HTDB Login How-To

Prepared by Matthew Sewell on May 2, 2004

Overview: HTDB provides elegant and simple support for session management and user logins. User sessions are tracked and managed in the database with minimal scripting by the designer.

The following functions and variables will be used in our example:

isUser() - Tests whether the encrypted cookie (if any) in the client's browser matches a valid current session in the htdb database. This function will return success (true) if the cookie matches a valid session or failure (false) if there is no cookie or it doesn't match a valid open session.

defined() - Tests whether the expression contained in the brackets is a defined object. In this example, we will used defined(submit) to test whether the user has pushed the button named “submit”. This function will return either success or failure.

${user->*} - A variable representing the possible fields in the database. See the end of this document for more details.

Basic Example:

# SESSION MANAGEMENT EXAMPLE Scripted by Matthew Sewell # # This is an example script which demonstrates how to manage sessions # using the htdb scripting language. # # Please note that this script does not cover the creation of users using # the htdb scripting language. This can be accomplished manually by adding # entries to the appropriate fields in the 'user' table in the htdb database. # This script will not work if there is not a valid user name and password # being used. # First, let's define a few variables... #define pageTitle Login Example #define pageColor #ffffff #define textColor #000000 #define linkColor #0000ff #define vlinkColor #0000ff #define alinkColor #ff0000 # Keep in mind that none of these variables affect the way this script # functions. We have defined them here simply for ease of use. # We also need to define a log-in screen that will pop up when we need # it... #define login <TABLE WIDTH=583 BORDER=0 CELLPADDING=4 CELLSPACING=4 STYLE="page-break-before: always"> <COL WIDTH=159> <COL WIDTH=394> <THEAD> <TR VALIGN=TOP> <TD WIDTH=159> <P>Please Log-In Here.<BR CLEAR=LEFT><BR> </P> </TD> <TD WIDTH=394> <form name="loginForm" action="#" method="post"> <P><BR><BR> </P> <P> Username: <input TYPE="TEXT" NAME="email" SIZE="12" MAXLENGTH="16"> </P> <P> Password: <input TYPE="password" NAME="password" SIZE="12" MAXLENGTH="50" length="10"> </P> <P><input TYPE="submit" NAME ="submit" VALUE=" Log-In"><BR><BR> </P> </form> </TD> </TR> </THEAD> </TABLE> # In this example, we will create a 'userContent.htdb' file that will contain # the information that the user is trying to access. The server will not allow # a direct request to this file. It is a template that will be 'sucked in' to # the 'index.html' file which we will define in this script when we call it using # the ${userHome} variable defined. First, we have to include it as follows... #include userContent # Next, we need to define the index.html file that will be served out to the user. # Once again, we will use '#define'... #define index.html # Here's where we start the content of the page itself. # this is where we plop down the variables which we defined at the top of the script... <head><title>${pageTitle}</title></head> <body bgcolor=${pageColor} text=${textColor} link=${linkColor} vlink=${vlinkColor} alink=${alinkColor}> <CENTER> # Now that we have set up the head of our document, we need to check whether or not the # person requesting this page is logged-in as a user. If so, we will provide a link to # log back out and then give them the requested content. We will use an 'if' statement # to test this condition... #live if (isUser()) <P ALIGN=left>${linkInternal(/htdb/?logout=yup,Log-Out)} ${user->screenname}.</P> ${userHome} # If the person requesting the page does not have a valid log-in but has selected the # submit button (which we created when we defined 'login') we need to alert them that # their attempt to log-in failed. #live else if (defined(submit)) <CENTER><FONT size='+3' color='red'>Whoooa! Hey. That's not the right username and/or password.<P>Try it again...</FONT></CENTER> ${login} # If the person requesting the page isn't logged in and has not selected the submit # button, we know that it was the first time they attempted to look at the page so # all they need is a fresh log-in form. #live else ${login} #live endif # Now all we need to do is to insert the rest of the document to wrap things up... </CENTER>
# This script should be save as 'userContent.htdb' in the same directory as the # above example. # All we have to do here is define the content that the user should see when she # has a valid active session like this... #define userHome <CENTER><P>You are logged in!</CENTER>

#     SESSION MANAGEMENT EXAMPLE Scripted by Matthew Sewell
#
#     This is an example script which demonstrates how to manage sessions
#     using the htdb scripting language.
#
#     Please note that this script does not cover the creation of users using
#     the htdb scripting language.  This can be accomplished manually by adding 
#     entries to the appropriate fields in the 'user' table in the htdb database.
#     This script will not work if there is not a valid user name and password
#     being used.  

#     First, let's define a few variables...                                

#define pageTitle Login Example     
#define pageColor #ffffff
#define textColor #000000
#define linkColor #0000ff
#define vlinkColor #0000ff
#define alinkColor #ff0000

#     Keep in mind that none of these variables affect the way this script
#     functions.  We have defined them here simply for ease of use.

#     We also need to define a log-in screen that will pop up when we need
#     it...

#define	login

<TABLE WIDTH=583 BORDER=0 CELLPADDING=4 CELLSPACING=4 STYLE="page-break-before: always">
		<COL WIDTH=159>
		<COL WIDTH=394>
		<THEAD>
			<TR VALIGN=TOP>
				<TD WIDTH=159>
					<P>Please Log-In Here.<BR CLEAR=LEFT><BR>
					</P>
				</TD>
				<TD WIDTH=394>
                                        <form name="loginForm" action="#" method="post">
					
					<P><BR><BR>
					</P>
					<P>
                                               Username:  <input TYPE="TEXT" NAME="email" SIZE="12" MAXLENGTH="16"> 
					</P>
					<P>
                                               Password:  
                                               <input TYPE="password" NAME="password" SIZE="12" MAXLENGTH="50" length="10">
					</P>
					<P><input TYPE="submit" NAME ="submit" VALUE=" Log-In"><BR><BR>
					</P>
				     </form>
				</TD>
			</TR>
		</THEAD>
	</TABLE>


#     In this example, we will create a 'userContent.htdb' file that will contain
#     the information that the user is trying to access.  The server will not allow
#     a direct request to this file.  It is a template that will be 'sucked in' to
#     the 'index.html' file which we will define in this script when we call it using
#     the ${userHome} variable defined.  First, we have to include it as follows...

#include userContent
                                
#     Next, we need to define the index.html file that will be served out to the user.
#     Once again, we will use '#define'...                                
                                
#define index.html

#     Here's where we start the content of the page itself.

#     this is where we plop down the variables which we defined at the top of the script...                            
         <head><title>${pageTitle}</title></head>
	<body bgcolor=${pageColor} text=${textColor} link=${linkColor} vlink=${vlinkColor} alink=${alinkColor}>
	<CENTER>
	
#     Now that we have set up the head of our document, we need to check whether or not the
#     person requesting this page is logged-in as a user.  If so, we will provide a link to
#     log back out and then give them the requested content.  We will use an 'if' statement
#     to test this condition...                     
      
#live   if (isUser())
                                
        <P ALIGN=left>${linkInternal(/htdb/?logout=yup,Log-Out)}
                                ${user->screenname}.</P>
                                
        ${userHome}

#     If the person requesting the page does not have a valid log-in but has selected the
#     submit button (which we created when we defined 'login') we need to alert them that
#     their attempt to log-in failed.
                           
#live   else if (defined(submit))
                                
        <CENTER><FONT size='+3' color='red'>Whoooa! Hey. 
                                That's not the right username and/or password.<P>Try it
                                again...</FONT></CENTER>
                                
        ${login}

#     If the person requesting the page isn't logged in and has not selected the submit
#     button, we know that it was the first time they attempted to look at the page so
#     all they need is a fresh log-in form.
                                
#live   else
                                
        ${login}
                                
#live   endif           
                                
#     Now all we need to do is to insert the rest of the document to wrap things up...           

        </CENTER>

#     This script should be save as 'userContent.htdb' in the same directory as the
#     above example.

#     All we have to do here is define the content that the user should see when she
#     has a valid active session like this...

#define userHome

<CENTER><P>You are logged in!</CENTER>

Note: It is important to note that passwords are transmitted in clear text. If you are concerned about this, you should use ssl encryption. The setting of the cookie can be suppressed by editing the config.htdb file included with the htdb distribution.

In the above example, we used the ${user->screenname} variable to insert the user's screen name into the document. ${user->*} can also pull out any of the values defined in the 'user' table of the htdb database.

Tips & Tricks: