Tuesday, January 22, 2008
5 CGI Scripts You Must Use to Turn Your Site Into a Powerhouse
HTML is great. But what really makes your site super powerful? The Backend or the processes running in the background that make everything on your website really click. And what powers the backend? CGI Scripts. Some of you may know what CGI scripts are and others may not. CGI scripts are the key to creating interactive websites that automate your online business. Instead of getting too technical about scripts, lets talk about 5 powerful CGI scripts that every website should have if they have any desire to conduct E-commerce. Number 1: First off, you must have forms on your website. You should be utilizing forms for everything including retrieving demographic information from your visitors to processing credit card orders. You can also use forms to send contact information so that your visitors do not have to use email to contact you. The beauty of forms is that not only can you retrieve the information you request, you can also include hidden fields to be submitted with each form so that you know certain information like what website the visitor came from, their IP address (useful for fraud protection) and much more. Some form scripts even let you send autoresponses to the submitter. So, for example if someone fills in a form to sign up for a newsletter, you can send them an automated reply thanking them for their submission and including basically anything you want without having to lift a finger. Number 2: The next script every site should be using is a "recommend it" script. This is a script that allows your site visitors to recommend your site to their friends and contacts. Do not underestimate the power of this little tool. The recommend it script on our site at http://www.goldbar.net/recomm.html brings in tons of traffic and prospects that we may never have gotten on our own. The power of referrals should never, ever be underestimated. It is far more effective to have someone recommend your site to their contacts then it is to advertise. I use the Master Recommend script from William Bontrager, available for free at: http://www.willmaster.com Number 3: Affiliate Software. Without a doubt, one of the best investments you can ever make if you have your own product or service is in affiliate software. While usually not cheap it is by far one of the best methods of growing traffic to your site and exploding your sales. Many people advocate using a 3rd party affiliate company such as Commission Junction to manage their affilate programs. This is fine if you are a big company with a huge budget to WASTE on administrative fees and obscure technical charges. But, if you are a small to midsized company and you want to utilize the awesome power of a strictly commissioned salesforce sending you traffic and sales, you would be crazy to not consider purchasing affiliate software and installing it on your own site (or having it installed for you). Some affiliate scripts are so advanced that you can click one button on the administrative interface and send all the months commissions to a check writing program and have the checks printed out and all you will have to do is sign them. Number 4: Follow Up Autoresponders: Without a doubt, everyone should be using automated follow up mechanisms to: A. Capture the email addresses of targeted prospects interested in your products/services. B. Send a series of sequential, timed messages that trigger return visits to your website and turn potential onetime website visitors into return prospects. c. Remind customers about additional products and services that they may wish to order in the future or add to their current order. These are easy to maintain once they are installed on your site. All you have to do is write the email responses you want your prospects to receive and then upload them to your server. Then tell the script how long a time interval to wait before sending the next message in the sequence. An important point when using follow up autoresponders: make sure they offer an unsubscribe feature so that the recipients can opt out if they choose to. There are many great scripts out there that you can install on your own site. This will save you the monthly fees of using a hosted service but if you choose to use a third party tool, probably the best one is available from getresponse: http://www.getresponse.com/?13323 Number 5: An error catcher. This may sound like a crazy tool to include in this list but bear with me. How many of you have tried to click on a link and found yourself on a 404 error page. Most web surfers who encounter this error immediately leave your site never to return again.This is probably the worst thing that could happen to an internet business. What if you could create a page that said, OOPS you reached this page in error but why not visit the rest of the site? This is certainly more enticing and if created properly can help keep a surfer on your site as opposed to off it. On our site, we use a script that catches errors and delivers a webpage apologizing for the mistake and offering other links to pages on our site. We have saved many visitors this way and we have also created many subscribers and customers through this method. If you want to see how it works, try this link http://www.goldbar.net/mistake.html The script we used to create these pages is freely available and can be set to email you when someone reaches a 404 page and also help you determine if anyone is trying to hack into your site or if a CGI script is not working. It is called errorbot.cgi and can be found at http://www.perlarchive.com These 5 scripts can make or break an internet business so why dont more people use them? I believe they don't have a clue how to install them. If anyone wishes to have CGI scripts on their site but needs help installing them, you can usually get help from the programmer or visit a site like http://www.cgiguru.com who will usually install scripts for a nominal fee. CGI scripts have been around since the advent of commerce on the internet and continue to power the best sites. Even with new technologies such as ASP, Cold Fusion and PHP on the rise, CGI is the oldest and still the best. Why not get these 5 scripts running on your website and start powering your way to new profits.
Why Aren't You Using CGI
The very name CGI used to send chills up my spine. For years I put it in the 'too-hard-basket'. But like most things in life, CGI is not as scary as it seems. If you have a cgi directory on your website and you know how to FTP files, chances are you can have a CGI script up and running in less than 20 minutes.
CGI (Common Gateway Interface) is not a programming language but a standard that allows visitors to interact with your website. CGI scripts can be written in a number of different languages but most are written in Perl (Practical Extraction and Reporting Language).
This article gives you details of five free CGI scripts that will do the following:
1. Mail out your Newsletter from your server 2. Track the number of times your free E-Book is downloaded 3. Rotate banners on your website 4. Create your own auto responders 5. Allow visitors to recommend your website to friends
At the end of this article are details of where to download these 5 free scripts. But first, here are some basic guidelines on how to configure and install CGI scripts:
1. CGI programs usually come in a zip file. Unzip the file and open the README file. This document will give you instructions for configuring the program file.
2. Open the program file using a text editor such as NOTEPAD (the program file will usually have the file extension .cgi but may have other extensions such as .pl).
In most CGI programs you will have to configure the following 4 items:
(a) the path to perl
This is where the perl program resides on your server. The path will usually be:
#!/usr/bin/perl
but could be:
#!/usr/local/bin/perl
If you're unsure what your 'path to perl' is, check your web host's online 'manual' or FAQs. If you can't find it there, simply ask your web host.
(b) the path to sendmail
Most CGI programs notify you when your visitors have completed a particular action, and for that, the program needs to know where the 'sendmail' program resides on your server. The path to your UNIX sendmail program will usually be: /usr/sbin/sendmail
But it could also be something like this: /usr/lib/sendmail
Again, check the documentation on your web host's website, or simply ask your web host.
(c) the absolute path to your CGI directory
The absolute path tells the CGI program exactly where to find the file (or files) that it needs to open. Unfortunately, the absolute path to your CGI directory is not something you will be able to guess or deduce - it is completely arbitrary and depends entirely on how the system administrator at your web host has partitioned your host's hard drive.
The easiest way to find out your absolute path is to ask your web host. Another way is by using telnet - just type in pwd (print working directory) and that should give you your absolute path.
(d) Your email address
This is the address that the CGI program will use to notify you when an action has been completed.
3. Uploading
Upload the program files to your cgi-bin (or a directory off your cgi-bin) using ASCII mode. Never use BINARY mode, as this will play havoc with the line-breaks in the script.
4. Set the File Permissions using CHMOD
CHMOD (changing mode) is the term for setting security permissions on files. The README file will usually tell you the permissions that you need to set for each file. The script file will need to be set to 755. This allows the file's owner to read, write, and execute the file; anyone else can only read and execute it.
You can set the permissions using telnet, but the easiest way is to use the built-in option in your FTP program.
5. Calling the Script
Now that you've configured the script, uploaded it and set the permissions, it's time to try it out! You do this by 'calling the script' using a URL in an HTML document. This is what the URL for calling your script will normally look like:
http://www.yourdomain.com/cgi-bin/script.cgi
Again, the README file should have specific instructions on how to call the script. In addition, most CGI programs are accompanied by a web page that contains the form your visitors would use to call the script.
And now here are the details of the 5 free CGI scripts I mentioned earlier:
----------------------- Subscribe Me Lite -----------------------
Subscribe Me Lite is a program that allows prospects/customers to automatically subscribe and/or unsubscribe themselves from your mailing list. It has a built-in mass mailing form for sending out your newsletter or updates.
More Information: http://www.cgiscriptcenter.com/subscribe/index2.html
----------------------- Rob's File Tracker -----------------------
Rob's File Tracker is a perl script that counts file downloads or click-thrus to any file. Very useful if you want to know how many people are downloading your free E-Book.
More Information: http://www.robplanet.com/cgi racker/
----------------------- AdRotate Pro -----------------------
AdRotate Pro is an ad rotation program that's easy to setup and easy to use. Features include unlimited rotations, expiry by date, views or clicks, default ads for when all ads are expired, and customer reports.
More Information: http://www.vanbrunt.com/adrotate/
----------------------- MasterRecommend -----------------------
This script allows visitors to recommend your website to a friend by sending an email, without leaving your website. The program will also send you a copy of your visitor's message (nice to know what your visitors think about your website).
More Information: http://www.willmaster.com/master/recommend/MasterRecommendmanual.html
----------------------- Master Auto-Responder -----------------------
This is a standard auto-responder program. The script allows you to set the "From:" and "Subject:" lines for your auto-response.You can also choose to receive a copy of each email that the auto-responder receives.
More Information: http://mastercgi.com/howtoinfo/howautoresponderswork.shtml
If you need more help installing your CGI scripts, here are two excellent free tutorials:
http://spider-food.net/install-a-cgi-script.html http://www.stefan-pettersson.nu/scripts utorials/installcgi.html
CGI (Common Gateway Interface) is not a programming language but a standard that allows visitors to interact with your website. CGI scripts can be written in a number of different languages but most are written in Perl (Practical Extraction and Reporting Language).
This article gives you details of five free CGI scripts that will do the following:
1. Mail out your Newsletter from your server 2. Track the number of times your free E-Book is downloaded 3. Rotate banners on your website 4. Create your own auto responders 5. Allow visitors to recommend your website to friends
At the end of this article are details of where to download these 5 free scripts. But first, here are some basic guidelines on how to configure and install CGI scripts:
1. CGI programs usually come in a zip file. Unzip the file and open the README file. This document will give you instructions for configuring the program file.
2. Open the program file using a text editor such as NOTEPAD (the program file will usually have the file extension .cgi but may have other extensions such as .pl).
In most CGI programs you will have to configure the following 4 items:
(a) the path to perl
This is where the perl program resides on your server. The path will usually be:
#!/usr/bin/perl
but could be:
#!/usr/local/bin/perl
If you're unsure what your 'path to perl' is, check your web host's online 'manual' or FAQs. If you can't find it there, simply ask your web host.
(b) the path to sendmail
Most CGI programs notify you when your visitors have completed a particular action, and for that, the program needs to know where the 'sendmail' program resides on your server. The path to your UNIX sendmail program will usually be: /usr/sbin/sendmail
But it could also be something like this: /usr/lib/sendmail
Again, check the documentation on your web host's website, or simply ask your web host.
(c) the absolute path to your CGI directory
The absolute path tells the CGI program exactly where to find the file (or files) that it needs to open. Unfortunately, the absolute path to your CGI directory is not something you will be able to guess or deduce - it is completely arbitrary and depends entirely on how the system administrator at your web host has partitioned your host's hard drive.
The easiest way to find out your absolute path is to ask your web host. Another way is by using telnet - just type in pwd (print working directory) and that should give you your absolute path.
(d) Your email address
This is the address that the CGI program will use to notify you when an action has been completed.
3. Uploading
Upload the program files to your cgi-bin (or a directory off your cgi-bin) using ASCII mode. Never use BINARY mode, as this will play havoc with the line-breaks in the script.
4. Set the File Permissions using CHMOD
CHMOD (changing mode) is the term for setting security permissions on files. The README file will usually tell you the permissions that you need to set for each file. The script file will need to be set to 755. This allows the file's owner to read, write, and execute the file; anyone else can only read and execute it.
You can set the permissions using telnet, but the easiest way is to use the built-in option in your FTP program.
5. Calling the Script
Now that you've configured the script, uploaded it and set the permissions, it's time to try it out! You do this by 'calling the script' using a URL in an HTML document. This is what the URL for calling your script will normally look like:
http://www.yourdomain.com/cgi-bin/script.cgi
Again, the README file should have specific instructions on how to call the script. In addition, most CGI programs are accompanied by a web page that contains the form your visitors would use to call the script.
And now here are the details of the 5 free CGI scripts I mentioned earlier:
----------------------- Subscribe Me Lite -----------------------
Subscribe Me Lite is a program that allows prospects/customers to automatically subscribe and/or unsubscribe themselves from your mailing list. It has a built-in mass mailing form for sending out your newsletter or updates.
More Information: http://www.cgiscriptcenter.com/subscribe/index2.html
----------------------- Rob's File Tracker -----------------------
Rob's File Tracker is a perl script that counts file downloads or click-thrus to any file. Very useful if you want to know how many people are downloading your free E-Book.
More Information: http://www.robplanet.com/cgi racker/
----------------------- AdRotate Pro -----------------------
AdRotate Pro is an ad rotation program that's easy to setup and easy to use. Features include unlimited rotations, expiry by date, views or clicks, default ads for when all ads are expired, and customer reports.
More Information: http://www.vanbrunt.com/adrotate/
----------------------- MasterRecommend -----------------------
This script allows visitors to recommend your website to a friend by sending an email, without leaving your website. The program will also send you a copy of your visitor's message (nice to know what your visitors think about your website).
More Information: http://www.willmaster.com/master/recommend/MasterRecommendmanual.html
----------------------- Master Auto-Responder -----------------------
This is a standard auto-responder program. The script allows you to set the "From:" and "Subject:" lines for your auto-response.You can also choose to receive a copy of each email that the auto-responder receives.
More Information: http://mastercgi.com/howtoinfo/howautoresponderswork.shtml
If you need more help installing your CGI scripts, here are two excellent free tutorials:
http://spider-food.net/install-a-cgi-script.html http://www.stefan-pettersson.nu/scripts utorials/installcgi.html
Use CGI to Automate Your Web Site
Are you taking advantage of the powerful automation technology available on the Internet? Common Gateway Interface, better known as CGI, is one of the most widely used server applications on the Internet. This software resides on your server and automatically performs specified functions on your web site.
If you've been on the Internet for a while, you've probably seen many examples of CGI use and didn't even realize it. Search Engines, Directories and Forums all use CGI scripts. Scripts can run everything from a form on your web site to an affiliate program. They can give you the power to completely automate your web site.
There are scripts online that can automate all of the following:
* Make your product available for download * Take the customers order * Approve it right online * Send your customer a password * Send you a confirmation of the order
You can sell your products around the clock and never lift a finger.
SuperScripts - http://www.superscripts.com/
If you have a subscription box on your web site, then you're already using a program to process the information. That's a good start however, there are many additional ways you can use this powerful technology.
Here are some great scripts to get you started.
The Master Series:
Master Form
This form will enable you to have the results emailed to you or to a specified address. It can write your information to a database file and even enable you to have a personalized thank you page. In addition, you can even have multi-page forms with no limit on the number of pages. Master Feedback
Allow your visitors to provide you with feedback. Master Feedback enables you to add your own information fields with radio buttons, checkboxes, dropdown lists and text fields. The great thing about using Master Feedback is that it helps you spam- proof your site by not requiring your email address anywhere on your page.
Master Recommend
Word of mouth is one of the best forms of advertising. Master Recommend will enable your visitors to recommend your web site to a friend. This great script is multi-lingual, which means that the emails sent can be written in any language.
Master Subscriber Pro
Enable your visitors to subscribe to multiple ezines by checking the boxes beside the publication they wish to subscribe. They'll only need to enter their email address one time and won't be forced to leave your web site.
The great thing about this script is that it is compatible with ezines hosted with Egroups, Topica, etc., or any ezine that uses an email address for subscriptions.
Master Syndicator
If you write articles, Master Syndicator will enable you to syndicate your content. You simply copy and paste your article into a form and click on submit. Your article will instantly be ready for syndication. To display your content, webmasters will need to place two small lines of JavaScript within their web page where they'd like the article to display. Each time you update your article, every web site using your code will automatically be updated.
The Master Series scripts can be found here: http://hop.clickbank.net/hop.cgi?wsnet/willmaster
WebBBS
This great script will enable you to set up your own forum. Unlike most bulletin board scripts, WebBBS stores messages as simple text files and creates HTML pages as needed.
This great script supports automatic quoting of message text and email notification of those who want to be informed of new posts. http://awsd.com/scripts/webbbs/index.shtml
WebAdverts
Set up a rotating banner system on your web site and track response rates. WebAdverts will enable you to not only set up a rotating banner system, but if you'd like, you can set up your own banner exchange. Banners can be displayed on your pages using SSI tags, IFRAME tags, or standard IMG tags.
The great thing about this script is that you can include banners on CGI-generated pages. In addition, you can filter the banners by allowing certain banners to appear only on certain pages. This script is a little complicated, but well worth it. http://awsd.com/scripts/webadverts/index.shtml
Links
If you've ever wanted to set up a directory, this great script will make it simple. It is modeled after Yahoo and inspired by The CGI Resource Index. It can be completely customized to match the look and feel of your web site. http://www.gossamer-threads.com/scripts/links/
POD
The Personal Open Directory script will enable you to pull the contents of the Open Directory Project into your own web pages. It is completely customizable and will enable your visitors to have access to this great directory without leaving your web site. http://grohol.com/downloads/pod/dmoz/
Learn more about CGI: http://www.howstuffworks.com/cgi.htm
Locate CGI Scripts: http://cgi.resourceindex.com/Programs_and_Scripts/Perl/
If you're not utilizing the full benefits that CGI has to offer, you're missing the boat. Not only will it save you a great deal of time, but it will also process your information around the clock. Scripts can assist you in making your web site an interactive community and bring your site to life.
If you've been on the Internet for a while, you've probably seen many examples of CGI use and didn't even realize it. Search Engines, Directories and Forums all use CGI scripts. Scripts can run everything from a form on your web site to an affiliate program. They can give you the power to completely automate your web site.
There are scripts online that can automate all of the following:
* Make your product available for download * Take the customers order * Approve it right online * Send your customer a password * Send you a confirmation of the order
You can sell your products around the clock and never lift a finger.
SuperScripts - http://www.superscripts.com/
If you have a subscription box on your web site, then you're already using a program to process the information. That's a good start however, there are many additional ways you can use this powerful technology.
Here are some great scripts to get you started.
The Master Series:
Master Form
This form will enable you to have the results emailed to you or to a specified address. It can write your information to a database file and even enable you to have a personalized thank you page. In addition, you can even have multi-page forms with no limit on the number of pages. Master Feedback
Allow your visitors to provide you with feedback. Master Feedback enables you to add your own information fields with radio buttons, checkboxes, dropdown lists and text fields. The great thing about using Master Feedback is that it helps you spam- proof your site by not requiring your email address anywhere on your page.
Master Recommend
Word of mouth is one of the best forms of advertising. Master Recommend will enable your visitors to recommend your web site to a friend. This great script is multi-lingual, which means that the emails sent can be written in any language.
Master Subscriber Pro
Enable your visitors to subscribe to multiple ezines by checking the boxes beside the publication they wish to subscribe. They'll only need to enter their email address one time and won't be forced to leave your web site.
The great thing about this script is that it is compatible with ezines hosted with Egroups, Topica, etc., or any ezine that uses an email address for subscriptions.
Master Syndicator
If you write articles, Master Syndicator will enable you to syndicate your content. You simply copy and paste your article into a form and click on submit. Your article will instantly be ready for syndication. To display your content, webmasters will need to place two small lines of JavaScript within their web page where they'd like the article to display. Each time you update your article, every web site using your code will automatically be updated.
The Master Series scripts can be found here: http://hop.clickbank.net/hop.cgi?wsnet/willmaster
WebBBS
This great script will enable you to set up your own forum. Unlike most bulletin board scripts, WebBBS stores messages as simple text files and creates HTML pages as needed.
This great script supports automatic quoting of message text and email notification of those who want to be informed of new posts. http://awsd.com/scripts/webbbs/index.shtml
WebAdverts
Set up a rotating banner system on your web site and track response rates. WebAdverts will enable you to not only set up a rotating banner system, but if you'd like, you can set up your own banner exchange. Banners can be displayed on your pages using SSI tags, IFRAME tags, or standard IMG tags.
The great thing about this script is that you can include banners on CGI-generated pages. In addition, you can filter the banners by allowing certain banners to appear only on certain pages. This script is a little complicated, but well worth it. http://awsd.com/scripts/webadverts/index.shtml
Links
If you've ever wanted to set up a directory, this great script will make it simple. It is modeled after Yahoo and inspired by The CGI Resource Index. It can be completely customized to match the look and feel of your web site. http://www.gossamer-threads.com/scripts/links/
POD
The Personal Open Directory script will enable you to pull the contents of the Open Directory Project into your own web pages. It is completely customizable and will enable your visitors to have access to this great directory without leaving your web site. http://grohol.com/downloads/pod/dmoz/
Learn more about CGI: http://www.howstuffworks.com/cgi.htm
Locate CGI Scripts: http://cgi.resourceindex.com/Programs_and_Scripts/Perl/
If you're not utilizing the full benefits that CGI has to offer, you're missing the boat. Not only will it save you a great deal of time, but it will also process your information around the clock. Scripts can assist you in making your web site an interactive community and bring your site to life.
What is really CGI?
Let's unlock a little bit of the mystery about something called CGI. If it helps any, CGI means Common Gateway Interface. This is a method which is used to exchange data between the server (the hardware and software that actually allows you to get to your web site) and a web client (your browser). CGI is actually a set of standards where a program or script (a series of commands) can send data back to the web server where it can be processed.
Typically, you use standard HTML tags to get data from a person, then pass that data to a CGI routine. The CGI routine then performs some action with the data.
Some of the more common uses of CGI include:
- Guestbooks - The CGI routine is responsible for accepting the data, ensuring it is valid, sending an email acknowledgement back to the writer, perhaps sending an email to the webmaster, and creating the guestbook entry itself.
- Email Forms - A simple CGI forms routine just formats the data into an email and sends it back to the webmaster. More complicated routines can maintain a database, send an acknowledgement and validate data.
- Mailing List Maintenance - These routines allow visitors to subscribe and unsubscribe from a mailing list. In this case, the CGI routine maintains a database of email addresses, and the better ones send acknowledgements back to the visitor and webmaster.
A CGI routine can be anything which understands the CGI standard. A popular CGI language is called PERL, which is simple to understand and use (well, compared to other languages). PERL is a scripting language, which means each time a PERL routine is executed the web server must examine the PERL commands to determine what to do. In contrast, a compiled language such as C++ or Visual Basic can be directly executed, which is faster and more efficient.
Okay, in a nutshell (and greatly simplified), here's how it works:
1) You (the webmaster) specify a form tag which includes the name of the CGI routine.
2) You create HTML tags which retrieves data from your visitors.
3) Each of the input tags includes a variable name. The data which is retrieved from the visitor (or directly set if the tag includes the "hidden" qualifier) is placed in the variable name.
4) When the visitor presses the "submit" button, the CGI routine which was specified in the form tag is executed. At this time, the CGI routine "takes control", meaning the browser essentially is waiting for it to complete.
5) This CGI routine can get data from variable names. It retrieves the data and does whatever action is required.
6) When the CGI routine finishes, it returns control back to the web client (the browser).
Some important things to remember about CGI routines:
- You can install CGI routines on your own site if your host allows it - Addr.Com is an example of a web host which allows for CGI routines. Some web hosts do not allow you to install your own routines but do provide some pre-written ones to you. If these are not sufficient for your needs, you can find a remote hosting service to provide the necessary functions.
- Generally, if you install your own routines they must be installed in the cgi-bin directory of your site. This is a special location which allows scripts and programs to be executed.
- CGI routines work best on Apache-style servers. Windows NT and Windows 2000 does support CGI, but it tends to be slow and problematic.
- If you use a remote hosting service, you must remember that although they appear to be giving you this for free, you are actually paying a price. Usually they want to display advertisements, although some of them actually take visitors away from your site.
- When you write a CGI routine, you have the choice of a scripting language like PERL or a compiled language such as C++ or Visual Basic. Anything which can execute on the web server is acceptable.
I hope this short introduction to CGI has cleared up some of the mystery.
Typically, you use standard HTML tags to get data from a person, then pass that data to a CGI routine. The CGI routine then performs some action with the data.
Some of the more common uses of CGI include:
- Guestbooks - The CGI routine is responsible for accepting the data, ensuring it is valid, sending an email acknowledgement back to the writer, perhaps sending an email to the webmaster, and creating the guestbook entry itself.
- Email Forms - A simple CGI forms routine just formats the data into an email and sends it back to the webmaster. More complicated routines can maintain a database, send an acknowledgement and validate data.
- Mailing List Maintenance - These routines allow visitors to subscribe and unsubscribe from a mailing list. In this case, the CGI routine maintains a database of email addresses, and the better ones send acknowledgements back to the visitor and webmaster.
A CGI routine can be anything which understands the CGI standard. A popular CGI language is called PERL, which is simple to understand and use (well, compared to other languages). PERL is a scripting language, which means each time a PERL routine is executed the web server must examine the PERL commands to determine what to do. In contrast, a compiled language such as C++ or Visual Basic can be directly executed, which is faster and more efficient.
Okay, in a nutshell (and greatly simplified), here's how it works:
1) You (the webmaster) specify a form tag which includes the name of the CGI routine.
2) You create HTML tags which retrieves data from your visitors.
3) Each of the input tags includes a variable name. The data which is retrieved from the visitor (or directly set if the tag includes the "hidden" qualifier) is placed in the variable name.
4) When the visitor presses the "submit" button, the CGI routine which was specified in the form tag is executed. At this time, the CGI routine "takes control", meaning the browser essentially is waiting for it to complete.
5) This CGI routine can get data from variable names. It retrieves the data and does whatever action is required.
6) When the CGI routine finishes, it returns control back to the web client (the browser).
Some important things to remember about CGI routines:
- You can install CGI routines on your own site if your host allows it - Addr.Com is an example of a web host which allows for CGI routines. Some web hosts do not allow you to install your own routines but do provide some pre-written ones to you. If these are not sufficient for your needs, you can find a remote hosting service to provide the necessary functions.
- Generally, if you install your own routines they must be installed in the cgi-bin directory of your site. This is a special location which allows scripts and programs to be executed.
- CGI routines work best on Apache-style servers. Windows NT and Windows 2000 does support CGI, but it tends to be slow and problematic.
- If you use a remote hosting service, you must remember that although they appear to be giving you this for free, you are actually paying a price. Usually they want to display advertisements, although some of them actually take visitors away from your site.
- When you write a CGI routine, you have the choice of a scripting language like PERL or a compiled language such as C++ or Visual Basic. Anything which can execute on the web server is acceptable.
I hope this short introduction to CGI has cleared up some of the mystery.
CGI Security Issues
When you are creating or using CGI routines, you must be careful to keep good coding techniques, security and just plain common sense in mind. Sometimes you can do things that cause serious unexpected site effects. In fact, sometimes you may think you are making your CGI routine secure only to find out it just doesn't work like you expected.
A good example of a this phenomenon is a simple CGI routine called FormMail. This was written a number of years ago by a fellow named Matt Wright to allow data to be entered in a form, then emailed to a recipient.
I first looked at FormMail because I wanted to cut down on spam. You see, my web site had my email address embedded on every single page. I thought this was a good idea to allow people to send me an email message when they wanted to contact me. In fact, all of the web design books indicate that all good web sites include an email link of this kind.
I soon discovered, much to my horror, that spammers use special programs called Spam Harvesters to scan websites for email addresses. They add these addresses to their mailing lists and resell them over and over. The result is a large increase in the amount of spam that I received.
After much research, I came to the conclusion that the best defense against spam robots was to simply stop including my email address on my web sites. This left the question of how to allow users to contact me when they had questions or comments.
The answer is simple - use a form. The advantage is that the email address is hidden within the CGI routine or a text file and it is simply not possible for a spam harvester to pick it up. As long as the email address is coded into the CGI routine or in a database you are relatively secure.
However, many people use FormMail in a different way. Let's say you want to allow your visitors to "tell a friend" about your site. So you include a form which allows visitors to enter their message and a target email address. If you are not very careful you could find that you have set yourself up as a spam relay.
You see, spammers are always looking for ways to hide their identity. One common method is to search the internet for occurrences of FormMail. Sometimes I wonder if spammers rub their hands together in glee when they find sites which use FormMail with user-entered email addresses.
The spammer essentially "hijacks" the FormMail CGI routine and causes it to send out emails as fast and furiously as they can. I know of one instance where a spammer sent over one million emails in a single day before someone noticed that their web server was going very slowly (I wonder how long it would have taken had the spammer tried limiting the load on the server so it didn't show up as much). What happens here is very simple. The FormMail CGI routine is simply called remotely by the spammer, once for each spam email that he wants to send.
Ah, you say, but you could code the FormMail routine to check the referrer field. This would surely prevent a spammer from using it remotely, as his referrer would not be the website URL.
Sorry, no. The referrer field is actually a text string passed to the CGI routine by the browser. The spammer is most likely using a program which appears, to your web site, to be just another browser. Since the spammer controls the program he can code it to send the CGI routine whatever value he wants for the referrer field.
As it turns out, it is very difficult to make a CGI routine such as FormMail even relatively secure, and it may be impossible to make it bullet-proof. All you can do is check enough things and put in delays here and there to slow down and discourage spammers.
You could, for example, only allow one posting per IP address per hour. You could also check referrer just to block out the more ignorant spammers. I suppose you could count the number of times the routine is called, and have it just stop working after a certain amount. For example, only allow one hundred calls per day from anywhere.
The point here is not to tear apart the FormMail routine. The goal is to show how difficult it can be to make anything secure on the internet, and demonstrate that some assumptions (that the referrer field is a valid check) may not be true in all cases.
What do you do? Before you implement any CGI or similar interface, be sure and do a little research to be sure you completely understand and handle the ramifications. If you don't do this, you may find yourself the victim of a hacker or spammer.
A good example of a this phenomenon is a simple CGI routine called FormMail. This was written a number of years ago by a fellow named Matt Wright to allow data to be entered in a form, then emailed to a recipient.
I first looked at FormMail because I wanted to cut down on spam. You see, my web site had my email address embedded on every single page. I thought this was a good idea to allow people to send me an email message when they wanted to contact me. In fact, all of the web design books indicate that all good web sites include an email link of this kind.
I soon discovered, much to my horror, that spammers use special programs called Spam Harvesters to scan websites for email addresses. They add these addresses to their mailing lists and resell them over and over. The result is a large increase in the amount of spam that I received.
After much research, I came to the conclusion that the best defense against spam robots was to simply stop including my email address on my web sites. This left the question of how to allow users to contact me when they had questions or comments.
The answer is simple - use a form. The advantage is that the email address is hidden within the CGI routine or a text file and it is simply not possible for a spam harvester to pick it up. As long as the email address is coded into the CGI routine or in a database you are relatively secure.
However, many people use FormMail in a different way. Let's say you want to allow your visitors to "tell a friend" about your site. So you include a form which allows visitors to enter their message and a target email address. If you are not very careful you could find that you have set yourself up as a spam relay.
You see, spammers are always looking for ways to hide their identity. One common method is to search the internet for occurrences of FormMail. Sometimes I wonder if spammers rub their hands together in glee when they find sites which use FormMail with user-entered email addresses.
The spammer essentially "hijacks" the FormMail CGI routine and causes it to send out emails as fast and furiously as they can. I know of one instance where a spammer sent over one million emails in a single day before someone noticed that their web server was going very slowly (I wonder how long it would have taken had the spammer tried limiting the load on the server so it didn't show up as much). What happens here is very simple. The FormMail CGI routine is simply called remotely by the spammer, once for each spam email that he wants to send.
Ah, you say, but you could code the FormMail routine to check the referrer field. This would surely prevent a spammer from using it remotely, as his referrer would not be the website URL.
Sorry, no. The referrer field is actually a text string passed to the CGI routine by the browser. The spammer is most likely using a program which appears, to your web site, to be just another browser. Since the spammer controls the program he can code it to send the CGI routine whatever value he wants for the referrer field.
As it turns out, it is very difficult to make a CGI routine such as FormMail even relatively secure, and it may be impossible to make it bullet-proof. All you can do is check enough things and put in delays here and there to slow down and discourage spammers.
You could, for example, only allow one posting per IP address per hour. You could also check referrer just to block out the more ignorant spammers. I suppose you could count the number of times the routine is called, and have it just stop working after a certain amount. For example, only allow one hundred calls per day from anywhere.
The point here is not to tear apart the FormMail routine. The goal is to show how difficult it can be to make anything secure on the internet, and demonstrate that some assumptions (that the referrer field is a valid check) may not be true in all cases.
What do you do? Before you implement any CGI or similar interface, be sure and do a little research to be sure you completely understand and handle the ramifications. If you don't do this, you may find yourself the victim of a hacker or spammer.
How to Stop Digital Thieves with CGI
I'm going to assume you're serious about your business. If you're not, I can't help you anyway. You've gone as far as getting a real merchant account to accept credit card payments online.
You know that this was neither easy or cheap. So does everyone else! So, a merchant account shows that you've made a serious commitment to your business. That's good for customer confidence, which is good for business. So far so good...
Now there's the issue of selling stuff to people online. Your order form leads them to feed their credit card info to a secure gateway, using software you bought or leased from (or through) your merchant account provider. Finally, the transaction is approved or denied.
If approved, the software generates a receipt and emails you and the customer each a copy. At this point, the customer is returned to a page you specified. In the case of downloadable products, this is often the page where they download your product. So, you've got the entire process fully automated.
For a product or service with a fairly low price point and a potential for many thousands of sales, this seems ideal. You can quite literally make sales and earn income 24 hours a day. So, what's the problem?
The form code on your order page is the problem. If someone uses the ViewSource function of their browser, they can see all your code. If they have even a tiny bit of initiative and skill, they can locate the URL of your download page. After all, it's right there in your form code!
CGI provides two ways of fixing this problem. One involves using a script that makes it impossible to view the source code. You can find a source for such a script by searching the web. Expect to pay a lot for this technology.
Another way is to make the return path a script instead of the actual download location. The script would be used to create and display the download page. It would not be visible to the surfer, since it's not an HTML document. The script can also record details of the transaction for book-keeping purposes.
I admit that I discovered this by trial and error - and a lucky guess or two. Your merchant account gateway software may have radically different behavior than mine, but here's what I've learned:
The gateway uses the POST method to send the customer to your specified return URL (which can be a script as well as a web page). It also POSTs most of its input data items at the same time. They are usually ignored, but your script can read them if you want to!
Use the names given to the form inputs. Have your script extract the values of these "named parameters" at the time it creates the download page. Record what you want to save about the transaction in your orders file or database.
Now here's the real secret to foiling the thieves. Inside the script, check to see that the variables you extract contain non-empty values. Did you get that? Here's an example:
if ($email eq "") {exit;}
In this example, the script expects to get an email address. If it contains no characters, the script quits instantly. By testing for the presence of some data in such fields as customer name, email address, item #, price, etc., you can tell whether the script was called after a successful transaction - or by a thief...
Put all your security checks prior to the code that creates the download page. If any test fails, the script exits and the thief is left empty- handed. If your form-handling script can convert a product name to a product ID that's never visible to a browser, this provides even more security. This will be POSTed back to the script and you can check for it before allowing the download.
Close these security holes and you'll make more money. You may even sleep a little better knowing that people can't steal that product you worked so hard to create. I know I do!
You know that this was neither easy or cheap. So does everyone else! So, a merchant account shows that you've made a serious commitment to your business. That's good for customer confidence, which is good for business. So far so good...
Now there's the issue of selling stuff to people online. Your order form leads them to feed their credit card info to a secure gateway, using software you bought or leased from (or through) your merchant account provider. Finally, the transaction is approved or denied.
If approved, the software generates a receipt and emails you and the customer each a copy. At this point, the customer is returned to a page you specified. In the case of downloadable products, this is often the page where they download your product. So, you've got the entire process fully automated.
For a product or service with a fairly low price point and a potential for many thousands of sales, this seems ideal. You can quite literally make sales and earn income 24 hours a day. So, what's the problem?
The form code on your order page is the problem. If someone uses the ViewSource function of their browser, they can see all your code. If they have even a tiny bit of initiative and skill, they can locate the URL of your download page. After all, it's right there in your form code!
CGI provides two ways of fixing this problem. One involves using a script that makes it impossible to view the source code. You can find a source for such a script by searching the web. Expect to pay a lot for this technology.
Another way is to make the return path a script instead of the actual download location. The script would be used to create and display the download page. It would not be visible to the surfer, since it's not an HTML document. The script can also record details of the transaction for book-keeping purposes.
I admit that I discovered this by trial and error - and a lucky guess or two. Your merchant account gateway software may have radically different behavior than mine, but here's what I've learned:
The gateway uses the POST method to send the customer to your specified return URL (which can be a script as well as a web page). It also POSTs most of its input data items at the same time. They are usually ignored, but your script can read them if you want to!
Use the names given to the form inputs. Have your script extract the values of these "named parameters" at the time it creates the download page. Record what you want to save about the transaction in your orders file or database.
Now here's the real secret to foiling the thieves. Inside the script, check to see that the variables you extract contain non-empty values. Did you get that? Here's an example:
if ($email eq "") {exit;}
In this example, the script expects to get an email address. If it contains no characters, the script quits instantly. By testing for the presence of some data in such fields as customer name, email address, item #, price, etc., you can tell whether the script was called after a successful transaction - or by a thief...
Put all your security checks prior to the code that creates the download page. If any test fails, the script exits and the thief is left empty- handed. If your form-handling script can convert a product name to a product ID that's never visible to a browser, this provides even more security. This will be POSTed back to the script and you can check for it before allowing the download.
Close these security holes and you'll make more money. You may even sleep a little better knowing that people can't steal that product you worked so hard to create. I know I do!
Concept of computer generated images and their application
Computer generated images (known as CGI) have become very popular over the past two decades, and their importance and use will increase even further in the future because of their wide applicability in various fields. In the area of movies and films in general CGI has become an essential tool for filmmakers to bring their visions to the screen, be it by creating computer generated characters, props, sets, or just simplifying the process of image and sound editing. Film production ("Filmproduktion") has been made faster and more efficient in the post production phase, offering an unprecedented level of freedom and quality.
The success of 3D computer animation and CGI in general started in the early 90s, when software bundles and processing power got more affordable even for smaller companies, and since then it turned into an accepted art form by itself. Over the years the technology evolved further and further, lowering the barrier between art and technology, and even allowing these two extremes to blend seamlessly.
Creation of 3D graphics:
The creation of CGI and computer animation requires the use of specialized software products. Several bundles have established on the market, and it is mainly a question of personal preference which one to pick. After all the biggest factor in creating convincing digital worlds is the artist himself, whereas the software is merely the tool to transfer his creativity onto the screen.
As graphics software became more user-friendly and intuitive, the process of creating CGI started to resemble its real-world counterparts, like painting, sculpting, photography and filmmaking. The area of computer animation for example requires the same steps of "real world" filmmaking, with the addition of modeling sets, props and characters first. Bringing a mass of "digital clay" into shape to form a convincing character (or any other object or location to be shown, for that matter) is the initial step. Then cameras, lights and other entities are arranged in the virtual space, and animated if necessary. Computer animation might be called the digital successor to the classic Harryhausen-type stop-motion animation, although many other ways of animating virtual objects and characters (like physical simulation or motion-capturing techniques) have evolved over the years. The last step is called "rendering" and describes the process of collecting all information of the scene and light setup to process and output the final image through the lens of a virtual camera, either in the form of still frames, or a series of frames which create the illusion of movement.
Television, film production and commercials:
Computer animation and three-dimensional visualization ("Visualisierung") is widely used in television, commercials and film production. The "small screen" has proven to be the perfect field for experimenting with newly developed technology and concepts, and many artists working in the area of television and commercials have made their way to the movie business. With software bundles getting cheaper and more accessible, independent artists and filmmakers seized the opportunity to create their own films and short films, a development which gave the visual quality of films an enormous boost in the mid 90s. In the area of film production computer animation slowly started replacing hand-made models and puppets, and even the genre of animated films has gotten a digital counterpart.
The area of commercials has grown into other branches like industrial documentations ("Industriefilm") and corporate video ("Imagefilm"), and besides entertainment computer animation is also used in the fields of education, interactive media ("3D Online") and military application.
Scientific visualization:
Computer animation produced to present meteorological data, medical imaging, industriefilm, architecture and technology.
Product design and engineering:
Designers and engineers use special CAD (computer aided design) software for designing, developing and manufacturing consumer and industrial products. Product visualization extensively uses modern graphics technology and with the help of computers, designs can be rotated, cut and manipulated even before getting manufactured. This greatly helps engineers visualize the product that they are designing.
The success of 3D computer animation and CGI in general started in the early 90s, when software bundles and processing power got more affordable even for smaller companies, and since then it turned into an accepted art form by itself. Over the years the technology evolved further and further, lowering the barrier between art and technology, and even allowing these two extremes to blend seamlessly.
Creation of 3D graphics:
The creation of CGI and computer animation requires the use of specialized software products. Several bundles have established on the market, and it is mainly a question of personal preference which one to pick. After all the biggest factor in creating convincing digital worlds is the artist himself, whereas the software is merely the tool to transfer his creativity onto the screen.
As graphics software became more user-friendly and intuitive, the process of creating CGI started to resemble its real-world counterparts, like painting, sculpting, photography and filmmaking. The area of computer animation for example requires the same steps of "real world" filmmaking, with the addition of modeling sets, props and characters first. Bringing a mass of "digital clay" into shape to form a convincing character (or any other object or location to be shown, for that matter) is the initial step. Then cameras, lights and other entities are arranged in the virtual space, and animated if necessary. Computer animation might be called the digital successor to the classic Harryhausen-type stop-motion animation, although many other ways of animating virtual objects and characters (like physical simulation or motion-capturing techniques) have evolved over the years. The last step is called "rendering" and describes the process of collecting all information of the scene and light setup to process and output the final image through the lens of a virtual camera, either in the form of still frames, or a series of frames which create the illusion of movement.
Television, film production and commercials:
Computer animation and three-dimensional visualization ("Visualisierung") is widely used in television, commercials and film production. The "small screen" has proven to be the perfect field for experimenting with newly developed technology and concepts, and many artists working in the area of television and commercials have made their way to the movie business. With software bundles getting cheaper and more accessible, independent artists and filmmakers seized the opportunity to create their own films and short films, a development which gave the visual quality of films an enormous boost in the mid 90s. In the area of film production computer animation slowly started replacing hand-made models and puppets, and even the genre of animated films has gotten a digital counterpart.
The area of commercials has grown into other branches like industrial documentations ("Industriefilm") and corporate video ("Imagefilm"), and besides entertainment computer animation is also used in the fields of education, interactive media ("3D Online") and military application.
Scientific visualization:
Computer animation produced to present meteorological data, medical imaging, industriefilm, architecture and technology.
Product design and engineering:
Designers and engineers use special CAD (computer aided design) software for designing, developing and manufacturing consumer and industrial products. Product visualization extensively uses modern graphics technology and with the help of computers, designs can be rotated, cut and manipulated even before getting manufactured. This greatly helps engineers visualize the product that they are designing.
Subscribe to:
Posts (Atom)
