.. _tutorial: ******** Tutorial ******** *So how can I make this work?* This is a quick guide to getting started with mod_python programming once you have it installed. This is not an installation manual. It is also highly recommended to read (at least the top part of) the section :ref:`pythonapi` after completing this tutorial. .. _tut-pub: A Quick Start with the Publisher Handler ======================================== This section provides a quick overview of the Publisher handler for those who would like to get started without getting into too much detail. A more thorough explanation of how mod_python handlers work and what a handler actually is follows on in the later sections of the tutorial. The :ref:`hand-pub` is provided as one of the standard mod_python handlers. To get the publisher handler working, you will need the following lines in your config:: AddHandler mod_python .py PythonHandler mod_python.publisher PythonDebug On The following example demonstrates a simple feedback form. The form asks for a name, e-mail address and a comment which are then used to construct and send a message to the webmaster. This simple application consists of two files: :file:`form.html` - the form to collect the data, and :file:`form.py` - the target of the form's action. Here is the html for the form:: Please provide feedback below:

The ``action`` element of the ``
`` tag points to ``form.py/email``. We are going to create a file called :file:`form.py`, like this:: import smtplib WEBMASTER = "webmaster" # webmaster e-mail SMTP_SERVER = "localhost" # your SMTP server def email(req, name, email, comment): # make sure the user provided all the parameters if not (name and email and comment): return "A required parameter is missing, \ please go back and correct the error" # create the message text msg = """\ From: %s Subject: feedback To: %s I have the following comment: %s Thank You, %s """ % (email, WEBMASTER, comment, name) # send it out conn = smtplib.SMTP(SMTP_SERVER) conn.sendmail(email, [WEBMASTER], msg) conn.quit() # provide feedback to the user s = """\ Dear %s,
Thank You for your kind comments, we will get back to you shortly. """ % name return s When the user clicks the Submit button, the publisher handler will load the :func:`email` function in the :mod:`form` module, passing it the form fields as keyword arguments. It will also pass the request object as ``req``. You do not have to have ``req`` as one of the arguments if you do not need it. The publisher handler is smart enough to pass your function only those arguments that it will accept. The data is sent back to the browser via the return value of the function. Even though the Publisher handler simplifies mod_python programming a great deal, all the power of mod_python is still available to this program, since it has access to the request object. You can do all the same things you can do with a "native" mod_python handler, e.g. set custom headers via ``req.headers_out``, return errors by raising :exc:`apache.SERVER_ERROR` exceptions, write or read directly to and from the client via :meth:`req.write()` and :meth:`req.read()`, etc. Read Section :ref:`hand-pub` for more information on the publisher handler. .. _tut-overview: Quick Overview of how Apache Handles Requests ============================================= Apache processes requests in :dfn:`phases`. For example, the first phase may be to authenticate the user, the next phase to verify whether that user is allowed to see a particular file, then (next phase) read the file and send it to the client. A typical static file request involves three phases: (1) translate the requested URI to a file location (2) read the file and send it to the client, then (3) log the request. Exactly which phases are processed and how varies greatly and depends on the configuration. A :dfn:`handler` is a function that processes one phase. There may be more than one handler available to process a particular phase, in which case they are called by Apache in sequence. For each of the phases, there is a default Apache handler (most of which by default perform only very basic functions or do nothing), and then there are additional handlers provided by Apache modules, such as mod_python. Mod_python provides every possible handler to Apache. Mod_python handlers by default do not perform any function, unless specifically told so by a configuration directive. These directives begin with ``'Python'`` and end with ``'Handler'`` (e.g. ``PythonAuthenHandler``) and associate a phase with a Python function. So the main function of mod_python is to act as a dispatcher between Apache handlers and Python functions written by a developer like you. The most commonly used handler is ``PythonHandler``. It handles the phase of the request during which the actual content is provided. Because it has no name, it is sometimes referred to as as :dfn:`generic` handler. The default Apache action for this handler is to read the file and send it to the client. Most applications you will write will provide this one handler. To see all the possible handlers, refer to Section :ref:`directives`. .. _tut-what-it-do: So what Exactly does Mod-python do? =================================== Let's pretend we have the following configuration:: AddHandler mod_python .py PythonHandler myscript PythonDebug On Note: ``/mywebdir`` is an absolute physical path in this case. And let's say that we have a python program (Windows users: substitute forward slashes for backslashes) :file:`/mywedir/myscript.py` that looks like this:: from mod_python import apache def handler(req): req.content_type = "text/plain" req.write("Hello World!") return apache.OK Here is what's going to happen: The ``AddHandler`` directive tells Apache that any request for any file ending with :file:`.py` in the :file:`/mywebdir` directory or a subdirectory thereof needs to be processed by mod_python. The ``'PythonHandler myscript'`` directive tells mod_python to process the generic handler using the `myscript` script. The ``'PythonDebug On'`` directive instructs mod_python in case of an Python error to send error output to the client (in addition to the logs), very useful during development. When a request comes in, Apache starts stepping through its request processing phases calling handlers in mod_python. The mod_python handlers check whether a directive for that handler was specified in the configuration. (Remember, it acts as a dispatcher.) In our example, no action will be taken by mod_python for all handlers except for the generic handler. When we get to the generic handler, mod_python will notice ``'PythonHandler myscript'`` directive and do the following: * If not already done, prepend the directory in which the ``PythonHandler`` directive was found to ``sys.path``. * Attempt to import a module by name ``myscript``. (Note that if ``myscript`` was in a subdirectory of the directory where ``PythonHandler`` was specified, then the import would not work because said subdirectory would not be in the ``sys.path``. One way around this is to use package notation, e.g. ``'PythonHandler subdir.myscript'``.) * Look for a function called ``handler`` in module ``myscript``. * Call the function, passing it a request object. (More on what a request object is later). * At this point we're inside the script, let's examine it line-by-line: * :: from mod_python import apache This imports the apache module which provides the interface to Apache. With a few rare exceptions, every mod_python program will have this line. .. index:: single: handler * :: def handler(req): This is our :dfn:`handler` function declaration. It is called ``'handler'`` because mod_python takes the name of the directive, converts it to lower case and removes the word ``'python'``. Thus ``'PythonHandler'`` becomes ``'handler'``. You could name it something else, and specify it explicitly in the directive using ``'::'``. For example, if the handler function was called ``'spam'``, then the directive would be ``'PythonHandler myscript::spam'``. Note that a handler must take one argument - the :ref:`pyapi-mprequest`. The request object is an object that provides all of the information about this particular request - such as the IP of client, the headers, the URI, etc. The communication back to the client is also done via the request object, i.e. there is no "response" object. * :: req.content_type = "text/plain" This sets the content type to ``'text/plain'``. The default is usually ``'text/html'``, but because our handler does not produce any html, ``'text/plain'`` is more appropriate. You should always make sure this is set *before* any call to ``'req.write'``. When you first call ``'req.write'``, the response HTTP header is sent to the client and all subsequent changes to the content type (or other HTTP headers) have no effect. * :: req.write("Hello World!") This writes the ``'Hello World!'`` string to the client. * :: return apache.OK This tells Apache that everything went OK and that the request has been processed. If things did not go OK, this line could return :const:`apache.HTTP_INTERNAL_SERVER_ERROR` or :const:`apache.HTTP_FORBIDDEN`. When things do not go OK, Apache logs the error and generates an error message for the client. .. note:: It is important to understand that in order for the handler code to be executed, the URL needs not refer specficially to :file:`myscript.py`. The only requirement is that it refers to a :file:`.py` file. This is because the ``AddHandler mod_python .py`` directive assignes mod_python to be a handler for a file *type* (based on extention ``.py``), not a specific file. Therefore the name in the URL does not matter, in fact the file referred to in the URL doesn't event have to exist. Given the above configuration, ``'http://myserver/mywebdir/myscript.py'`` and ``'http://myserver/mywebdir/montypython.py'`` would yield the exact same result. .. _tut-more-complicated: Now something More Complicated - Authentication =============================================== Now that you know how to write a basic handler, let's try something more complicated. Let's say we want to password-protect this directory. We want the login to be ``'spam'``, and the password to be ``'eggs'``. First, we need to tell Apache to call our *authentication* handler when authentication is needed. We do this by adding the ``PythonAuthenHandler``. So now our config looks like this:: AddHandler mod_python .py PythonHandler myscript PythonAuthenHandler myscript PythonDebug On Notice that the same script is specified for two different handlers. This is fine, because if you remember, mod_python will look for different functions within that script for the different handlers. Next, we need to tell Apache that we are using Basic HTTP authentication, and only valid users are allowed (this is fairly basic Apache stuff, so we're not going to go into details here). Our config looks like this now:: AddHandler mod_python .py PythonHandler myscript PythonAuthenHandler myscript PythonDebug On AuthType Basic AuthName "Restricted Area" require valid-user Note that depending on which version of Apache is being used, you may need to set either the \code{AuthAuthoritative} or ``AuthBasicAuthoritative`` directive to ``Off`` to tell Apache that you want allow the task of performing basic authentication to fall through to your handler. Now we need to write an authentication handler function in :file:`myscript.py`. A basic authentication handler would look like this:: from mod_python import apache def authenhandler(req): pw = req.get_basic_auth_pw() user = req.user if user == "spam" and pw == "eggs": return apache.OK else: return apache.HTTP_UNAUTHORIZED Let's look at this line by line: * :: def authenhandler(req): This is the handler function declaration. This one is called ``authenhandler`` because, as we already described above, mod_python takes the name of the directive (``PythonAuthenHandler``), drops the word ``'Python'`` and converts it lower case. * :: pw = req.get_basic_auth_pw() This is how we obtain the password. The basic HTTP authentication transmits the password in base64 encoded form to make it a little bit less obvious. This function decodes the password and returns it as a string. Note that we have to call this function before obtaining the user name. * :: user = req.user This is how you obtain the username that the user entered. * :: if user == "spam" and pw == "eggs": return apache.OK We compare the values provided by the user, and if they are what we were expecting, we tell Apache to go ahead and proceed by returning :const:`apache.OK`. Apache will then consider this phase of the request complete, and proceed to the next phase. (Which in this case would be :func:`handler()` if it's a ``'.py'`` file). * :: else: return apache.HTTP_UNAUTHORIZED Else, we tell Apache to return :const:`HTTP_UNAUTHORIZED` to the client, which usually causes the browser to pop a dialog box asking for username and password. .. _tut-404-handler: Your Own 404 Handler ==================== In some cases, you may wish to return a 404 (:const:`HTTP_NOT_FOUND`) or other non-200 result from your handler. There is a trick here. if you return :const:`HTTP_NOT_FOUND` from your handler, Apache will handle rendering an error page. This can be problematic if you wish your handler to render it's own error page. In this case, you need to set ``req.status = apache.HTTP_NOT_FOUND``, render your page, and then ``return(apache.OK)``:: from mod_python import apache def handler(req): if req.filename[-17:] == 'apache-error.html': # make Apache report an error and render the error page return(apache.HTTP_NOT_FOUND) if req.filename[-18:] == 'handler-error.html': # use our own error page req.status = apache.HTTP_NOT_FOUND pagebuffer = 'Page not here. Page left, not know where gone.' else: # use the contents of a file pagebuffer = open(req.filename, 'r').read() # fall through from the latter two above req.write(pagebuffer) return(apache.OK) Note that if wishing to returning an error page from a handler phase other than the response handler, the value ``apache.DONE`` must be returned instead of ``apache.OK``. If this is not done, subsequent handler phases will still be run. The value of ``apache.DONE`` indicates that processing of the request should be stopped immediately. If using stacked response handlers, then ``apache.DONE`` should also be returned in that situation to prevent subsequent handlers registered for that phase being run if appropriate.