WWWserver.tcl 0.1, a simple TCL based Web server
Copyright (C) 1998 V. Ziemann <ziemann@tsl.uu.se>

Date: March 3, 1998
License: GPL, see below
Requires: Tcl 7.6 (for the sockets)


References:

[1] B. Welch: Practical Programming in Tcl/Tk
[2] http://www.cnet.com/Content/Builder/Programming/CGI/ss04.html


What is it?

This package contains a small tcl-based Web Server that supports
the GET and POST method, including simple cgi-bin support. The source 
is less than 100 lines of code. Also included is a small sendmail-like 
application that I used to test the GET and POST part of the code.

My code is largely inspired by B. Welch's book in Tcl (see above)
in which he describes a simple Echo Server in order to illustrate the
use of network sockets. I expanded his code to write a simple web 
server mostly to learn about sockets. This is not a professional
product, just a private learning experience. Maybe you can use it
for your own edutainment.


Installation:

You may need edit the first line of WWWserver.tcl to point to the
tcl-executable. It is currently set to /usr/local/bin/tclsh.
then you may need to make the code executable 

	chmod 755 WWWserver.tcl 

and copy it to the directory you want to access from the Web.
This directory will be what other servers call ServerRoot.
There you start the server by typing

	WWWserver.tcl 8086

where 8086 is the port number you will use. If you are root you 
can use small numbers (<1024), otherwise use something like 8086,
or so. You can then access a file named test.html by typing 

	http://localhost:8086/test.html

in the Location field of your browser. If you omit the filename,
the server defaults to welcome.html. It's hard-coded, but look 
at the tcl-source if you want to change it. It is shorter than 
setup files of most other servers.

If you are networked you can substitute "localhost" by the 
IP-address of the computer on which the server runs.


Security:

I have included some rudimentary security measures in the
server, add your own if you find them inadequate. Please
tell me <ziemann@tsl.uu.se> about your improvements and
why you implemented them.

The filename may not contain "..", such that only directories
under the directory where the server is started are visible.
Moreover filenames are checked for suspicious characters. If 
those are found an error message is send back to the browser.

If you want to use the cgi-bin functionality you *must* put the
executable program in a directory with name cgi-bin under the 
one where you started the server. Furthermore, the program
you want executed *must* exist in that subdirectory.

You can restrict access to the domain 199.199.199 by including some
code like
		
	if [regexp {^199.199.199} $addr] {
		#..accept the call 
	} else {
		#..reject the call
	}

in the serverAccept procedure.

Examples:

I include a small example for POST and GET cgi-bin consisting of
the file mailforward.html which contains mainly a form tag
in which you can enter Email-type information. The Submit 
button sends From, To, Reply-To, Subject and body of the Email
to the mailforward program in the cgi-bin directory which in
turn mails it to the recipient. All in all, you can use this
to have people on the web use your machine to send email.
Whether this is a useful feature is debatable, but it is
only intended to illustrate GET/POST transactions. See [2]
for the inspiring original and [1] for some code snippets,
like the URL_decode function.

The other example is a program called SearchServer.tcl which can 
be used to search through a bunch of text files for keywords.
It does a text search on files with extension .txt and .html 
that are stored in a directory and underlying subdirectories. 
There is a html file search.html that presents a form to the
caller in which he can enter search words. When submitting the
form data using GET the server will search through the directory 
tree (it chokes on empty subdirectories, though) for files that 
contain these words and sends that list of files back to the 
browser. In that list the files are clickable for easy retrieval. 
The server is started by executing

	SearchServer.tcl 8085

in the main directory. The form can be accessed by entering

	http://localhost:8085/search.html

in the location field of the browser. Of course the same
functionality can be implemented by a vanilla cgi-bin program,
but I got carried away with the sockets...


Restrictions:

  * The server hangs when exporting binary files (both in Tcl 7.6 
    and 8.0).
  * The SearchServer hickups when encountering empty subdirectories,
    because the glob command crashes and is "catch-ed".
  * Probably more, tell me 'bout it!


Other uses:

The control system of our cyclotron and storage ring has a build-in
Tcl/Tk interface. On the control computers (Sun/Solaris) we can 
access magnets, beam currents from a Tcl script. In order to 
have the same functionality on my Linux-PC I wrote a small server 
which runs on the Sun and services requests that originate from my 
Linux-PC.

With a little extra effort you can build your own customized IntraNet 
using a server like the presented one. You'll need some access 
restriction similar to the one discussed above and possibly some 
encryption.


Files:

README                : This file
COPYING               : GNU General Public License
WWWserver.html        : Tcl-code of the server
mailforward.html      : Simple mail form
cgi-bin/mailforward   : Tcl-code that does the mailing, adapted from [2]
SearchServer.tcl      : Tcl-server for plain-text search
search.html           : Form for entering search words


PostScriptum:

Comments are always welcome. Moreover, I do not claim to be very 
original here. I just learned about TclHttpd from 
<http://sunscript.sun.com/tclhttpd/index.html> which is a real 
server. You should rather use that one for production runs.


Legaleeze:

This program is free software; you can redistribute it and/or modify it 
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.

You can get a copy of the GNU General Public License from the
Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.


