[Zope] Redirect to a specific page, awstats for zope

Paul Zwarts paz@oratrix.com
Fri, 26 Oct 2001 15:25:29 +0200


Hi Konstantinos,

Thanks for the heads up about AWStats. I'm checking it out now, to see
if its better than analog, which we use. Analog was quite nice because
all I needed to do was write a python oneliner that would call analog
from my site and then publish the results into my interface.

Awstats looks a bit more comprehensive on output, but more difficult to
setup. Did you mention that you hooked it straight into Zserver? Perhaps
that howto would be a great addition. I am certainly interested.

Paul Zwarts

-----Original Message-----
From: zope-admin@zope.org [mailto:zope-admin@zope.org] On Behalf Of
Konstantinos Margaritis
Sent: Friday, October 26, 2001 12:57 PM
To: zope@zope.org
Subject: Re: [Zope] Redirect to a specific page, awstats for zope

On Tuesday 16 October 2001 04:06, you wrote:
> I would be interested to see what you were trying to do in the form of
a
>   howto, in case it helps. ;-)
>

Ok. It's done now, so I thought I could share this info with all you
guys.
Basically, I wanted to create a member personal webpage system that is
based on templates.
For example, in my case I have a member database and you want to have a
site that
holds a personal page for each member in

http//memberclub.com/username (fictitious URL)

But you don't really want to keep a REAL html page for each member.
Instead you 
want to make them enter their data in a form, insert a picture or two,
add some
personal links, etc. Then you use another database that holds the data
and load
these in a template (or more if you want to add variety).
So how do I do this? You have to do the following steps.

a) check the URL passed do some initial checking on the argument (so
that we can
check for malicious uses) and split the string into space-separated
arguments and
keep only the first argument.
That is if someone enters the URL:
http://memberclub.com/"this is a very big url that is meant to confuse
the server"

I keep http://memberclub.com/"this

b) Check if this word corresponds to a username in the database. Easy.
If not show
an error screen (User does not exist)
c) if b) is true, check if the user has a personal homepage (that is if
the webpages
database has an entry for this user). Then load the corresponding
template with the
correct data. Else show a "User does not have a homepage" error screen.

Ok. This is what it does. Here is how it works:

Have a redirect_index that has the following code:

<dtml-unless "REQUEST.path and REQUEST.path[0][:6]=='manage'">
<dtml-let username="cleanupQueryString(REQUEST.PATH_INFO)">
  <dtml-call "REQUEST.set('nickname',username)">
  <dtml-call "REQUEST.set('TraversalRequestNameStack', ['index_html'])">
</dtml-let>
</dtml-unless>

(shamelessly stolen and adapted from some howto page in zope site :-)

This redirects everything (except the manage screens) to index_html:

<HTML>
<dtml-if nickname>
  <dtml-in SelectMemberByUsername size=1 orphan=0>
    <dtml-call "REQUEST.set('page_owner',nickname)">
    <dtml-in SelectWebPageByOwner size=1 orphan=0>
      <HEAD>
      <TITLE><dtml-var page_owner>'s Homepage</TITLE>
      </HEAD>
        <dtml-if "page_template==0">
          <dtml-var template1>
        <dtml-elif "page_template==1">
          <dtml-var template2>
        <dtml-elif "page_template==2">
          <dtml-var template3>
        </dtml-if>
      <dtml-else><dtml-var UserNoPagePage>
    </dtml-in>
  <dtml-else><dtml-var NoUserPage>
  </dtml-in>
<dtml-else>
  <dtml-var homepage>
</dtml-if>
</HTML>

And I use the following Python script, and SQL methods:

cleanupQueryString:
import string
queries = string.split(queryString)
return queries[0][1:]

(I know I have to build something more secure :-)

SelectMemberByUsername:
select nickname from members where <dtml-sqltest nickname op=eq type=nb>
limit 1

SelectWebPageByOwner:
select * from WEBPAGES where <dtml-sqltest page_owner op=eq type=nb>

and of course the template[1-3], UserNoPagePage, NoUserPage and homepage
DMTL methods.

Hope this was of interest to at least one person. :-)

Again thanks for a wonderful product...

By the way, in case anyone is interested, awstats
(http://awstats.sourceforge.net) works 
fine with zope and produces very nice statistics for all zope sites
(even with virtual hosting).
Although I had to do some extra work for the virtual hosting stuff. I
could write a small howto
for that if there is interest.
Oh, and using awstats' statistic I saw around 20000 attack attempts on
zope using Code Red/Nimda
and other known exploits for IIS. You can't believe how relieved I am
that I am using zope!!!

-- 
Konstantinos Margaritis
Bullet S.A.

_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )