Mark Dixon Page 1

15 – Web applications:Server-side code (ASP)

Mark Dixon Page 2

Session Aims & Objectives• Aims

– To introduce the fundamental ideas involved in server-side code

• Objectives,by end of this week’s sessions, you should be able to:

– create an asp web-page, including:• HTML, and• server-side VB script

Mark Dixon Page 3

Example: Logon (analysis)SPECIFICATION

• User Requirements – protection from fraud and invasion of privacy

• Software Requirements– Functional:

– logon page, user must type name and password–following pages can only be accessed after

successful logon– Non-functional

should be very difficult to hack

hotmail, Amazon, University portal, utility bills (gas, electricity, phone, internet), Travel (flights, ferry, car rental)

Mark Dixon Page 4

Example: Logon (design)• Restrict access to

home page

Mark Dixon Page 5

Example: Logon (code v1)• Using Client-side VB Script

<html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="msg"></p> </body></html>

<script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft131" Then window.navigate "home.htm" Else msg.innerText = "Login details incorrect." End If End Sub</script>

Logon.htm

<html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body></html>

Home.htm

Mark Dixon Page 6

Example: Login (Problem)• View Source – shows client-side script:

Reveals bothusername & password

Mark Dixon Page 7

networkconnection

Web Hardware and Software

ClientServer

BrowserApplication(MS Explorer,FireFox, Opera)

Web-serverApplication

(MS IIS,Apache)

Mark Dixon Page 8

BrowserApplication

(MS Explorer, Firefox)

Request-Response Cycle

Web-serverApplication

(MS IIS, Apache)

Logon.htm

Request

<html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="msg"></p> </body></html>

<script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft131" Then window.navigate "home.htm" Else msg.innerText = "Login details incorrect." End If End Sub</script>

Response

Client-side code:Code sent to ClientInterpreted by browser

Mark Dixon Page 9

Server-side Script (what)

• ASP – active server pages– code not sent to client

• code secure (can't be viewed by client)

– executed on server• takes time – request-response cycle• requires server software (e.g. IIS)

• ASP pages will NOT work by double clicking on file

Mark Dixon Page 10

Example: Date• ASP code:

– .aspx (not .htm)– VB (not vbscript)

– variables have type

– Now is current date and time (on server)

– runat="server" gives server code access to object

<script language="VB" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub</script>

<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body></html>

Date.aspx

Mark Dixon Page 11

Request-Response CycleBrowser

Application(MS Explorer, Firefox)

Web-serverApplication

(MS IIS, Apache)

date.aspx

Request

<html> <head><title>Today's Date</title></head> <body> <p id="parD">The date today is Mon 9 Feb 2009</p> <p id="parT">The time now is 00:57</p> </body></html>

Response

<script language="VB" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub</script>

<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body></html>

Server-side code: run on server(never sent to Client)

Mark Dixon Page 12

View Source• Code executed at server

– code is never sent to client

• View, Source – does not show code:

Mark Dixon Page 13

Data Types• Variant – all types of data

– slow, memory hungry

• Boolean – true or false (on/off, yes/no)

• Integer – whole numbers (-32768 to 32768)

• Long – whole numbers (large)

• Single – decimal numbers

• Double – decimal numbers (more precise)

• String – text

• Object – object instances

Mark Dixon Page 14

Data Type Selection• Number of e.g. 4 Integer/Long

Rooms

• Height e.g. 1.87m Single/Double

• Surname e.g. Smith String

• Car Reg e.g. XY55 ABC String

Mark Dixon Page 15

Using data types• Variable declaration

Dim x As Long

• Parameters Sub Thing(boo As String, y As Long)

• Functions Function IsTall() As Boolean

Mark Dixon Page 16

Question: Data types• Declare a variable to store:

– an animal's weight in kg (e.g. 34.6)

– whether a person has a driving licence or not

– the title of a book

– a phone number (e.g. 01752 586225)

Dim weight As Double

Dim licence As Boolean

Dim title As String

Dim phone As String

Mark Dixon Page 17

Example: AddNum (client-side)<html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body></html>

<script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub</script>

AddNum.htm

Mark Dixon Page 18

Example: AddNum (server-side)

• input tags inside form

• submit button:refreshes page (sending data to server)

<script language="VB" runat="server"> Sub Page_Load() Dim N1 As Double Dim N2 As Double If Request.Form("btnAdd") > "" Then N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End If End Sub</script>

<html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server" /> <p id="parRes" runat="server"></p> </form> </body></html>

AddNum.aspx

• If btnAdd clicked

Mark Dixon Page 19

<script language="VB" runat="server"> Sub Page_Load() Dim N1 As Double Dim N2 As Double If Request.Form("btnAdd") > "" Then N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End If End Sub</script>

<html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server" /> <p id="parRes" runat="server"></p> </form> </body></html>

AddNum.aspx<html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body></html>

<script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub</script>

AddNum.htm

Client-side vs. Server-side Code

Both use VB Script language (i.e. Sub, If, Dim, For, etc.)

Mark Dixon Page 20

Example: Apples

<script runat="server" language="VB"> Sub Page_Load() If Request.Form("btnGo") > "" Then parRes.InnerHtml = parRes.InnerHtml & "<img src='Apple.gif' />" End If End Sub</script>

<html> <head><title>Apples</title></head> <body> <form runat="server"> <input id="btnGo" type="submit" value="Go" runat="server" /> <p id="parRes" runat="server"></p> </form> </body></html>

Apples.aspx

Mark Dixon Page 21

Errors<script language="vbscript" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub

parD.innerText = ""</script>

<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT"></p> </body></html>

vbscript cannot run at server (should be VB)

parT is undefined(should have runat="server")

Declaration expected(assignment must be in sub)

Mark Dixon Page 22

Running your ASP pages• within Visual Studio

– Run (play) button (F5)– only available to you on development PC

• using Internet Information Services (IIS)– makes PC a server– page available to all computers on internet

Mark Dixon Page 23

IIS - Installing• IIS / personal web server on Windows CD

Start, Settings, Control Panel, Add/Remove Programs

Add/RemoveWindows

Components

IIS

Mark Dixon Page 24

IIS: Enabling/Disabling• Start, Settings, Control Panel,

Administrative Tools, Internet Services Manager StopStart

Mark Dixon Page 25

IIS: Exposing pages• Put ASP pages in:

– C:\INetPub\wwwRoot(this part of hard disk exposed to outside world)

• Execute pages by putting:– localhost

(in web browser, e.g. IE, means local machine)

• ASP pages don't work by double-clicking

Mark Dixon Page 26

IIS – Date.asp

localhost/test/date.aspx

C:\INetPub\wwwRoot\Date.aspx

Mark Dixon Page 27

Tutorial Exercise: Login (client-side)• LEARNING OBJECTIVE:

see how vulnerable client-side code is

• Task 1: Get the Login (v1) example from the lecture working.

• Task 2: Use view source – you should be able to see the code.

Mark Dixon Page 28

Tutorial Exercise: Date• LEARNING OBJECTIVE:

create an ASP page, including HTML and server-side VB Script

• Task 1: Get the Date example from the lecture working.

• Task 2: Add code that displays good morning/afternoon/evening/night, depending on the time of day.

Mark Dixon Page 29

Tutorial Exercise: Student Loan• LEARNING OBJECTIVE:

create an ASP page, including HTML and server-side VB Script from scratch to solve a problem

• Task 1: Create a web page that allows the user to enter their salary and the computer calculates the annual and monthly payments for their student loan. Hint: Use your client-side code (from term 1), and the AddNum example from the lecture.

Mark Dixon Page 30

Tutorial Exercise: Login (client-side)• LEARNING OBJECTIVE:

create an ASP page, including HTML and server-side VB Script from scratch to solve a problem

• Task 1: Create a login page that uses server-side code to check the username and password entered by the user. Hint: Use the AddNum example as inspiration. Hint2: Use the following code to send the user to the homepage: Response.Redirect("Home.htm")

• Task 2: Use view source – you should NOT be able to see the code.

Mark Dixon Page 31

Tutorial Exercise: Apples• LEARNING OBJECTIVE:

use variables with specific data types in ASP code

• Task 1: Get the apples example (from the lecture) working.

• Task 2: Modify your program so that the user enters a number, and the code adds that number of apple images.

• Task 3: Modify your program so that the user enters another number, and the code adds a new line tag for that number of apples. Hint: Within the loop divide the number of apples by the second number, if the result is a whole number add a new line tag.