Mark Dixon Page 1
15 – Web applications:Server-side code (ASP)
Mark Dixon Page 2
Session Aims & Objectives• Aims
– To introduce the fundamental ideas involved in server-side code
• Objectives,by end of this week’s sessions, you should be able to:
– create an asp web-page, including:• HTML, and• server-side VB script
Mark Dixon Page 3
Example: Logon (analysis)SPECIFICATION
• User Requirements – protection from fraud and invasion of privacy
• Software Requirements– Functional:
– logon page, user must type name and password–following pages can only be accessed after
successful logon– Non-functional
should be very difficult to hack
hotmail, Amazon, University portal, utility bills (gas, electricity, phone, internet), Travel (flights, ferry, car rental)
Mark Dixon Page 4
Example: Logon (design)• Restrict access to
home page
Mark Dixon Page 5
Example: Logon (code v1)• Using Client-side VB Script
<html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="msg"></p> </body></html>
<script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft131" Then window.navigate "home.htm" Else msg.innerText = "Login details incorrect." End If End Sub</script>
Logon.htm
<html> <head><title>My Home page</title></head> <body> <p> Welcome to my home page.<br /> <img src="YouAreHere.jpg" /> </p> </body></html>
Home.htm
Mark Dixon Page 6
Example: Login (Problem)• View Source – shows client-side script:
Reveals bothusername & password
Mark Dixon Page 7
networkconnection
Web Hardware and Software
ClientServer
BrowserApplication(MS Explorer,FireFox, Opera)
Web-serverApplication
(MS IIS,Apache)
Mark Dixon Page 8
BrowserApplication
(MS Explorer, Firefox)
Request-Response Cycle
Web-serverApplication
(MS IIS, Apache)
Logon.htm
Request
<html> <head><title></title></head> <body> Please logon:<br /> <input id="txtUserName" type="text" /><br /> <input id="txtPassWord" type="text" /><br /> <input id="btnLogon" type="submit" value="Logon" /> <p id="msg"></p> </body></html>
<script language="vbscript"> Sub btnLogon_OnClick() Dim un Dim pw un = txtUserName.value pw = txtPassWord.value If un = "mark" And pw = "soft131" Then window.navigate "home.htm" Else msg.innerText = "Login details incorrect." End If End Sub</script>
Response
Client-side code:Code sent to ClientInterpreted by browser
Mark Dixon Page 9
Server-side Script (what)
• ASP – active server pages– code not sent to client
• code secure (can't be viewed by client)
– executed on server• takes time – request-response cycle• requires server software (e.g. IIS)
• ASP pages will NOT work by double clicking on file
Mark Dixon Page 10
Example: Date• ASP code:
– .aspx (not .htm)– VB (not vbscript)
– variables have type
– Now is current date and time (on server)
– runat="server" gives server code access to object
<script language="VB" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub</script>
<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body></html>
Date.aspx
Mark Dixon Page 11
Request-Response CycleBrowser
Application(MS Explorer, Firefox)
Web-serverApplication
(MS IIS, Apache)
date.aspx
Request
<html> <head><title>Today's Date</title></head> <body> <p id="parD">The date today is Mon 9 Feb 2009</p> <p id="parT">The time now is 00:57</p> </body></html>
Response
<script language="VB" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub</script>
<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT" runat="server"></p> </body></html>
Server-side code: run on server(never sent to Client)
Mark Dixon Page 12
View Source• Code executed at server
– code is never sent to client
• View, Source – does not show code:
Mark Dixon Page 13
Data Types• Variant – all types of data
– slow, memory hungry
• Boolean – true or false (on/off, yes/no)
• Integer – whole numbers (-32768 to 32768)
• Long – whole numbers (large)
• Single – decimal numbers
• Double – decimal numbers (more precise)
• String – text
• Object – object instances
Mark Dixon Page 14
Data Type Selection• Number of e.g. 4 Integer/Long
Rooms
• Height e.g. 1.87m Single/Double
• Surname e.g. Smith String
• Car Reg e.g. XY55 ABC String
Mark Dixon Page 15
Using data types• Variable declaration
Dim x As Long
• Parameters Sub Thing(boo As String, y As Long)
• Functions Function IsTall() As Boolean
Mark Dixon Page 16
Question: Data types• Declare a variable to store:
– an animal's weight in kg (e.g. 34.6)
– whether a person has a driving licence or not
– the title of a book
– a phone number (e.g. 01752 586225)
Dim weight As Double
Dim licence As Boolean
Dim title As String
Dim phone As String
Mark Dixon Page 17
Example: AddNum (client-side)<html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body></html>
<script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub</script>
AddNum.htm
Mark Dixon Page 18
Example: AddNum (server-side)
• input tags inside form
• submit button:refreshes page (sending data to server)
<script language="VB" runat="server"> Sub Page_Load() Dim N1 As Double Dim N2 As Double If Request.Form("btnAdd") > "" Then N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End If End Sub</script>
<html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server" /> <p id="parRes" runat="server"></p> </form> </body></html>
AddNum.aspx
• If btnAdd clicked
Mark Dixon Page 19
<script language="VB" runat="server"> Sub Page_Load() Dim N1 As Double Dim N2 As Double If Request.Form("btnAdd") > "" Then N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + N2 End If End Sub</script>
<html> <head><title></title></head> <body> <form runat="server"> <input id="txtN1" type="text" runat="server" /><br /> <input id="txtN2" type="text" runat="server" /><br /> <input id="btnAdd" type="submit" value="Add" runat="server" /> <p id="parRes" runat="server"></p> </form> </body></html>
AddNum.aspx<html> <head><title></title></head> <body> <input id="txtN1" type="text" /><br /> <input id="txtN2" type="text" /><br /> <input id="btnAdd" type="submit" value="Add" /> <p id="parRes"></p> </body></html>
<script language="vbscript"> Sub btnAdd_onClick() Dim N1 Dim N2 N1 = txtN1.Value N2 = txtN2.Value parRes.InnerText = N1 + CDbl(N2) End Sub</script>
AddNum.htm
Client-side vs. Server-side Code
Both use VB Script language (i.e. Sub, If, Dim, For, etc.)
Mark Dixon Page 20
Example: Apples
<script runat="server" language="VB"> Sub Page_Load() If Request.Form("btnGo") > "" Then parRes.InnerHtml = parRes.InnerHtml & "<img src='Apple.gif' />" End If End Sub</script>
<html> <head><title>Apples</title></head> <body> <form runat="server"> <input id="btnGo" type="submit" value="Go" runat="server" /> <p id="parRes" runat="server"></p> </form> </body></html>
Apples.aspx
Mark Dixon Page 21
Errors<script language="vbscript" runat="server"> Sub Page_Load() Dim s As String s = "The date today is " s = s & Format(Now, "ddd d MMM yyyy") parD.InnerText = s s = "The time now is " s = s & Format(Now, "HH:mm") parT.InnerText = s End Sub
parD.innerText = ""</script>
<html> <head><title>Today's Date</title></head> <body> <p id="parD" runat="server"></p> <p id="parT"></p> </body></html>
vbscript cannot run at server (should be VB)
parT is undefined(should have runat="server")
Declaration expected(assignment must be in sub)
Mark Dixon Page 22
Running your ASP pages• within Visual Studio
– Run (play) button (F5)– only available to you on development PC
• using Internet Information Services (IIS)– makes PC a server– page available to all computers on internet
Mark Dixon Page 23
IIS - Installing• IIS / personal web server on Windows CD
Start, Settings, Control Panel, Add/Remove Programs
Add/RemoveWindows
Components
IIS
Mark Dixon Page 24
IIS: Enabling/Disabling• Start, Settings, Control Panel,
Administrative Tools, Internet Services Manager StopStart
Mark Dixon Page 25
IIS: Exposing pages• Put ASP pages in:
– C:\INetPub\wwwRoot(this part of hard disk exposed to outside world)
• Execute pages by putting:– localhost
(in web browser, e.g. IE, means local machine)
• ASP pages don't work by double-clicking
Mark Dixon Page 26
IIS – Date.asp
localhost/test/date.aspx
C:\INetPub\wwwRoot\Date.aspx
Mark Dixon Page 27
Tutorial Exercise: Login (client-side)• LEARNING OBJECTIVE:
see how vulnerable client-side code is
• Task 1: Get the Login (v1) example from the lecture working.
• Task 2: Use view source – you should be able to see the code.
Mark Dixon Page 28
Tutorial Exercise: Date• LEARNING OBJECTIVE:
create an ASP page, including HTML and server-side VB Script
• Task 1: Get the Date example from the lecture working.
• Task 2: Add code that displays good morning/afternoon/evening/night, depending on the time of day.
Mark Dixon Page 29
Tutorial Exercise: Student Loan• LEARNING OBJECTIVE:
create an ASP page, including HTML and server-side VB Script from scratch to solve a problem
• Task 1: Create a web page that allows the user to enter their salary and the computer calculates the annual and monthly payments for their student loan. Hint: Use your client-side code (from term 1), and the AddNum example from the lecture.
Mark Dixon Page 30
Tutorial Exercise: Login (client-side)• LEARNING OBJECTIVE:
create an ASP page, including HTML and server-side VB Script from scratch to solve a problem
• Task 1: Create a login page that uses server-side code to check the username and password entered by the user. Hint: Use the AddNum example as inspiration. Hint2: Use the following code to send the user to the homepage: Response.Redirect("Home.htm")
• Task 2: Use view source – you should NOT be able to see the code.
Mark Dixon Page 31
Tutorial Exercise: Apples• LEARNING OBJECTIVE:
use variables with specific data types in ASP code
• Task 1: Get the apples example (from the lecture) working.
• Task 2: Modify your program so that the user enters a number, and the code adds that number of apple images.
• Task 3: Modify your program so that the user enters another number, and the code adds a new line tag for that number of apples. Hint: Within the loop divide the number of apples by the second number, if the result is a whole number add a new line tag.