O'Reilly logo

Embedding Perl in HTML with Mason by Ken Williams, Dave Rolsky

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Building a Mason Site

This chapter covers, in detail, a full-fledged working web application. Our application is the Perl Apprenticeship site at http://apprentice.perl.org/. Back at O’Reilly’s 2001 Open Source Conference, Adam Turoff suggested that the Perl community needed a site where people who had project ideas, but either not enough time or not enough expertise, could hook up with other programmers who could supply the missing pieces.

An experienced developer with a really neat idea and not nearly enough time to do it can post a project idea and offer to mentor a less experienced developer in its implementation. Conversely, a less experienced developer with a really neat idea who isn’t quite sure how to go forward on it can look for a mentor to help him bring that idea to life.

This is a pretty basic database-backed web application, the kind of thing that Mason gets used for all the time. It didn’t require anything too terribly complicated, but it shows off a number of Mason’s features quite well, including how components can be used to isolate individual site elements, autohandlers and dhandlers, and a simple use of <%method> blocks.

One thing worth noting is that for database access we chose to use Alzabo, which is a project created and maintained by Dave Rolsky. Alzabo is a database-to-object mapper built on top of the DBI. It allows us to easily create Perl objects representing things in our database, like users or projects. We will not be going into detail on our schema or our Alzabo-related code here, as this is largely incidental to the goal of this chapter. Our hope is that if you don’t understand any particular piece of the Alzabo functionality, you can just treat it as pseudocode.[17]

More information on Alzabo is available online at http://www.alzabo.org/. Alzabo is also available from the CPAN.

The code for the site is available at this book’s site, http://www.masonbook.com/. This includes an installer that should help you get the site up and running without too much trouble.[18]

Functionality

The first issue at hand is determining what sort of functionality the site has to have in order to be useful. Our site is fairly simple. It needs to implement the following features:

Index page

The index page will have a welcome message, site news, and a featured project selected by the site administrator.

Consistent and context-sensitive menu

The lefthand side of the site is a navigation menu that is context-sensitive. Logged-in users see different options than guest users. Users with site admin options see an additional set of options. However, these options remain the same from page to page.

Underneath the menu the site shows the five most recent projects entered into the system.

User information

Some user information will be publicly viewable. This will be users’ usernames and email addresses (displayed in an altered form to protect them from robots) and the list of projects with which they are involved. Their real names are not displayed.

Project browsing

Since we do not anticipate an extremely large number of submissions, at least initially, we decided not to create any complicated search mechanism. The two ways to find projects will be to view a list of all the projects in the system or to browse the projects by category. The user can click on any displayed project to see more detailed information about it.

User accounts

Users need to be able to create new accounts, retrieve a forgotten password, log in, and log out. In addition, we’d like to let them edit their own accounts.

Users have the following properties:

  • Username

  • Password

  • Real name

  • Email address

  • Status — available, semi-available, or busy

  • Admin flag — is this user a site administrator?

Project editing

Logged-in users should be able to add a new project and edit an existing one for which they have admin privileges. This includes the ability to add and remove project members.

Projects have the following properties:

  • Name

  • Description

  • Creation date

  • Difficulty — from one to ten

  • Project status — idea or active

  • Support level — a lot, some, or a little. If the project is created by a mentor, this is how much support they can provide. If the project is created by an apprentice, this is how much support they think they need.

  • Links — each link has a URL and an optional description

  • Categories — a project has one or more categories such as database, GUI, and so on.

  • Members — a project member is either a mentor or an apprentice. Any project member may be given project admin access.

Site administration

Site administrators should be able to edit any user or project. In addition, site admins can also edit the list of categories available for projects.

Security

A careful reader will notice that passwords are stored in the database in plain text form. This means that someone who hacks into the system where the data is stored won’t have to do any extra work to get all the passwords.

In our opinion, this is OK for several reasons. Even if we stored hashed passwords, anyone sophisticated enough to be able to hack the operating system is going to be capable of running a dictionary attack against these passwords once they are retrieved from the database.

Furthermore, we like being able to send people their actual passwords via email when they request it, which is a choice we made in light of the fact that this is a relatively low security site. There is always a trade-off between security and convenience. But don’t give us the same password you use for your bank account, OK?



[17] Or pseudopseudocode, since it’s actually code.

[18] Famous last words, no doubt. Bug reports are always welcome, of course.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required