NAME
Apache::ASP - Active Server Pages for Apache (all platforms)
SYNOPSIS
DESCRIPTION
This module provides a Active Server Pages port to Apache. Active Server Pages is a web application platform that originated with Microsoft's IIS server. Under Apache for both Win32 and Unix, it allows a developer to create web applications with session management and perl embedded in static html files.
This is a portable solution, similar to ActiveWare's PerlScript and MKS's PScript implementation of perl for IIS ASP. Theoretically, one should be able to take a solution that runs under Apache::ASP and run it without change under PerlScript or PScript for IIS.
INSTALLATION
Apache::ASP installs easily using the make or nmake commands as shown below. Otherwise, just copy ASP.pm to $PERLLIB/site/Apache
CONFIG
Use with Apache. Copy the /eg directory from the ASP installation to your Apache document tree and try it out! You have to put
AllowOverride All
in your <Directory> config section to let the .htaccess file in the /eg installation directory do its work.
If you want a STARTER config file, just look at the .htaccess file in the /eg directory.
Here is a Location directive that you would put in a *.conf Apache configuration file. It describes the ASP variables that you can set. Don't set the optional ones if you don't want, the defaults are fine...
You can use the same config in .htaccess files without the Location tag. I use the <Files ~ (\.asp)> tag in the .htaccess file of the directory that I want to run my asp application. This allows me to mix other file types in my application, static or otherwise.
ASP Syntax
ASP embedding syntax allows one to embed code in html in 2 simple ways. The first is the <% xxx %> tag in which xxx is any valid perl code. The second is <%= xxx %> where xxx is some scalar value that will be inserted into the html directly. An easy print.
A simple asp page would look like:
Notice that your perl code blocks can span any html. The for loop above iterates over the html without any special syntax.
The Object Model
The beauty of the ASP Object Model is that it takes the burden of CGI and Session Management off the developer, and puts them in objects accessible from any ASP page. For the perl programmer, treat these objects as globals accesible from anywhere in your ASP application.
Currently the Apache::ASP object model supports the following:
These objects, and their methods are further defined in the following sections.
$Session Object
The $Session object keeps track of user + web client state, in a persistent manner, making it relatively easy to develop web applications. The $Session state is stored accross HTTP connections, in SDBM_Files in the Global directory, and will persist across server restarts.
The user's session is referenced by a 32-byte md5-hashed cookie, and can be considered secure from session_id guessing, or session hijacking. When a hacker fails to guess a session, the system times out for a second, and with 2**128 (3.4e38) keys to guess, a hacker won't be guessing an id any time soon. Compare the 32-byte key with Miscrosoft ASP implementation which is only 16 bytes.
If an incoming cookie matches a timed out or non-existent session, a new session is created with the incoming id. If the id matches a currently active session, the session is tied to it and returned. This is also similar to Microsoft's ASP implementation.
The $Session ref is a hash ref, and can be used as such to store data as in:
The $Session object state is implemented through MLDBM & SDBM_File, and a user should be aware of MLDBM's limitations. Basically, you can read complex structures, but not write them, directly:
Please see MLDBM for more information on this topic. $Session can also be used for the following methods and properties:
- $Session->SessionID()
-
SessionID property, returns the id number for the current session, which is exchanged between the client and the server as a cookie.
- $Session->Timeout($minutes)
-
Timeout property, if minutes is defined, sets this session's default timeout, else returns the current session timeout. If a user session is inactive for the full timeout, the user's session is destroyed by the system. No one can access the session after it times out, and the system garbage collects it eventually.
- $Session->Abandon()
-
The abandon method times out the session immediately. All Session data is cleared in the process, just as when any session times out.
$Response Object
This object manages the output from the ASP Application and the client's web browser. It does store state information like the $Session object but does have a wide array of methods to call.
- $Response->{Buffer}
-
Default 1, when TRUE sends output from script to client only at the end of processing the script. When 0, response is not buffered, and client is sent output as output is generated by the script.
- $Response->{ContentType} = "text/html"
-
Sets the MIME type for the current response being sent to the client. Sent as an HTTP header.
- $Response->{Expires} = $time
-
Sends a response header to the client indicating the $time in SECONDS in which the document should expire. A time of 0 means immediate expiration. The header generated is a standard HTTP date like: "Wed, 09 Feb 1994 22:23:32 GMT".
- $Response->{ExpiresAbsolute} = $date
-
Sends a response header to the client with $date being an absolute time to expire. Formats accepted are all those accepted by HTTP::Date::str2time(), e.g.
"Wed, 09 Feb 1994 22:23:32 GMT" -- HTTP format "Tuesday, 08-Feb-94 14:15:29 GMT" -- old rfc850 HTTP format "08-Feb-94" -- old rfc850 HTTP format (no weekday, no time) "09 Feb 1994" -- proposed new HTTP format (no weekday, no time) "Feb 3 1994" -- Unix 'ls -l' format "Feb 3 17:03" -- Unix 'ls -l' format
- $Response->AddHeader($name, $value)
-
Adds a custom header to a web page. Headers are sent only before any text from the main page is sent, so if you want to set a header after some text on a page, you must turn BufferingOn.
- $Response->AppendToLog($message)
-
Adds $message to the server log.
- $Response->BinaryWrite($data)
-
Writes binary data to a page for use by client objects. Could someone explain this to me? This currently does nothing more than a Write($data), since binary data can be in a scalar.
- $Response->Clear()
-
Erases buffered ASP output.
- $Response->Cookies($name,$key,$value) (alpha)
-
Sets the key or attribute of cookie with name $name to the value $value. If $key is not defined, then the Value of the cookie is assumed. ASP CookiePath is assumed to be / in these examples.
$Response->Cookies("Test Name", "", "Test Value"); # script Set-Cookie: Test+Name=Test+Value path=/ # header output $Response->Cookies("Test", "Secure", 1); # script $Response->Cookies("Test", "data1", "test value"); # script $Response->Cookies("Test", "data2", "more test"); # script Set-Cookie: Test=data1=test+value&data2=more+test path=/ secure
Because this is perl, you can (also not portable) reference the cookies directly through hash notation. The same 3 commands above could be compressed to:
$Response->{Cookies}{Test} = {Secure => 1, data1 => 'test value', data2 => 'more test'};
and the first command would be:
$Response->{Cookies}{'Test Name'} = {Value => 'Test Value'};
- $Response->End()
-
Sends result to client, and immediately exits script. Automatically called at end of script, if not already called.
- $Response->Flush()
-
Sends buffered output to client and clears buffer.
- $Response->Redirect($url)
-
Sends the client a command to go to a different url $url. Script immediately ends.
- $Response->{Status} = $status
-
Sets the status code returned by the server. Can be used to set messages like 500, internal server error
- $Response->Write($data)
-
Write output to the HTML page. <%=$data%> syntax is shorthand for a $Response->Write($data). All final output to the client must at some point go through this method.
$Request Object
The request object manages the input from the client brower, like posts, query strings, cookies, etc. Normal return results are values if an index is specified, or a collection / perl hash ref if no index is specified. WARNING, the latter property is not supported in Activeware's PerlScript, so if you use the hashes returned by such a technique, it will not be portable.
- $Request->ClientCertificate()
-
Not implemented.
- $Request->Cookies($name, $key) (alpha)
-
Returns the value of the Cookie with name $name. If a $key is specified, then a lookup will be done on the cookie as if it were a query string. So, a cookie set by:
Set-Cookie: test=data1=1&data2=2 would have a value of 2 returned by $Request->Cookies('test', 'data2')
If no name is specified, a hash will be returned of cookie names as keys and cookie values as values. If the cookie value is a query string, it will automatically be parsed, and the value will be a hash reference to these values.
- $Request->Form($name)
-
Returns the value of the input of name $name used in a form with POST method. If $name is not specified, returns a ref to a hash of all the form data.
- $Request->QueryString($name)
-
Returns the value of the input of name $name used in a form with GET method, or passed by appending a query string to the end of a url as in http://someurl.com/?data=value. If $name is not specified, returns a ref to a hash of all the query string data.
- $Request->ServerVariables($name)
-
Returns the value of the server variable / environment variable with name $name. If $name is not specified, returns a ref to a hash of all the server / environment variables data. The following would be a common use of this method:
$Application Object
Like the $Session object, you may use the $Application object to store data across the entire life of the application. Every page in the ASP application always has access to this object. So if you wanted to keep track of how many visitors there where to the application during its lifetime, you might have a line like this:
The Lock and Unlock methods are used to prevent simultaneous access to the $Application object.
$Server Object
The server object is that object that handles everything that the other objects don't. The best part of the server object for Win32 users is the CreateObject method which allows developers to create instances of ActiveX components, like the ADO component.
- $Server->ScriptTimeout($seconds)
-
Not implemented
- $Server->CreateObject($program_id)
-
Allows use of ActiveX objects on Win32. This routine returns a reference to an Win32::OLE object upon success, and nothing upon failure. It is through this mechanism that a developer can utilize ADO. The equivalent syntax in VBScript is
Set object = Server.CreateObject(program_id)
For further information, try 'perldoc Win32::OLE' from your favorite command line.
- $Server->HTMLEncode($string)
-
Returns an HTML escapes version of $string. &, ", >, <, are each escapes with their HTML equivalents. Strings encoded in this nature should be raw text displayed to an end user, as HTML tags become escaped with this method.
- $Server->MapPath($virtual_directory);
-
Not implemented
- $Server->URLEncode($string)
-
Returns the URL-escaped version of the string $string. +'s are substituted in for spaces and special characters are escaped to the ascii equivalents. Strings encoded in this manner are safe to put in url's... they are especially useful for encoding data used in a query string as in:
EXAMPLES
Use with Apache. Copy the /eg directory from the ASP installation to your Apache document tree and try it out! You have to put
AllowOverride All
in your <Directory> config section to let the .htaccess file in the /eg installation directory do its work.
SEE ALSO
perl(1), mod_perl(3), Apache(3)
NOTES
Many thanks to those who helped me make this module a reality. Whoever said you couldn't do ASP on UNIX? Kudos go out to:
AUTHOR
Please send any questions or comments to the Apache modperl mailing list at modperl@apache.org or to me at chamas@alumni.stanford.org.
COPYRIGHT
Copyright (c) 1998 Joshua Chamas. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
18 POD Errors
The following errors were encountered while parsing the POD:
- Around line 1698:
'=item' outside of any '=over'
- Around line 1717:
You forgot a '=back' before '=head2'
- Around line 1723:
'=item' outside of any '=over'
- Around line 1747:
Unknown directive: =text
- Around line 1758:
Unknown directive: =text
- Around line 1787:
Unknown directive: =text
- Around line 1797:
Unknown directive: =text
- Around line 1802:
Unknown directive: =text
- Around line 1807:
Unknown directive: =text
- Around line 1811:
Unknown directive: =text
- Around line 1815:
Unknown directive: =text
- Around line 1842:
You forgot a '=back' before '=head2'
- Around line 1866:
'=item' outside of any '=over'
- Around line 1912:
You forgot a '=back' before '=head2'
- Around line 1930:
'=item' outside of any '=over'
- Around line 1938:
You forgot a '=back' before '=head2'
- Around line 1945:
'=item' outside of any '=over'
- Around line 1989:
You forgot a '=back' before '=head1'