Hi Konstantinos, fine, but whats the point in using a relational database when you already have an object database? I think the problem can even simplier solved if you make a ZClass with add-form, some properties for descriptions and so on and images as sub-object. You only need to catch the case where a user-page does not exist. This can be done with a custom error document. Best regards Tino Wildenhain --On Friday, October 26, 2001 13:57:02 +0300 Konstantinos Margaritis <markos@bullet-adv.gr> wrote:
On Tuesday 16 October 2001 04:06, you wrote:
I would be interested to see what you were trying to do in the form of a howto, in case it helps. ;-)
Ok. It's done now, so I thought I could share this info with all you guys. Basically, I wanted to create a member personal webpage system that is based on templates. For example, in my case I have a member database and you want to have a site that holds a personal page for each member in
http//memberclub.com/username (fictitious URL)
But you don't really want to keep a REAL html page for each member. Instead you want to make them enter their data in a form, insert a picture or two, add some personal links, etc. Then you use another database that holds the data and load these in a template (or more if you want to add variety). So how do I do this? You have to do the following steps.
a) check the URL passed do some initial checking on the argument (so that we can check for malicious uses) and split the string into space-separated arguments and keep only the first argument. That is if someone enters the URL: http://memberclub.com/"this is a very big url that is meant to confuse the server"
I keep http://memberclub.com/"this
b) Check if this word corresponds to a username in the database. Easy. If not show an error screen (User does not exist) c) if b) is true, check if the user has a personal homepage (that is if the webpages database has an entry for this user). Then load the corresponding template with the correct data. Else show a "User does not have a homepage" error screen.
Ok. This is what it does. Here is how it works:
Have a redirect_index that has the following code:
<dtml-unless "REQUEST.path and REQUEST.path[0][:6]=='manage'"> <dtml-let username="cleanupQueryString(REQUEST.PATH_INFO)"> <dtml-call "REQUEST.set('nickname',username)"> <dtml-call "REQUEST.set('TraversalRequestNameStack', ['index_html'])"> </dtml-let> </dtml-unless>
(shamelessly stolen and adapted from some howto page in zope site :-)
This redirects everything (except the manage screens) to index_html:
<HTML> <dtml-if nickname> <dtml-in SelectMemberByUsername size=1 orphan=0> <dtml-call "REQUEST.set('page_owner',nickname)"> <dtml-in SelectWebPageByOwner size=1 orphan=0> <HEAD> <TITLE><dtml-var page_owner>'s Homepage</TITLE> </HEAD> <dtml-if "page_template==0"> <dtml-var template1> <dtml-elif "page_template==1"> <dtml-var template2> <dtml-elif "page_template==2"> <dtml-var template3> </dtml-if> <dtml-else><dtml-var UserNoPagePage> </dtml-in> <dtml-else><dtml-var NoUserPage> </dtml-in> <dtml-else> <dtml-var homepage> </dtml-if> </HTML>
And I use the following Python script, and SQL methods:
cleanupQueryString: import string queries = string.split(queryString) return queries[0][1:]
(I know I have to build something more secure :-)
SelectMemberByUsername: select nickname from members where <dtml-sqltest nickname op=eq type=nb> limit 1
SelectWebPageByOwner: select * from WEBPAGES where <dtml-sqltest page_owner op=eq type=nb>
and of course the template[1-3], UserNoPagePage, NoUserPage and homepage DMTL methods.
Hope this was of interest to at least one person. :-)
Again thanks for a wonderful product...
By the way, in case anyone is interested, awstats (http://awstats.sourceforge.net) works fine with zope and produces very nice statistics for all zope sites (even with virtual hosting). Although I had to do some extra work for the virtual hosting stuff. I could write a small howto for that if there is interest. Oh, and using awstats' statistic I saw around 20000 attack attempts on zope using Code Red/Nimda and other known exploits for IIS. You can't believe how relieved I am that I am using zope!!!
-- Konstantinos Margaritis Bullet S.A.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )