Environment variables are a series of hidden values that the web server sends to every CGI program you run. Your program can parse them and use the data they send. Environment variables are stored in a hash named %ENV:
Key Value
DOCUMENT_ROOT The root directory of your server
HTTP_COOKIE The visitor’s cookie, if one is set
HTTP_HOST The hostname of the page being attempted
HTTP_REFERER The URL of the page that called your program
HTTP_USER_AGENT The browser type of the visitor
HTTPS “on” if the program is being called through a secure server
PATH The system path your server is running under
QUERY_STRING The query string (see GET, below)
REMOTE_ADDR The IP address of the visitor
REMOTE_HOST The hostname of the visitor (if your server has reverse-name-lookups on; otherwise this is the IP address again)
REMOTE_PORT The port the visitor is connected to on the web server
REMOTE_USER The visitor’s username (for .htaccess-protected pages)
REQUEST_METHOD GET or POST
REQUEST_URI The interpreted pathname of the requested document or CGI (relative to the document root)
SCRIPT_FILENAME The full pathname of the current CGI
SCRIPT_NAME The interpreted pathname of the current CGI (relative to the document root)
SERVER_ADMIN The email address for your server’s webmaster
SERVER_NAME Your server’s fully qualified domain name (e.g. www.cgi101.com)
SERVER_PORT The port number your server is listening on
SERVER_SOFTWARE The server software you’re using (e.g. Apache 1.3)
Some servers set other environment variables as well; check your server documentation for more information. Notice that some environment variables give information about your server, and will never change (such as SERVER_NAME and SERVER_ADMIN), while others give information about the visitor, and will be different every time someone accesses the program.
Not all environment variables get set. REMOTE_USER is only set for pages in a directory or subdirectory that’s password-protected via a .htaccess file. (See Chapter 20 to learn how to password protect a directory.) And even then, REMOTE_USER will be the username as it appears in the .htaccess file; it’s not the person’s email address. There is no reliable way to get a person’s email address, short of asking them for it with a web form.
You can print the environment variables the same way you would any hash value:
print “Caller = $ENV{HTTP_REFERER}\n”;
Let’s try printing some environment variables. Start a new file named env.cgi:
Program 3-1: env.cgi – Print Environment Variables Program
——————————————————————————–
#!/usr/bin/perl -wT
use strict;
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
print header;
print start_html(“Environment”);
foreach my $key (sort(keys(%ENV))) {
print “$key = $ENV{$key}
\n”;
}
print end_html;
——————————————————————————–
Source code: http://www.cgi101.com/book/ch3/env-cgi.html
Working example: http://www.cgi101.com/book/ch3/env.cgi
Save the file, chmod 755 env.cgi, then try it in your web browser. Compare the environment variables displayed with the list on the previous page. Notice which values show information about your server and CGI program, and which ones give away information about you (such as your browser type, computer operating system, and IP address).
Let’s look at several ways to use some of this data.
Referring Page
When you click on a hyperlink on a web page, you’re being referred to another page. The web server for the receiving page keeps track of the referring page, and you can access the URL for that page via the HTTP_REFERER environment variable. Here’s an example:
Program 3-2: refer.cgi – HTTP Referer Program
——————————————————————————–
#!/usr/bin/perl -wT
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use strict;
print header;
print start_html(“Referring Page”);
print “Welcome, I see you’ve just come from
$ENV{HTTP_REFERER}!
\n”;
print end_html;