Table of Contents | Step 8

Except for the images, we have finished methods to display search results and information about particular records. Now, we need an administrative application to add new records to the addressbook. Before we begin, let's discuss how we're going to restrict access to the administrative application.

As I stated in the Introduction, I run Apache Web Server. The easiest way to restrict access is to create a .htaccess file directly in the directory we're going to protect. Since we want the methods we've already created to be accessible to everyone, we'll need to create a new cgi file and protect it with the .htaccess file. I've created a file called admin.cgi by copying the handler.cgi we already had written. Now my cgi-bin directory looks like this:

  $ ls -l
  total 8
  -rwxrwxr-x    1 fliptop  fliptop        742 Jul 19 19:38 admin.cgi
  -rwxrwxr-x    1 fliptop  fliptop        742 Jun 15 01:23 handler.cgi
  $
  

First we'll create a password file by running the htpasswd command. We'll put the file in the server root so it's not accessible with a browser (on my server, it's /home/httpd):

  $ cd /home/httpd
  $ htpasswd -c ./addressbook_users admin
  New password: 
  Re-type new password: 
  Adding password for user admin
  $ ls -l
  total 16
  -rw-rw-r--    1 fliptop  fliptop        20 Jul 19 19:50 addressbook_users
  drwxrwxr-x    3 fliptop  fliptop      4096 Jul 19 19:38 cgi-bin
  drwxrwxr-x    2 fliptop  fliptop      4096 Jul  8 12:33 html
  drwxrwxr-x    2 fliptop  fliptop      4096 Jul  7 00:08 templates
  $ 
  

The -c switch tells htpasswd to create a new file. The next argument is the filename to create, and last is the username to add. Then, we're prompted to type a password, then re-type it for verification. As you can see, a file called addressbook_users was created. Inside it is the username admin and then an encrypted password. The two are separated by a colon. You can add other users by typing the same command without the -c switch. Note: if you don't have telnet access to your box, you'll have to get your system administrator to create this file.

Now, we have to add the .htaccess file to the cgi-bin directory. Here's a sample one to get started with:

  AuthName "Addressbook - Restricted Area"
  AuthType Basic
  AuthUserFile /home/httpd/addressbook_users

  <Files admin.cgi>
    require valid-user
  </Files>
  

The .htaccess file should be readable by whoever your Web server runs as. If you don't have root access to your server, then make sure your server administrator has added the appropriate <Directory> container to the httpd.conf file. It should look something like this:

  <Directory "/home/httpd/cgi-bin">
    AllowOverride AuthConfig
    Options ExecCGI
    Order allow,deny
    Allow from all
  </Directory>
  

Note: the directory will vary depending on where your cgi-bin is. Also note that the httpd server will require restarting after this container is added.

Try accessing your new file, admin.cgi. An authentication box should pop up, requesting your username and password. Enter the one you created with the htpasswd command. You should see the same search form as if you had called handler.cgi (because we just copied the file).

We're going to create a separate perl handler to provide action methods to the restricted cgi. So let's start out with the handler we created in Step 4 (Handler.pm) and call it Restricted.pm. I'll avoid putting all the code here again, but will point out that the package declaration should be changed to:

  package PEACE::AddressBook::Restricted;
  # /usr/lib/perl5/5.6.0/PEACE/AddressBook/Restricted.pm
  # - handles restricted, administrative actions called by the cgi for addressbook
  

Now, let's change some of the code in admin.cgi. It's going to be pretty much the same as handler.cgi, but we need to use Restricted.pm instead of Handler.pm and change the constructor:

  use PEACE::AddressBook::Restricted;
  ...
  my $c = PEACE::AddressBook::Restricted->new(
    action        => $action,
    cgi           => $cgi
  );
  

Other than those 2 lines, the code is identical to the original cgi.

Now, back to the restricted handler. Let's think a moment about what action methods it should provide. It will need methods to:

If we look at our database, we'll see the following <input> form tags will be necessary for each method (required ones have an asterisk):

adding new records - last name*, first name, middle name, image, address description*, address1, address2, city*, state*, zip, number description*, area code*, prefix*, suffix*, extension
selecting existing records for editing - person id*
updating a record - depends on how we do it
deleting a record - person id*

Why will updating a record depend on how we do it? Well, we could write one method that updates all information associated with a person in one fell swoop. Or, we could provide a list of existing addresses and numbers and then provide one <input> for adding new information and a way to delete a particular number or address. Then, when we want to change something, we just delete the old one and enter a new one. We could also write a method that selects a particular address or number for editing, then updates just that record. Hmmm, decisions, decisions........

So let's really think about it. Suppose we have two people, Ozzy and Janice, who live together (perish the thought). We'll probably have the same home address and home phone number for both of them, but different cell and work numbers. That means there would be 2 records in each of the person_number and person_address tables for each home address and phone number, each one designating Ozzy and Janice as the co-owners of those particular address and phone records. Now suppose that Ozzy and Janice break up, and Ozzy moves out. If we were to write an app that updates all the information for Ozzy at once, it will overwrite the home address record with his new one. But, that will also change the record for Janice to Ozzy's new address (unless we write some fancy code to prevent that from happening). The same thing may happen if we try the 3rd method described above. But, if we have a method that simply deletes existing relationships and creates new ones, then we'll only be playing with the record that's in the person_address and person_number tables. We'll simply delete the record that relates Ozzy's home address to the same address record as Janice's, then create a new address and relate Ozzy to that one.

Coming next - Uploading and manipulating binary image files with CGI and ImageMagick