Johannes Erdfelt
johannes at erdfelt.com
Tue Oct 19 20:49:59 EDT 2004
On Tue, Oct 19, 2004, Graham Dumpleton <grahamd at dscpl.com.au> wrote: > A question on what people perceive as being best practice as far as dealing > with forms when using mod_python. > > Imagine there is a form for logging into a site and its url is at "login". I've > ignored extensions in this discussion as different mechanisms may or may > not make it easy to use them. > > Is there a tendency to have the form when submitted, post back using > the same url, ie., ACTION field in form is not set, or to a different url. > > If the first approach is used, any type of content handler for the resource > must be able to deal with with both no form data or required form data. > If no form data, put up the form, else if form data process the posted form > appropriately. > > Upon processing the form, if login was successful, it might redirect to > another resource, or if the login form was actually part of a larger page, it > may then enable display of what other information was on the page. > > In this approach you tend to end up with a lot of things jumbled up into > one content handler and it could perceivably get a bit messy. > > If the form and the processor of the form are at different urls, there is a > better separation of functionality of presenting the form and its processing. > Being different urls though, you might have to be a bit trickier as far as > using redirects to get back to where you want when login is sucessful > especially if it is a generic login processor. > > How do people handle this in the different mechanisms that are available? > Is there a general concensus that one approach is much superior to the other? > Are there any specific things that could be put into a content handler system > that can make this aspect of processing forms easier? To speak for myself, when I've implemented this, I've done it posting back to the same script. This is because I almost always need to handle errors and present the same form back to the user, possibly with an error message describing the problem. It's actually quite easy given the form validation code I've described previously. The code looked something similar to this: __form_vars__ = [ form.string("email"), form.string("password"), ] def handler_html(req): if not os.path.exists(req.filename): return apache.DECLINED template = vampire.loadTemplate(req.filename) if req.form.email is None and req.form.password is not None: if validate_password(req.form.email, req.form.password): req.status = apache.HTTP_MOVED_TEMPORARILY req.headers_out["Location"] = "/location/to/redirect/to" req.send_http_header() return apache.OK else: # Error validating user pass else: # Don't show error message template.error.omit() if req.form.email: template.email.atts['value'] = req.form.email req.content_type = "text/html" req.headers_out['Cache-Control'] = 'no-cache' req.headers_out['Expires'] = '-1' req.send_http_header() req.write(template.render()) return apache.OK The form validation code will stuff None into the value if the variable wasn't passed at all. You could also do something like this: __form_vars__ = [ form.submit("submit", [ form.string("email", required = 1), form.string("password", required = 1), ], ] and then: if req.form.submit is not None: However, the submit value may not always be sent if the user just hits return instead of clicking on a button. JE
|