<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head profile="http://internetalchemy.org/2003/02/profile">
<link rel="foaf" type="application/rdf+xml" title="FOAF" href="http://www.openlinksw.com/dataspace/uda/about.rdf" />
<link rel="schema.dc" href="http://purl.org/dc/elements/1.1/" />
<meta name="dc.title" content="17. Internet Services" />
<meta name="dc.subject" content="17. Internet Services" />
<meta name="dc.creator" content="OpenLink Software Documentation Team ; " />
<meta name="dc.copyright" content="OpenLink Software, 1999 - 2009" />
<link rel="top" href="index.html" title="OpenLink Virtuoso Universal Server: Documentation" />
<link rel="search" href="/doc/adv_search.vspx" title="Search OpenLink Virtuoso Universal Server: Documentation" />
<link rel="parent" href="internetservices.html" title="Chapter Contents" />
<link rel="prev" href="ftpservices.html" title="FTP Services" />
<link rel="next" href="ldap.html" title="LDAP" />
<link rel="shortcut icon" href="../images/misc/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="doc.css" />
<link rel="stylesheet" type="text/css" href="/doc/translation.css" />
<title>17. Internet Services</title>
<meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8" />
<meta name="author" content="OpenLink Software Documentation Team ; " />
<meta name="copyright" content="OpenLink Software, 1999 - 2009" />
<meta name="keywords" content="" />
<meta name="GENERATOR" content="OpenLink XSLT Team" />
</head>
<body>
<div id="header">
<a name="vspguide" />
<img src="../images/misc/logo.jpg" alt="" />
<h1>17. Internet Services</h1>
</div>
<div id="navbartop">
<div>
<a class="link" href="internetservices.html">Chapter Contents</a> | <a class="link" href="ftpservices.html" title="FTP Services">Prev</a> | <a class="link" href="ldap.html" title="LDAP">Next</a>
</div>
</div>
<div id="currenttoc">
<form method="post" action="/doc/adv_search.vspx">
<div class="search">Keyword Search: <br />
<input type="text" name="q" /> <input type="submit" name="go" value="Go" />
</div>
</form>
<div>
<a href="http://www.openlinksw.com/">www.openlinksw.com</a>
</div>
<div>
<a href="http://docs.openlinksw.com/">docs.openlinksw.com</a>
</div>
<br />
<div>
<a href="index.html">Book Home</a>
</div>
<br />
<div>
<a href="contents.html">Contents</a>
</div>
<div>
<a href="preface.html">Preface</a>
</div>
<br />
<div class="selected">
<a href="internetservices.html">Internet Services</a>
</div>
<br />
<div>
<a href="webdavserver.html">WebDAV Server</a>
</div>
<div>
<a href="uriqa.html">URIQA Semantic Web Enabler</a>
</div>
<div>
<a href="maildelivstore.html">Mail Delivery & Storage</a>
</div>
<div>
<a href="nntpnewsgroups.html">NNTP Newsgroups</a>
</div>
<div>
<a href="mime.html">MIME & Internet Messages</a>
</div>
<div>
<a href="ftpservices.html">FTP Services</a>
</div>
<div class="selected">
<a href="vspguide.html">VSP Guide</a>
<div>
<a href="#vspintro" title="Introduction">Introduction</a>
<a href="#htmlusage" title="Simple HTML FORM usage">Simple HTML FORM usage</a>
<a href="#dbinteraction" title="Interacting with the Database">Interacting with the Database</a>
<a href="#vspforumsapp" title="The Forums Application">The Forums Application</a>
<a href="#corsshare" title="Setting up server-side Cross-Origin Resource Sharing (CORS) with Virtuoso">Setting up server-side Cross-Origin Resource Sharing (CORS) with Virtuoso</a>
</div>
</div>
<div>
<a href="ldap.html">LDAP</a>
</div>
<br />
</div>
<div id="text">
<a name="vspguide" />
<h2>17.7. VSP Guide</h2>
<a name="vspintro" />
<h3>17.7.1. Introduction</h3>
<p>
Virtuoso Server Pages are the equivalent of a stored procedure
in a Web page that is compiled when it is first read by the Virtuoso
server. Virtuoso detects when the '.vsp' file is modified
and recompiles the procedure.
Since VSP is essentially Virtuoso PL in a Web page you can do anything
that PL can, either directly or from interaction with the user.
VSP gives you the advantage of not having to worry about making
connections to the database. You also avoid the overhead of RPCs
because the HTTP server is built into Virtuoso. When you write a VSP page the
connection is automatic since you are already in Virtuoso.
</p>
<p>
VSP is server script and is therefore executed in the server as it is
encountered on the page. For this reason client (JavaScript) and server
script cannot directly interact but can supplement each other. You can
call JavaScript inside a VSP loop, for example, to manipulate something
that already exists on the page but you cannot pass variables by reference
from VSP directly to JavaScript or vice versa.
</p>
<p>
Page flow control can be managed using FORMs. The state of the page is
defined in form fields such as INPUT boxes and TEXTAREA boxes and then
passed to the next form or page using POST.
</p>
<br />
<a name="htmlusage" />
<h3>17.7.2. Simple HTML FORM usage</h3>
<p>
We start with a small example that shows the source of a page including a
FORM with data from the user being sent when a submit button is pressed.
We then examine the elements and attributes of this simple form that are
important to us at this stage.
</p>
<a name="basicform" />
<h4>17.7.2.1. Basic Forms</h4>
<a name="" />
<div class="example">
<div class="exampletitle">Simple Forms</div>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>Simple FORM demo</TITLE>
</HEAD>
<BODY>
<FORM METHOD="POST" ACTION="formdemo_receiver.vsp">
<P>Test form, type some info and click Submit</P>
<INPUT TYPE="TEXT" NAME="myInput" />
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Submit" />
</FORM>
</BODY>
</HTML>
</pre>
</div>
</div>
<p>
The METHOD attribute of a FORM TAG in a VSP page can be either GET or POST. The GET method allows the form submission to
be contained completely in a URL; this can be advantageous because it permits bookmarking in browsers,
but it also prevents form data from containing non
ASCII characters such as accented letters and special symbols
and restricts the amount of form data that can be handled. The GET method is l
mited by the maximum length of the URL that the
server and browser can process. To be safe, any form whose input might contain non-ASCII
characters or more than 100 characters should use METHOD="POST".
</p>
<p>
With the POST method, the form input is submitted as an HTTP POST request with the form data sent in the
body of the request. Most current browsers are unable to bookmark POST requests,
but POST does not entail the character encoding and length restrictions imposed by GET.
</p>
<p>
The ACTION attribute of FORM specifies the URI of the form handler. This will usually be another web page that
performs some action based on the data that is sent from the originating form. The URI could point to the same page
as the data originated and for pages that perform a well-defined small set of functions it usually does.
When a page needs to manage multiple states there needs to be some flow control that can determine how the page
was reached; for example, to differentiate whether it arrived at as a result of someone clicking on the submit button or it is the first time the page has
been visited.
</p>
<br />
<a name="formvalues" />
<h4>17.7.2.2. Exchanging Values in Forms</h4>
<p>
Now we add some VSP to check the values of the parameters in the form. VSP markup is typically
contained in <?vsp ... ?> blocks.
</p>
<a name="" />
<div class="example">
<div class="exampletitle">Forms and Values</div>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>Simple FORM demo</TITLE>
</HEAD>
<BODY>
<P>Last value sent:
<?vsp
http(get_keyword('myInput', params, 'no value'));
?>
</P>
<FORM METHOD="POST" ACTION="formdemo.vsp">
<P>Test form, type some info and click Submit</P>
<INPUT TYPE="TEXT" NAME="myInput" />
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Submit" />
</FORM>
</BODY>
</HTML>
</pre>
</div>
</div>
<p>
This is the same example as above but now it uses the same page for the
form handler and displays the parameters each time. Clicking the Submit
button takes you to the same page and displays whatever you typed in
the field last time.
</p>
<p>
The VSP block uses two nested functions. The <span class="computeroutput">http()</span>
function allows you to send data to the HTTP client, the browser.
What we send to the browser is the result of the <span class="computeroutput">get_keyword()</span>
function, which has three parameters:
<span class="computeroutput">search_for</span>, <span class="computeroutput">source_array</span>,
and <span class="computeroutput">default_val</span>. It searches
for the keyword-value pair (keyword=value) where the keyword matches
the <span class="computeroutput">search_for</span> parameter (in this case 'myInput')
in the array passed in the <span class="computeroutput">source_array</span> parameter.
It returns the value
if one is found; otherwise returns the <span class="computeroutput">default_val</span> parameter in the
function, in this case 'no value'.
The<span class="computeroutput"> params</span> argument is a special array that contains
all page parameters from the previous FORM state.
</p>
<br />
<a name="formandvspconditions" />
<h4>17.7.2.3. Conditional Processing</h4>
<p>
Now we extend this further to add some conditional control so that
if a value was entered we can respond directly to it.
We will also use a variable this time, which must be declared first.
</p>
<a name="" />
<div class="example">
<div class="exampletitle">Conditional Processing Using IF</div>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>Simple FORM demo</TITLE>
</HEAD>
<BODY>
<?vsp
declare _myInput varchar;
_myInput := get_keyword('myInput', params, '');
if (_myInput <> '')
{ http('<P>Hello, ');
http(_myInput);
http('</P>');
}
else
{ http('<P>Please enter your name</P>');
}
?>
<FORM METHOD="POST" ACTION="formdemo.vsp">
<INPUT TYPE="TEXT" NAME="myInput" VALUE="" />
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Submit" />
</FORM>
</BODY>
</HTML>
</pre>
</div>
</div>
<br />
<a name="vsppgctrl" />
<h4>17.7.2.4. Further Page Control</h4>
<p>
We now extend this to control the whole content of the page.
In this example we see that VSP and HTML can be interleaved.
</p>
<a name="" />
<div class="example">
<div class="exampletitle">Page Control</div>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>Simple FORM demo</TITLE>
</HEAD>
<BODY>
<?vsp
declare _myInput varchar;
declare Mode varchar;
_myInput := get_keyword('myInput', params, '');
Mode := get_keyword('submit', params, '');
if (Mode = 'Submit')
{
?>
<P>Hello, <?vsp http(_myInput); ?>
</P>
<FORM METHOD="POST" ACTION="demo4.vsp">
<INPUT TYPE="HIDDEN" NAME="myInput" VALUE="" />
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Again" />
</FORM>
<?vsp
}
else
{
?>
<P>Please enter you name</P>
<FORM METHOD="POST" ACTION="demo4.vsp">
<INPUT TYPE="TEXT" NAME="myInput" />
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Submit" />
</FORM>
<?vsp
}
?>
</BODY>
</HTML>
</pre>
</div>
</div>
<p>We start by setting the mode based on whether the Submit
button has been pressed. When the mode has changed a different version of the page
is sent to the browser. In the new version, the Again button the appears, to return you
to the previous state when pressed.</p>
<br />
<a name="params" />
<h4>17.7.2.5. Communicating Parameters Between Pages</h4>
<p>Now we will use two pages to do the same job as in the demo above.</p>
<a name="" />
<div class="example">
<div class="exampletitle">Using more than one page</div>
<p>Page 1</p>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>Multi Page Demo</TITLE>
</HEAD>
<BODY>
<P>Please enter you name</P>
<FORM METHOD="POST" ACTION="demo5_2.vsp">
<INPUT TYPE="TEXT" NAME="myInput" />
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Submit" />
</FORM>
</BODY>
</HTML>
</pre>
</div>
<p>Page 2</p>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>Multi Page Demo</TITLE>
</HEAD>
<BODY>
<P>The value you entered was:
<?vsp
http(get_keyword('submit', params, 'no data'));
?>
</P>
<FORM METHOD="POST" ACTION="demo5_1.vsp">
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Back" />
</FORM>
</BODY>
</HTML>
</pre>
</div>
</div>
<br />
<a name="formsandjs" />
<h4>17.7.2.6. Using JavaScript to Control Forms</h4>
<p>JavaScript is a programming language that can be used in the browser
and is useful for client-side programming. It is useful to be able
to do some work on the
client machine before making another round trip to the server for more processing.
JavaScript is also useful for making things more appealing to the Web
page viewer. </p>
<p>JavaScript can be made to respond to events within the browser such as
when the mouse is moved over a link, a graphic or a button or when the mouse is
clicked on some part of the page. This can be achieved by using event
handlers within the HTML tags and placing JavaScript code in their content.
Common event handlers are <strong>onMouseOver</strong>, <strong>onMouseClick</strong>,
<strong>onMouseOut</strong>, <strong>onChange</strong>, and the
like.</p>
<p>A simple but useful example of this would be to simplify one of the
previous examples by placing a handler on the text box so that you do not have to
press the submit button to send the form to the server:</p>
<div>
<pre class="programlisting">
<FORM METHOD="POST" ACTION="demo5_2.vsp" NAME="demo5_2">
<INPUT TYPE="TEXT" NAME="myInput" onChange="document.demo5_2.submit()" />
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Submit" />
</FORM>
</pre>
</div>
<br />
<br />
<a name="dbinteraction" />
<h3>17.7.3. Interacting with the Database</h3>
<p>This section describes manipulating data within Virtuoso
from VSP. Unless the required tables already exist, new ones will need to be
created. This example will involve a simple table of people and a series
of pages for adding, editing, viewing, and deleting its entries.</p>
<a name="basiccreatetable" />
<h4>17.7.3.1. Creating a Table</h4>
<p>Tables should be created so that their entries can be uniquely identified.
This is very important so that if we need to edit or delete one particular entry
we can distinguish it from other entries. A <strong>primary key</strong>
is how a database enforces unique rows, by refusing to allow
duplicate data to be inserted. It is up to the user to choose a column in the
table to act as a primary key. Sometimes one or more of the columns of data are naturally
unique either singularly or in composite; other times it is necessary
to add a column to contain unique codes for each row.</p>
<div class="tip">
<div class="tiptitle">See Also:</div>
<p>
<a href="CREATETABLE.html#pkeycons">Primary Keys</a>
</p>
</div>
<p>Here is the definition of the simple table that will be used:</p>
<div>
<pre class="programlisting">
CREATE TABLE DB.DBA.DEMO_PEOPLE (
EMAIL VARCHAR(255) PRIMARY KEY,
FORENAME VARCHAR(100),
SURNAME VARCHAR(100)
);
</pre>
</div>
<p>The email address has been selected as a primary key.</p>
<br />
<a name="insertingvalues" />
<h4>17.7.3.2. Basic Form Input Page</h4>
<p>After the table has been created; for example via Virtuoso's
iSQL utility; it will need some data.
For this we create a "New Person" page. This page uses form
inputs and some VSP code to determine whether
an insert button was pressed. If the insert button is pressed then the
page takes submitted values from the POST and uses them to construct
an SQL statement that inserts a new row into the table. This is
demonstrated below:</p>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>New Person Page</TITLE>
</HEAD>
<BODY>
<?vsp
declare _email, _forename, _surname varchar;
_email := get_keyword('email', params, '');
_forename := get_keyword('forename', params, '');
_surname := get_keyword('surname', params, '');
-- insert new person if we came from the insert button
if ('' <> get_keyword('ins_button', params, ''))
{
INSERT INTO DB.DBA.DEMO_PEOPLE(EMAIL, FORENAME, SURNAME)
VALUES(_email, _forename, _surname);
}
?>
<P>Please enter the details of new person:</P>
<FORM METHOD="POST" ACTION="demo_people_add.vsp">
<TABLE>
<TR><TH>Email:</TH><TD><INPUT TYPE="TEXT" NAME="email" /></TD></TR>
<TR><TH>Forename:</TH><TD><INPUT TYPE="TEXT" NAME="forename" /></TD></TR>
<TR><TH>Surname:</TH><TD><INPUT TYPE="TEXT" NAME="surname" /></TD></TR>
</TABLE>
<INPUT TYPE="SUBMIT" NAME="ins_button" VALUE="Insert" />
</FORM>
</BODY>
</HTML>
</pre>
</div>
<p>The underscores were added to this example to keep the param
variables and page variables visibly distinguishable.</p>
<br />
<a name="retrtabvals" />
<h4>17.7.3.3. Displaying Table Data in a VSP Page</h4>
<p>Now that some data exists in the table we need a way to
display it. The FOR ... DO construct is used to construct the insides of
an HTML table:</p>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>The People Page</TITLE>
</HEAD>
<BODY>
<P>The Peoples' Details</P>
<TABLE>
<TR><TH>Email</TH><TH>Forename</TH><TH>Surname</TH></TR>
<?vsp
FOR (SELECT EMAIL, FORENAME, SURNAME FROM DB.DBA.DEMO_PEOPLE) DO
{
?>
<TR><TD><?=EMAIL?></TD><TD><?=FORENAME?></TD><TD><?=SURNAME?></TD></TR>
<?vsp
}
?>
</TABLE>
</BODY>
</HTML>
</pre>
</div>
<br />
<a name="deletevals" />
<h4>17.7.3.4. Simple Form Delete Page</h4>
<p>The page above can easily be extended to allow deletion. For each row an 'action' link is added. The action
Remove link hardwires a form GET on the URL. This is then
intercepted by the IF condition looking for the <span class="computeroutput">remove</span> parameter. </p>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>The People Page With Deletion</TITLE>
</HEAD>
<BODY>
<?vsp
declare deleteme varchar;
deleteme := get_keyword('remove', params, '');
if ('' <> deleteme)
DELETE FROM DB.DBA.DEMO_PEOPLE WHERE EMAIL = deleteme;
?>
<FORM METHOD="POST" ACTION="demo_people_view2.vsp">
<P>The Peoples' Details</P>
<TABLE>
<TR><TH>Email</TH><TH>Forename</TH><TH>Surname</TH>
<TH>Action</TH></TR>
<?vsp
FOR (SELECT EMAIL, FORENAME, SURNAME FROM DB.DBA.DEMO_PEOPLE) DO
{
?>
<TR><TD><?=EMAIL?></TD><TD><?=FORENAME?></TD><TD><?=SURNAME?></TD>
<TD><A HREF="?remove=<?=EMAIL?>">Remove</A></TD></TR>
<?vsp
}
?>
</TABLE>
</FORM>
</BODY>
</HTML>
</pre>
</div>
<br />
<a name="editvals" />
<h4>17.7.3.5. Simple Form Edit Page</h4>
<p>The last step is to have a way to edit rows of the
table. To do this, we combine everything that we have so far
and use the SQL UPDATE statement to update the row. The EMAIL
column is not made updateable since this is the primary key.
</p>
<div>
<pre class="programlisting">
<HTML>
<HEAD>
<TITLE>The People Page With Deletion</TITLE>
</HEAD>
<BODY>
<FORM METHOD="POST" ACTION="demo_people_view3.vsp">
<?vsp
declare deleteme, editme, edt_email, edt_forename, edt_surname,
save_email, save_forename, save_surname varchar;
deleteme := get_keyword('remove', params, '');
if ('' <> deleteme)
DELETE FROM DB.DBA.DEMO_PEOPLE WHERE EMAIL = deleteme;
if ('' <> get_keyword('save_button', params, ''))
{
save_email := get_keyword('email', params, '');
save_forename := get_keyword('forename', params, '');
save_surname := get_keyword('surname', params, '');
update DB.DBA.DEMO_PEOPLE
SET FORENAME = save_forename, SURNAME=save_surname
WHERE EMAIL = save_email ;
}
editme := get_keyword('edit', params, '');
if ('' <> editme)
{
SELECT EMAIL, FORENAME, SURNAME
INTO edt_email, edt_forename, edt_surname
FROM DB.DBA.DEMO_PEOPLE WHERE EMAIL = editme;
?>
<TABLE>
<TR><TH>Email:</TH><TD><INPUT DISABLED TYPE="TEXT" NAME="email" VALUE="<?=edt_email?>" /></TD></TR>
<TR><TH>Forename:</TH><TD><INPUT TYPE="TEXT" NAME="forename" VALUE="<?=edt_forename?>" /></TD></TR>
<TR><TH>Surname:</TH><TD><INPUT TYPE="TEXT" NAME="surname" VALUE="<?=edt_surname?>" /></TD></TR>
</TABLE>
<INPUT TYPE="SUBMIT" NAME="save_button" VALUE="Save" />
<?vsp
}
?>
<P>The Peoples' Details</P>
<TABLE>
<TR><TH>Email</TH><TH>Forename</TH><TH>Surname</TH>
<TH>Action</TH></TR>
<?vsp
FOR (SELECT EMAIL, FORENAME, SURNAME FROM DB.DBA.DEMO_PEOPLE) DO
{
?>
<TR><TD><?=EMAIL?></TD><TD><?=FORENAME?></TD><TD><?=SURNAME?></TD>
<TD><A HREF="?remove=<?=EMAIL?>">Remove</A> <A HREF="?edit=<?=EMAIL?>">Edit</A></TD></TR>
<?vsp
}
?>
</TABLE>
</FORM>
</BODY>
</HTML>
</pre>
</div>
<br />
<br />
<a name="vspforumsapp" />
<h3>17.7.4. The Forums Application</h3>
<p>
The "Forums" Application is a World Wide Web Application for posting, reading
and searching of messages developed under the Virtuoso VDBMS with a wide usage
of Virtuoso Server Pages (VSP) and server-side XSL-T transformation.
</p>
<p>
Messages in the forums are classified to forums and sub-forums by
interest. Posting is only allowed for registered users. Registration is
performed via a registration form. Every registered user can create new a
theme, post new messages to an existing theme or reply to an existing
message. Unregistered users can only search, browse, and read existing
themes and messages.
</p>
<a name="forumsprinciples" />
<h4>17.7.4.1. Principles</h4>
<p>
The application is based on VSPs, XML and XSLT transformations. The
VSPs are used to produce XML documents that are transformed to HTML using
server side XSLT. The design and appearance of the
application depends solely on XSLT style sheets. This allows us to divide
the development into two distinct parts: layout and design, and
functionality of the application.
</p>
<p>
Session management is based on URL manipulation and persistent HTTP session
variables. The messages are stored in Database as XML documents with a free-text
index applied over them.
</p>
<br />
<a name="forumsnav" />
<h4>17.7.4.2. Navigation</h4>
<p>
The application consists of four main pages:
</p>
<ol>
<li>
<p>
<strong>home.vsp</strong> - the main page introduces the
forums with the following information:</p>
<ul>
<li>Forums: name of each forum with link to the relevant sub-forums.</li>
<li>Total: total number of messages for this forum.</li>
<li>New: new messages for this forum within the last day.</li>
<li>Last: number of the last message inserted in the forum.</li>
<li>Total users: count of registered users.</li>
<li>Options: login if the user is already registered in the forums.</li>
<li>Registration: add a new user.</li>
<li>Search: search in the messages.</li>
</ul>
</li>
<li>
<p>
<strong>subforums.vsp</strong> - sub-forums
of the current forum with the following information:</p>
<ul>
<li>Subforum: name of each sub-forum with links to relevant themes.</li>
<li>Total: total number of messages for this forum.</li>
<li>New: new messages for this forum within the last day.</li>
<li>Last: number of the last message inserted in the forum.</li>
<li>Options: login if the user is already registered in the forums.</li>
<li>Registration: add a new user</li>
<li>Search: search in the messages.</li>
<li>Forums path: links to the home page and to the forum to
which the current sub-forums belong.</li>
</ul>
</li>
<li>
<p>
<strong>forum.vsp</strong> - themes of the current
sub-forum with the following information:</p>
<ul>
<li>Theme: name of each theme with links to its messages.</li>
<li>Total: total number of messages for this theme.</li>
<li>New: new messages for this theme within the last day.</li>
<li>Last: number of the last message inserted in the theme.</li>
<li>Options: login if the user is already registered in the forums.</li>
<li>Registration: add a new user.</li>
<li>Search: search in the messages.</li>
<li>Forums path: links to the home page, to the forum and to the
sub-forum to which the current themes belong.</li>
</ul>
</li>
<li>
<p>
<strong>thread.vsp</strong> - messages of the current
theme with the following information:</p>
<ul>
<li>Message: name of each message with a link to its
properties. When the link is activated the same page is presented, but
with the tree of messages for which the current message is
the parent.</li>
<li>Author: the name of the author of the current message.</li>
<li>Date: posting date of the message.</li>
<li>Options: login if the user is already registered in the forums.</li>
<li>Registration: add a new user.</li>
<li>Search: search in the messages.</li>
<li>Forums path: links to the home page, to the forum and to the
sub-forum to which the current message belongs. Also for the current
message, the parent message's name is presented. As users
move lower in the tree, they can go
back using this path.</li>
</ul>
</li>
</ol>
<br />
<a name="forumsremarks" />
<h4>17.7.4.3. Remarks</h4>
<p>
The basic principles of the application's implementation are:
</p>
<ul>
<li>The result of a VSP execution is a well-formed XML document.</li>
<li>Use the Virtuoso server to do server-side XSLT transformations
with appropriate style sheets whenever needed.</li>
<li>Use URL manipulations for session management.</li>
<li>Use post-processing functions to provide commonly used
parameters (such as user ID) as session variables.</li>
</ul>
<p>
If users are not logged in they can access all pages of the site, but if
they want to insert a new theme or create a new message, they have to log
in. When users attempt to create or insert, they will be prompted with
the login page. When they log in, the forums application will take them
directly to the form for inserting messages or themes.
If users are not logged in, the name 'anonymous' is displayed, instead of
the e-mail address that would be displayed if they were logged in.
</p>
<br />
<a name="forumssrchpg" />
<h4>17.7.4.4. The Search Page</h4>
<p>Users can search in three ways:</p>
<ul>
<li>Theme title: titles of message that are titles of themes.</li>
<li>Message title: titles of message that have the current theme as parent.</li>
<li>Message body: bodies of messages that have different themes as parents.</li>
</ul>
<p>Search results contain information about how many hits were
found, and for each hit the following:</p>
<ul>
<li>Message title: the title of the current message. When you search
in message bodies, the message titles are displayed.</li>
<li>Time: date the message or theme was inserted.</li>
<li>Author: author of the message or theme.</li>
</ul>
<p>
The search page provides the interface for searching contents of forums
including messages and titles.</p>
<div>
<pre class="programlisting">
<?vsp
declare id, acount, aresults integer;
declare aquery, awhat, askiped, search_res, sid, uid, url, usr varchar;
-- > at this point we instruct server to do server-side XSLT transformation
-- > over resultant document
-- > The transformation will be done before sending the document to the user-agent
-- > and after page execution is done.
-- > To provide flexible file location we use a registry setting for XSLT
-- > style sheets
http_xslt(sprintf ('file:%s/search.xsl', registry_get ('app_forums_xslt_location')));
-- > because the application does URL poisoning for session management
-- > we must retrieve the request parameters:
-- > the session ID
sid := get_keyword('sid', params, '0');
-- > the query text
aquery := get_keyword('q',params,'');
-- > the query locator (for what we searching)
awhat := get_keyword('wh',params,'t');
-- > how many records to skip
askiped := atoi (get_keyword('sk',params,'0'));
-- > how many results to return
aresults := atoi (get_keyword('rs',params,'10'));
-- > hits count
acount := atoi (get_keyword('c',params,'0'));
url := 'thread.vsp';
-- > also we get the user ID from the session variables
uid := connection_get ('pid');
usr := connection_get ('usr');
-- > now we are ready and call the stored procedure that returns the result from search
search_res := FORI_SEARCH_RES (aquery, awhat, askiped, aresults, acount);
?>
<!-- now we produce the result as well-formed XML document -->
<?xml version="1.0"?>
<page>
<sid><?=sid?></sid>
<usr><?=usr?></usr>
<url><?=url?></url>
<nav_2><?vsp http(FORI_SEARCH_FORM (sid, aquery, awhat, askiped, aresults, acount)); ?></nav_2>
<css_1/>
<squery><?=aquery?></squery>
<swhat><?=awhat?></swhat>
<sskiped><?=askiped?></sskiped>
<sresults><?=aresults?></sresults>
<scount><?=acount?></scount>
<?vsp http (search_res); ?>
<?vsp http (FORI_SEARCH_NAVIGATION (
sprintf('search.vsp?q=%s&wh=%s&rs=%d&c=%d&sid=%s&', aquery, awhat, aresults, acount, sid),
acount, askiped, aresults)); ?>
</page>
</pre>
</div>
<br />
<a name="forumssrchdesc" />
<h4>17.7.4.5. Search Page Analysis</h4>
<p>
First we declare the variables used inside the page. In VSP, variables can be
defined at any time, but it is generally good practice is to declare them
near the top.
</p>
<p>
We call <span class="computeroutput">http_xslt()</span> with a file URL parameter. This instructs the Virtuoso
server to do XSLT transformation on the server side before sending output
to the client, and after execution of the page. Hence we will produce
an XML document.
</p>
<p>
After this we need to get the input parameters session_id, query text,
how many records to skip, and how many records to display. We do this
by calling <span class="computeroutput">get_keyword()</span> and passing it the 'params' array.
Every VSP page has <span class="computeroutput">params</span>,
<span class="computeroutput">path</span>, and <span class="computeroutput">lines</span> as
input parameters. For
each call we supply a default value in case the variable has not been used. For
some of the parameters we need an integer, but varchars are always returned,
so we use <span class="computeroutput">atoi()</span> on the result to convert it to an integer.
</p>
<p>
Next we retrieve the persistent variables <span class="computeroutput">user id</span> and <span class="computeroutput">user name</span>. We do this
by calling <span class="computeroutput">connection_get()</span> with the session variable name.
</p>
<p>
After this preparation, we are ready to perform the searching by calling the PL stored procedure
<span class="computeroutput">FORI_SEARCH_RES()</span>. This procedure returns the XML entities that contain
the results from the search.
</p>
<p>
Once we have results, we want to produce the XML document that will be used in the
XSLT transformation. We do this part of the work using the shortcuts to the
<span class="computeroutput">http_value()</span> function: '<?= ?>' pairs, and
also in some places '<?vsp ?>' to call the <span class="computeroutput">FORI_SEARCH_FORM()</span> and
<span class="computeroutput">FORI_SEARCH_NAVIGATION()</span> procedures and
output their results.
</p>
<p>
The main benefits to this approach are:
</p>
<ul>
<li>design independency of VSP content: if we need a different design
we only need to change the XSLT style sheet;</li>
<li>different style sheets can represent different
themes. If we pass an additional 'theme' parameter, for example, we can
associate a new theme with a different style sheet. This way we have a fast
approach to customizing the look of the page;
</li>
<li>browser independence: because we do server-side XSLT transformation
we do not need the browser to support XSLT or XML at all.</li>
</ul>
<p>
If we comment out the line that instructs
Virtuoso to perform the XSLT transformation (<span class="computeroutput">http_xslt()</span>)
we will get the following document:
</p>
<div>
<pre class="programlisting">
<?xml version="1.0"?>
<page>
<sid>0</sid>
<usr>anonymous</usr>
<url>thread.vsp</url>
<nav_2><search_form>
<hidden>
<hidden_input type="hidden" name="sid" value="0" />
<hidden_input type="hidden" name="sk" value="0" />
<hidden_input type="hidden" name="rs" value="10" />
<hidden_input type="hidden" name="c" value="0" />
</hidden>
<select name="wh">
<option value="t" selected="1">theme title</option>
<option value="mt">message title</option>
<option value="mb">message body</option>
</select>
</search_form>
</nav_2>
<css_1/>
<squery></squery>
<swhat>t</swhat>
<sskiped>0</sskiped>
<sresults>10</sresults>
<scount>0</scount>
<search_result>
<no_hits/>
</search_result>
<navigation pages="0">
</navigation>
</page>
</pre>
</div>
<p>If we re-enable the XSLT transformation the user agent will
receive the following HTML content:
</p>
<div>
<pre class="programlisting">
<html><head>
<style type="text/css">
a:hover{color:#a2a2a2}
.id{font-size:12px;font-family:arial,sans-serif;font-weight:bold;color:#004C87}
.ie{font-size:12px;font-family:verdana,sans-serif;color:#FFFFFF}
.ir{font-size:14px;font-weight:bold;font-family:verdana,sans-serif;color:#FFFFFF}
.if{font-size:12px;text-decoration:none;font-family:verdana,sans-serif;
font-weight:bold;color:#E1F2FE}
.iname{font-size:12px;font-weight:bold;font-family:verdana,sans-serif;color:#FFFFFF}
.ipath{font-size:12px;text-decoration:none;font-weight:bold;
font-family:verdana,sans-serif;color:#004C87}
.inew {font-size:12px;text-decoration:none;font-weight:bold;
font-family:verdana,sans-serif;color:#FFC600}
.text {font-size:12px;text-decoration:none;font-family:Arial,sans-serif;color:#004C87}
</style>
</head>
<body>
<TABLE WIDTH="100%" BGCOLOR="#004C87" CELLPADDING="0" CELLSPACING="0" BORDER="0">
<TR>
<form action="search.vsp" method="post">
<TD WIDTH="20%" VALIGN="top">
<IMG SRC="i/logo_n.gif" HEIGHT="49" WIDTH="197" BORDER="0"></TD>
<TD WIDTH="40%" ALIGN="center">
<input type="text" name="q" size="36" value=""></TD>
<TD WIDTH="25%" ALIGN="center">
<select name="wh">
<option value="t" selected>theme title</option>
<option value="mt">message title</option>
<option value="mb">message body</option>
</select> <input type="hidden" name="sid" value="0">
<input type="hidden" name="sk" value="0">
<input type="hidden" name="rs" value="10">
<input type="hidden" name="c" value="0">
</TD>
<TD WIDTH="15%">
<input type="image" name="search" src="i/search.gif" border="0"></TD>
</form>
</TR>
</TABLE>
<TABLE WIDTH="100%" BGCOLOR="#02A5E4" CELLPADDING="0" CELLSPACING="0" BORDER="0">
<TR>
<TD>
<IMG SRC="i/str.gif" HEIGHT="12" WIDTH="35">
<a class="id" href="home.vsp?sid=0">Home</a>
</TD>
<TD HEIGHT="22" class="iname" ALIGN="right">anonymous </TD>
</TR>
</TABLE>
<TABLE BGCOLOR="#E1F2FE" ALIGN="center" WIDTH="100%" CELLPADDING="0" CELLSPACING="0" BORDER="0">
<TR>
<TD COLSPAN="3">
<IMG SRC="i/c.gif" HEIGHT="12" WIDTH="1">
</TD>
</TR>
<TR>
<TR BGCOLOR="#0073CC">
<TD WIDTH="60%" HEIGHT="24" class="ie"> message title</TD>
<TD WIDTH="20%" class="ie">time</TD>
<TD WIDTH="20%" class="ie">author</TD>
</TR>
<TR>
<TD COLSPAN="3">
<IMG SRC="i/c.gif" HEIGHT="2" WIDTH="1">
</TD>
</TR>
<TR>
<TD align="left" class="id" COLSPAN="3">No hits found</TD>
</TR>
<TR>
<TD HEIGHT="18" colspan="3" BGCOLOR="#0073CC" class="id">
</TD>
</TR>
</TR>
<TR>
<TD COLSPAN="3">
<IMG SRC="i/c.gif" HEIGHT="2" WIDTH="1">
</TD>
</TR>
<TR>
<TD COLSPAN="3" BGCOLOR="#0073CC">
<IMG SRC="i/c.gif" HEIGHT="1" WIDTH="1">
</TD>
</TR>
</TABLE>
</body>
</html>
</pre>
</div>
<p>The page sources are available in the default distribution under the
samples directory.</p>
<div class="tip">
<div class="tiptitle">See Also:</div>
<p>
For more information about the functions used see:
<a href="fn_http_xslt.html">http_xslt()</a>,
<a href="fn_http.html">http()</a>,
<a href="fn_http_value.html">http_value()</a>.
</p>
<p>For more information about VSP in general go the
<a href="vsp1.html">VSP Section</a>.</p>
</div>
<br />
<br />
<a name="corsshare" />
<h3>17.7.5. Setting up server-side Cross-Origin Resource Sharing (CORS) with Virtuoso</h3>
<p>User agents (e.g., Web browsers) have traditionally restricted scripts within web pages by a Same Origin Policy, which allowed scripts to make requests only to resources within the same domain from which the scripts themselves originated. This restriction is meant to protect the user and their computer from "Trojan horse websites" which may appear to be safe, but which then make unsafe HTTP requests to other, invisible sites. This restriction also protects the second website from potential "Denial of Service" and other attacks, whether accidental or intentional.</p>
<p>This policy has the unfortunate side-effect of also preventing client-side Web applications served from one website ("Origin") from retrieving data from another website ("Origin").</p>
<p>
<a href="http://www.w3.org/TR/cors/">Cross-Origin Resource Sharing (CORS)</a> is a mechanism intended to enable safer client-side cross-origin requests, primarily focused on data.</p>
<a name="corssharewk" />
<h4>17.7.5.1. How does CORS work?</h4>
<p>Authentication and session-management information methods are extended in several ways:</p>
<ul>
<li>Enforcement by User Agent
<ul>
<li>A server providing a resource can include an <strong>Access-Control-Allow-Origin</strong> HTTP response header, with a value of the
request's triggering script's site of origin (that is, the site which provided the script which
made the request for the resource), to indicate whether access to the resource's contents may be
allowed. The user agent validates that the value in this header matches the actual origin of the
script which made the request.
</li>
<li>User agents can use a "pre-flight request" to discover whether a cross-origin resource
is prepared to accept requests from a given script origin, using a complex method (which we will
not detail here). Again, the response is validated by the user agent.
</li>
</ul>
</li>
<li>Enforcement by Server-side Application
<ul>
<li>Server-side applications can refer to the <strong>Origin</strong> HTTP request header
to discover whether the user agent deemed it a cross-origin request. Here, the server-side
application enforces limitations (e.g., returning nothing, partial results, or full results) on
the cross-origin requests that they are willing to service at all.
</li>
</ul>
</li>
</ul>
<br />
<a name="corssharesetup" />
<h4>17.7.5.2. CORS Setup for Virtuoso servers</h4>
<p>With Virtuoso 6 and later (specific earliest versions as noted below), CORS support may be configured at the server-level or enabled through application logic (scripting, PL, etc.).</p>
<p>When working with older versions of Virtuoso, CORS support cannot be configured at the server-level, but it may be enabled within application logic (scripting, PL, etc.).</p>
<a name="corssharesetupapplv" />
<h5>17.7.5.2.1. Application-level CORS Setup</h5>
<p>Any Virtuoso PL (VSP)-based application can implement CORS checking through well-known
HTTP functions <a href="fn_http_request_header.html">http_request_header()</a> and
<a href="fn_http_header.html">http_header()</a>. This method will
work with any version of Virtuoso. For instance:</p>
<div>
<pre class="programlisting">
<?vsp
IF (http_request_header (lines, 'Origin', NULL) = 'http://host.org')
{
http_header ('Access-Control-Allow-Origin: http://host.org\r\n');
}
ELSE
{
RETURN;
}
-- Additional code here ---
?>
</pre>
</div>
<p>Applications running in other hosted environments (Perl, Python, PHP, ASP.NET, etc.) may also use their specific scripting options to add and/or check relevent headers.</p>
<br />
<a name="corssharesetupsrvlv" />
<h5>17.7.5.2.2. Server-level CORS Setup</h5>
<p>Note: These instance/server-level configuration instructions require
<a href="http://edit-wiki.usnet.private/dataspace/dav/wiki/VOS/VOSNews">Virtuoso Open Source (VOS) 6.1.3 or later</a>,
or <a href="http://download.openlinksw.com/virtwiz/">Virtuoso Commercial Edition 6.2.3129 or later</a>.</p>
<ol>
<li>In the Virtuoso Conductor, go to <strong>Web Application Server -> Virtual Directories & Directories</strong>.
<table class="figure" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<img alt="Server-side Cross-Origin Resource Sharing (CORS) Example Setup" src="../images/ui/oc1.png" />
</td>
</tr>
<tr>
<td>Figure: 17.7.5.2.2.1. Server-side Cross-Origin Resource Sharing (CORS) Example Setup</td>
</tr>
</table>
</li>
<li>Expand the <strong>Interface</strong> store.
<table class="figure" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<img alt="Server-side Cross-Origin Resource Sharing (CORS) Example Setup" src="../images/ui/oc2.png" />
</td>
</tr>
<tr>
<td>Figure: 17.7.5.2.2.1. Server-side Cross-Origin Resource Sharing (CORS) Example Setup</td>
</tr>
</table>
</li>
<li>Click <strong>New Directory</strong>.</li>
<li>Specify the desired <strong>Virtual Directory Type</strong>, or choose an existing virtual directory to use as a template.
<table class="figure" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<img alt="Server-side Cross-Origin Resource Sharing (CORS) Example Setup" src="../images/ui/oc3.png" />
</td>
</tr>
<tr>
<td>Figure: 17.7.5.2.2.1. Server-side Cross-Origin Resource Sharing (CORS) Example Setup</td>
</tr>
</table>
</li>
<li>Click <strong>Next</strong>.</li>
<li>Specify the <strong>Directory Path</strong> value.
<table class="figure" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<img alt="Server-side Cross-Origin Resource Sharing (CORS) Example Setup" src="../images/ui/oc4.png" />
</td>
</tr>
<tr>
<td>Figure: 17.7.5.2.2.1. Server-side Cross-Origin Resource Sharing (CORS) Example Setup</td>
</tr>
</table>
</li>
<li>Set the <strong>CORS</strong> options.
<table class="figure" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<img alt="Server-side Cross-Origin Resource Sharing (CORS) Example Setup" src="../images/ui/oc5.png" />
</td>
</tr>
<tr>
<td>Figure: 17.7.5.2.2.1. Server-side Cross-Origin Resource Sharing (CORS) Example Setup</td>
</tr>
</table>
<ul>
<li>
<strong>Cross-Origin Resource Sharing</strong>: Contains a single wildcard
asterisk, i.e., "<strong>*</strong>", or a space-delimited list of HTTP server URIs,
e.g., "<strong>http://example.com:8080 http://blah.example.com http://foo.example.com</strong>".
Scripts originating on the listed HTTP servers are authorized to retrieve the specified
resource(s); the wildcard means scripts from any HTTP server will be authorized. For this
example, enter the following single URI:
<div>
<pre class="programlisting">
http://demo.openlinksw.com
</pre>
</div>
</li>
<li>
<strong>Reject Unintended CORs</strong> checkbox: When ticked (and the application does not overwrite headers), unmatched Origins will be rejected by sending an empty response. For this example, tick this box.</li>
</ul>
</li>
<li>Click Save changes.</li>
</ol>
<br />
<a name="corssharewkspcurlexmp" />
<h5>17.7.5.2.3. Example Usage with cURL</h5>
<a name="corssharewkspcurlexmp1" />
<h6>Example 1</h6>
<ol>
<li>Suppose the example setup above is performed, and http://demo.openlinksw.com/ is in the CORS list.</li>
<li>In this case, the request below will return an empty response:
<div>
<pre class="programlisting">
$ curl -i http://demo.openlinksw.com/mytest/test.vsp
HTTP/1.1 200 OK
Server: Virtuoso/06.02.3128 (Win32) i686-generic-win-32 VDB
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 28 Oct 2010 09:27:54 GMT
Accept-Ranges: bytes
Content-Length: 0
</pre>
</div>
</li>
</ol>
<br />
<a name="corssharewkspcurlexmp2" />
<h6>Example 2</h6>
<ol>
<li>Suppose the example Setup above is performed, and http://demo.openlinksw.com/ is in the CORS list.</li>
<li>Also, suppose the curl command includes a proper Origin value, e.g.:
<div>
<pre class="programlisting">
-H "Origin: http://demo.openlinksw.com"
</pre>
</div>
</li>
<li>In this case, the request below will return a response including the retrieved content, etc.
<div>
<pre class="programlisting">
$ curl -i -H "Origin: http://demo.openlinksw.com" http://demo.openlinksw.com/mytest/test.vsp
HTTP/1.1 200 OK
Server: Virtuoso/06.02.3128 (Win32) i686-generic-win-32 VDB
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 28 Oct 2010 09:40:21 GMT
Access-Control-Allow-Origin: http://demo.openlinksw.com
Accept-Ranges: bytes
Content-Length: 7
</pre>
</div>
</li>
</ol>
<br />
<a name="corssharewkspcurlexmp3" />
<h6>Example 3</h6>
<ol>
<li>Suppose the Example Setup above is performed, but reject is off (i.e., "Reject Unintended CORs" check-box is not ticked).</li>
<li>In this case, the request below will return a response that lacks Access-Control-Allow-Origin:
<div>
<pre class="programlisting">
$ curl -i http://demo.openlinksw.com/mytest/test.vsp
HTTP/1.1 200 OK
Server: Virtuoso/06.02.3128 (Win32) i686-generic-win-32 VDB
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Date: Thu, 28 Oct 2010 09:45:01 GMT
Accept-Ranges: bytes
Content-Length: 7
</pre>
</div>
</li>
</ol>
<br />
<br />
<br />
<div class="tip">
<div class="tiptitle">See Also:</div>
<p>
<a href="https://wiki.mozilla.org/Security/Origin">Origin header proposal for CSRF and click-jacking mitigation</a>
</p>
<p>
<a href="http://arunranga.com/examples/access-control/">CORS In Action</a>
</p>
<p>
<a href="http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/">Cross-domain Ajax with Cross-Origin Resource Sharing</a>
</p>
<p>
<a href="http://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity">Guide to Secure Implementation of Cross Origin Requests in HTML5</a>
</p>
</div>
<br />
<table border="0" width="90%" id="navbarbottom">
<tr>
<td align="left" width="33%">
<a href="ftpservices.html" title="FTP Services">Previous</a>
<br />FTP Services</td>
<td align="center" width="34%">
<a href="internetservices.html">Chapter Contents</a>
</td>
<td align="right" width="33%">
<a href="ldap.html" title="LDAP">Next</a>
<br />LDAP</td>
</tr>
</table>
</div>
<div id="footer">
<div>Copyright© 1999 - 2009 OpenLink Software All rights reserved.</div>
<div id="validation">
<a href="http://validator.w3.org/check/referer">
<img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0!" height="31" width="88" />
</a>
<a href="http://jigsaw.w3.org/css-validator/">
<img src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" height="31" width="88" />
</a>
</div>
</div>
</body>
</html>
distrib
>
Fedora
>
14
>
x86_64
>
media
>
updates
>
by-pkgid
>
71d40963b505df4524269198e237b3e3
>
files
>
985
