This chapter covers, in detail, a full-fledged working web application. Our application is the Perl Apprenticeship site at http://apprentice.perl.org/. Back at O’Reilly’s 2001 Open Source Conference, Adam Turoff suggested that the Perl community needed a site where people who had project ideas, but either not enough time or not enough expertise, could hook up with other programmers who could supply the missing pieces.
An experienced developer with a really neat idea and not nearly enough time to do it can post a project idea and offer to mentor a less experienced developer in its implementation. Conversely, a less experienced developer with a really neat idea who isn’t quite sure how to go forward on it can look for a mentor to help him bring that idea to life.
This is a pretty basic database-backed web application, the kind of
thing that Mason gets used for all the time. It
didn’t require anything too terribly complicated,
but it shows off a number of Mason’s features quite
well, including how components can be used to isolate individual site
elements, autohandlers and dhandlers, and a simple use of
One thing worth noting is that for database access we chose to use Alzabo, which is a project created and maintained by Dave Rolsky. Alzabo is a database-to-object mapper built on top of the DBI. It allows us to easily create Perl objects representing things in our database, like users or projects. We will not be going into detail on our schema or our Alzabo-related code here, as this is largely incidental to the goal of this chapter. Our hope is that if you don’t understand any particular piece of the Alzabo functionality, you can just treat it as pseudocode.
More information on Alzabo is available online at http://www.alzabo.org/. Alzabo is also available from the CPAN.
The lefthand side of the site is a navigation menu that is context-sensitive. Logged-in users see different options than guest users. Users with site admin options see an additional set of options. However, these options remain the same from page to page.
Underneath the menu the site shows the five most recent projects entered into the system.
Some user information will be publicly viewable. This will be users’ usernames and email addresses (displayed in an altered form to protect them from robots) and the list of projects with which they are involved. Their real names are not displayed.
Since we do not anticipate an extremely large number of submissions, at least initially, we decided not to create any complicated search mechanism. The two ways to find projects will be to view a list of all the projects in the system or to browse the projects by category. The user can click on any displayed project to see more detailed information about it.
Users have the following properties:
Projects have the following properties:
Difficulty — from one to ten
Project status — idea or active
Support level — a lot, some, or a little. If the project is created by a mentor, this is how much support they can provide. If the project is created by an apprentice, this is how much support they think they need.
Links — each link has a URL and an optional description
Categories — a project has one or more categories such as database, GUI, and so on.
Members — a project member is either a mentor or an apprentice. Any project member may be given project admin access.
A careful reader will notice that passwords are stored in the database in plain text form. This means that someone who hacks into the system where the data is stored won’t have to do any extra work to get all the passwords.
In our opinion, this is OK for several reasons. Even if we stored hashed passwords, anyone sophisticated enough to be able to hack the operating system is going to be capable of running a dictionary attack against these passwords once they are retrieved from the database.
Furthermore, we like being able to send people their actual passwords via email when they request it, which is a choice we made in light of the fact that this is a relatively low security site. There is always a trade-off between security and convenience. But don’t give us the same password you use for your bank account, OK?