CHP-8>
This chapter covers, in detail, a full-fledged working web application. Our application is the Perl Apprenticeship site at U<http://apprentice.perl.org/>. Back at O'Reilly's 2001 Open Source Conference, Adam Turoff suggested that the Perl community needed a site where people who had project ideas, but either not enough time or not enough expertise, could hook up with other programmers who could supply the missing pieces.
An experienced developer with a really neat idea and not nearly enough time to do it can post a project idea and offer to mentor a less experienced developer in its implementation. Conversely, a less experienced developer with a really neat idea who isn't quite sure how to go forward on it can look for a mentor to help him bring that idea to life.
This is a pretty basic database-backed web application, the kind of
thing that Mason gets used for all the time. It
didn't require anything too terribly complicated,
but it shows off a number of Mason's features quite
well, including how components can be used to isolate individual site
elements, autohandlers and dhandlers, and a simple use of
<%method>
blocks.
One thing worth noting is that for database access we chose to use Alzabo (database-to-object mapper)> Alzabo, which is a project created and maintained by Dave Rolsky. Alzabo is a database-to-object mapper> database-to-object mapper built on top of the DBI. It allows us to easily create Perl objects representing things in our database, like users or projects. We will not be going into detail on our schema or our Alzabo-related code here, as this is largely incidental to the goal of this chapter. Our hope is that if you don't understand any particular piece of the Alzabo functionality, you can just treat it as pseudocodes> pseudocode.N<Or pseudopseudocode, since it's actually code.> More information on Alzabo is available online at U<http://www.alzabo.org/>. Alzabo is also available from the CPAN.
The code for the site is available at this book's site, U<http://www.masonbook.com/>. This includes an installer that should help you get the site up and running without too much trouble.N<Famous last words, no doubt. Bug reports are always welcome, of course.>
CHP-8-SECT-1>
The first issue at hand is determining what sort of functionality the site has to have in order to be useful. Our Web sites;functionality of> site is fairly simple. It needs to implement the following features:
The index pages> Web sites;index page> index page will have a welcome message, site news, and a featured project selected by the site administrator.
The lefthand side of the site is a navigation menu> Web sites;navigation menu> navigation menu that is context-sensitive. Logged-in users see different options than guest users. Users with site admin options see an additional set of options. However, these options remain the same from page to page.
Underneath the menu the site shows the five most recent projects entered into the system.
Some user information> user information will be publicly viewable. This will be users' usernames> usernames and email addresses> email addresses (displayed in an altered form to protect them from robots) and the list of projects with which they are involved. Their real names are not displayed.
project browsing> browsing>
Since we do not anticipate an extremely large number of submissions, at least initially, we decided not to create any complicated search mechanism. The two ways to find projects will be to view a list of all the projects in the system or to browse the projects by category. The user can click on any displayed project to see more detailed information about it.
user accounts> Users need to be able to create new accounts, retrieve a forgotten passwords> password, log in, and log out. In addition, we'd like to let them edit their own accounts.
Users have the following properties:
Username
Password
Real name
Email address
Status -- available, semi-available, or busy
admin flag> Admin flag -- is this __FOX_NLBF__> user a site administrator?
Logged-in users should be able to add a new project and edit an existing one for which they have admin privileges. This includes the ability to add and remove projects> project members.
Projects have the following properties:
Name
Description
Creation date
Difficulty -- from one to ten
Project status -- idea or active
Support level -- a lot, some, or a little. If the project is created by a mentor, this is how much support they can provide. If the project is created by an apprentice, this is how much support they think they need.
Links -- each link has a URL and an optional description
Categories -- a project has one or more categories such as database, GUI, and so on.
Members -- a project member is either a mentor or an apprentice. Any project member may be given project admin access.
site administration>
Web sites;site administration> Site administrators should be able to edit any user or project. In addition, site admins can also edit the list of categories available for projects.
security> Web sites;security of>
A careful reader will notice that passwords are stored in the database in plain text form. This means that someone who hacking> hacks into the system where the data is stored won't have to do any extra work to get all the passwords.
In our opinion, this is OK for several reasons. Even if we stored hashed passwords, anyone sophisticated enough to be able to hack the operating system is going to be capable of running a dictionary attack against these passwords once they are retrieved from the database.
Furthermore, we like being able to send people their actual passwords via email when they request it, which is a choice we made in light of the fact that this is a relatively low security site. There is always a trade-off between security and convenience. But don't give us the same password you use for your bank __FOX_NLBF__> account, OK?
CHP-8-SECT-2>
Because of the nature of Mason's autohandler feature, Web sites;directory layout>
directories> directory layout is actually an important consideration when designing a site. Of course, you can always override a component's inheritance and inherit from any other component, but it makes sense to come up with a directory layout that minimizes the need to do this.
In the case of the Apprenticeship site, we only have one ``skin'' we want to apply to all components. This is done in the top-level autohandler. Our subdirectories are then used to implement access controls and dhandlers. A<CHP-8-TABLE-1>Table 8-1 shows our directory layout.