[mod_python] Problem with Mod Python Appending HTML

Graham Dumpleton grahamd at dscpl.com.au
Thu Jun 29 19:24:46 EDT 2006


Max Luebbe wrote ..
> I think I understand what you are talking about but still can't get what
> I'm looking for to work. When I use apache.DONE instead of apache.OK, no
> further html is generated, and when I submit the form created by the
> displayAccountOptions function, it redisplays the same page, just
> without any css to make it look presentable. This is also not
> acceptable.
> 
> This is an authenhandler
> Here's a cut version of the code:
> 
> def authenhandler(req):
> 	'''Point of entry for this script.'''
> 
> 	# Get Authentication information from the user
> 	password = req.get_basic_auth_pw()
> 	user = req.user
> 
> 	# Check user info against the database
> 	db = anydbm.open(accountsDBPath, 'r')
> 	if not db.has_key(user):
> 		return apache.HTTP_UNAUTHORIZED
> 	else:
> 		record = db[user]
> 		# Decode entry
> 		initRecord = RECORD_SIZE * ['0']
> 		data = eval(db.setdefault(user, initRecord)) 
> 		# Check Password
> 		if not password == data[PASSWORD_HASH]:
> 			db.close()
> 			return apache.HTTP_UNAUTHORIZED
> 
> 		# User is authorized!
> 		record = {}
> 		record['loginName'] = user
> 		record['firstName'] = data[FIRST_NAME]
> 		record['lastName'] = data[LAST_NAME]
> 		record['forwardingAddress'] = data[FORWARDING_ADDRESS]
> 
> 		db.close()
> 		displayAccountOptions(req,user,record)
> 		return apache.OK
> 
> displayAccountOptions displays an html form that posts to another
> function called commitChanges, that displays additional html.
> 
> The html produced by commitChanges is getting appended to the html
> generated by displayAccountOptions, which is what not what I want.
> 
> Does this clarify things?

Not entirely.

> Would I be better served by just implementing my own password system for
> accessing my database (using password fields in a form) instead of using
> the authentication methods? 

First off, use of basic authentication is not intrinsically linked with
authenhandler in the sense that form/session based authentication
mechanisms can still use an authenhandler, although having not
yet available mod_python 3.3 helps. :-)

That said, my main comment is that when using basic authentication
as you are, one would not generally be generating a HTML page from the
authenhandler. Instead the authenhandler would simply be verifying
the user has appropriate access privileges and then the content handler
for whatever URL was requested would be executed to deliver up the
actual response. Thus I don't understand what you are trying to do by
way of highjacking the normal process by which URLs match to handlers
in order to produce some special account options page when the
user credentials are accepted.

If what you are trying to do is recognise the first time a user requests
access for a session that they be sent to a special page, then what
would normally be done is to issue a redirect response to send them
to that other page. That other page would then perhaps provide a
link to allow them then to get back to the page they wanted. To do
all this though would required use of sessions for it to work properly
as you need to retain some state so you know when first access occurs
and what page user should be sent back to after reviewing their
account options page.

Thus I think the general approach you are using is possibly the
wrong way of going about it anyway. As to you actual problem
of concatenated HTML, can tell from the above and really need to
see what displayAccountOptions() and commitChanges() are doing.

Graham

> On Wed, 2006-06-28 at 18:30 -0400, Graham Dumpleton wrote:
> > Max Luebbe wrote ..
> > > I am having problems with my mod_python scripts appending HTML together,
> > > when having req.write() create a new page is what I am after.
> > > 
> > > I have an authentication handler for a blank html page that queries
> a
> > > database for a user/pass, and then generates HTML based off of who
> > > logged in.
> > 
> > When you say you have a "authentication handler", do you mean that it
> > is triggered by PythonAuthenHandler directive. If it is and you are returning
> > HTML from it and it represents the complete response for the request,
> > you must return apache.DONE and not apache.OK. If you do not return
> > apache.DONE, the content handler will still be executed and thus any
> > HTML that the content handler itself generates will be appended to the
> > result.
> > 
> > The only other time you would likely see HTML from two places being
> > concatenated together, is when you are generating HTML but then returning
> > an error status such as apache.HTTP_UNAUTHORIZED. In other words, 
> > you were wanting to generate a custom error response page. If you simply
> > return apache.HTTP_UNAUTHORIZED in that situation, then Apache will
> > still go on to generate an error document page which gets appended to
> > your output. In that situation you should instead use:
> > 
> >   req.status = apache.HTTP_UNAUTHORIZED
> >   # generate HTML
> >   return apache.OK
> > 
> > If this is a handler other than PythonHandler, again, you should be
> > returning apache.DONE and not apache.OK.
> > 
> > I would suggest that you post what your Apache configuration directives
> > are so it is clear what handlers are being executed and in what phases.
> > 
> > Show a cut done version of what your handlers are doing would also
> > be helpful.
> > 
> > Graham
> > 
> > > The HTML generated is a form, and the user information is used to
> > > populate the default values. When the user submits the form, and my
> > > formHandler is called, the HTML it generates is appended to the current
> > > page, instead of starting a new one. I have <html> and </html> tags
> at
> > > the appropriate places to mark where documents are starting and
> > > stopping.
> > > 
> > > I did not have this problem on any of the other pages/scripts I have
> > > written, and I think that adding authentication into the mix is the
> > > variable in the equation.
> > > 
> > > What I am after is the following sequence:
> > > (1) user login 
> > > (2) new page w/form with default fields grabbed from db (generated
> html)
> > > (3) another new page w/confirmation info (values and corrections from
> > > form) (generated html)
> > > 
> > > Any suggestions?
> > > I would greatly appreciate any help I could get.
> > > 
> > > -- 
> > > Max Luebbe <max.luebbe at gmail.com>
> > > 
> > > _______________________________________________
> > > Mod_python mailing list
> > > Mod_python at modpython.org
> > > http://mailman.modpython.org/mailman/listinfo/mod_python
> -- 
> Max Luebbe <max.luebbe at gmail.com>
> 
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python


More information about the Mod_python mailing list