Show Contents Previous Page Next Page Chapter 4 - Content Handlers / Apache::Registry All the Apache::Registry examples that we've seen so far have been
short and, frankly, silly. Now let's look at an example of a real-world script
that actually does something useful. The guestbook script (Example 4-15),
as its name implies, manages a typical site guestbook, where visitors can enter
their names, email addresses, and comments. It works well as both a standalone
CGI script and a Unlike some other guestbook programs, this one doesn't append users' names to a growing HTML document. Instead, it maintains a flat file in which each user's entry is represented as a single line in the file. Tabs separate the five fields, which are the date of the entry, the user's name, the user's email address, the user's location (e.g., city of residence), and comments. Nonalphanumeric characters are URL-escaped to prevent the format from getting messed up if the user enters newlines or tabs in the fields, giving records that look like: 05/07/98 JR jr_ewing%40dallas.com Dallas,%20TX Like%20the%20hat When the script is first called, it presents the user with the option of signing the guestbook file or looking at previous entries (Figure 4-6). Figure 4-6. The Apache::Registry guestbook script generates its own fill-out form.  If the user presses the button labeled "Sign Guestbook," a confirmation page appears, which echoes the entry and prompts the user to edit or confirm it (Figure 4-7). Figure 4-7. The confirmation page generated by guestbook  Pressing the "Change Entry" button takes the user back to the previous page with the fields filled in and waiting for the user's changes. Pressing "Confirm Entry" appends the user's entry to the guestbook file and displays the whole file (Figure 4-8). Figure 4-8. The listing of previous guestbook entries generated by guestbook  Turning to the source code, the script begins by importing functions from a variety of modules, including CGI.pm, IO::File, Fcntl, and POSIX: use strict; use CGI qw(:standard :html3 escape unescape escapeHTML); use IO::File (); use Fcntl qw(:flock); use POSIX qw(strftime); use vars qw(@FIELDS %REQUIRED %BIG $GUESTBOOKFILE); @FIELDS = qw(name e-mail location comments);
%REQUIRED = ('name' => 1, 'e-mail' => 1);
%BIG = ('comments' => 1);
The script then defines some constants. if ($ENV{MOD_PERL}) {
$GUESTBOOKFILE = Apache->request->dir_config('GuestbookFile');
}
$GUESTBOOKFILE ||= "/usr/tmp/guestbookfile.txt";
Next the script checks if it is running under print header,
start_html(-title => 'Guestbook', -bgcolor => 'silver'),
h1("Guestbook");
The script now begins to generate the document by calling shortcut functions defined in the CGI module to generate the HTTP header, the HTML header and title, and a level 1 heading of "Guestbook." CASE: {
$_ = param('action');
/^sign/i and do { sign_guestbook(); last CASE; };
/^confirm/i and do { write_guestbook() and view_guestbook(); last CASE; };
/^view/i and do { view_guestbook(1); last CASE; };
generate_form();
}
We now enter the variable part of the script. Depending on what phase of the transaction the user is in, we either want to prompt the user to fill out the guestbook form, confirm an entered entry, or view the entire guestbook. We distinguish between the phases by looking at the contents of a script parameter named action. If action equals sign, we know that the user has just completed the fill-out form and pressed the "Sign Guestbook" button, so we jump to the routine responsible for this part of the transaction. Similarly, we look for action values of confirm and view, and jump to the appropriate routines for these actions. If action is missing, or if it has some value we don't expect, we take the default action of generating the fill-out form. print end_html; exit 0; Having done its work, the script prints out the </HTML> tag and exits. sub generate_form {
my @rows;
for my $field (@FIELDS) {
my $title = "Your $field";
$title .= " (optional)" if !$REQUIRED{$field};
my $element = $BIG{$field} ?
textarea(-name => $field,
-rows => 4,
-columns => 50,
-wrap => 1)
: textfield(-name => $field, -size => 50);
push @rows, th($title) . td($element);
}
print start_form,
table(TR{-align => 'LEFT'}, \@rows),
br,
submit(-name => 'action', -value => 'View Guestbook'),
submit(-name => 'action', -value => 'Sign Guestbook'),
end_form;
}
The subroutine responsible for generating the form is named, appropriately enough, generate_form(). It iterates over sub sign_guestbook {
my @missing = check_missing(@FIELDS);
if (@missing) {
print_warning(@missing);
generate_form();
return;
}
sign_guestbook() has a slightly more complex job. Its first task is to check the submitted form for missing required fields by calling the internal subroutine check_missing(). If any are missing, it displays the missing fields by calling another internal subroutine, print_warning(), and then invokes generate_form() to redisplay the form with its current values. No particular hocus-pocus is required to display the partially completed form correctly; this is just one of the beneficial side effects of CGI.pm's "sticky forms" feature. my @rows;
foreach (@FIELDS) {
push @rows, TR(th({-align=>'LEFT'},$_),
td(escapeHTML(param($_))));
}
print "Here is your guestbook entry. Press ",
em('Confirm')," to save it, or ",em('Change'),
" to change it.",
hr,
table(@rows),
hr;
If all the required fields are filled in, sign_guestbook() generates an HTML table to display the user's entries. The technique for generating the form is similar to that used in the previous subroutine, except that no special cases are needed for different types of fields. We do, however, have to be careful to call escapeHTML() (a function imported from CGI.pm) in order to prevent HTML entities and other funny characters that the user might have entered from messing up the page. print start_form;
foreach (@FIELDS) {
print hidden(-name => $_);
}
print submit(-name => 'action',
-value => 'Change Entry'),
submit(-name => 'action',
-value => 'Confirm Entry'),
end_form;
}
We end the routine by creating a short fill-out form. This form contains the contents of the user's guestbook entry stashed into a series of hidden fields, and push buttons labeled "Change Entry" and "Confirm Entry." We hide the guestbook entry information in this way in order to carry the information forward to the next set of pages. sub check_missing {
my %p;
for (@_) { ++$p{$_} if param($_) }
return grep !$p{$_}, keys %REQUIRED;
}
sub print_warning {
print font({-color => 'red'},
'Please fill in the following fields: ',
em(join ', ', @_),
'.');
}
The check_missing() and print_warning() subroutines are short and sweet. The first routine uses the Perl grep() function to check the list of provided fields against the list of required fields and returns a list of the truants, if any. The second routine accepts a list of missing fields and turns it into a warning of the form, "Please fill in the following fields: e-mail." For emphasis, the message is rendered in a red font (under browsers that understand the <FONT> extension). The write_guestbook() and view_guestbook() subroutines are the most complex of the bunch. The main complication is that, on an active site, there's a pretty good chance that a second instance of the script may be invoked by another user before the first instance has completed opening and updating the guestbook file. If the writes overlap, the file could be corrupted and a guestbook entry lost or scrambled. For this reason, it's important for the script to lock the file before working with it. POSIX-compliant systems (which include both Unix and Windows systems) offer a simple form of advisory file locking through the flock() system call. When a process opens a file and flock()s it, no other process can flock() it until the first process either closes the file or manually relinquishes the lock. There are actually two types of lock. A "shared" lock can be held by many processes simultaneously. An "exclusive" lock can only be held by one process at a time and prevents any other program from locking the file. Typically, a program that wants to read from a file will obtain a shared lock, while a program that wants to write to the file asks the system for an exclusive lock. A shared lock allows multiple programs to read from a file without worrying that some other process will change the file while they are still reading it. A program that wants to write to a file will call flock() to obtain an exclusive lock; the call will then block until all other processes have released their locks. After an exclusive lock is granted, no other program can lock the file until the writing process has finished its work and released the lock. It's important to realize that the flock() locking mechanism is advisory. Nothing prevents a program from ignoring the flock() call and reading from or writing to a file without seeking to obtain a lock first. However, as long as only the programs you've written yourself attempt to access the file and you're always careful to call flock() before working with it, the system works just fine. sub lock {
my $path = shift;
my $for_writing = shift;
my ($lock_type, $path_name, $description);
if ($for_writing) {
$lock_type = LOCK_EX;
$path_name = ">>$path";
$description = 'writing';
}
else {
$lock_type = LOCK_SH;
$path_name = $path;
$description = 'reading';
}
my $fh = IO::File->new($path_name) or
warn "Couldn't open $path for $description: $!", return;
# now try to lock it
my $success;
my $tries = 0;
while ($tries++ < 10) {
last if $success = flock($fh, $lock_type|LOCK_NB);
print p("Waiting for $description lock on guestbook file...");
sleep(1); # wait a second
}
unless ($success) {
warn("Couldn't get lock for $description");
return;
}
return $fh;
}
To make life a little simpler, the guestbook script defines a utility function named lock() that takes care of opening and locking the guestbook file (you'll find the definition at the bottom of the source listing). lock() takes two arguments: the name of the file to open and a flag indicating whether the file should be opened for writing. If the write flag is true, the function opens the file in append mode and then attempts to obtain an exclusive lock. Otherwise, it opens the file read only and tries to obtain a shared lock. If successful, the opened filehandle is returned to the caller.
The flock() function is used to obtain both types of lock. The first argument is the opened filehandle; the second is a constant indicating the type of lock to obtain. The constants for exclusive and shared locks are sub write_guestbook {
my $fh = lock($GUESTBOOKFILE, 1);
unless ($fh) {
print strong('An error occurred: unable to open guestbook file.'),p();
Delete('action');
print a({-href => self_url}, 'Try again');
return;
}
seek ($fh,0,2); # paranoia: seek to end of file
my $date = strftime('%D',localtime);
print $fh join("\t", $date, map {escape(param($_))} (@FIELDS)),"\n";
print "Thank you, ", param('name'),", for signing the guestbook.\n";
$fh->close;
1;
}
To write a new entry into the guestbook, the write_guestbook() function calls lock() with the path to the guestbook file and a flag indicating we want write access. If the call fails, we display an appropriate error message and return. Otherwise, we seek to the end of the file, just in case someone else wrote to the file while we were waiting for the lock. We then join together the current date (obtained from the POSIX strftime() function) with the current values of the guestbook fields and write them out to the guestbook filehandle. To avoid the possibility of the user messing up our tab-delimited field scheme by entering tabs or newlines in the fill-out form, we're careful to escape the fields before writing them to the file. To do this, we use the map operator to pass the fields through CGI.pm's escape() function. This function is ordinarily used to make text safe for use in URIs, but it works just as well here. After writing to the file, we're careful to close the filehandle. This releases the lock on the file and gives other processes access to it. sub view_guestbook {
my $show_sign_button = shift;
print start_form,
submit(-name => 'Sign Guestbook'),
end_form
if $show_sign_button;
my $fh = lock($GUESTBOOKFILE, 0);
my @rows;
unless ($fh) {
print strong('An error occurred: unable to open guestbook file.'),br;
Delete('action');
print a({-href => self_url},'Try again');
return;
}
The view_guestbook() subroutine looks a lot like the one we just looked at but in reverse. It starts by creating a tiny fill-out form containing a single button labeled "Sign Guestbook." This button is only displayed when someone views the guestbook without signing it first and is controlled by the while (<$fh>) {
chomp;
my @data = map {escapeHTML($_)} map {unescape($_)} split("\t");
unshift @rows, td(\@data);
}
unshift @rows, th(['Date',@FIELDS]);
print p(
table({-border => ''},
caption(strong('Previous Guests')),
TR(\@rows)));
$fh->close;
print a({-href => '/'}, 'Home');
1;
}
The fields are then processed through map() twice: once to unescape the URL escape characters using the CGI.pm unescape() function and once again to make them safe to display on an HTML page using CGI.pm's escapeHTML() function. The second round of escaping is to avoid problems with values that contain the If we were not interested in running this script under standard CGI, we could increase performance slightly and reduce memory consumption substantially by replacing a few functions with their Apache:: equivalents: IO::File --> Apache::File CGI::escape --> Apache::Util::escape_uri CGI::unescape --> Apache::Util::unescape_uri CGI::escapeHTML --> Apache::Util::escape_html POSIX::strftime --> Apache::Util::ht_time See the reference listings in Chapter 9 for the proper syntax for these replacements. You'll also find a version of the guestbook script that uses these lightweight replacements on this book's companion web site, http://www.modperl.com. Example 4-15. A Guestbook Script #!/usr/local/bin/perl # guestbook.cgi use strict; use CGI qw(:standard :html3 escape unescape escapeHTML); use IO::File (); use Fcntl qw(:flock); use POSIX qw(strftime); use vars qw(@FIELDS %REQUIRED %BIG $GUESTBOOKFILE); @FIELDS = qw(name e-mail location comments);
%REQUIRED = ('name' => 1, 'e-mail' => 1);
%BIG = ('comments' => 1);
if ($ENV{MOD_PERL}) {
$GUESTBOOKFILE = Apache->request->dir_config('GuestbookFile');
}
$GUESTBOOKFILE ||= "/usr/tmp/guestbookfile.txt";
print header,
start_html(-title => 'Guestbook', -bgcolor => 'silver'),
h1("Guestbook");
CASE: {
$_ = param('action');
/^sign/i and do { sign_guestbook(); last CASE; };
/^confirm/i and do { write_guestbook() and view_guestbook(); last CASE; };
/^view/i and do { view_guestbook(1); last CASE; };
generate_form();
}
print end_html; exit 0; sub generate_form {
my @rows;
for my $field (@FIELDS) {
my $title = "Your $field";
$title .= " (optional)" if !$REQUIRED{$field};
my $element = $BIG{$field} ?
textarea(-name => $field,
-rows => 4,
-columns => 50,
-wrap => 1)
: textfield(-name => $field, -size => 50);
push @rows, th($title) . td($element);
}
print start_form,
table(TR{-align => 'LEFT'}, \@rows),
br,
submit(-name => 'action', -value => 'View Guestbook'),
submit(-name => 'action', -value => 'Sign Guestbook'),
end_form;
}
sub sign_guestbook {
my @missing = check_missing(@FIELDS);
if (@missing) {
print_warning(@missing);
generate_form();
return;
}
my @rows;
foreach (@FIELDS) {
push @rows, TR(th({-align=>'LEFT'},$_),
td(escapeHTML(param($_))));
}
print "Here is your guestbook entry. Press ",
em('Confirm')," to save it, or ",em('Change'),
" to change it.",
hr,
table(@rows),
hr;
print start_form;
foreach (@FIELDS) {
print hidden(-name => $_);
}
print submit(-name => 'action',
-value => 'Change Entry'),
submit(-name => 'action',
-value => 'Confirm Entry'),
end_form;
}
sub check_missing {
my %p;
for (@_) { ++$p{$_} if param($_) }
return grep !$p{$_}, keys %REQUIRED;
}
sub print_warning {
print font({-color => 'red'},
'Please fill in the following fields: ',
em(join ', ', @_),
'.');
}
sub write_guestbook {
my $fh = lock($GUESTBOOKFILE, 1);
unless ($fh) {
print strong('An error occurred: unable to open guestbook file.'),p();
Delete('action');
print a({-href => self_url}, 'Try again');
return;
}
seek ($fh,0,2); # paranoia: seek to end of file
my $date = strftime('%D',localtime);
print $fh join("\t", $date, map {escape(param($_))} (@FIELDS)),"\n";
print "Thank you, ", param('name'),", for signing the guestbook.\n";
$fh->close;
1;
}
sub view_guestbook {
my $show_sign_button = shift;
print start_form,
submit(-name => 'Sign Guestbook'),
end_form
if $show_sign_button;
my $fh = lock($GUESTBOOKFILE, 0);
my @rows;
unless ($fh) {
print strong('An error occurred: unable to open guestbook file.'),br;
Delete('action');
print a({-href => self_url},'Try again');
return;
}
while (<$fh>) {
chomp;
my @data = map {escapeHTML($_)} map {unescape($_)} split("\t");
unshift @rows, td(\@data);
}
unshift @rows, th(['Date',@FIELDS]);
print p(
table({-border => ''},
caption(strong('Previous Guests')),
TR(\@rows)));
$fh->close;
print a({-href => '/'}, 'Home');
1;
}
sub lock {
my $path = shift;
my $for_writing = shift;
my ($lock_type, $path_name, $description);
if ($for_writing) {
$lock_type = LOCK_EX;
$path_name = ">>$path";
$description = 'writing';
}
else {
$lock_type = LOCK_SH;
$path_name = $path;
$description = 'reading';
}
my $fh = IO::File->new($path_name) or
warn "Couldn't open $path for $description: $!", return;
# now try to lock it
my $success;
my $tries = 0;
while ($tries++ < 10) {
last if $success = flock($fh, $lock_type|LOCK_NB);
print p("Waiting for $description lock on guestbook file...");
sleep(1); # wait a second
}
unless ($success) {
warn("Couldn't get lock for $description");
return;
}
return $fh;
}
A PerlSetVar GuestbookFile /home/www/etc/guests.txtShow Contents Previous Page Next Page Copyright © 1999 by O'Reilly & Associates, Inc. |
