6>enable</SPAN>()
<SPAN class=syntax8>import</SPAN> sys, os
sys.path.<SPAN class=syntax6>append</SPAN>(os.path.<SPAN class=syntax6>dirname</SPAN>(os.environ[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>SCRIPT_FILENAME</SPAN><SPAN class=syntax13>‘</SPAN>]))
<SPAN class=syntax8>import</SPAN> session, time, cgi, urllib, subprocess <SPAN class=syntax8>as</SPAN> sub
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>login</SPAN>(form, sess):
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>You</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>absolutely</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>need</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>change</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>these</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>!!!</SPAN>
passwords <SPAN class=syntax18>=</SPAN> {<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>me</SPAN><SPAN class=syntax13>‘</SPAN>:<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>mine</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>friend</SPAN><SPAN class=syntax13>‘</SPAN>:<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>his</SPAN><SPAN class=syntax13>‘</SPAN>}
username <SPAN class=syntax18>=</SPAN> form.<SPAN class=syntax6>getfirst</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>username</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>)
password <SPAN class=syntax18>=</SPAN> form.<SPAN class=syntax6>getfirst</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>password</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax8>if</SPAN> username <SPAN class=syntax8>and</SPAN> passwords.<SPAN class=syntax6>get</SPAN>(username) <SPAN class=syntax18>=</SPAN><SPAN class=syntax18>=</SPAN> password:
sess.<SPAN class=syntax6>set_expires</SPAN>(<SPAN class=syntax5>365</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>24</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN>)
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>logged</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax10>True</SPAN>
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>logged_until</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> time.<SPAN class=syntax6>time</SPAN>() <SPAN class=syntax18>+</SPAN> <SPAN class=syntax5>10</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN>
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>empty_cmd</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax10>False</SPAN>
<SPAN class=syntax8>return</SPAN> <SPAN class=syntax10>True</SPAN>
<SPAN class=syntax8>if</SPAN> <SPAN class=syntax8>not</SPAN> username <SPAN class=syntax8>or</SPAN> <SPAN class=syntax8>not</SPAN> password:
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Enter</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>user</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>name</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>and</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>password</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>to</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>log</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>into</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>CGI</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>Shell</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>elif</SPAN> username <SPAN class=syntax8>not</SPAN> <SPAN class=syntax8>in</SPAN> passwords <SPAN class=syntax8>or</SPAN> passwords.<SPAN class=syntax6>get</SPAN>(username) <SPAN class=syntax18>!</SPAN><SPAN class=syntax18>=</SPAN> password:
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Wrong</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>username</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>or</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>password</SPAN><SPAN class=syntax13>‘</SPAN>
onload <SPAN class=syntax18>=</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>var</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>el</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>=</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>document.getElementById(‘un‘);</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>el.focus();</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>el.select()</SPAN><SPAN class=syntax14>"""</SPAN>
<SPAN class=syntax6>header</SPAN>(sess, onload)
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><div</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="border:3px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>solid</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>gray;width:350px;height:130px;</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>margin:auto;padding:20px;"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="shell"></SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><p>%s</p></SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><form</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>method="post"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>action="./cgi-shell.py"></SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><p>Username:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><input</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="text"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>name="username"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>id="un"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>value="%s"</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="shell"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="border:1px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>lime</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>solid;padding:2px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>4px;"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>/></p></SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><p>Password:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><input</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="password"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>name="password"</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="shell"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="border:1px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>lime</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>solid;padding:2px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>4px;"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>/></p></SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><p</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="text-align:center;"><input</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="submit"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>value="Login"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="button"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>/></p></SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14></form></SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14></div></SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (message, username)
<SPAN class=syntax8>return</SPAN> <SPAN class=syntax10>False</SPAN>
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>end</SPAN>(sess):
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></body>\n</html></SPAN><SPAN class=syntax13>‘</SPAN>
sess.<SPAN class=syntax6>close</SPAN>()
sys.<SPAN class=syntax6>exit</SPAN>(<SPAN class=syntax5>0</SPAN>)
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>shell</SPAN>(form, sess):
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>logged_until</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> time.<SPAN class=syntax6>time</SPAN>() <SPAN class=syntax18>+</SPAN> <SPAN class=syntax5>10</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN>
sess.data.<SPAN class=syntax6>setdefault</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>output</SPAN><SPAN class=syntax13>‘</SPAN>, [])
cmd <SPAN class=syntax18>=</SPAN> form.<SPAN class=syntax6>getfirst</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>cmd</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>)
cur_dir <SPAN class=syntax18>=</SPAN> sess.data.<SPAN class=syntax6>setdefault</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>pwd</SPAN><SPAN class=syntax13>‘</SPAN>, os.environ[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>DOCUMENT_ROOT</SPAN><SPAN class=syntax13>‘</SPAN>])
<SPAN class=syntax8>if</SPAN> cmd <SPAN class=syntax8>or</SPAN> cmd <SPAN class=syntax18>=</SPAN><SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax8>and</SPAN> sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>empty_cmd</SPAN><SPAN class=syntax13>‘</SPAN>]:
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>cmd</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> cmd
cmd <SPAN class=syntax18>=</SPAN> urllib.<SPAN class=syntax6>unquote</SPAN>(cmd)
p <SPAN class=syntax18>=</SPAN> sub.<SPAN class=syntax6>Popen</SPAN>([<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>/bin/bash</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>-c</SPAN><SPAN class=syntax13>‘</SPAN>, cmd <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>\necho</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>$PWD</SPAN><SPAN class=syntax13>‘</SPAN>],
stdout<SPAN class=syntax18>=</SPAN>sub.PIPE, stderr<SPAN class=syntax18>=</SPAN>sub.STDOUT, cwd<SPAN class=syntax18>=</SPAN>cur_dir)
prompt <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>[@</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> os.environ[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>SERVER_NAME</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>‘</SPAN>
prompt <SPAN class=syntax18>+</SPAN><SPAN class=syntax18>=</SPAN> os.path.<SPAN class=syntax6>basename</SPAN>(cur_dir) <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>]$</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>‘</SPAN>
output <SPAN class=syntax18>=</SPAN> [prompt <SPAN class=syntax18>+</SPAN> cmd <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>\n</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>+</SPAN> p.stdout.<SPAN class=syntax6>readlines</SPAN>()
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>pwd</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> (output[<SPAN class=syntax18>-</SPAN><SPAN class=syntax5>1</SPAN>:])[<SPAN class=syntax5>0</SPAN>].<SPAN class=syntax6>rstrip</SPAN>()
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>output</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> (sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>output</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>+</SPAN> output)[<SPAN class=syntax18>-</SPAN><SPAN class=syntax5>501</SPAN>:<SPAN class=syntax18>-</SPAN><SPAN class=syntax5>1</SPAN>]
<SPAN class=syntax8>else</SPAN>:
cmd <SPAN class=syntax18>=</SPAN> urllib.<SPAN class=syntax6>unquote</SPAN>(sess.data.<SPAN class=syntax6>setdefault</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>cmd</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>))
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>empty_cmd</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax10>True</SPAN>
cur_dir <SPAN class=syntax18>=</SPAN> sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>pwd</SPAN><SPAN class=syntax13>‘</SPAN>]
output <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>escape</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>.<SPAN class=syntax6>join</SPAN>(sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>output</SPAN><SPAN class=syntax13>‘</SPAN>]).<SPAN class=syntax6>rstrip</SPAN>(), <SPAN class=syntax10>True</SPAN>)
onload <SPAN class=syntax18>=</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>window.location.href</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>=</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>‘#last‘;</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>var</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>el</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>=</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>document.getElementById(‘cmd‘);el.focus();el.select();</SPAN><SPAN class=syntax14>"""</SPAN>
prompt <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>[&#064;</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> os.environ[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>SERVER_NAME</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>‘</SPAN>
prompt <SPAN class=syntax18>+</SPAN><SPAN class=syntax18>=</SPAN> os.path.<SPAN class=syntax6>basename</SPAN>(cur_dir) <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>]$</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax6>header</SPAN>(sess, onload)
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14><div</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="width:98%%;margin:0;"></SPAN>
<SPAN class=syntax14><pre</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="border-bottom:0;margin:0;padding:6px;width:100%%;</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>overflow:auto;height:430px;border:3px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>solid</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>gray;border-bottom:0;"</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="shell"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>id="output">%s<span</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>id="last"></span></pre></SPAN>
<SPAN class=syntax14><form</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>method="post"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>action="#last"></SPAN>
<SPAN class=syntax14><p</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="margin:0;padding:6px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>6px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>8px;width:100%%;border:3px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>solid</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>gray;</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>border-top:0;"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="shell">%s</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14><input</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="text"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>name="cmd"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>value="%s"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="shell"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>id="cmd"</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="width:55%%;border:1px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>lime</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>solid;padding:2px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>4px;"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>/></SPAN>
<SPAN class=syntax14><input</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="submit"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>value="Submit"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>name="submit"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="button"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>/></SPAN>
<SPAN class=syntax14><input</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="submit"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>value="Logout"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>name="submit"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>class="button"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>/></p></SPAN>
<SPAN class=syntax14></form></SPAN>
<SPAN class=syntax14></div></SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (output, prompt, cgi.<SPAN class=syntax6>escape</SPAN>(cmd, <SPAN class=syntax10>True</SPAN>))
<SPAN class=syntax6>end</SPAN>(sess)
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>header</SPAN>(sess, onload<SPAN class=syntax18>=</SPAN><SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>):
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>%s</SPAN>
<SPAN class=syntax14>Content-Type:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>text/html\n</SPAN>
<SPAN class=syntax14><!DOCTYPE</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>html</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>PUBLIC</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>"-//W3C//DTD</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>XHTML</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>1.0</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>Strict//EN"</SPAN>
<SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"></SPAN>
<SPAN class=syntax14><html>\n<head><title>CGI</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>Shell</title></SPAN>
<SPAN class=syntax14><style</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="text/css"></SPAN>
<SPAN class=syntax14>.shell</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>{font-size:12px;font-family:monospace;background-color:black;color:lime;}</SPAN>
<SPAN class=syntax14></style>\n</head></SPAN>
<SPAN class=syntax14><body</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>onload="%s"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="background-color:lightgray;font-family:monospace;"></SPAN>
<SPAN class=syntax14><h2</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>style="text-align:center;margin:8px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>auto">CGI</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>Shell</h2></SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (sess.cookie, onload)
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>main</SPAN>():
sess <SPAN class=syntax18>=</SPAN> session.<SPAN class=syntax6>Session</SPAN>()
form <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>FieldStorage</SPAN>()
<SPAN class=syntax8>if</SPAN> form.<SPAN class=syntax6>getfirst</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>submit</SPAN><SPAN class=syntax13>‘</SPAN>) <SPAN class=syntax18>=</SPAN><SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Logout</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax8>or</SPAN> \
sess.data.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>logged_until</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax5>0</SPAN>) <SPAN class=syntax18><</SPAN> time.<SPAN class=syntax6>time</SPAN>():
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>logged</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax10>False</SPAN>
<SPAN class=syntax8>if</SPAN> <SPAN class=syntax8>not</SPAN> sess.data.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>logged</SPAN><SPAN class=syntax13>‘</SPAN>) <SPAN class=syntax8>and</SPAN> <SPAN class=syntax8>not</SPAN> <SPAN class=syntax6>login</SPAN>(form, sess):
<SPAN class=syntax6>end</SPAN>(sess)
<SPAN class=syntax6>shell</SPAN>(form, sess)
<SPAN class=syntax6>main</SPAN>()</PRE>
November 18, 2006
Cookies
<P>HTTP is said to be a stateless protocol. What this means for web programmers
is that every time a user loads a page it is the first time for the server. The
server can‘t say whether this user has ever visited that site, if is he in the
middle of a buying transaction, if he has already authenticated, etc.</P>
<P>A cookie is a tag that can be placed on the user‘s computer. Whenever the
user loads a page from a site the site‘s script can send him a cookie. The
cookie can contain anything the site needs to identify that user. Then within
the next request the user does for a new page there goes back the cookie with
all the pertinent information to be read by the script.</P>
November 18, 2006
Set the Cookie
<P>There are two basic cookie operations. The first is to set the cookie as an
HTTP header to be sent to the client. The second is to read the cookie returned
from the client also as an HTTP header.</P>
<P>This script will do the first one placing a cookie on the client‘s
browser:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> time
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>This</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>message</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>that</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>contains</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>and</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>sent</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>HTTP</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>header</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>client</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Set-Cookie:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>lastvisit=</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> <SPAN class=syntax9>str</SPAN>(time.<SPAN class=syntax6>time</SPAN>());
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>To</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>save</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>one</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>line</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>code</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>we</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>replaced</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>print</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>command</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>with</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>‘\n‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html\n</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>End</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>HTTP</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>header</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><html><body></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Server</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>time</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>is</SPAN><SPAN class=syntax13>‘</SPAN>, time.<SPAN class=syntax6>asctime</SPAN>(time.<SPAN class=syntax6>localtime</SPAN>())
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></body></html></SPAN><SPAN class=syntax13>‘</SPAN></PRE>
<P>The<SPAN class=fixed> Set-Cookie </SPAN>header contains the cookie. Save and
run this code from your browser and take a look at the cookie saved there.
Search for the cookie name, lastvisit, or for the domain name, or the server IP
like 10.1.1.1 or 127.0.0.1.</P>
<H3>The Cookie Object</H3>
<P>The Cookie module can save us a lot of coding and errors and the next pages
will use it in all cookie operations.</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> time, Cookie
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Instantiate</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>SimpleCookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>object</SPAN>
cookie <SPAN class=syntax18>=</SPAN> Cookie.<SPAN class=syntax6>SimpleCookie</SPAN>()
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>SimpleCookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>instance</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>mapping</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>str</SPAN>(time.<SPAN class=syntax6>time</SPAN>())
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Output</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>HTTP</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>message</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>containing</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN>
<SPAN class=syntax8>print</SPAN> cookie
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html\n</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><html><body></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Server</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>time</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>is</SPAN><SPAN class=syntax13>‘</SPAN>, time.<SPAN class=syntax6>asctime</SPAN>(time.<SPAN class=syntax6>localtime</SPAN>())
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></body></html></SPAN><SPAN class=syntax13>‘</SPAN></PRE>
<P>It does not seem as much for this extremely simple code, but wait until it
gets complex and the Cookie module will be your friend.
November 18, 2006
Retrieve the Cookie
<P>The returned cookie will be available as a string in the<SPAN class=fixed>
os.environ </SPAN>dictionary with the key<SPAN class=fixed>
‘HTTP_COOKIE‘</SPAN>:</P><PRE class=program>cookie_string <SPAN class=syntax18>=</SPAN> os.environ.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>HTTP_COOKIE</SPAN><SPAN class=syntax13>‘</SPAN>)</PRE>
<P>The<SPAN class=fixed> load() </SPAN>method of the SimpleCookie object will
parse that string rebuilding the object‘s mapping:</P><PRE class=program> cookie.<SPAN class=syntax6>load</SPAN>(cookie_string)</PRE>
<P>Complete code:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> Cookie, os, time
cookie <SPAN class=syntax18>=</SPAN> Cookie.<SPAN class=syntax6>SimpleCookie</SPAN>()
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>str</SPAN>(time.<SPAN class=syntax6>time</SPAN>())
<SPAN class=syntax8>print</SPAN> cookie
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html\n</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><html><body></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p>Server</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>time</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>is</SPAN><SPAN class=syntax13>‘</SPAN>, time.<SPAN class=syntax6>asctime</SPAN>(time.<SPAN class=syntax6>localtime</SPAN>()), <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>returned</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>available</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>os.environ</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>dictionary</SPAN>
cookie_string <SPAN class=syntax18>=</SPAN> os.environ.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>HTTP_COOKIE</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>first</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>time</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>page</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>run</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>there</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>no</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookies</SPAN>
<SPAN class=syntax8>if</SPAN> <SPAN class=syntax8>not</SPAN> cookie_string:
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p>First</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>visit</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>or</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>cookies</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>disabled</p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>else</SPAN>: <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Run</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>page</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>twice</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>retrieve</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p>The</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>returned</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>cookie</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>string</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>was</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>"</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> cookie_string <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>"</p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>load()</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>parses</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>string</SPAN>
cookie.<SPAN class=syntax6>load</SPAN>(cookie_string)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Use</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>value</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>attribute</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>get</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>it</SPAN>
lastvisit <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>float</SPAN>(cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>].value)
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p>Your</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>last</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>visit</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>was</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>at</SPAN><SPAN class=syntax13>‘</SPAN>,
<SPAN class=syntax8>print</SPAN> time.<SPAN class=syntax6>asctime</SPAN>(time.<SPAN class=syntax6>localtime</SPAN>(lastvisit)), <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></body></html></SPAN><SPAN class=syntax13>‘</SPAN></PRE>
<P>When the client first loads the page there will be no cookie in the client‘s
computer to be returned. The second time the page is requested then the cookie
saved in the last run will be sent to the server.
November 18, 2006
Morsels
<P>In the previous cookie retrieve program the lastvisit cookie value was
retrieved through its<SPAN class=fixed> value </SPAN>attribute:</P><PRE class=program> lastvisit <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>float</SPAN>(cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>].value)</PRE>
<P>When a new key is set for a SimpleCookie object a Morsel instance is
created:</P><PRE class=shell>>>> import Cookie
>>> import time
>>>
>>> cookie = Cookie.SimpleCookie()
>>> cookie
<SimpleCookie: >
>>>
>>> cookie[‘lastvisit‘] = str(time.time())
>>> cookie[‘lastvisit‘]
<Morsel: lastvisit=‘1159535133.33‘>
>>>
>>> cookie[‘lastvisit‘].value
‘1159535133.33‘
</PRE>
<P>Each cookie, a Morsel instance, can only have a predefined set of keys:
expires, path, commnent, domain, max-age, secure and version. Any other key will
raise an exception.</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> Cookie, time
cookie <SPAN class=syntax18>=</SPAN> Cookie.<SPAN class=syntax6>SimpleCookie</SPAN>()
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>name/value</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>pair</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>str</SPAN>(time.<SPAN class=syntax6>time</SPAN>())
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>expires</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>x</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>seconds</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>after</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>output.</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>default</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>expire</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>when</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>browser</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>closed</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>expires</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax5>30</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>24</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>path</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>which</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>valid.</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>if</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>set</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>‘/‘</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>it</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>valid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>whole</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>domain.</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>default</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>script‘s</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>path.</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>path</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>/cgi-bin/</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>purpose</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>inspected</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>by</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>user</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>comment</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>holds</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>the</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>last</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>user\‘s</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>visit</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>date</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>domain</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>which</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>valid.</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>always</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>stars</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>with</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>dot.</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>make</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>it</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>available</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>all</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>subdomains</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>specify</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>only</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>domain</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>like</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>.my_site.com</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>domain</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>.www.my_site.com</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>discard</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>x</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>seconds</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>after</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>output</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>not</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>supported</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>most</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>browsers</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>max-age</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax5>30</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>24</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>secure</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>has</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>no</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>value.</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>If</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>set</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>directs</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>user</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>agent</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>use</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>only</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>(unspecified)</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>secure</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>means</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>contact</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>origin</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>server</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>whenever</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>it</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>sends</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>back</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>this</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>secure</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>decimal</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>integer,</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>identifies</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>which</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>version</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>state</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>management</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>specification</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>conforms.</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>version</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax5>1</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html\n</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p></SPAN><SPAN class=syntax13>‘</SPAN>, cookie, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>for</SPAN> morsel <SPAN class=syntax8>in</SPAN> cookie:
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p></SPAN><SPAN class=syntax13>‘</SPAN>, morsel, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>=</SPAN><SPAN class=syntax13>‘</SPAN>, cookie[morsel].value
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><div</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>style="margin:-1em</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>auto</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>auto</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>3em;"></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>for</SPAN> key <SPAN class=syntax8>in</SPAN> cookie[morsel]:
<SPAN class=syntax8>print</SPAN> key, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>=</SPAN><SPAN class=syntax13>‘</SPAN>, cookie[morsel][key], <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><br</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>/></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></div></p></SPAN><SPAN class=syntax13>‘</SPAN></PRE>
<P>Notice that<SPAN class=fixed> print cookie </SPAN>automaticaly formats the
expire date.
November 18, 2006
Sessions
<P>Sessions are the server side version of cookies. While a cookie persists data
(or state) at the client, sessions do it at the server. Sessions have the
advantage that the data do not travel the network thus making it both safer and
faster although this not entirely true as shown in the next paragraph</P>
<P>The session state is kept in a file or in a database at the server side. Each
session is identified by an id or session id (SID). To make it possible to the
client to identify himself to the server the SID must be created by the server
and sent to the client and then sent back to the server whenever the client
makes a request. There is still data going through the net, the SID.</P>
<P>The server can send the SID to the client in a link‘s query string or in a
hidden form field or as a<SPAN class=fixed> Set-Cookie </SPAN>header. The SID
can be sent back from the client to the server as a query string parameter or in
the body of the HTTP message if the post method is used or in a<SPAN
class=fixed> Cookie </SPAN>HTTP header.</P>
<P>If a cookie is not used to store the SID then the session will only last
until the browser is closed, or the user goes to another site breaking the POST
or query string transmission, or in other words, the session will last only
until the user leaves the site.</P>
November 18, 2006
Cookie Based SID
<P>A cookie based session has the advantage that it lasts until the cookie
expires and, as only the SID travels the net, it is faster and safer. The
disadvantage is that the client must have cookies enabled.</P>
<P>The only particularity with the cookie used to set a session is its
value:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>sid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>hash</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>server</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>time</SPAN>
sid <SPAN class=syntax18>=</SPAN> sha.<SPAN class=syntax6>new</SPAN>(<SPAN class=syntax9>repr</SPAN>(time.<SPAN class=syntax6>time</SPAN>())).<SPAN class=syntax6>hexdigest</SPAN>()</PRE>
<P>The hash of the server time makes an unique SID for each session.</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> sha, time, Cookie, os
cookie <SPAN class=syntax18>=</SPAN> Cookie.<SPAN class=syntax6>SimpleCookie</SPAN>()
string_cookie <SPAN class=syntax18>=</SPAN> os.environ.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>HTTP_COOKIE</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>If</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>new</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>session</SPAN>
<SPAN class=syntax8>if</SPAN> <SPAN class=syntax8>not</SPAN> string_cookie:
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>sid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>hash</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>server</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>time</SPAN>
sid <SPAN class=syntax18>=</SPAN> sha.<SPAN class=syntax6>new</SPAN>(<SPAN class=syntax9>repr</SPAN>(time.<SPAN class=syntax6>time</SPAN>())).<SPAN class=syntax6>hexdigest</SPAN>()
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Set</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>sid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> sid
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>expire</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>year</SPAN>
cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>expires</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax5>12</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>30</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>24</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN> <SPAN class=syntax18>*</SPAN> <SPAN class=syntax5>60</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>If</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>already</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>existent</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>session</SPAN>
<SPAN class=syntax8>else</SPAN>:
cookie.<SPAN class=syntax6>load</SPAN>(string_cookie)
sid <SPAN class=syntax18>=</SPAN> cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>].value
<SPAN class=syntax8>print</SPAN> cookie
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Content-Type:</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>text/html\n</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><html><body></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>if</SPAN> string_cookie:
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p>Already</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>existent</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>session</p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>else</SPAN>:
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p>New</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>session</p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><p>SID</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>=</SPAN><SPAN class=syntax13>‘</SPAN>, sid, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></p></SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13></body></html></SPAN><SPAN class=syntax13>‘</SPAN></PRE>
<P>In every page the existence of the cookie must be tested. If it does not
exist then redirect to a login page or just create it if a login or a previous
state is not required.
November 18, 2006
Query String SID
<P>Query string based session:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> sha, time, cgi, os
sid <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>FieldStorage</SPAN>().<SPAN class=syntax6>getfirst</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax8>if</SPAN> sid: <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>If</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>session</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>exists</SPAN>
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Already</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>existent</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>session</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>else</SPAN>: <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>New</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>session</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>sid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>hash</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>server</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>time</SPAN>
sid <SPAN class=syntax18>=</SPAN> sha.<SPAN class=syntax6>new</SPAN>(<SPAN class=syntax9>repr</SPAN>(time.<SPAN class=syntax6>time</SPAN>())).<SPAN class=syntax6>hexdigest</SPAN>()
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>New</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>session</SPAN><SPAN class=syntax13>‘</SPAN>
qs <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid=</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> sid
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>Content-Type:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>text/html\n</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><p>%s</p></SPAN>
<SPAN class=syntax14><p>SID</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>=</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>%s</p></SPAN>
<SPAN class=syntax14><p><a</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>href="./set_sid_qs.py?sid=%s">reload</a></p></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (message, sid, sid)</PRE>
<P>To mantain a session you will have to append the query string to all the
links in the page.</P>
<P>Save this file as<SPAN class=fixed> set_sid_qs.py </SPAN>and run it two or
more times. Try to close the browser and call the page again. The session is
gone. The same happens if the page address is typed in the address bar.
November 18, 2006
Hidden Field SID
<P>The hidden form field SID is almost the same as the query string based one,
sharing the same problems.</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> sha, time, cgi, os
sid <SPAN class=syntax18>=</SPAN> cgi.<SPAN class=syntax6>FieldStorage</SPAN>().<SPAN class=syntax6>getfirst</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax8>if</SPAN> sid: <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>If</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>session</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>exists</SPAN>
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Already</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>existent</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>session</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>else</SPAN>: <SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>New</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>session</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>sid</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>hash</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>of</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>server</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>time</SPAN>
sid <SPAN class=syntax18>=</SPAN> sha.<SPAN class=syntax6>new</SPAN>(<SPAN class=syntax9>repr</SPAN>(time.<SPAN class=syntax6>time</SPAN>())).<SPAN class=syntax6>hexdigest</SPAN>()
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>New</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>session</SPAN><SPAN class=syntax13>‘</SPAN>
qs <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid=</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> sid
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>Content-Type:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>text/html\n</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><p>%s</p></SPAN>
<SPAN class=syntax14><p>SID</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>=</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>%s</p></SPAN>
<SPAN class=syntax14><form</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>method="post"></SPAN>
<SPAN class=syntax14><input</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="hidden"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>name=sid</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>value="%s"></SPAN>
<SPAN class=syntax14><input</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="submit"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>value="Submit"></SPAN>
<SPAN class=syntax14></form></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (message, sid, sid)</PRE>
November 18, 2006
A Session Class
<P>Since session state maintenance happens in many pages a session class is in
order.</P>
<P>Save the next program as session.py and import it in all pages in which
session state is required. The session object will try to create a directory
named<SPAN class=fixed> session </SPAN>in the document root if it doesn‘t exist.
If it can‘t you will have to create it yourself and chmod it to 2770.</P><PRE class=program><SPAN class=syntax8>import</SPAN> sha, shelve, time, Cookie, os
<SPAN class=syntax8>class</SPAN> <SPAN class=syntax6>Session</SPAN>(<SPAN class=syntax9>object</SPAN>):
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax10>__init__</SPAN>(self, expires<SPAN class=syntax18>=</SPAN><SPAN class=syntax10>None</SPAN>, cookie_path<SPAN class=syntax18>=</SPAN><SPAN class=syntax10>None</SPAN>):
string_cookie <SPAN class=syntax18>=</SPAN> os.environ.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>HTTP_COOKIE</SPAN><SPAN class=syntax13>‘</SPAN>, <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>)
self.cookie <SPAN class=syntax18>=</SPAN> Cookie.<SPAN class=syntax6>SimpleCookie</SPAN>()
self.cookie.<SPAN class=syntax6>load</SPAN>(string_cookie)
<SPAN class=syntax8>if</SPAN> self.cookie.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>):
sid <SPAN class=syntax18>=</SPAN> self.cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>].value
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Clear</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>session</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookie</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>from</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>other</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>cookies</SPAN>
self.cookie.<SPAN class=syntax6>clear</SPAN>()
<SPAN class=syntax8>else</SPAN>:
self.cookie.<SPAN class=syntax6>clear</SPAN>()
sid <SPAN class=syntax18>=</SPAN> sha.<SPAN class=syntax6>new</SPAN>(<SPAN class=syntax9>repr</SPAN>(time.<SPAN class=syntax6>time</SPAN>())).<SPAN class=syntax6>hexdigest</SPAN>()
self.cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> sid
<SPAN class=syntax8>if</SPAN> cookie_path:
self.cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>path</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> cookie_path
session_dir <SPAN class=syntax18>=</SPAN> os.environ[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>DOCUMENT_ROOT</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>/session</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>if</SPAN> <SPAN class=syntax8>not</SPAN> os.path.<SPAN class=syntax6>exists</SPAN>(session_dir):
<SPAN class=syntax8>try</SPAN>:
os.<SPAN class=syntax6>mkdir</SPAN>(session_dir, <SPAN class=syntax5>02770</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>If</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>apache</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>user</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>can‘t</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>create</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>it</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>create</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>it</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>manualy</SPAN>
<SPAN class=syntax8>except</SPAN> <SPAN class=syntax10>OSError</SPAN>, e:
errmsg <SPAN class=syntax18>=</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>%s</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>when</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>trying</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>to</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>create</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>the</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>session</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>directory.</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>Create</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>it</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>as</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>‘%s‘</SPAN><SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (e.strerror, os.path.<SPAN class=syntax6>abspath</SPAN>(session_dir))
<SPAN class=syntax8>raise</SPAN> <SPAN class=syntax10>OSError</SPAN>, errmsg
self.data <SPAN class=syntax18>=</SPAN> shelve.<SPAN class=syntax9>open</SPAN>(session_dir <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>/sess_</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> sid, writeback<SPAN class=syntax18>=</SPAN><SPAN class=syntax10>True</SPAN>)
os.<SPAN class=syntax6>chmod</SPAN>(session_dir <SPAN class=syntax18>+</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>/sess_</SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> sid, <SPAN class=syntax5>0660</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Initializes</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>expires</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>data</SPAN>
<SPAN class=syntax8>if</SPAN> <SPAN class=syntax8>not</SPAN> self.data.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>cookie</SPAN><SPAN class=syntax13>‘</SPAN>):
self.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>cookie</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> {<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>expires</SPAN><SPAN class=syntax13>‘</SPAN>:<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>}
self.<SPAN class=syntax6>set_expires</SPAN>(expires)
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>close</SPAN>(self):
self.data.<SPAN class=syntax6>close</SPAN>()
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>set_expires</SPAN>(self, expires<SPAN class=syntax18>=</SPAN><SPAN class=syntax10>None</SPAN>):
<SPAN class=syntax8>if</SPAN> expires <SPAN class=syntax18>=</SPAN><SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>:
self.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>cookie</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>expires</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>elif</SPAN> <SPAN class=syntax9>isinstance</SPAN>(expires, <SPAN class=syntax9>int</SPAN>):
self.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>cookie</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>expires</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> expires
self.cookie[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>sid</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>expires</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> self.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>cookie</SPAN><SPAN class=syntax13>‘</SPAN>][<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>expires</SPAN><SPAN class=syntax13>‘</SPAN>]</PRE>
<P>An example of the session class usage:</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1>!/usr/bin/env</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>python</SPAN>
<SPAN class=syntax8>import</SPAN> cgitb; cgitb.<SPAN class=syntax6>enable</SPAN>()
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Some</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>hosts</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>will</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>need</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>have</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>document_root</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>appended</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>sys.path</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>able</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>find</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>user</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>modules</SPAN>
<SPAN class=syntax8>import</SPAN> sys, os
sys.path.<SPAN class=syntax6>append</SPAN>(os.environ[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>DOCUMENT_ROOT</SPAN><SPAN class=syntax13>‘</SPAN>])
<SPAN class=syntax8>import</SPAN> session, time
sess <SPAN class=syntax18>=</SPAN> session.<SPAN class=syntax6>Session</SPAN>(expires<SPAN class=syntax18>=</SPAN><SPAN class=syntax5>365</SPAN><SPAN class=syntax18>*</SPAN><SPAN class=syntax5>24</SPAN><SPAN class=syntax18>*</SPAN><SPAN class=syntax5>60</SPAN><SPAN class=syntax18>*</SPAN><SPAN class=syntax5>60</SPAN>, cookie_path<SPAN class=syntax18>=</SPAN><SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>/</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>expires</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>can</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>be</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>reset</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>at</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>any</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>moment:</SPAN>
sess.<SPAN class=syntax6>set_expires</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>or</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>changed:</SPAN>
sess.<SPAN class=syntax6>set_expires</SPAN>(<SPAN class=syntax5>30</SPAN><SPAN class=syntax18>*</SPAN><SPAN class=syntax5>24</SPAN><SPAN class=syntax18>*</SPAN><SPAN class=syntax5>60</SPAN><SPAN class=syntax18>*</SPAN><SPAN class=syntax5>60</SPAN>)
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Session</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>data</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>a</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>dictionary</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>like</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>object</SPAN>
lastvisit <SPAN class=syntax18>=</SPAN> sess.data.<SPAN class=syntax6>get</SPAN>(<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>)
<SPAN class=syntax8>if</SPAN> lastvisit:
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>Welcome</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>back.</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>Your</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>last</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>visit</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>was</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>at</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>‘</SPAN> <SPAN class=syntax18>+</SPAN> \
time.<SPAN class=syntax6>asctime</SPAN>(time.<SPAN class=syntax6>gmtime</SPAN>(<SPAN class=syntax9>float</SPAN>(lastvisit)))
<SPAN class=syntax8>else</SPAN>:
message <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>New</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>session</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Save</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>current</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>time</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>in</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>session</SPAN>
sess.data[<SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>lastvisit</SPAN><SPAN class=syntax13>‘</SPAN>] <SPAN class=syntax18>=</SPAN> <SPAN class=syntax9>repr</SPAN>(time.<SPAN class=syntax6>time</SPAN>())
<SPAN class=syntax8>print</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14>%s</SPAN>
<SPAN class=syntax14>Content-Type:</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>text/plain\n</SPAN>
<SPAN class=syntax14>sess.cookie</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>=</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>%s</SPAN>
<SPAN class=syntax14>sess.data</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>=</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>%s</SPAN>
<SPAN class=syntax14>%s</SPAN>
<SPAN class=syntax14>"""</SPAN> <SPAN class=syntax18>%</SPAN> (sess.cookie, sess.cookie, sess.data, message)
sess.<SPAN class=syntax6>close</SPAN>()
November 18, 2006
Mod_python
<P>Mod_python is an Apache module only. Mod_python version 3.x requires Apache
2.x and Python 2.2.1. For Apache 1.3 only mod_python 2.x can be used. This
tutorial requires mod_python 3.1+</P>
<H3>Much faster than CGI</H3>
<P>For every requested CGI page the Python interpreter must be launched. With
mod_python Apache starts one main interpreter for the main server and one
subinterpreter for each virtual host and these interpreters will be reused for
all requests. They will never finish until the server is shut down.</P>
<H3>Mod_python handlers</H3>
<P>Apache processes requests in phases. A handler is a function that processes a
particular phase of a request. Handlers are provided by Apache and by its
modules, like mod_python.</P>
<P>A number of handlers are available in mod_python. Most of them are low level
replacements for Apache handlers but two, Publisher and PSP, are high level and
will be covered here.</P>
<P>The PSP handler processes text documents with Python code embedded
between<SPAN class=fixed> server tags </span> <span class="fixed"> </SPAN> and
transform it in pure Python code, much like PHP and ASP. If you are used to
these and don‘t wan‘t to learn a new web programming paradigm then PSP is your
choice.</P>
<P>The Publisher handler allows access to functions and variables within a
module via URLs. It avoids the spagetthi coding style thus giving the code a
much more application like appearance.
November 18, 2006
Apache Configuration
<P>There are two options to configure the Publisher handler.</P>
<H3>SetHandler directive</H3>
<P>This will be used in this tutorial. If you want to follow it exactly use it
yourserf and avoid plenty of confusion. In this configuration all files in a
directory will be handled by the Publisher.</P><PRE class=program><Directory /path/to/publisher/directory>
SetHandler mod_python
PythonHandler mod_python.publisher
PythonDebug On
</Directory></PRE>
<P>The lines above must be included in the Apache<SPAN class=fixed> httpd.conf
</SPAN>file or in the<SPAN class=fixed> .htaccess </SPAN>file. The <SPAN
class=fixed><Directory> </SPAN>directive must not be used inside the<SPAN
class=fixed> .htacces </SPAN>file. Instead use only the three internal
lines.</P>
<P>The first line,<SPAN class=fixed> SetHandler mod_python</SPAN>, tells Apache
that all the files in that directory will be handled by mod_python, regardless
of the file extension.</P>
<P>The second line,<SPAN class=fixed> PythonHandler mod_python.publisher</SPAN>,
is a mod_python directive. The mod_python handler to be used here is the
Publisher.</P>
<P>The third line, <SPAN class=fixed>PythonDebug On</SPAN>, sets mod_python to
send error messages to the standard output, quite convenient for debugging.
Should be deleted when in production.</P>
<P>This configuration will be used in the next pages. It enables a traversal
algorithm a bit more convenient than the configuration shown next. That is, it
allows the index page of the site to be executed when no page is declared in the
URL as in<SPAN class=fixed> http://mysite.tld</SPAN>. Also there is no need to
write the<SPAN class=fixed> .py </SPAN>extension.</P>
<P>If there is the need to serve static files from the same directory add
this:</P><PRE class=program><Files ~ "\.(gif|html|jpg|png)$">
SetHandler default-handler
</Files></PRE>
<H3>AddHandler directive</H3>
<P>The second option to configure the Publisher handler is changing the<SPAN
class=fixed> SetHandler </SPAN>directive to:</P><PRE class=program>AddHandler mod_python .py</PRE>
<P>With this directive all other file types will be handled by their default
handlers without the need to set them. But it will be necessary to use the<SPAN
class=fixed> .py </SPAN>extension in the URIs.
November 18, 2006
Hello World
<P>If the next script is saved as<SPAN class=fixed> hello.py </SPAN>in the<SPAN
class=fixed> /dir/path </SPAN>directory under the document root then we can
execute it with:</P>
<P><SPAN class=fixed>http://my_site.tld/dir/path/hello.py</SPAN> or<BR><SPAN
class=fixed>http://my_site.tld/dir/path/hello</SPAN></P><PRE class=program><SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>index</SPAN>():
s <SPAN class=syntax18>=</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14><html></SPAN>
<SPAN class=syntax14><body></SPAN>
<SPAN class=syntax14><h2>Hello</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>World!</h2></SPAN>
<SPAN class=syntax14></body></SPAN>
<SPAN class=syntax14></html></SPAN>
<SPAN class=syntax14>"""</SPAN>
<SPAN class=syntax8>return</SPAN> s</PRE>
<P>The document root is the default directory where Apache looks for the
requested files. Find out what it is looking for the<SPAN class=fixed>
DocumentRoot </SPAN>directive in the<SPAN class=fixed> httpd.conf
</SPAN>file.</P>
<P>The<SPAN class=fixed> /dir/path </SPAN>is the path to the directory
configured to be handled by the Publisher.
November 18, 2006
URI Traversal
<P>If the previous<SPAN class=fixed> hello.py </SPAN>script was saved as<SPAN
class=fixed> index.py </SPAN>then it could be executed as any of:</P>
<P><SPAN class=fixed>http://my_site.tld/dir/path/</SPAN><BR><SPAN
class=fixed>http://my_site.tld/dir/path/index</SPAN><BR><SPAN
class=fixed>http://my_site.tld/dir/path/index.py</SPAN></P>
<P>The Publisher handler will execute the module named in the URI. If there is
no module in the URI it will look for index.py.</P>
<P>The following script has two functions and it is possible to choose which one
will be executed.</P><PRE class=program>s <SPAN class=syntax18>=</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><h2>Hello</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>%s!</h2></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN>
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>index</SPAN>():
<SPAN class=syntax8>return</SPAN> s <SPAN class=syntax18>%</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>World</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>everybody</SPAN>():
<SPAN class=syntax8>return</SPAN> s <SPAN class=syntax18>%</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>everybody</SPAN><SPAN class=syntax13>‘</SPAN></PRE>
<P>The function to be called can be passed in the URI. If the previous script
was saved as<SPAN class=fixed> index.py </SPAN>the<SPAN class=fixed> everybody()
</SPAN>function could be executed as any of:</P>
<P><SPAN
class=fixed>http://my_site.tld/dir/path/index.py/everybody</SPAN><BR><SPAN
class=fixed>http://my_site.tld/dir/path/index/everybody</SPAN><BR><SPAN
class=fixed>http://my_site.tld/dir/path/everybody</SPAN></P>
<P>If no function is found in the URI then the function called by default is
the<SPAN class=fixed> index() </SPAN>function.</P>
November 18, 2006
Objects Visibility
<P>It is not possible to publish a module. Either an object within the module is
present in the URI or the module has an index function. Otherwise the Publisher
will return a "404 Not Found" to the client. If the next script is saved as<SPAN
class=fixed> my_module.py </SPAN>the only way to execute it is:</P>
<P><SPAN class=fixed>http://my_site.tld/dir/path/my_module/main</SPAN><BR><SPAN
class=fixed>http://my_site.tld/dir/path/my_module.py/main</SPAN></P>
<P>Global variables are also visible:</P>
<P><SPAN class=fixed>http://my_site.tld/dir/path/my_module.py/s</SPAN><BR><SPAN
class=fixed>http://my_site.tld/dir/path/my_module/s</SPAN></P><PRE class=program>s <SPAN class=syntax18>=</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><h2>I</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>can‘t</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>be</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>published</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>as</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>a</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>module!</h2></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN>
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>main</SPAN>():
<SPAN class=syntax8>return</SPAN> s
<SPAN class=syntax6>main</SPAN>()</PRE>
<P>Only the objects inside the module are visible. It is not possible to call
the module like:</P>
<P><SPAN class=fixed>http://my_site.tld/dir/path/my_module</SPAN><BR><SPAN
class=fixed>http://my_site.tld/dir/path/my_module.py</SPAN></P>
<H3>Hide objects from the web</H3>
<P>As objects inside a module can be published it may be necessary to hide some
of them. If an object name starts with an underscore it will be hidden from the
web.</P><PRE class=program><SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>_s</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>variable</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>not</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>visible</SPAN>
_s <SPAN class=syntax18>=</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14><html><body></SPAN>
<SPAN class=syntax14><h2>%s</h2></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN>
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>f</SPAN>():
x <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>y</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax8>return</SPAN> s <SPAN class=syntax18>%</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>f()</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>function</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>v</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>variable</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>is</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>visible</SPAN>
v <SPAN class=syntax18>=</SPAN> _s <SPAN class=syntax18>%</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>v</SPAN><SPAN class=syntax13> </SPAN><SPAN class=syntax13>variable</SPAN><SPAN class=syntax13>‘</SPAN></PRE>
<P>In the example above the<SPAN class=fixed> _s </SPAN>variable is not visible,
that is it can‘t be shown with:</P>
<P><SPAN class=fixed>http://my_site.tld/dir/path/objects.py/_s</SPAN></P>
November 18, 2006
Request Object
<P>The Publisher passes a<SPAN class=fixed> Request </SPAN>object to every
function it calls that declares it as an argument. This script will retrieve
most of its attributes:</P><PRE class=program><SPAN class=syntax8>from</SPAN> cgi <SPAN class=syntax8>import</SPAN> escape
<SPAN class=syntax8>from</SPAN> urllib <SPAN class=syntax8>import</SPAN> unquote
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>The</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Publisher</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>passes</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Request</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>object</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>to</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>function</SPAN>
<SPAN class=syntax8>def</SPAN> <SPAN class=syntax6>index</SPAN>(req):
s <SPAN class=syntax18>=</SPAN> <SPAN class=syntax14>"""</SPAN><SPAN class=syntax14>\</SPAN>
<SPAN class=syntax14><html><head></SPAN>
<SPAN class=syntax14><style</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>type="text/css"></SPAN>
<SPAN class=syntax14>td</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>{padding:0.2em</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>0.5em;border:1px</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>solid</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>black;}</SPAN>
<SPAN class=syntax14>table</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>{border-collapse:collapse;}</SPAN>
<SPAN class=syntax14></style></SPAN>
<SPAN class=syntax14></head><body></SPAN>
<SPAN class=syntax14><table</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>cellspacing="0"</SPAN><SPAN class=syntax14> </SPAN><SPAN class=syntax14>cellpadding="0">%s</table></SPAN>
<SPAN class=syntax14></body></html></SPAN>
<SPAN class=syntax14>"""</SPAN>
attribs <SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13>‘</SPAN>
<SPAN class=syntax1>#</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Loop</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>over</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>the</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>Request</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>object</SPAN><SPAN class=syntax1> </SPAN><SPAN class=syntax1>attributes</SPAN>
<SPAN class=syntax8>for</SPAN> attrib <SPAN class=syntax8>in</SPAN> <SPAN class=syntax9>dir</SPAN>(req):
attribs <SPAN class=syntax18>+</SPAN><SPAN class=syntax18>=</SPAN> <SPAN class=syntax13>‘</SPAN><SPAN class=syntax13><tr><td>%s</td><td>%s</td></tr></SPAN><SPAN class=syntax13>‘</SPAN>
attribs <SPAN class=syntax18>%</SPAN><SPAN class=syntax18>=</SPAN> (attrib, <SPAN class=syntax6>escape</SPAN>(<SPAN class=syntax6>unquote</SPAN>(<SPAN class=syntax9>str</SPAN>(req.<SPAN class=syntax10>__getattribute__</SPAN>(attrib)))))
<SPAN class=syntax8>return</SPAN> s <SPAN class=syntax18>%</SPAN> (attribs)</PRE>
<P><A href="http://webpython.codepoint.net/files/other/request.html">View the
output</A></P>
<P>It is not necessary to have the<SPAN class=fixed> Request </SPAN>object as an
argument in the function if it will not be used. The Publisher knows when it is
necessary for the object to be passed.</P>
November 18, 2006
Code License
<P>All code, and only the code, in webpython.codepoint.net is free software; you
can redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.</P>
<P>All code in webpython.codepoint.net is distributed in the hope that it will
be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.</P>
<P>Copyright (C) 2006 Clodoaldo Pinto Neto cpn@codepoint.net</P>
<P>Preamble</P>
<P>The licenses for most software are designed to take away your freedom to
share and change it. By contrast, the GNU General Public License is intended to
guarantee your freedom to share and change free software--to make sure the
software is free for all its users. This General Public License applies to most
of the Free Software Foundation‘s software and to any other program whose
authors commit to using it. (Some other Free Software Foundation software is
covered by the GNU Lesser General Public License instead.) You can apply it to
your programs, too.</P>
<P>When we speak of free software, we are referring to freedom, not price. Our
General Public Licenses are designed to make sure that you have the freedom to
distribute copies of free software (and charge for this service if you wish),
that you receive source code or can get it if you want it, that you can change
the software or use pieces of it in new free programs; and that you know you can
do these things.</P>
<P>To protect your rights, we need to make restrictions that forbid anyone to
deny you these rights or to ask you to surrender the rights. These restrictions
translate to certain responsibilities for you if you distribute copies of the
software, or if you modify it.</P>
<P>For example, if you distribute copies of such a program, whether gratis or
for a fee, you must give the recipients all the rights that you have. You must
make sure that they, too, receive or can get the source code. And you must show
them these terms so they know their rights.</P>
<P>We protect your rights with two steps: (1) copyright the software, and (2)
offer you this license which gives you legal permission to copy, distribute
and/or modify the software.</P>
<P>Also, for each author‘s protection and ours, we want to make certain that
everyone understands that there is no warranty for this free software. If the
software is modified by someone else and passed on, we want its recipients to
know that what they have is not the original, so that any problems introduced by
others will not reflect on the original authors‘ reputations.</P>
<P>Finally, any free program is threatened constantly by software patents. We
wish to avoid the danger that redistributors of a free program will individually
obtain patent licenses, in effect making the program proprietary. To prevent
this, we have made it clear that any patent must be licensed for everyone‘s free
use or not licensed at all.</P>
<P>The precise terms and conditions for copying, distribution and modification
follow.<BR>TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION</P>
<P>0. This License applies to any program or other work which contains a notice
placed by the copyright holder saying it may be distributed under the terms of
this General Public License. The "Program", below, refers to any such program or
work, and a "work based on the Program" means either the Program or any
derivative work under copyright law: that is to say, a work containing the
Program or a portion of it, either verbatim or with modifications and/or
translated into another language. (Hereinafter, translation is included without
limitation in the term "modification".) Each licensee is addressed as "you".</P>
<P>Activities other than copying, distribution and modification are not covered
by this License; they are outside its scope. The act of running the Program is
not restricted, and the output from the Program is covered only if its contents
constitute a work based on the Program (independent of having been made by
running the Program). Whether that is true depends on what the Program does.</P>
<P>1. You may copy and distribute verbatim copies of the Program‘s source code
as you receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice and
disclaimer of warranty; keep intact all the notices that refer to this License
and to the absence of any warranty; and give any other recipients of the Program
a copy of this License along with the Program.</P>
<P>You may charge a fee for the physical act of transferring a copy, and you may
at your option offer warranty protection in exchange for a fee.</P>
<P>2. You may modify your copy or copies of the Program or any portion of it,
thus forming a work based on the Program, and copy and distribute such
modifications or work under the terms of Section 1 above, provided that you also
meet all of these conditions:</P>
<P>a) You must cause the modified files to carry prominent notices stating that
you changed the files and the date of any change.<BR>b) You must cause any work
that you distribute or publish, that in whole or in part contains or is derived
from the Program or any part thereof, to be licensed as a whole at no charge to
all third parties under the terms of this License.<BR>c) If the modified program
normally reads commands interactively when run, you must cause it, when started
running for such interactive use in the most ordinary way, to print or display
an announcement including an appropriate copyright notice and a notice that
there is no warranty (or else, saying that you provide a warranty) and that
users may redistribute the program under these conditions, and telling the user
how to view a copy of this License. (Exception: if the Program itself is
interactive but does not normally print such an announcement, your work based on
the Program is not required to print an announcement.) </P>
<P>These requirements apply to the modified work as a whole. If identifiable
sections of that work are not derived from the Program, and can be reasonably
considered independent and separate works in themselves, then this License, and
its terms, do not apply to those sections when you distribute them as separate
works. But when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the entire whole,
and thus to each and every part regardless of who wrote it.</P>
<P>Thus, it is not the intent of this section to claim rights or contest your
rights to work written entirely by you; rather, the intent is to exercise the
right to control the distribution of derivative or collective works based on the
Program.</P>
<P>In addition, mere aggregation of another work not based on the Program with
the Program (or with a work based on the Program) on a volume of a storage or
distribution medium does not bring the other work under the scope of this
License.</P>
<P>3. You may copy and distribute the Program (or a work based on it, under
Section 2) in object code or executable form under the terms of Sections 1 and 2
above provided that you also do one of the following:</P>
<P>a) Accompany it with the complete corresponding machine-readable source code,
which must be distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,<BR>b) Accompany it with a written
offer, valid for at least three years, to give any third party, for a charge no
more than your cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be distributed under
the terms of Sections 1 and 2 above on a medium customarily used for software
interchange; or,<BR>c) Accompany it with the information you received as to the
offer to distribute corresponding source code. (This alternative is allowed only
for noncommercial distribution and only if you received the program in object
code or executable form with such an offer, in accord with Subsection b above.)
</P>
<P>The source code for a work means the preferred form of the work for making
modifications to it. For an executable work, complete source code means all the
source code for all modules it contains, plus any associated interface
definition files, plus the scripts used to control compilation and installation
of the executable. However, as a special exception, the source code distributed
need not include anything that is normally distributed (in either source or
binary form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component itself
accompanies the executable.</P>
<P>If distribution of executable or object code is made by offering access to
copy from a designated place, then offering equivalent access to copy the source
code from the same place counts as distribution of the source code, even though
third parties are not compelled to copy the source along with the object
code.</P>
<P>4. You may not copy, modify, sublicense, or distribute the Program except as
expressly provided under this License. Any attempt otherwise to copy, modify,
sublicense or distribute the Program is void, and will automatically terminate
your rights under this License. However, parties who have received copies, or
rights, from you under this License will not have their licenses terminated so
long as such parties remain in full compliance.</P>
<P>5. You are not required to accept this License, since you have not signed it.
However, nothing else grants you permission to modify or distribute the Program
or its derivative works. These actions are prohibited by law if you do not
accept this License. Therefore, by modifying or distributing the Program (or any
work based on the Program), you indicate your acceptance of this License to do
so, and all its terms and conditions for copying, distributing or modifying the
Program or works based on it.</P>
<P>6. Each time you redistribute the Program (or any work based on the Program),
the recipient automatically receives a license from the original licensor to
copy, distribute or modify the Program subject to these terms and conditions.
You may not impose any further restrictions on the recipients‘ exercise of the
rights granted herein. You are not responsible for enforcing compliance by third
parties to this License.</P>
<P>7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues), conditions
are imposed on you (whether by court order, agreement or otherwise) that
contradict the conditions of this License, they do not excuse you from the
conditions of this License. If you cannot distribute so as to satisfy
simultaneously your obligations under this License and any other pertinent
obligations, then as a consequence you may not distribute the Program at all.
For example, if a patent license would not permit royalty-free redistribution of
the Program by all those who receive copies directly or indirectly through you,
then the only way you could satisfy both it and this License would be to refrain
entirely from distribution of the Program.</P>
<P>If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply and the
section as a whole is intended to apply in other circumstances.</P>
<P>It is not the purpose of this section to induce you to infringe any patents
or other property right claims or to contest validity of any such claims; this
section has the sole purpose of protecting the integrity of the free software
distribution system, which is implemented by public license practices. Many
people have made generous contributions to the wide range of software
distributed through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing to
distribute software through any other system and a licensee cannot impose that
choice.</P>
<P>This section is intended to make thoroughly clear what is believed to be a
consequence of the rest of this License.</P>
<P>8. If the distribution and/or use of the Program is restricted in certain
countries either by patents or by copyrighted interfaces, the original copyright
holder who places the Program under this License may add an explicit
geographical distribution limitation excluding those countries, so that
distribution is permitted only in or among countries not thus excluded. In such
case, this License incorporates the limitation as if written in the body of this
License.</P>
<P>9. The Free Software Foundation may publish revised and/or new versions of
the General Public License from time to time. Such new versions will be similar
in spirit to the present version, but may differ in detail to address new
problems or concerns.</P>
<P>Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any later
version", you have the option of following the terms and conditions either of
that version or of any later version published by the Free Software Foundation.
If the Program does not specify a version number of this License, you may choose
any version ever published by the Free Software Foundation.</P>
<P>10. If you wish to incorporate parts of the Program into other free programs
whose distribution conditions are different, write to the author to ask for
permission. For software which is copyrighted by the Free Software Foundation,
write to the Free Software Foundation; we sometimes make exceptions for this.
Our decision will be guided by the two goals of preserving the free status of
all derivatives of our free software and of promoting the sharing and reuse of
software generally.</P>
<P>NO WARRANTY</P>
<P>11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.</P>
<P>12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
November 18, 2006
Recommended Books
<TABLE
style="PADDING-RIGHT: 1em; PADDING-LEFT: 1em; PADDING-BOTTOM: 1em; MARGIN: auto; PADDING-TOP: 1em; TEXT-ALIGN: center"
cellSpacing=0 cellPadding=0 border=0 ID="Table1">
<TBODY>
<TR>
<TD style="WIDTH: 220px"><A
href="http://www.amazon.com/gp/product/1565925092?ie=UTF8&tag=fhstat-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1565925092"><BR><IMG
style="BORDER-RIGHT: gray 1px solid; BORDER-TOP: gray 1px solid; BORDER-LEFT: gray 1px solid; BORDER-BOTTOM: gray 1px solid"
height=240 src="http://webpython.codepoint.net/files/http://www.softxml.com/images/http_guide.jpg"
width=190></A><BR><IMG
style="MARGIN: 0px; BORDER-TOP-STYLE: none! important; BORDER-RIGHT-STYLE: none! important; BORDER-LEFT-STYLE: none! important; BORDER-BOTTOM-STYLE: none! important"
height=1 alt=""
src="http://www.assoc-amazon.com/e/ir?t=fhstat-20&l=as2&o=1&a=1565925092"
width=1 border=0> </TD>
<TD style="WIDTH: 220px"><A
href="http://www.amazon.com/gp/product/0596100469?ie=UTF8&tag=fhstat-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0596100469"><BR><IMG
height=240 src="http://webpython.codepoint.net/files/http://www.softxml.com/images/python_nutshell.jpg"
width=160></A><BR><IMG
style="MARGIN: 0px; BORDER-TOP-STYLE: none! important; BORDER-RIGHT-STYLE: none! important; BORDER-LEFT-STYLE: none! important; BORDER-BOTTOM-STYLE: none! important"
height=1 alt=""
src="http://www.assoc-amazon.com/e/ir?t=fhstat-20&l=as2&o=1&a=0596100469"
width=1 border=0>
<P></P></TD></TR></TBODY></TABLE>