[mod_python] Re: mod_python sample code

Hi Peter,
I didn't do much (any) CGI, but I did something along those lines: a 
combination apache+oracle+mod_python. So maybe I'll describe that a little,
hopefully it will give you some pointers (just replace any references to oracle
with your database of choice.) I hope it's not too verbose for you.
If you don't mind, I'll CC this to the list so others may give you much better 
tips on this topic than I,
(... and hopefully lift up a little the technical vs. non-technical threads :-)
Verbose example coming up:

I'm assuming that you've installed mod_python, and run successfully the
sample code and examples.

So what I did - basically I took the publisher.py file which came with 
my mod_python copy, and modified it to fit my needs. Things like

import ...
# my database settings
import DCOracle2
os.environ['ORACLE_SID'] = '...'
os.environ['ORACLE_HOME'] = '...'
my_connect_string='...'

# a fast function (in C) to parse query string
parse_qsl = apache.parse_qsl

# I also changed all 'req' to 'REQUEST' for better clarity, so keep this
# in mind when you are reading my code (Zope influence).

def handler(REQUEST):
    _REQUEST = REQUEST._req
    _REQUEST.content_type = "text/html"

    # at this point, I want to check if user's browser has sent 
    # a cookie which I'm expecting (is he authenticated or not?)

    ########
    # if No Cookie Sent by Client
    #
    if not _REQUEST.headers_in.has_key("Cookie"):
        #
        # substract 'requested_URL' and 'requested_vars'
        #
        requested_URL = str(_REQUEST.server.server_hostname) + str(_REQUEST.uri)        requested_vars = '' # handle GET requests
        if _REQUEST.headers_in.has_key("content-length"):
            requested_vars = _REQUEST.read(int(_REQUEST.headers_in["content-length"]))
        #
        # save 'requested URL and variables' in a cookie on client
        #  - a cheezy way to do this I guess, but what I want to do is
        #    save the URL the user requested, because I will redirect him
        #    to my 'login' page, and this info will be lost.
        #   
        rURLlen = ('000' + str(len(requested_URL)))[-3:]
        _REQUEST.headers_out.add('Set-Cookie',
'v=L' # my internal token indicating it's a Login cookie
+ rURLlen 
+ requested_URL 
+ requested_vars 
+ '; '
+ 'path=/; ' # without the 'path', Netscape|Lynx won't store the cookie
)
        # now I'm sending the user the login page:
        #
        _REQUEST.headers_out.add('Pragma','no-cache')
        _REQUEST.send_http_header()
        #
        # send login form
        #
        _REQUEST.write(login_form1) # 'login_form1' being simple html
        raise apache.SERVER_RETURN, apache.OK
    #
    # /if No Cookie Sent by Client
    ########

    ########
    # Process Login Form data
    #
    elif str(_REQUEST.uri) == '/login/login_action':
        requested_vars = _REQUEST.read(int(_REQUEST.headers_in["content-length"]        #
        # parse query string
        #
        keep_blank_values=0
        pairs = parse_qsl(requested_vars, keep_blank_values)
        """ 
'pairs' now looks like this (yours will obviously vary, depending on what 
values you had in your form's html code):
[('username', '...'),('password', '...'), ('submit', 'Continue')]

But this is basically how I retrieve all data send by user in my html forms.
        """
        #
        # process 'missing Login field data' --> send 'Data missing' login form
        #
        if len(pairs) != 3:
            _REQUEST.write(login_form2)
            raise apache.SERVER_RETURN, apache.OK
        #
        # put Login data in local vars (for processing)
        #
        items = []
        for item in pairs[:-1]: # skip last item 'submit'
            if item[0] not in ('username','persistent', 'password'):
                _REQUEST.write(login_form2) # --> send 'Data missing' login form                raise apache.SERVER_RETURN, apache.OK
            items.append(item[1])
        username,ac_password = items

        #
        # get database login data
        #  - obviously this code is database-dependent
        #  - 'users' is a table where I've put all my user data
        SQL =  "SELECT * FROM users WHERE username = '%s'" % username
        try:
            connection = DCOracle2.connect(connect_string)
            cursor = connection.cursor()
            cursor.prepare(SQL)
            cursor.execute()
            cursor.arraysize = 20
            db_result = cursor.fetchall()
        except (DCOracle2.DatabaseError,TypeError), e:
            # I am logging the error to some dedicated LOG file
            LOG.write(timestamp + 'SQL: >' + SQL + '<   ' + str(e) + '\n')
            LOG.flush()
            raise apache.SERVER_RETURN, apache.HTTP_INTERNAL_SERVER_ERROR
        if db_result == []:
            _REQUEST.write(login_form3) # --> send 'Wrong Data' login form
            raise apache.SERVER_RETURN, apache.OK
            """ 
'db_result[0]' looks like this:
['user_id','username', 'password', OracleDate("2002-07-10 02:20:31")]

This obviously will depend on your table schema.
            """
        db_userID,db_Username,db_Pword,db_Created = db_result[0]
        #
        # check Login Form data against Database data
        #
        if (password != db_Pword):
            _REQUEST.write(login_form3) # --> send 'Wrong Data' login form
            raise apache.SERVER_RETURN, apache.OK
        #
        # set session in database
        # - here I'm basically repeating the db code of earlier
        #
        #  then I'm created a session token, which I'm sending to the user
        #  and will retrieve using the cookie mechanism (seen earlier).