|RTL reference|Glossary|Tips/Tricks|FREE App/VCL|Best'O'Net|Books|Link To|
|ISAPI tutorial for Delphi developers|
|Page 14: Database enabled applications - Part 2|
This is going to be a client database over the Internet. This means that any one with a browser and an Internet connection, with no need for additional software can add, delete, modify and view information. This gives great power and it brings with it some security issues. I am going to explain a way so that only certain people that have access can do this. Of course, the security I am going to employ is quite simple, you can extend it as much as you want to provide additional security (restrict by IP, SSL, etc).
As we've seen in the chapter covering PageProducers, the HTMLFile property assigns an HTML file to the PageProducer. This file can be located anywhere on your machine as long as the IUSR_MACHINENAME user has read access to the file at NTFS level (considering you are using NT as your server. If you are not, then you shouldn't really worry about security issues with your ISAPI application as Windows 95, 98 doesn't have any other means of security anyway....so just open yourself up to the whole world ).
The files you should be looking at up to this point are: menu.htm
This last one (login.htm) on the contrary, should be located in the public directory where your web-server points to. This page will be used for the user to input his/her login information so that we can verify his credential. Your directory structure should look something like this: C:\ApplicationPrivateFiles: (only with read permission for IUSR_MACHINENAME).
C:\inetpub\wwwroot: (public location for web-server)
Since most of the code has been explained in previous chapters, I won't go into details. The only really new thing is the Stored Procedure that checks to see if the user is valid. If the username/password is correct it then responds with the user's ID. All user ID's are greater or equal to zero, so if the user does not exist or the combination is incorrect it will return -1.
The "Page" action
The BeforeDispatch event takes care of the security issues, so in our "Page" action all we need to do is to return the requested page that will be indicated by the "target" parameter (look at the source code for the menu.htm file). If you look at the code for this action you will see that it is very simple:
Note that the path to the private files is hard-coded. Other ways to do it is either using constants (but still would be coded) or use a INI file of some sort that would read the values from a the file in the OnCreate and store them in a global variable (remember, it would be ok since it would be a read-only variable). You could then easily change the paths without the need to re-compile.
Try calling this action without logging in first and see the result:. If you debug, you will see that it doesn't even get to the Page action. The BeforeDispatch takes care of it.
As you can see also, the errors and pages i've generating aren't what you could say the best or nicest. This is all for demonstration purposes and the error messages could be replaced with something more friendlier and less explicit!
The "Action" action
We call the function "AddRecord", which reads the contents of the form, creates an SQL instruction and executes it. If no exception is raised then it returns an 'OK' , otherwise it returns the message of the exception. Notice that there is no need to pass the Request.ContentFIelds as a parameter to the function since the current Request property of the web-module is instantiated with the current contents of the current request.
This was very easy. Examine the code carefully and make sure you understand everything before you proceed to the next part of this chapter.
All graphics (if any) in this feature created by Zarko Gajic.
|· Learn another routine every day - RTL Quick Reference.
· Download free source code applications and components.
· Talk about Delphi Programming, real time.
· Link to the Delphi Programming site from your Web pages.
· Tutorials, articles, tech. tips by date: 2001|2000|1999|1998 or by TOPIC.
|· NEXT ARTICLE: ADO Cursors - DB/10.
Chapter ten of the free Delphi Database Course for beginners. How ADO uses cursors as a storage and access mechanism, and what you should do to choose the best cursor for your Delphi ADO application.
|Stay informed with all new and interesting things about Delphi (for free).|
|Got some code to share? Got a question? Need some help?|