[Zope] Redirect to a specific page, awstats for zope

Tino Wildenhain tino@wildenhain.de
Fri, 26 Oct 2001 17:04:52 +0200


Hi Konstantinos,


fine, but whats the point in using a relational database when you already
have an object database?
I think the problem can even simplier solved if you make a ZClass with 
add-form,
some properties for descriptions and so on and images as sub-object.

You only need to catch the case where a user-page does not exist. This can 
be done
with a custom error document.

Best regards
Tino Wildenhain

--On Friday, October 26, 2001 13:57:02 +0300 Konstantinos Margaritis 
<markos@bullet-adv.gr> wrote:

> On Tuesday 16 October 2001 04:06, you wrote:
>> I would be interested to see what you were trying to do in the form of a
>>   howto, in case it helps. ;-)
>>
>
> Ok. It's done now, so I thought I could share this info with all you guys.
> Basically, I wanted to create a member personal webpage system that is
> based on templates.
> For example, in my case I have a member database and you want to have a
> site that holds a personal page for each member in
>
> http//memberclub.com/username (fictitious URL)
>
> But you don't really want to keep a REAL html page for each member.
> Instead you  want to make them enter their data in a form, insert a
> picture or two, add some personal links, etc. Then you use another
> database that holds the data and load these in a template (or more if you
> want to add variety).
> So how do I do this? You have to do the following steps.
>
> a) check the URL passed do some initial checking on the argument (so that
> we can check for malicious uses) and split the string into
> space-separated arguments and keep only the first argument.
> That is if someone enters the URL:
> http://memberclub.com/"this is a very big url that is meant to confuse
> the server"
>
> I keep http://memberclub.com/"this
>
> b) Check if this word corresponds to a username in the database. Easy. If
> not show an error screen (User does not exist)
> c) if b) is true, check if the user has a personal homepage (that is if
> the webpages database has an entry for this user). Then load the
> corresponding template with the correct data. Else show a "User does not
> have a homepage" error screen.
>
> Ok. This is what it does. Here is how it works:
>
> Have a redirect_index that has the following code:
>
> <dtml-unless "REQUEST.path and REQUEST.path[0][:6]=='manage'">
> <dtml-let username="cleanupQueryString(REQUEST.PATH_INFO)">
>   <dtml-call "REQUEST.set('nickname',username)">
>   <dtml-call "REQUEST.set('TraversalRequestNameStack', ['index_html'])">
> </dtml-let>
> </dtml-unless>
>
> (shamelessly stolen and adapted from some howto page in zope site :-)
>
> This redirects everything (except the manage screens) to index_html:
>
> <HTML>
> <dtml-if nickname>
>   <dtml-in SelectMemberByUsername size=1 orphan=0>
>     <dtml-call "REQUEST.set('page_owner',nickname)">
>     <dtml-in SelectWebPageByOwner size=1 orphan=0>
>       <HEAD>
>       <TITLE><dtml-var page_owner>'s Homepage</TITLE>
>       </HEAD>
>         <dtml-if "page_template==0">
>           <dtml-var template1>
>         <dtml-elif "page_template==1">
>           <dtml-var template2>
>         <dtml-elif "page_template==2">
>           <dtml-var template3>
>         </dtml-if>
>       <dtml-else><dtml-var UserNoPagePage>
>     </dtml-in>
>   <dtml-else><dtml-var NoUserPage>
>   </dtml-in>
> <dtml-else>
>   <dtml-var homepage>
> </dtml-if>
> </HTML>
>
> And I use the following Python script, and SQL methods:
>
> cleanupQueryString:
> import string
> queries = string.split(queryString)
> return queries[0][1:]
>
> (I know I have to build something more secure :-)
>
> SelectMemberByUsername:
> select nickname from members where <dtml-sqltest nickname op=eq type=nb>
> limit 1
>
> SelectWebPageByOwner:
> select * from WEBPAGES where <dtml-sqltest page_owner op=eq type=nb>
>
> and of course the template[1-3], UserNoPagePage, NoUserPage and homepage
> DMTL methods.
>
> Hope this was of interest to at least one person. :-)
>
> Again thanks for a wonderful product...
>
> By the way, in case anyone is interested, awstats
> (http://awstats.sourceforge.net) works  fine with zope and produces very
> nice statistics for all zope sites (even with virtual hosting). Although
> I had to do some extra work for the virtual hosting stuff. I could write
> a small howto for that if there is interest.
> Oh, and using awstats' statistic I saw around 20000 attack attempts on
> zope using Code Red/Nimda and other known exploits for IIS. You can't
> believe how relieved I am that I am using zope!!!
>
> --
> Konstantinos Margaritis
> Bullet S.A.
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )