[Zope] Redirect to a specific page, awstats for zope

Konstantinos Margaritis markos@bullet-adv.gr
Fri, 26 Oct 2001 13:57:02 +0300


On Tuesday 16 October 2001 04:06, you wrote:
> I would be interested to see what you were trying to do in the form of a
>   howto, in case it helps. ;-)
>

Ok. It's done now, so I thought I could share this info with all you guys.
Basically, I wanted to create a member personal webpage system that is
based on templates.
For example, in my case I have a member database and you want to have a site that
holds a personal page for each member in

http//memberclub.com/username (fictitious URL)

But you don't really want to keep a REAL html page for each member. Instead you 
want to make them enter their data in a form, insert a picture or two, add some
personal links, etc. Then you use another database that holds the data and load
these in a template (or more if you want to add variety).
So how do I do this? You have to do the following steps.

a) check the URL passed do some initial checking on the argument (so that we can
check for malicious uses) and split the string into space-separated arguments and
keep only the first argument.
That is if someone enters the URL:
http://memberclub.com/"this is a very big url that is meant to confuse the server"

I keep http://memberclub.com/"this

b) Check if this word corresponds to a username in the database. Easy. If not show
an error screen (User does not exist)
c) if b) is true, check if the user has a personal homepage (that is if the webpages
database has an entry for this user). Then load the corresponding template with the
correct data. Else show a "User does not have a homepage" error screen.

Ok. This is what it does. Here is how it works:

Have a redirect_index that has the following code:

<dtml-unless "REQUEST.path and REQUEST.path[0][:6]=='manage'">
<dtml-let username="cleanupQueryString(REQUEST.PATH_INFO)">
  <dtml-call "REQUEST.set('nickname',username)">
  <dtml-call "REQUEST.set('TraversalRequestNameStack', ['index_html'])">
</dtml-let>
</dtml-unless>

(shamelessly stolen and adapted from some howto page in zope site :-)

This redirects everything (except the manage screens) to index_html:

<HTML>
<dtml-if nickname>
  <dtml-in SelectMemberByUsername size=1 orphan=0>
    <dtml-call "REQUEST.set('page_owner',nickname)">
    <dtml-in SelectWebPageByOwner size=1 orphan=0>
      <HEAD>
      <TITLE><dtml-var page_owner>'s Homepage</TITLE>
      </HEAD>
        <dtml-if "page_template==0">
          <dtml-var template1>
        <dtml-elif "page_template==1">
          <dtml-var template2>
        <dtml-elif "page_template==2">
          <dtml-var template3>
        </dtml-if>
      <dtml-else><dtml-var UserNoPagePage>
    </dtml-in>
  <dtml-else><dtml-var NoUserPage>
  </dtml-in>
<dtml-else>
  <dtml-var homepage>
</dtml-if>
</HTML>

And I use the following Python script, and SQL methods:

cleanupQueryString:
import string
queries = string.split(queryString)
return queries[0][1:]

(I know I have to build something more secure :-)

SelectMemberByUsername:
select nickname from members where <dtml-sqltest nickname op=eq type=nb> limit 1

SelectWebPageByOwner:
select * from WEBPAGES where <dtml-sqltest page_owner op=eq type=nb>

and of course the template[1-3], UserNoPagePage, NoUserPage and homepage DMTL methods.

Hope this was of interest to at least one person. :-)

Again thanks for a wonderful product...

By the way, in case anyone is interested, awstats (http://awstats.sourceforge.net) works 
fine with zope and produces very nice statistics for all zope sites (even with virtual hosting).
Although I had to do some extra work for the virtual hosting stuff. I could write a small howto
for that if there is interest.
Oh, and using awstats' statistic I saw around 20000 attack attempts on zope using Code Red/Nimda
and other known exploits for IIS. You can't believe how relieved I am that I am using zope!!!

-- 
Konstantinos Margaritis
Bullet S.A.