Re: How hard is socket programming?

From:

"Peter Olcott" <NoSpam@OCR4Screen.com>

Newsgroups:

microsoft.public.vc.mfc

Date:

Wed, 17 Mar 2010 13:46:07 -0500

Message-ID:

<1ZednUgNPd3svjzWnZ2dnUVZ_jKdnZ2d@giganews.com>

"Hector Santos" <sant9442@nospam.gmail.com> wrote in message
news:%23OsdMufxKHA.4752@TK2MSFTNGP04.phx.gbl...

Peter Olcott wrote:

It looks like the mongoose approach may be simpler:

http://code.google.com/p/mongoose/wiki/EmbeddingMongoose

Simply bind the webserver and the application into a
single executable that now has web server capability.
It has HTTPS too, the only other thing that I need is
cookies. I don't know if it has cookies.

If you are have a separate service, you don't need this or
don't have to worry about FASTCGI. Use any web server
with an embedded language or CGI. I'm telling ya, you are
making this more complex than it is.

It would be simplest to do this:
OCR.cpp + mongoose.c = OCR_WebServer.exe

Do you know a way that I can authenticate once, and then
have several (possibly many) ten cent financial
transactions that decrement the account balance very
quickly? Since HTTP is a stateless protocol, I was
wondering how I could best maintain this state. Could I
use a cookie for this?

AUTHENTICATION comes in two flavors:

  1) IETF HTTP AUTH standard BASIC and DIGEST, where BASIC
is
     a requirement and DIGEST (more secure) is optional.
     However, most, if not all browsers today support
DIGEST.
     Most "branded" WEB Servers support DIGEST too.

     The BROWSER handles BASIC/DIGEST, its the POPUP
window
     you see. Not a FORM based HTML login.

  2) NON-STANDARD COOKIE-BASED FORM AUTHENTICATION

     It is non-standard because the COOKIE information is
not
     a standard. (Except for OpenID and OpenAuth which are
     "cookie based" proposed standard).

     The user most allow the browser to support cookies
and
     javascript (for hashing the cookies perhaps). If its
     off, its breaks your authentication, so you will have
     to enforce it on users for your site.

     COOKIES are passed as a HTTP header in the HTTP
request.

What are the conventional ways that this state is kept track
of such that HTTP request can be correlated to users logged
in? I bet there is an HTTP header with identifying
information that can be correlated to users logged in.

As far the financial port, that is implementation detail
that either the CGI or OCR server will handle per request.

Our WINSERVER package gives you everything you need here,
including establishing subscription for your authenticated
customers. The only thing you need to write is the OCR
server and the embedded script or CGI that talks to it.

Here is example c/c++ CGI that interfaces with our server:

// File: cgitest.cpp

#include <stdio.h>
#include <afx.h>
#include <wctype.h>
#include <wcserver.h>

#pragma comment(lib,"wcsrv2.lib")

#define CGITEST_VERSION "v2.0"

//---------------------------------------------------------------------
// Global Variable (Single Thread Process)
TUser User = {0};
//---------------------------------------------------------------------

CString HtmlToText(const char *s)
{
   CString result = s;
   result.Replace("<","&lt");
   result.Replace(">","&gt");
   return result;
}

void penv(const char *s)
{
   CString sTemp = HtmlToText(getenv(s));
   printf("%s=<font
color=\"red\"><b>%s</b></font>\n",s,sTemp);
}

void Dump(char argc, char *argv[])
{
   printf("<h2>CGI Environment</h2>");
   printf("<hr>\n");
   printf("<pre>\n");
   {
      for (int i=0; i < argc; i++) {
         printf("p%d [%s]\n",i,argv[i]);
      }
   }

   penv("AUTH_TYPE");
   penv("CONTENT_LENGTH");
   penv("CONTENT_TYPE");
   penv("DOCUMENT_ROOT");
   penv("GATEWAY_INTERFACE");
   penv("PATH_INFO");
   penv("PATH_TRANSLATED");
   penv("NOPUBLIC");
   penv("QUERY_STRING");
   penv("REMOTE_ADDR");
   penv("REMOTE_HOST");
   penv("REMOTE_IDENT");
   penv("REMOTE_USER");
   penv("REQUEST_METHOD");
   penv("SCRIPT_FILENAME");
   penv("SCRIPT_NAME");
   penv("SERVER_NAME");
   penv("SERVER_PORT");
   penv("SERVER_PROTOCOL");
   penv("SERVER_SOFTWARE");
   penv("WILDCATCONTEXT");
   penv("WILDCATSERVER");
   penv("WILDCATSERVERCONTEXT");
   printf("</pre>\n");
}

void DumpEnv()
{
   LPTSTR lpszVariable;
   LPVOID lpvEnv;

   // Get a pointer to the environment block.

   lpvEnv = GetEnvironmentStrings();

   printf("<hr>\n");
   // Variable strings are separated by NULL byte, and the
block is
   // terminated by a NULL byte.

   for (lpszVariable = (LPTSTR) lpvEnv; *lpszVariable;
lpszVariable++)
   {
      while (*lpszVariable)
         putchar(*lpszVariable++);
      putchar('\n');
   }
   printf("<hr>\n");
}

//---------------------------------------------------------------------

int DoMain1(char argc, char *argv[])
{
    printf("Content-Type: text/html\n\n");

    printf("<html>\n");
    printf("<head>\n");
    printf("<title>hello! version %s!</title>\n",
CGITEST_VERSION);
    printf("</head>\n");
    printf("<body>\n");
    printf("<h2>hello! %s</h2>\n", User.Info.Name);
    printf("<pre>\n");

    //WriteResultToHtml();
    Dump(argc, argv);
    //DumpEnv();

    printf("</pre>\n");
    printf("</body>\n");
    printf("</html>\n");

    return 0;

}

int DoCGI(char argc, char *argv[])
{

   // Reestablish User Session

   const char *chall = getenv("WILDCATCONTEXT");
   if (chall) {
      if (!WildcatServerCreateContextFromChallenge(chall))
      {
          printf("Content-Type: text/plain\n\n");
          printf("! Error %08X - session
context\n",GetLastError());
          return 1;
      }
   }

   __try {
     WildcatLoggedIn(&User);
     return DoMain1(argc,argv);
   } __finally {
     WildcatServerDeleteContext();
   }
   return 0;
}

int main(char argc, char *argv[])
{
  // connect to application server
  if (!WildcatServerConnect(NULL)) return 1;

  DoCGI(argc,argv);

  return 0;
}

Once it runs, you connect to your OCR server, do your
thing, then update the user record subtraction some
subscription value.

The alternative is to connect to some SQL databases to
manage your users.

--
HLS