Second Edition
Contents
1. 3 9 Uncaught Exceptions and Aborting Execution 3 10 Accessing Setup Information 4 Obtaining Data from Users 4 1 Temperature Conversion 4 2 Quotations for HTML Embedding 43 ii vii M CONN DD 11 12 16 18 18 19 20 21 21 22 Emulating State Using Hidden Form Variables 5 1 Counting Up and Down 5 2 Guess a Number Extracting Data from Foreign Web Sites 6 1 Grabbing 6 2 Regular Expressions 6 3 Structure RegExp 6 4 Currency Service Continued 6 5 Caching Support 6 6 Cache Interface 6 7 Memoization o eote sdn 6 8 Caching Version of Currency Service Connecting to an RDBMS 7 1 What to Expect from an RDBMS 7 92 The Testor Sesh Reeve ue 7 3 Data Modeling 7 4 Data Manipulation 7 5 Three Steps to 7 6 Transactions as Web Scripts 7 7 Best Wines Web Site Checking Form Variables 8 1 The Structure FormVar 8 2 Presenting Multiple Form Errors 83 Implementation lens Authentication 9 1 Feed2. Content Length Specifies the number of bytes in the document A persistent HTTP connection is used only if this header is present Content Type Specifies the MIME Multipurpose Internet Mail Ex tension type for the document Examples include text html and image png Date Specifies the current date Greenwich Mean Time Expires Specifies when content should be considered out of date Last Modified Indicates the last change of the document Location All responses with a status code in the range 300 399 should contain this header Refresh Indicates an interval in seconds at end of which the browser should automatically request the page again Set Cookie Specifies a cookie associated with the page Multiple Set Cookie headers may appear Figure 3 2 Some commonly used response headers 3 2 TIME OF DAY 15 Time of day Galeon lt Back gt Time of day The time of day is 11 33 50 Served by SMLserver Figure 3 3 The result of requesting the file time of day sml using the Netscape browser The HTTP request causes the compiled time of day sml program to be executed on the Web server and the response is sent via the HTTP protocol to the Web browser Library to obtain the present time of day HTML code to send to the users browser is constructed using Standard ML string primitives If you are new to HTML a short reference is provided
3. File usr share smlserver basis web Quot sml lists the signature for the Quot structure 5File smlserver demo www web recipe html 28 CHAPTER 4 OBTAINING DATA FROM USERS Untitled Galeon 4 Back gt gt v 9 stop 100 EL nttp Avewsmlserver org demo recipe html M Dynamic Recipe Apple Pie Enter the number of people you re inviting for apple pie n Compute Recipe Served by SMLserver Figure 4 3 The result of requesting the file recipe html using the Netscape browser The result of requesting the page recipe html using Netscape Navigator is shown in Figure 4 3 Computing the Recipe The script recipe sml which computes the apple pie recipe and returns a page to the user reads as follows fun error s Page return Error s An error occurred while generating a recipe for you use your browser s back button to backup and enter a number in the form Web exit val persons case FormVar wrap pt FormVar getNatErr persons of SOME n gt real n NONE gt error You must type a number fun pr num s r if Real r 1 0 then one s else if Real real round r r then 6File smlserver_demo www web recipe sml 4 3 A DYNAMIC RECIPE 29 Int toString round s else Real toString r g val _ Page return Apple Pie Recipe To make an Apple pie for pr num person persons you need the following ingredients lt ul gt
4. gt NONE 9 6 CACHING PASSWORDS FOR EFFICIENCY 99 handle Web Cookie CookieError _ gt NONE fun verifyPerson verifyPersonO fn p gt Db zero 0r neField select password from person where person id p 9 6 Caching Passwords for Efficiency It is unsatisfactory that a Web site needs to query the database for password information every time a user accesses a restricted page The solution is to use the SMLserver caching mechanism to avoid looking up passwords for users that have been accessing the Web site within the last 10 minutes 600 seconds To implement this idea the function verifyPerson is modified as follows fun verifyPerson let fun f p Db zeroOrOneField select password from person where person_id p val cache Web Cache get Web Cache String Web Cache String auth Web Cache WhileUsed SOME Time fromSeconds 600 SOME 10000 fun g Web Cache memoizePartial cache f in verifyPersonO g end For a discussion of the function Web Cache memoizePartial see Section 6 6 Note that if we were to implement scripts that allow users to modify their passwords we would of course need to flush the cache appropriately when users modify their passwords This is done by the function Web Cache flush presented in Section 6 6 on page 48 9 7 Applying the Authentication Mechanism We shall now see how a Web site may apply the authentication mechanism to restrict the transactions and conten
5. pp kind kind lt p gt Go back to lt a href cache sml kind kind gt Cache Demo Home Page lt a gt val _ new p is true if new value added case Web Conn formvar email of NONE Web returnRedirect cache sml SOME email gt returnPage case Web Cache lookup cache email of SOME uid name gt Name and userid for email is name Int toString uid NONE gt No name in cache for email 6 7 Memoization The function memoize adds caching functionality i e memoization to a function Assuming that the function f has type int gt string real and cis an appro File smlserver_demo www web cache_lookup sml 6 8 CACHING VERSION OF CURRENCY SERVICE 53 priately typed cache the expression memoize c f returns a new function f which caches the results of evaluating the function f Subsequent calls to f with the same argument results in cached pairs of strings and reals except when a result no longer lives in the cache in which case f is evaluated again Consider the Fibonacci function with type int gt int fun fib 0 1 fib1 21 fib n fib n 1 fib n 2 To implement a cached version of fib we create a cache named fib with cache type int int cache val cache Web Cache get Web Cache Int Web Cache Int fib Web Cache WhileUsed SOME Time fromSeconds 20 SOME 10000 To implement a memorized version of fib we can do the follow
6. For more examples consult the file regexp sm1 in the demonstration directory smlserver_demo www web 6 4 Currency Service Continued We are now ready to continue the development of the Currency Service initiated in Section 6 1 Recall that we have arranged for a page containing currency infor mation to be fetched from the Yahoo Finance Web site What we need to do now is to arrange for the currency information to be extracted from the fetched page which is available as a string in a variable pg By inspection we learn that at one time pg contains the following HTML code lt table gt AUDSEK X lt a gt lt td gt lt td gt 200 0 lt td gt lt td gt 23 18 lt td gt lt td gt 5 468220 lt td gt lt td gt lt b gt 1 093 64 lt b gt lt td gt lt tr gt lt table gt The pattern AUDSEK lt td gt 0 9 0 9 lt td gt may be used to extract the rate 5 468220 With this pattern it is not the value 200 0 that is extracted because with regular expressions it is always the longest match that is returned Here is the remaining part of the script currency sm1 continued from page 41 val pattern RegExp fromString 75 t lt td gt 0 9 0 9 lt td gt fun getdate Date fmt Y m a Date fromTimeLocal Time now fun round r Real fmt StringCvt FIX SOME 2 r 6 5 CACHING SUPPORT 47 val _ case RegExp extract pattern pg of SOME ratei rate2 gt let val rate Option
7. Alert Critical Error something bad occurred Warning default logging level Notice Info Debug lowest logging level 1s s write the string s to the log file with log severity ls advLog 1s s f log f s with log severity ls and return s 150 APPENDIX B THE WEB STRUCTURE B 10 The WEB_LOW_MAIL Signature Signature WEB_LOW_MAIL sig type MX_FQDN type mailer exception ConnectionErr of string string string list string string list string string list val getFQDN_MX string gt int int MX_FQDN list val FQDN_MX_toString MX_FQDN gt string val FQDN_MX_fromString string gt MX_FQDN val FQDN_MX_compare MX_FQDN MX_FQDN gt order val initConn MX_FQDN gt mailer val sendmail string list string string mailer gt string string list string string list string string list val closeConn mailer gt unit val getDefaultServer unit gt MX_FQDN option end MX_FQDN represents a Fully Qualified Domain Name for an record an smtp server mailer represents the mail connection socket and protocol state ConnectionErr may be raised by initConn and sendmail if the mailer has problems and needs to call closeConn getFQDN_MX take a domain names and returns a list of triplets where the first element is the preference the second element is the time to live and the third element is the Fully Qualified Doma
8. The function newPassword takes as argument an integer n and generates a new password constructed from n characters chosen randomly from the character set a zA Z2 9 lOO The function sendPassword takes a person_id as argument and sends an email with the user s password to the user The three strings loginPage defaultHome and siteName are configuration strings that default to the login page provided by the authentication mechanism the default page that the user is forwarded to once logged in and the name of the Web site The function verifyPerson returns SOME p if the user 1 is logged in and 2 is identified by the person id p otherwise the function returns NONE The imple mentation of the function checks if cookies with the names auth person id and auth password are available and if so proceeds by checking that the password in the database is identical with the password in the cookie For reasons having to do with caching of passwords Section 9 6 we define a function verifyPerson0 which the function verifyPerson calls with a function for extracting a password for a user from the database fun verifyPersonO getPasswd string gt string option person id option case Web Cookie getCookieValue auth person id Web Cookie getCookieValue auth password of SOME person id SOME psw gt case getPasswd person id of NONE NONE SOME db psw gt if db psw psw then Int fromString person id else NONE
9. lt li gt I text Web programming lt ul gt The program declares a variable text of type string a variable ulist of type string frag list and indirectly makes use of the constructors of this prede clared datatype datatype a frag QUOTE of string ANTIQUOTE of a What happens is that the quotation bound to ulist evaluates to the list QUOTE lt ul gt n lt 11 gt ANTIQUOTE love QUOTE Web programming n lt ul gt Using the Quot flatten function which has type string frag list gt string the value bound to ulist may be turned into a string which can then be sent to a browser To be precise a quotation is a particular kind of expression that consists of a non empty sequence of possibly empty fragments surrounded by back quotes u frags quotation frags charseq character sequence charseq id frags anti quotation variable charseq exp frags anti quotation expression 4 3 A DYNAMIC RECIPE 27 A character sequence written charseq is a possibly empty sequence of printable characters or spaces or tabs or newlines with the exception that the characters and must be escaped using the notation and respectively A quotation evaluates to a value of type ty frag list where ty is the type of all anti quotation variables and anti quotation expressions in the quotation A character sequence fragment charseq evaluates to QUOTE charseq An anti quotation fragment
10. 113 114 BIBLIOGRAPHY of Copenhagen and Royal Veterinary and Agricultural University of Denmark September 2001 Appendix A HTML Reference An HTML start tag is a name included in angle brackets like lt name gt perhaps decorated with attributes as in lt name attr arg gt An HTML end tag is a name included in angle brackets and pre fixed with a slash as in lt name gt An HTML element is either some text not including lt and gt a start tag or a start tag and an end tag with the same name surrounding another HTML element Examples of HTML elements include e lt title gt A small element lt title gt e lt a href index sml gt some text lt a gt An HTML document is composed of a single element lt html gt lt html gt com posed of head and body elements as follows html lt head gt lt head gt lt body gt lt body gt lt html gt For compatibility with older HTML documents the lt html gt lt head gt and lt body gt tags are optional A head element may include a title element other element types are sup ported as well lt title gt lt title gt The title element specifies a document title Notice that the title does not appear on the document Instead it may appear in a window bar identifying the contents of the window The title element is also what is used as the title of the document when it is bookmarked in a browser 115 116 APPENDIX A HTML REFERENC
11. 164 MissingConnectionexception 105 ML Basis File 18 ML Server Pages MSP 16 MLB directories 19 mlb file 8 18 modules 111 Mosmlcgi library 2 Msp structure 17 mspcomp 6 16 18 MySQL 7 66 newPassword function 98 news 111 not null 60 ODBC see unixODBC lt ol gt element 118 one to many relation 71 lt option gt element 118 121 Oracle 7 order by SQL command 73 ordered list 118 lt p gt element 116 Page structure 29 paragraph 116 password field 119 path cookie attribute 92 pattern 41 performance 58 periodic execution 111 Perl 3 permission system 90 person table 95 personalization 89 PHP 3 pool 66 port 116 INDEX Postgresql daemon process 7 installation 7 postgresql user 7 power failure 59 lt pre gt element 116 primary key 60 process fork 2 project your own 8 psql 65 psql command 8 Quot structure 27 quot type 27 Quot flatten 26 quotation 94 quotations 25 radio button 119 RatingUtil structure 74 RDBMS 7 57 connection 66 README_SMLSERVER file 5 referential integrity constraint 72 RegExp extract 45 RegExp match 44 registration 96 regular expression 41 86 reset input type 120 resource type 116 response headers 12 reusability 111 rows 121 rule horizontal 122 schedule function 106 scheduleDaily function 107 scheduleScript function 106 INDEX scheduleWeekly function 107 scheduling 106 script 18 sec
12. CHAPTER 4 OBTAINING DATA FROM USERS Chapter 5 Emulating State Using Hidden Form Variables We have mentioned earlier how state in SMLserver Web applications may be im plemented using a Relational Database Management System In Chapter 7 we shall follow this idea thoroughly In this chapter on the other hand we present some examples that show how state in Web applications may be emulated using so called hidden form variables The main idea is that no state is maintained by the Web server itself instead all the state information is sent back and forth between the client and the Web server for each request and response The first example we present implements a simple counter with buttons for counting up and down The second example implements the Guess a Number game 5 1 Counting Up and Down The implementation of the counter consists of one sml file named counter sml which uses the FornVar functionality described on page 25 in Section 4 1 to get access to the form variable counter if present If the form variable counter is not present a value of 0 zero is used for the value of counter The implementation also makes use of the function Web Conn formvar on which the FormVar structure is built see Section 8 3 on page 86 The script counter sml takes the following form val counter Int toString case FormVar wrapOpt FormVar getIntErr counter lFile smlserver_demo www web counter sml 33 34 USING HI
13. Db qqq note where email Db qqq email and passwd Db qqq passwd val _ Db dml update Web returnRedirect search sml email Web encodeUrl email handle _ gt Page return Employee Database Update failed The function Web returnRedirect returns a redirect which causes the browser to request the script search sml1 from the server The email address is sent along to the search sm1 script as a form variable The value is URL encoded to support characters other than letters and digits in the email address 7 7 Best Wines Web Site We now present a somewhat larger example The example constitutes a wine rating Web site which we call Best Wines The Best Wines Web site allows users to rate and comment on wines and to see the average rating for a wine in addition to other user s comments Recall the three steps to the successful construction of a Web site backed by a database 1 Development of a data model that supports all necessary transactions 2 Design of a Web site diagram that specifies names of scripts and how scripts link 3 Implementation of scripts including the implementation of database trans actions using the SQL data manipulation language The next three sections cover these steps for the Best Wines Web site Data Model and Transactions The data modeling process attempts to answer questions that focus on application data What are the primary data objects that are processed by the sy
14. lt img align right src applepie jpg gt lt li gt pr num cup persons 16 0 butter lt li gt pr num cup persons 4 0 sugar lt li gt pr num egg persons 4 0 lt li gt pr num teaspoon persons 16 0 salt lt li gt pr num teaspoon persons 4 0 cinnamon lt li gt pr num teaspoon persons 4 0 baking soda lt li gt pr num cup persons 4 0 flour lt li gt pr num cup 2 5 persons 4 0 diced apples lt li gt pr num teaspoon persons 4 0 vanilla lt li gt pr num tablespoon persons 2 0 hot water lt ul gt Combine ingredients in order given Bake in greased 9 inch pie pans for 45 minutes at 350F Serve warm with whipped cream or ice cream lt p gt Make lt a href recipe html gt another recipe lt a gt When a user enters a number say 4 in the form shown in Figure 4 3 and hits the button Compute Recipe a recipe is computed by the recipe sml program and HTML code is sent to the user s browser which layouts the HTML code as shown in Figure 4 4 The expression FormVar wrapOpt FormVar getNatErr results in a function with type string gt int option This function takes the name of a form variable as argument and returns SOME n if a representable natural number n is associated with the form variable If on the other hand the form variable does not occur in the query data or the value associated with the form variable is not a well formed integer gre
15. 2 3 INTERFACING TO AN RDBMS T ps cols 200 guax grep nsd you should see that Apache is running five or six processes Apache writes infor mation into the file var log apache2 error log By looking at the log you should see a notice that Apache has loaded the SMLserver module 2 3 Interfacing to an RDBMS To get access to an RDBMS from within your SMLserver scripts an RDBMS sup ported by SMLserver must be installed on your system Supported RDBMS s include MySQL Oracle and Postgresql http www postgresql org The MySQL and Postgresql databases are supported through unixODBC Information on how to use SMLserver with Oracle and MySQL is available from the SMLserver home page The next section describes how to interface to the Open Source RDBMS Postgresql 2 4 Interfacing to Postgresql This section describes how to set up a database with Postgresql for the pur pose of using it with SMLserver We assume that Postgresql gt 8 1 is al ready installed on the system We also assume that SMLserver is configured with unixODBC support enable odbc before compilation and installation see the file README SMLSERVER for details Follow the steps below 1 Re start the Postgresql daemon process by executing the following com mand sudo etc init d postgresql 8 1 restart 2 Create a database user with the same name as your user name on the Linux box sudo su postgres createuser P user Invent a new passwo
16. Because they are often stored locally on client computers other users that have access to the computer may have access to the cookie information Windows 98 Also most client Web browsers support only a limited number of cookies so if a Web service sends a cookie to a browser then it is uncertain for how long time the cookie remains on the client Despite the problems with cookies it is difficult to build a useful authentication mechanism without the use of cookies In particular authentication mechanisms entirely based on form variables require a user to login to the Web site whenever the user visits the site Also of importance is that authentication mechanisms entirely based on form variables require more tedious programming than when cookies are used because authentication information is required on all links and form actions SMLserver implements the following Cookie interface structure Cookie sig exception CookieError of string type cookiedata name string 9 1 FEEDING COOKIES TO CLIENTS 91 value string expiry Date date option domain string option path string option secure bool val allCookies unit gt string string list val getCookie string gt string string option val getCookieValue string gt string option val setCookie cookiedata gt unit val setCookies cookiedata list gt unit val deleteCookie name string path string option gt string end The
17. Debug If the server is in Debug mode specified by a flag in the configuration file the message is printed If the server is not in debug mode the message is not printed Allowing SMLserver scripts to write messages to the server log file turns out to be handy for debugging scripts 3 9 Uncaught Exceptions and Aborting Execution We still have to explain what happens when a script raises an exception that is not handled i e caught by the script itself SMLserver deals with such uncaught exceptions by writing a warning in the server log file explaining what exception is raised by what file Fri Dec 02 17 00 32 2005 warn 22 CHAPTER 3 PRESENTING PAGES TO USERS home varming apache2worker htdocs web www web upload MLB SMLserver upload_form sml uo raised Fail There is one exception to this scheme If the exception raised is the predefined top level exception Interrupt no warning is written to the server log file In this way raising the Interrupt exception may be used to silently terminate the execution of a script perhaps after serving the client an error page The func tion Web exit which has type unit gt ty for any type ty exits by raising the exception Interrupt An important aspect of using the function Web exit to abort execution of a script is that with the use of exception handlers resources such as database connections see Chapter 7 may be freed appropriately upon exiting It is important that SMLserver
18. cache a b Time time option gt bool val flush a b cache gt unit val memoize a b cache gt a gt b gt a gt b val memoizeTime a b cache gt gt b Time time option gt a gt b val memoizePartial a b cache gt a gt b option gt a gt b val memoizePartialTime a b cache gt a gt b Time time option option gt a gt b end A cache of type 8 cache maps keys of type a Type to values of type Type The WEB SERILIZE signature defines a set of base types i e Int Real Bool Char and String and a set of type constructors to build new types i e Pair Option List and Triple A cache has a cache name which is represented by a Standard ML string SMLserver supports two kinds of caches The structure Cache is accessed through the Web structure 6 6 THE CACHE INTERFACE 49 e Timeout caches For caches of kind TimeOut SOME t s an entry inserted with timeout SOME t expires min t t from insertion If an entry is inserted with NONE is used and vice versa If both are NONE no timeout occurs If s is SOME s then the cache will not grow larger than s Otherwise the cache might grow very large If supplied with a timeout this kind of cache guarantees that the cache is updated with freshly computed information even if the cache is accessed constantly This cache strategy is
19. 41 Currency Service Galeon d lt Back Currency Exchange Service This service obtains currency rates from Y aahoo Finance Calculate Another interesting example of obtaining data from foreign sites is the Bill Gates Personal Wealth Clock Served by SMLserver Figure 6 1 The Currency Service entry form currency form html val pg case Web fetchUrl url of NONE gt errPage SOME pg gt pg code that extracts the currency rate from pg and presents calculations for the user The code constructs the URL by use of the form variables provided by the user Notice the use of the function Web encodeUr1 for building the URL the function Web encodeUrl encodes characters such as amp and that otherwise are invalid or have special meaning in URLs The returned page pg contains HTML code with the currency information that we are interested in Before we continue the description of the currency example we shall spend the next section on the concept of regular expressions Later regular expressions are used to extract the interesting currency information from the page obtained from Yahoo Finance 6 2 Regular Expressions In this section we introduce a language of regular expressions for classifying strings A relation called matching defines the class of strings specified by a particular regular expression also called a pattern By means of the definition of matching one may ask
20. As the name suggests the update command may be used to update a number of rows in a table The following example update command uses a where clause to update the content of the note column for any employee with email address nh it edu of which there can be at most one because email is a key update employee set note back in office where email nh it edu Here is an example that updates more than one column at the same time update employee set note going to lunch passwd back where email mael it edu After the two update commands the employee table looks as follows email name passwd note mael it edu Martin Elsman back going to lunch nhOit edu Niels Hallenberg hi back in office delete The delete command is used to delete rows from a table As for the select and update command one must be careful to constrain the rows that are effected using where clauses An example delete command that deletes one row in the employee table looks as follows delete from table employee where email mael it edu 64 CHAPTER 7 CONNECTING TO AN RDBMS 7 5 Three Steps to Success When developing Web sites backed by a database we shall often commit to the following three steps 1 Development of a data model that supports all necessary transactions This is the hard part 2 Design of a Web site diagram that specifies names of scripts and how scripts link to each other Do not underestimate the i
21. POST see Section 3 1 A 2 1 Input Fields An input element lt input type inputType which has no associated ending tag specifies that the user may enter information in the form The attribute type is required in input elements In most cases an input field assigns a value to a variable with a specified name and a specified input type Some possible input types are listed in the following table inputType Description text Text field size attribute may be used to specify length of field password As text but stars are shown instead of the text that the user enters checkbox Allows user to select zero or more options radio Allows user to choose between a number of options submit Shows a button that sends the completed form to the server specified by the attribute action in the enclosing form element reset Shows a button that resets the form variables to their default values hidden Defines a hidden input field whose value is sent along with the other form values when the form is submitted This input type is used to pass state information from one Web script to another Additional attributes to the input element include 120 APPENDIX A HTML REFERENCE name Name where Name is a symbolic name identifying the input variable value Value where the meaning of Value depends on the argument for type For type text or type password Value is the default value fo
22. Returns f applied on the row if it exists Raises Fail on error LexistsOneRowDb db sql executes SQL statement sql and returns true if one or more rows are returned otherwise returns false Raises Fail on error seqNextvalDb db seq_name executes SQL statement using database handle db to generate a new number from sequence seq_name Raise Fail on error seqCurrvalDb db seqName executes SQL statement using database handle db to get the current number from sequence seq_name Raises Fail on error wrapDb f obtains a handle db with getHandle applies f to db and before returning the result the handle db is returned with putHandle 146 APPENDIX B THE WEB STRUCTURE The WEB_DYNLIB Signature Signature WEB_DYNLIB sig datatype flag NOW LAZY type ForeignLib val dlopen string option flag bool gt ForeignLib val dlsym string string ForeignLib gt unit val isLinked string gt bool end B 8 THE WEB_INFO SIGNATURE 147 B 8 The WEB_INFO Signature Signature WEB_INFO sig structure Type WEB_SERIALIZE val hostname unit gt string val pid unit gt int val uptime unit gt int val configGetValue a Type Type string gt a option val configSetValue string a gt unit val configSetSpecialValue a Type Type string a gt unit Type Type string gt unit val pageRoot unit gt string val getAuxConfig
23. WEB SIGNATURE 127 given file to the client In addition to setting the HTTP status response line to 200 and the Content Type header from the given parameter the function also uses the stat system call to generate the appropriate Last Modified and Content Length headers May raise MissingConnection or Fail msg if file cannot be accessed returnFile file as returnFileMime but gets the Content Type mimetype argument from calling the function Web Mime getMime with the given file as parameter fetchUrl u fetches a remote URL u connects the Web server to another HTTP Web server and requests the specified URL The URL must be fully qualified Currently the function cannot handle redirects or requests for any protocol except HTTP Returns NONE if no page is found fetchUrlTime u as fetchUrl but with a specified timeout in seconds buildUrl u 1 constructs a link to the URL u with the form variable pairs 1 appended to u delimited by amp and with the form values URL encoded schedule s serv d t schedule a script s to be executed on server serv on date d at time t If serv is NONE localhost is used as server deSchedule s Unschedule the script s from execution scheduleScript s serv d after a call to this function the script determined by the file s on server serv is scheduled to execute every d seconds Usually calls to the scheduleScript function appears in the initialization script web_sys init sml to setup sche
24. a course registration system for the IT University of Copenhagen Experience with SMLserver demonstrates that the strict type system of Stan dard ML combined with its advanced language features such as modules and higher order functions ease maintainability and extensibility If used properly the advanced language features make separation of code from presentation straight forward and increase reusability of code Although it is possible to create large Web sites with SMLserver there are currently a few features missing which we plan to add to SMLserver soon Among the features missing are support for XML and XSLT translations support for the Oracle clob datatype and a SOAP interface We have implemented several improvements to SMLserver since the previous publication of this book including a typed cache interface and caching of region pages which speeds up script execution considerably We have also implemented the possibility of periodic execution of scripts using the SMLserver API Similarly we have added support for an initialization file to be executed at server start up We have also implemented a simple trap mechanism for supporting filtering For technical issues concerning SMLserver see also EL04 EH03 and 2 111 112 CHAPTER 12 SUMMARY Bibliography EH02 EL04 FP02 Gre99 HR99 MTHM97 Pau96 TBE 01 Martin Elsman and Niels Hallenberg A region based abstract ma
25. default is Sources mlb An example ML Basis file is listed in Figure 3 5 The m1b file specifies that the two scripts time of day sml and mul msp sml are made available for clients by SMLserver Assuming the project file name corresponds to the file name mentioned in the Apache configuration file upon successful compilation of the project a user may request the files time of day sml and mul msp sml The two example scripts time of day sml and mul msp sml ie mul msp compiled with mspcomp may refer to identifiers declared in the files mentioned in the local part of the project file i e between the keywords 1ocal and in includ 3 6 COMPILATION 19 local SML LIB basis basis mlb SML LIB basis web lib mlb web demo lib Page sml web demo lib FormVar sml in Script files may refer to identifiers declared in library files but cannot refer to identifiers in other script files scripts time of day sml mul msp sml end end Figure 3 5 An ML Basis file for the two examples in this chapter ing identifiers declared by the Standard ML Basis Library and the Web library In the local part of the mlb file it is allowed for an sml file to refer to identi fiers declared by previously mentioned sml files or mlb files However an sm1 file mentioned in the scripts end part of an m1b file may not refer to identifiers de clared by other files in scripts end parts of the mlb file Thus in the example
26. flush function 50 form 118 lt form gt element 118 form variable 117 hidden 119 FormVar structure 25 84 formvar_fn type 84 frag type 26 function anonymous 17 functional programming 3 get function 49 getCookie function 92 getIntErr function 25 getNatErr function 29 getStringOrFail function 69 group by SQL command 73 lt hi gt element 117 hard part 64 lt head gt element 115 header 117 hidden form variable 119 high level language 3 higher order function 111 hit rate 47 lt hr gt element 122 HTML 115 comment 121 element 115 form 118 HTTP 2 request 11 response 12 15 response headers 12 status code 12 status codes 16 hyperlink 116 163 lt i gt element 117 lt img gt element 121 imperative features 3 index database table 60 init sml 8 initialization 105 lt input gt element 118 119 insert SQL command 61 insert function 50 installation 5 integrity constraint 72 interpreter embedded 2 Interrupt exception 22 isolation 59 language embedding 25 lt li gt element 118 library code 9 limitations 111 line break 122 listing element 116 little sleep 58 log file 21 login 89 90 form 96 logout 90 lookup function 50 low level language 3 mailto function 74 maintainability 111 Margaux Chateau de Lamouroux 78 memoize function 53 memoizePartial function 99 method attribute 119 Mime type see content type MissingConnection
27. go to a meeting or such For the three managers and the 20 employees in the management department the system works great after two weeks the success of your Web based employee system has spread to other departments in the organization Gradually more departments start using your system but at some point people start complaining about slow response times especially around lunch time where everyone of the 300 employees that now use the system wants to update the What am I doing now field After a few days of complaints you get the idea that you can read the data file into an efficient data structure in the Web server s memory thereby getting quicker response and update times as long as you write log files to disk that say how the data file should be updated so as to create a valid data file After a few more weeks of development and only a little sleep the system finally performs well You know that there are issues that you have not dealt with For example what happens if somebody shuts down the machine while a log file is written to disk Is the system then left in an inconsistent state You start realizing that what you have been doing the last month is what some companies have been doing successfully for decades you have developed a small database management system although tailored specifically to your problem at hand and very fragile to changes in your program You decide to modify your Web application to use a database manag
28. gt b option val insert a b cache a b Time time option gt bool val flush a b cache gt unit Memoization val memoize a b cache gt gt b gt a gt b val memoizeTime a b cache gt Ca gt Cb Time time option gt gt b val memoizePartial a b cache gt a gt b option gt a gt b option val memoizePartialTime a b cache gt Qa gt Cb Time time option option gt a gt option Cache info val pp_type a Type gt string val pp_cache a b cache gt string end x kind abstract type for cache kind A cache kind describes the strategy used by the cache to insert and emit cache entries The following strategies are supported 130 APPENDIX B THE WEB STRUCTURE WhileUsed t sz elements are emitted from the cache after approximately t time after the last use The cache has a maximum size of sz bytes Elements are emitted as needed in order to store new elements The size sz should not be too small a minimum size of 1 Kb seems to work fine for small caches larger cache sizes are also supported TimeOut t sz elements are emitted from the cache after approximately t time after they are inserted a b cache abstract type of cache A cache is mapping from keys of type a to elements of type b Only values of type a Type and b Type can be u
29. header Because the document is moved permanently the browser may update book marks accordingly 302 Found The requested document has moved temporar ily This status code is very useful because it makes a client request the URL in the Location header automatically 400 Bad Request Bad syntax in the client request 401 Unauthorized The client tries to access a password protected page without specifying proper information in the Authorization header 404 Not Found The no such page response 405 Method Not Allowed Request method is not allowed 500 Internal Server Error The server is buggy response 503 Service Unavailable Server is being maintained or is overloaded Figure 3 1 The most commonly used HTTP status codes 14 CHAPTER 3 PRESENTING PAGES TO USERS Header Description Allow Specifies the request methods GET POST etc that a server allows Required for responses with status code 405 Method Not Allowed Cache Control Tells client what caching strategy may be used Usable values include public document may be cached private document may be cached by user no cache document should not be cached no store document should not be cached and not stored on disk Content Encoding May be used for compressing documents e g with gzip Content Language Specifies the document language such as en us and da See RFC 1766 for details
30. id or evaluates to ANTIQUOTE value where value is the value of the variable id or the expression exp respectively Quotations are used extensively in the sections and chapters that follow In fact to ease programming with quotations the type constructor quot is declared at top level as an abbreviation for the type string frag list Moreover the symbolic identifier is declared as an infix identifier with type quot quot gt quot and associativity similar to More operations on quotations are available in the Quot structure 4 3 A Dynamic Recipe This section provides another example of using quotations to embed HTML code in your Standard ML Web applications Similarly to the temperature conversion example this example is made up by two files a file recipe html that provides the user with a form for entering the number of persons to serve apple pie and a script recipe sml that computes the ingredients and serves a recipe to the user The Recipe Form The file recipe html contains the following HTML code lt html gt lt body bgcolor white gt lt h2 gt Dynamic Recipe Apple Pie lt h2 gt Enter the number of people you re inviting for apple pie lt form method post action recipe sml gt lt input type text name persons gt lt input type submit value Compute Recipe gt lt form gt lt hr gt lt i gt Served by a href http www smlserver org gt SMLserver lt a gt lt i gt lt body gt lt html gt
31. in Appendix A on page 115 val time of day Date fmt ZH YM S Date fromTimeLocal Time now val _ Web Conn return lt html gt lt head gt lt title gt Time of day lt title gt lt head gt lt body bgcolor white gt lt h2 gt Time of day lt h2 gt The time of day is time of day N lt hr gt lt i gt Served by lt a href http www smlserver org gt SMLserver lt a gt X lt i gt lt body gt lt htm1 gt Figure 3 3 shows the result of a user requesting the file time of day sml from the Web server The example uses the Web structure which gives access to the Web server API to get an overview of what functions are available in the Web structure consult Appendix B which lists the Standard ML signature for the structure The function Web Conn return takes a string as argument and sends an HTTP response with 16 CHAPTER 3 PRESENTING PAGES TO USERS status code 200 Found and content type text html to the browser along with HTML code passed in the argument string In Section 4 2 on page 25 we show how support for quotations may be used to embed HTML code in Standard ML Web applications somewhat more elegantly than using Standard ML string literals In the next section we explore SMLserver s support for ML Server Pages MSP 3 3 A Multiplication Table SMLserver supports the execution of dynamic Web pages written using ML Server Pages MSP In this section we show how a
32. initializes the set of pools The pools must be defined in the nsd tcl configuration file See the file lib Db sml for a use of this function dm1Db db dml executes the data manipulation language command dml using database handle db Raises Fail msg if dml is unsuccessful msg is the error message returned from the database panicDmlDb db f sql executes the data manipulation language command dml using database handle db Calls the function f with with an error message as argument if the dml command is unsuccessful panicDmlDb returns unit and raises an exception only if f does dmlTransDb db f executes function f using handle db which may send a series of SQL statements to the database All SQL statements are executed as one atomic transaction If any statement fails or any 144 APPENDIX B THE WEB STRUCTURE exception is raised inside f then the transaction is rolled back and the exception is raised dmlTrans f similar to dmlTransDb but with a database handle obtained from the next available pool panicDmlTransDb db f_panic f_db same as dmlTransDb except that on error function f_panic is executed panicDmlTransDb returns the value returned by f_panic unless f_panic raises an exception in which case panicDmlTransDb raises this exception panicDmlTrans f panic f db similar to panicDmlTransDb but a database handle is obtained from the next available pool foldDb db f b sql executes SQL statement sql and folds over the
33. is constructed which presents the submitted temperature in degrees Celsius a calculated temperature in degrees Fahrenheit and a link back to the temp htm1 form The result of a user converting a temperature in degrees Celsius to a temperature in degrees Fahrenheit is shown in Figure 4 2 4 2 Quotations for HTML Embedding As we have seen in the previous example embedding HTML code in Standard ML programs using strings does not look nice many characters must be escaped and splitting of a string across lines takes several additional characters per line This limitation of Standard ML strings makes it difficult to read and maintain HTML code embedded in Standard ML Web applications Fortunately many Standard ML implementations support quotations which makes for an elegant way of embedding another language within a Standard ML program Here is a small quotation example that demonstrates the basics of quo tations val text love val ulist string frag list lt ul gt 3File smlserver_demo web_demo_lib FormVar sml 26 CHAPTER 4 OBTAINING DATA FROM USERS Untitled Galeon Back v gt v 39 Stop 100 http www smlserver org demo temp sml temp c 20 Fe Y Temperature Conversion 20 degrees Celcius equals 68 degrees Fahrenheit Go calculate a new temperature Served by SMLserver Figure 4 2 The result of a user converting a temperature in degrees Celsius to a temperature in degrees Fahrenheit
34. made up of one file temp htm1 containing an HTML form for querying a temperature from the user and a script temp sm1 for calculating the temperature in degrees Fahrenheit based on the temperature in degrees Celsius The Temperature Form The file temp html reads as follows lt html gt lt body bgcolor white gt lt h2 gt Temperature Conversion lt h2 gt Enter a temperature in degrees Celcius File smlserver demo www web temp html 23 24 CHAPTER 4 OBTAINING DATA FROM USERS Untitled Galeon 4 Bak gt Oo q b G9 stop 100 Zi http www smiserver arg demortemp html Temperature Conversion Enter a temperature in degrees Celcius 20 Compute Fahrenheit Temperature Served by SMLserver Figure 4 1 The result of displaying the file temp htm1 using the Netscape browser form method get action temp sml lt input type text name temp c lt input type submit value Compute Fahrenheit Temperature gt lt form gt lt hr gt lt i gt Served by lt a href http www smlserver org gt SMLserver lt a gt lt i gt lt body gt lt html gt The result of displaying the above HTML code in a Web browser is shown in Figure 4 1 The action of the HTML form is the script temp sml When the user of the HTML form enters a temperature in the text field 20 say and hits the Compute Temperature in Fahrenheit button the script temp sml is requested from the Web server with the form data temp
35. maintain and extend not to mention customize Although the cost of using statically typed programming languages for Web applications is a more tedious development cycle a static type system may cause many bugs to be found before a Web site is launched and help the programmers in the development process The SMLserver project was initiated in the end of 2000 by the construction of an embeddable runtime system and a bytecode backend for the MLKit TBET 01 an Open Source Standard ML compiler Once the bytecode backend and the embeddable runtime system also called the Kit Abstract Machine KAM was in place the KAM was embedded in an AOLserver module in such a way that requests for files ending in sm1 and msp also called scripts cause the correspond ing compiled bytecode files to be loaded and executed In April 2001 the basic system was running but more work was necessary to support caching of loaded code multi threaded execution and many of the other interesting AOLserver fea tures such as database interoperability In 2005 SMLserver was ported to Apache 2 0 including the many great features of AOLserver including script scheduling Oracle and MySQL database support caching support and much more SMLserver has been used in practice for building large intranet systems in the form of a course evaluation system at the IT University of Copenhagen and an online course registration system In the following we assume that the reader
36. member with name 2 list type lt array gt Homogeneous lists where elements must be of identical type array type array Homogeneous arrays where elements must be of identical type vector type array Homogeneous vectors where elements must be of identical type Index in quotation 27 symbolic identifier 27 lt a gt element 116 aborting execution 21 access control 2 access restriction 89 ACID test 59 action attribute 119 lt address gt element 121 allCookies function 92 alter table SQL command 61 alumni system viii 111 anchor 116 anonymous function 17 anyErrors function 86 Apache log file 21 modules 18 restart 8 setup 22 start up 18 atomicity 59 attribute HTML tag 115 Auth structure 96 authentication 48 89 average rating 73 lt b gt element 117 base type Bool 48 Char 48 Int 48 Real 48 String 48 Best Wines Web site 70 Bill Gates 47 lt blockquote gt element 116 lt body gt element 115 bookmark 115 bottle images 81 bottleImgs function 74 lt br gt element 122 cache 48 99 cache type 48 cache kind TimeOut 48 WhileUsed 48 cache name 48 CGI 2 character 118 checkbox 119 clob datatype 111 cols 121 Common Gateway Interface 2 compact attribute 118 compilation 18 19 configGetValue function 109 configSetValue function 109 configuration file project file name 18 161 162 consistency 59 c
37. mlb file mul msp sml may not refer to identifiers declared in time_of_day sml 3 6 Compilation As mentioned a project is compiled with the SMLserver compiler smlserverc with the name of the project file sources mlb is the default name to use given as argument smlserverc sources mlb The bytecode files and other information resulting from compilation of a source file are stored in a subdirectory named MLB located in the same directory as the source file To work efficiently with SMLserver you need not know anything about the content of the MLB directories In particular you should not alter the content To see what parts of the Standard ML Basis Library that SMLserver supports consult the file usr 1ocal lib smlserver basis basis mlb on your system gt See the file usr local lib smlserver basis web lib mlb 20 CHAPTER 3 PRESENTING PAGES TO USERS of these directories although it is safe to remove MLB directories if you want to force a recompile of an entire ML Basis File To compile an msp file file msp into file file msp sml simply execute the command mspcomp file msp 3 7 Loading and Serving Pages The first time SMLserver serves an sm1 file SMLserver loads the bytecode for the Standard ML Basis Library along with user libraries mentioned in the mlb file before the bytecode for the sm1 file is loaded Upon subsequent requests for an sml file SMLserver reuses the bytecode already loaded After bytecode fo
38. next section and on a user table stored in a database The authentication mechanism makes it possible for users to have a machine generated password sent by email Hereafter users may login to the Web site using their email address and the newly obtained password The authentication mechanism also provides functionality for users to logout but the main feature of the authentication mecha nism is a simple programmer s interface for checking whether a user is logged in or not It is straightforward to add more sophisticated features to the authentication mechanism such as a permission system for controlling which users may do what 9 1 Feeding Cookies to Clients Cookies provide a general mechanism for a Web service to store and retrieve per sistent information on the client side of a connection In response to an HTTP re quest a server may include a number of cookies in the header part of the response The cookies are installed on the client e g Netscape and Internet Explorer and are automatically sent back to the Web server in later requests to the Web service Although a client sends a cookie back only to the Web service that issues the cookie one cannot count on cookies to be a secure mechanism for transferring data between a Web service and its clients As is the case with form data cookies are transmitted in clear text unless some encryption mechanism such as SSL Secure Socket Layer is used There are other problems with cookies
39. p gt lt a href url gt url lt a gt lt p gt New lt a href currency_cache html gt Calculation lt a gt The program creates a cache cache that maps strings base type String to optional reals constructed type Option Real The anonymous function passed to the function memoize tries to fetch a page from Yahoo Finance and extract the currency rate for the currencies encoded in the argument URL Now when passed to the function memoize the fetching function is executed only if no currency rate is associated with the argument URL in the cache named currency Notice that only currency rates are stored in the cache not the entire fetched pages 56 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES Chapter 7 Connecting to a Relational Database Management System Until now the Web applications that we have looked at have been in the category of Web sites that are programs In this chapter we exploit the possibility of implementing Web applications that fall into the category Web sites that are databases The ability of a Web application accessing and manipulating informa tion stored in some sort of database drastically widens the kind of Web applications that one can build There are many possible ways in which a Web application may keep track of data between sessions One possibility is to use the file system on the machine on which the Web server runs for storing and reading data Another possibility is to use
40. pools The function qq which has type string gt string returns the argument string in which every occurrence of a quote is replaced with a double occurrence 68 CHAPTER 7 CONNECTING TO AN RDBMS Thus the result of evaluating qq don tforget is the string don tforget The function qqq is similar to the qq function with the extra functionality that the result is encapsulated in quotes The script search sml which implements the employee search functionality looks as follows fun returnPage title body Web return lt html gt lt head gt lt title gt title lt title gt lt head gt lt body bgcolor white gt lt center gt lt h2 gt title lt h2 gt lt p gt body lt center gt lt body gt lt html gt val email FormVar wrapFail FormVar getStringErr email email val sql select name note from employee where email Db qqq email val _ case Db zero r neRow sql of SOME name note gt returnPage Employee Search Success lt form action update sml method post gt lt input type hidden name email value email lt table align center border 2 gt lt tr gt lt th gt Name lt th gt td name td tr lt tr gt lt th gt Email lt th gt td email td tr lt tr gt lt th gt Note lt th gt lt td gt lt input name note type text value note gt lt td gt lt tr gt lt tr gt lt th gt Password lt th gt
41. result set b is the base and f is the fold function the first argument to f is a function that maps column names to values Raises Fail msg on error foldSetdb db f b sql similar to foldDb except that f takes the result set as argument Raises Fail msg on fail appDb db f sql executes SQL statement sql and applies f on each row in the result set Raises Fail on error listDb db f sql executes SQL statement sql and applies f on each row in the result set The result elements are returned as a list Raises Fail on error zeroOrOneRowDb db sql executes SQL statement that must return either zero or one row Returns all columns as a list of strings Raises Fail on error oneFieldDb db sql executes SQL statement sql which must return exactly one row with one column which the function returns as a string Raises Fail on error zeroOrOneFieldDb db sql executes SQL statement sql which must return either zero or one row If one row is returned then there must be exactly one column in the row Raises Fail on error B 6 THE WEB_DB_HANDLE SIGNATURE 145 oneRowDb db sql executes SQL statement sql which must return exactly one row Returns all columns as a list of strings Raises Fail on error oneRowDb db f sql executes SQL statement sql which must return exactly one row Returns f applied on the row Raises Fail on error zeroOrOneRowDb db f sql executes SQL statement sql which must return either zero or one row
42. sequence val _ Db dml insert into wine wid name year values uid Db qqq name Db qqq year 10Pile smlserver_demo www web rat ing add sml 78 CHAPTER 7 CONNECTING TO AN RDBMS in wid name year end end return forms to the user val _ RatingUtil returnPageWithTitle Your comments to name lt form action addO sml iol n year year lt input type hidden name wid value wid lt textarea rows 5 cols 40 name comment gt lt textarea gt lt br gt lt b gt Email lt b gt amp nbsp lt input type text name email size 30 gt lt br gt lt b gt Name lt b gt amp nbsp lt input type text name fullname size 30 gt lt br gt lt b gt Rate between 0 and 6 lt b gt amp nbsp lt input type text name rating size 2 amp nbsp lt input type submit value Rate it gt lt p gt Back to a href index sml Best Wines lt a gt lt form gt A rating form for the wine Margaux Chateau de Lamouroux is shown in Fig ure 7 7 The script addO sml The script addO sm1 implements the rating insert transaction Here is the listing of the script structure FV FormVar val comment FV wrapFail FV getStringErr comment comment val fullname FV wrapFail FV getStringErr fullname fullname val email FV wrapFail FV getStringErr email email val wid Int toString FV wrapFail FV getNatErr wid internal number val r
43. support for scheduling of scripts and trap ping i e filtering of requests to for easy access control A summary is given in Chapter 12 4 CHAPTER 1 INTRODUCTION All concepts are illustrated using a series of examples which are all included in the SMLserver distribution Chapter 2 Getting Started For installation requirements and instructions please consult the SMLserver Web site http www smlserver org or the file README_SMLSERVER in the source distribution which is also available from the SMLserver Web site In the following we shall assume that SMLserver is installed on your system and that the command smlserverc v salutes you with a greeting from SMLserver The remaining sections in this chapter is organised as follows First Section 2 1 guides you through compiling your own version of the SMLserver demonstration Web project Second Section 2 2 guides you through configuring Apache for use with SMLserver and the compiled Web project 2 1 Compiling the Demonstration Web Project Start by creating your own web directory and copy the SMLserver demonstration files to this directory cd HOME mkdir web cp pa usr local lib smlserver iwww web sys web demo lib web The cp command above assumes that SMLserver is installed in usr local and not in usr as it probably would be if SMLserver was installed as a binary package Now change to the web www directory and type make cd web www make
44. the left val new_p new_p true if new value added case Web Conn formvar email Web Conn formvar name Web Conn formvar uid Web Conn formvar timeout of SOME email SOME name SOME uid SOME timeout gt Web Cache insert cache email Option get pt Int fromString uid O name Option map Time fromSeconds Int fromString timeout gt false val head if new_p then New Value added else Key already in Cache val _ Page return Caching Demonstration cache add sml head lt p gt Pretty printing the cache lt pre gt 52 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES Web Cache pp_cache cache lt pre gt lt p gt Go back to lt a href cache sml kind kind gt Cache Demo Home Page lt a gt We use user id 0 in case the user id given in form variable uid is not an integer The code to lookup a name in the cache is in the script cache_lookup sml Again the cache kind is passed as a hidden form variable and used to obtain the cache The variable cache contains the cache obtained with function get this is similar to cache_add sml and not shown below The function lookup is used to lookup the entry associated with the email stored in the form variable email The function lookup returns NONE if the email address is not in the cache val kind val cache fun returnPage s Page return Caching Demonstration s lt p gt Using cache kind
45. type aType pretty prints the type aType pp cache c pretty prints the cache 132 APPENDIX B THE WEB STRUCTURE B 3 The WEB_CONN Signature Signature WEB_CONN sig type set val val val val val val val val val val val val val val val val val val val val val val val val val val end returnHtml returnXhtml return returnFile write returnRedirect returnRedirectWithCod setMimeType getQuery getRequestData formvar formvarAll storeMultiformData unit gt set unit gt string unit gt string unit gt string unit gt string unit gt int headers host location peer Scheme port redirect Server url method contentLength hasConnection add headers int string gt unit int string gt unit string gt unit int string string gt unit string gt unit string gt unit e int string gt unit string gt unit unit gt set option unit gt string string gt string option string gt string list string string gt unit string gt unit unit gt string unit gt string list unit gt string unit gt int unit gt bool string string gt unit set abstract type identical to Web Set set returnHtml sc s sends HTML string s with status code sc and mime type text html to client including HTTP headers and Cache Control header set to no cache May raise MissingCo
46. valOf Real fromString rateil rate2 in Page return Currency Service getdate Real toString a s gives you round a rate t lt p gt The rate used is round rate and is obtained from lt a href url gt url lt a gt lt p gt New lt a href currency html gt Calculation lt a gt end handle _ gt errPage gt errPage The function RegExp extract returns the empty string if there is no match which is likely to happen when Yahoo Finance changes the layout of the page 6 5 Caching Support It can happen that small easy to write services become tremendously popular One example of such a Web service is Bill Gates Personal Wealth Clock available from http philip greenspun com WealthClockInt1 which estimates your personal contribution to Bill Gates wealth using stock quotes from either NAS DAQ http quotes nasdaq com or Security APL http qs secapl com public information about the world population from the U S Census Bureau http www census gov cgi bin ipc popclockw and the estimated holding of Microsoft shares owned by Bill Gates The Web site provides a precise descrip tion of the math involved As of January 7 2003 the Web site estimates that each and every person in the world has contributed 9 87 to Bill Gates This service got popular around the summer 1996 with a hit rate of two requests per second Such a hit rate is extreme for a service that obtains da
47. wid 1 Wine index select wine wid name year avg rating as average count as ratings from wine rating where wine wid rating wid group by wine wid name year order by average desc name year The difficult transaction is the wine index transaction which is used in the construction of the main page of the Best Wine Web site see Figure 7 8 The select command computes the average ratings for each wine in the wine table The transaction makes use of the group by feature of the select command to group rows with the same wid name and year columns For each of the resulting rows the average rating for the grouped rows is computed as well as the number of rows that are grouped in each group Web Site Diagram A Web site diagram for the Best Wines Web site is shown in Figure 7 5 The Web site is made up of four scripts three of which construct pages that are returned 74 CHAPTER 7 CONNECTING TO AN RDBMS index sml Best Wines Pomerol rate it A MERE EUM rate it add0 sml Rate new 1L 1 add sml wine sml Pomerol 1997 M Elsman Great Hallenberg Good Lg Nam Email Rating Back to Best Wines _ Figure 7 5 Web site diagram for the Best Wine Web site to users The fourth script addO sml implements the rating insert transaction for inserting a rating in the rating table The next section describes the implementation of each of the SMLserver s
48. 2 Insert the following SML code in the file init sml val time of day Date fmt 4H 4M 4S Date fromTimeLocal Time now val _ Web log Web Debug time of day time of day lt body bgcolor white gt The time of day is Quot fromString time of day val _ Page return Time of day c The script log time sml is executed every 10 minutes File smlserver demo www web log time sml 108 CHAPTER 10 SCHEDULING AND TRAPPING 3 Make sure that the script init sml is executed at boot time that is try restart Apache and check the error_log file If it does not work then check that init sml appears in your project file and make sure that init sml appears in the Apache configuration file It works when you see something similar to the following in your error_log file Wed Dec 07 18 04 44 2005 debug mod_smllib c 172 client 127 0 0 1 time of day 18 04 44 10 3 Trapping Trapping is setup using appropriate Apache modules These are configured in the Apache configuration file and SMLserver is almost unaware of such mechanisms The url function provides the url from each internal redirect in list where the current url is in front and the initial url is in the back In the following example the module mod_rewrite is used to redirect all request from a directory to a particular script From the Apache configuration DocumentRoot home user web www lt Directory home user web www secret g
49. 6 CHAPTER 2 GETTING STARTED Building involves invoking smlserverc and mspcomp for compiling libraries and script files mentioned in the mlb file web m1b 2 2 Configuring and Starting Apache You are now ready to configure the Apache Web server Before starting we note that different distributions of Apache for different OS distributions use different strategies for configuration Here we show the details of configuring Apache for SMLserver on a Linux Debian System Follow the following steps Edit the file etc apache2 apache2 conf by adding to DirectoryIndex the list index sm1 2 Edit the file etc apache2 sites available default by A changing DocumentRoot to home user web www and B changing Directory path to home user web www where user is your login name 3 Create the file etc apache2 mods available sml conf with the following content IfModule mod sml c AddHandler sml module sml SmlPrjId web SmlPath home user web www SmlInitScript home user web www web sys init sml IfModule Again substitute your own login name for user in the content 4 Execute the following commands cd etc apache2 mods enable sudo In s etc apache2 mods available sml conf sudo In s etc apache2 mods available sml load You are now ready to re launch Apache with the following command sudo apache2ctl restart Point your browser to http localhost web and enjoy By executing the com mand
50. AND TRAPPING 3 Tell Apache to execute the initialization script at initialization time This is done by adding the following to the lt IfModule mod sml c Apache config uration entry Initialization script to schedule script execution and register trapping of URL requests remember to include the initialization script in the project file SmlInitScript web sys init sml See also Chapter 2 on configuration of Apache for use with SMLserver To check that it works restart Apache as described in Chapter 2 Then con sult the log file var log apache2 error log and look for the text executing init sml 10 2 Scheduling The signature WEB specifies the following functions to control scheduling of script execution signature WEB sig val schedule string gt string option gt Date date gt Time time gt unit val deSchedule String gt unit val scheduleScript string gt string option gt int gt unit val scheduleDaily string gt string option gt hour int minute int gt unit val scheduleWeekly string gt string option day Date weekday hour int minute int unit end After an application schedule f s d i the script determined by the file f is scheduled to execute the first time at date and time d with interval i using s as host If s is not supplied then localhost is used as host Usually calls to the schedule function appears in the initialization script e g init
51. DDEN FORM VARIABLES Count 7 Galeon lt j Back v gt v Count 7 Down Served by SMLserver Figure 5 1 The counter rendered by Netscape Navigator after a few clicks on the Up button of SOME c gt case Web Conn formvar button of SOME Up gt 1 SOME Down gt 1 gt NONE gt 0 val _ Page return Count counter lt form action counter sml gt lt input type hidden name counter value counter gt lt input type submit name button value Up gt lt input type submit name button value Down gt lt form gt Figure 5 1 presents the counter as it is rendered by Netscape Navigator Notice that because a request method is not specified the request method GET is used for the form which shows in the location field where the form variable key value pairs are appended to the URL for the file counter sml In the next example we shall see that by using the request method POST the key value pairs of form variables do not turn up in the location field 5 2 Guess a Number We now demonstrate how to write a small game using SMLserver As for the previous example the Guess a Number Web game is made up of one sm1 file guess sml The Web game uses the FormVar functionality explained on page 29 in Section 4 3 to get access to the form variables n and guess if present Here is 5 2 GUESS A NUMBER 35 the script guess sn1 fun returnPage title
52. Data unit gt string option val getUser unit gt string option val getAuthType unit gt string option end hostname returns the host name of the machine pidO returns the process id of the server process uptime returns the number of seconds the server process has been running configGetValue T key fetches value of type T associated with key if it exists configSetValue T key v associates with key the value v of type T pageRoot returns the directory for which the server serves pages getAuxConfigData returns some string if SmlAuxData is defined in you webserver configuration file and NONE otherwise getUser returns SOME username if an authentication check has succeeded Returns NONE otherwise 148 APPENDIX B THE WEB STRUCTURE getAuthType returns SOME authtype if an authentication check of type authtype has succeeded Returns NONE otherwise B 9 THE WEB LOG SIGNATURE 149 B 9 The WEB 106 Signature signature WEB LOG sig type LogSeverity val and and and and and and and val val end Emergency LogSeverity Alert LogSeverity Critical LogSeverity Error LogSeverity Warning LogSeverity Notice LogSeverity Info LogSeverity Debug LogSeverity log LogSeverity string gt unit advLog LogSeverity a a gt string gt LogSeverity Type of log severity level Emergency something extremely bad occurred
53. E A 1 Elements Supported Inside Body Element The following sections describe elements that may be used inside the body element of a document A 1 1 Text Elements lt p gt Start a new paragraph lt pre gt lt pre gt Encloses preformatted text to be displayed as is Preformatted text may in clude embedded tags but not all tag types are permitted lt listing gt lt listing gt Example computer listing embedded tags are shown as is and tabs work lt blockquote gt lt blockquote gt Include a section of quoted text A 1 2 Uniform Resource Locators A Uniform Resource Locator URL is of the form resource additionalInformation where resourceType may be file http telnet or ftp other resource types exist as well Each resource type relates to a specific server type each of which performs a unique function and thus requires different additionalInformation For example URLs with resource type http are of the form http host domain port pathname The colon followed by a TCP port number is optional and is used when a server is listening on a non standard port the standard port for HTTP is port 80 A 1 3 Anchors and Hyperlinks An anchor specifies a location in a document A hyperlink may be used to refer to a location in a document or to an entire document a name anchorName gt Specify a location anchorName in a document A 1 ELEMENTS SUPPORTED INSIDE BODY ELEMENT 117 lt a href a
54. It is possible to schedule a script to be executed periodically This feature can be used to ensure that some state in the server or database is kept up to date It can also be used for periodic checks on external ressources e g that an external Web site is accessible this is also known as an uptime monitor see http eveander com arsdigita free tools uptime html It is possible to trap requests for specific files in SMLserver in such a way that a specific trap script is executed instead of the requested file This feature can be used to control access to Web content In order to setup scheduled scripts and other configuration parameters it is possible to execute a specific SML script at server initialization time When executing the initialization file there is no connection to a client It is therefore not possible to use functions that depend on a connection For in stance one cannot use the function Web Conn return as described on page 132 Functions that fails in this way raises the exception Web MissingConnection 10 1 Initialization To have an initialization script executed at boot time follow the steps below 1 Write an initialization script We have provided one in the web sys directory web web_sys init sml See Chapter 2 2 Include the initialization script in your mlb file We have included the ini tialization script web web_sys init sml in the mlb file web mlb See Chapter 2 105 106 CHAPTER 10 SCHEDULING
55. Login form to users e auth sml Processes the Login form submitted by a user stores a cookie containing person_id and password the password entered in the form that is on the client browser e auth_logout sml Stores a cookie on the client browser with an expiration date in the past redirects to a predefined index page e auth_new_form sml Serves a Registration form to users querying the user for email address name and home page address e auth new sml Processes the Registration form submitted by a user cre ates a password and a unique person id for the user and enters a column for the user in the person table sends an email to the user with the newly created password and serves a page with instructions that an email with a password is available in the user s mail box e auth send form sml Serves a form to the user asking for an email address e auth send sml Processes the form served by the auth send form sml script sends an email to the entered email address with the corresponding password The three forms are shown in Figure 9 2 The library structure Auth provides functionality for checking whether a user is logged in functions verifyPerson and isLoggedIn for issuing passwords function newPassword and so on We do not present the sources for these SMLserver scripts here the interested reader may find all sources in the directory smlserver_demo www web 6File smlserver demo web demo lib Au
56. MISCELLANEOUS 121 A 2 3 Select Element Options Within the select element option elements are used to define the possible values for the enclosing select element If the attribute selected is present then the option value is selected by default In the following example all three options may be chosen but Standard ML is selected by default lt select multiple gt lt option gt Haskell lt option selected gt Standard ML lt option gt C lt select gt A 2 4 Text Areas A text area of the form lt textarea gt default text lt textarea gt defines a rectangular field where the user may enter text data If default text is present it is displayed when the field appears Otherwise the field is blank Attributes and corresponding values include name Name where Name is a symbolic name that identifies the form variable associated with the lt textarea gt rows numRows and cols numCols Both attributes take an integer value which represents the number of rows and number of columns in the text area A 3 Miscellaneous lt text gt Place a comment in the HTML source lt address gt lt address gt Present address information lt img src URL alt Alternate Text gt Embed an image in the document Attributes src Specifies the location URL of the image 122 APPENDIX A HTML REFERENCE alt Allows a text string to be put in place of the image in clients that cannot display images align Specifie
57. NG THE AUTHENTICATION MECHANISM 103 Web sites that use SMLserver Galeon d Back v gt v Gh stop 100 aj g htip www smiserver org demo linkindex sml Web sites that use SMLserver You are logged in as user Niels Hallenberg you may logout e VoteAboutlt com added by Niels Hallenberg delete e The SMLserver web site added by Martin Elsman e Add Web site Served by SMLserver Figure 9 4 The result of a user requesting the file Link index sm1 code 9 val person id case Auth verifyPerson of SOME p gt p NONE gt Web returnRedirect Auth loginPage Web exit val link id FormVar wrapFail FormVar getNatErr link id Link id val delete delete from link where person id Int toString person id and link id Int toString link id Db dml delete Web returnRedirect index sml val val Notice that users that are not logged in but somehow request the file are redi rected to the default login page provided in the Auth structure Also notice that a user can delete only those links that the user is responsible for 1 Pile smlserver_demo www web link delete sml 104 CHAPTER 9 AUTHENTICATION Chapter 10 Scheduling and Trapping SMLserver supports three ways of executing scripts besides execution of scripts based on requests made by clients namely execution of scheduled scripts execution of trapping scripts and execution of initialization scripts
58. R 8 CHECKING FORM VARIABLES structure FV FormVar val to errs FV getEmailErr to To FV emptyErr val from errs FV getEmailErr from From errs val subj errs FV getStringErr subject Subject errs val body errs FV getStringErr body Body errs val FV anyErrors errs val _ Web Mail send to to from from subject subj body body val _ Page return Email has been sent Email with subject subject has been sent to to lt p gt lt a href mail_form sml gt Send another lt a gt Notice the use of the function anyErrors from the FormVar structure if there are no errors in the form data execution proceeds by sending an email using the Web Mail send function and a message saying that the email has been sent is presented to the user with the Page return function Otherwise if one or more errors were found analyzing the form data an error page is presented to the user the result of a user submitting the mail form with an invalid From field and an empty Subject field is shown in Figure 8 2 For another example of using the multi error functionality of the FormVar struc ture see the file snlserver_demo www web formvar_chk sml 8 3 Implementation The FormVar structure is based on the function Web Conn formvar which provides a more primitive way of accessing form variables submitted with a request The function Web Conn formvar has type string gt string option and r
59. Server A Functional Approach to Web Publishing Second Edition April 10 2007 Martin Elsman Niels Hallenberg Carsten Varming SMLserver A Functional Approach to Web Publishing Second Edition Martin Elsman mael itu dk IT University of Copenhagen Denmark Niels Hallenberg nh itu dk Statistics Denmark Denmark Carsten Varming varming itu dk IT University of Copenhagen Denmark April 10 2007 Copyright 2002 2007 by Martin Elsman Niels Hallenberg and Carsten Varming Contents Preface 1 Introduction ld Web Scripting ois ete nee i ees PE ee Se 12 Why Standard ML 1 3 Outline ey iced boe dem Dav dee te eh en OR e pef og dus c 2 Getting Started 2 1 Compiling the Demonstration Web Project 2 2 Configuring and Starting Apache 2 3 Interfacing toan RDBMS 2 4 Interfacing to 1 2 5 So You Want to Write Your Own Project 3 Presenting Pages to Users 3 1 The HyperText Transfer Protocol 2l llle 9 2 Time of n uomo tene AE mE nte SERE e 33 A Multiplication Table lees 3 4 How SMLserver Serves Pages 3 5 ML Basis Piles 5 xa me xm Does be URGE GR EA SUN 3 0 Compilation sontes Reged pup og andes wes 3 7 Loading and Serving Pages 3 8 Logging Messages Warnings and Errors
60. _c 20 Calculating the Temperature in Degrees Fahrenheit Here is the script temp sm1 fun calculate c concat lt html gt lt body bgcolor white gt lt h2 gt Temperature Conversion lt h2 gt Int toString c degrees Celcius equals Int toString 9 c div 5 32 degrees Fahrenheit lt p gt Go lt a href temp html gt calculate a new temperature lt a gt File smlserver demo www web temp sml 4 2 QUOTATIONS FOR HTML EMBEDDING 25 lt hr gt lt i gt Served by lt a href http www smlserver org gt SMLserver lt a gt lt i gt lt body gt lt htm1 gt val _ Web Conn return case FormVar wrapOpt FormVar getIntErr temp_c of NONE gt Go back and enter an integer SOME i gt calculate i The structure FormVar provides an interface for accessing form variables of differ ent types The expression FormVar wrapOpt FormVar getIntErr results in a function which has type string gt int option The function takes the name of a form variable as argument and returns SOME i where i is an integer obtained from the string value associated with the form variable If the form variable does not occur in the query data is not a well formed integer or its value does not fit in 32 bits the function returns NONE We have more to say about the FormVar structure in Chapter 8 In the case that the form variable temp c is associated with a well formed integer that fits in 32 bits an HTML page
61. a cookie with no expiry attribute is the user s session Life times are given in seconds the program computes an expiration date based on the current time and the specified life time A cookie may be removed by specifying a negative life time or by using the Delete Cookie form A cookie may be specified to be secure which means that the cookie is transmitted on secure channels only e g HTTPS requests using SSL A value of No means that the cookie is sent in clear text on insecure channels e g HTTP requests Name Value Life Time Secure foo bar 60 No SetCookie Name foo Delete Cookie Served by SMLserver Figure 9 1 T he result of a user requesting the file cookie sml with two cookies fool and foo2 94 CHAPTER 9 AUTHENTICATION foldi fn n v a gt lt li gt n v a Web Cookie allCookies Notice that the use of quotations in the application of foldl ensures that the HTML list is built efficiently without the use of string concatenation The action of the Set Cookie form is the script cookie set sml which re turns a redirect to the cookie sml script with a cookie included in the response header The redirect is implemented using the function Web Conn returnRedirectWithCode structure FV FormVar val cv case FV wrap pt FV getStringErr cookie value of NONE gt No Cookie Value Specified SOME cv gt cv val cn case FV wrap pt FV getStringEr
62. aa e 0 1 matches the binary numbers i e 0 1 01 11 011101010 e matches two arbitrary characters C 1 9 0 9 42 C 1 9 0 9 matches positive fractions of whole num bers e g 1 8 32 5645 and 45 6 Notice that the pattern does not match the fraction 012 54 nor 1 0 Xhtml1 html matches HTML pages and text that is not HTML e wwwN CCGt clitu N dk tN edu matches the three Web addresses www itu dk www it c dk and www it edu e http hug it edu 8034 ps2 sml matches all URLs denoting sm1 files on the machine hug it edu in directory ps2 for the service that runs on port number 8034 In the next section we turn to see how regular expressions may be used with SMLserver 6 2 REGULAR EXPRESSIONS 43 p Definition matches all characters matches the character c matches the escaped character c where c is one of 7 0 01 t n pipa matches a string s if p matches a prefix of s and matches the remainder of s e g the string abc is matched by the pattern a c matches 0 1 more instances of the pattern p e g the strings abbbbbba and aa are matched by the pat tern ab a p matches the strings that match p e g the string cababcc is matched by the pattern c ab cc pt matches 1 or more instances of the pattern p e g the pattern ca b matches the string caaab but not the string cb pilpo matches stri
63. ail on error zero0rOneRow sql executes SQL statement sql which must return either zero or one row Returns all columns as a list of strings Raises Fail on error zeroOrOneRow f sql executes SQL statement sql which must return either zero or one row Returns f applied on the row if a row exists Raises Fail on error existsOneRow sql executes SQL statement sql and returns true if the query results in one or more rows otherwise returns false Raises Fail on error seqNextvalExp seq name returns a string to fit in an SQL statement generating a new number from sequence seq name seqNextval seq name executes SQL statement to generate a new number from sequence seq name Raise Fail on error 140 APPENDIX B THE WEB STRUCTURE seqCurrvalExp seq name returns a string to fit in an SQL statement returning the current number from the sequence seq_name seqCurrval seqName executes SQL statement to get the current number from sequence seq name Raises Fail on error sysdateExp returns a string representing the current date to be used in an SQL statement to have your application support different database vendors qq v returns a string with each quote replaced by double quotes C e g qq don t go don t go qqq v similar to qq except that the result is encapsulated by quotes e g qqq don t go don t go toDate d returns the Date date representation of d where d is
64. ample querying all data from the employee table select from employee The result includes the two rows in the employee table email name passwd note mael it edu Martin Elsman don tforget null nh it edu Niels Hallenberg hi meeting Notice that only one quote appears in the passwd string don tforget The select command allows us to narrow the result both horizontally and vertically By explicitly mentioning the columns of interest only the mentioned columns appear in the result Similarly the select command may be combined with where clauses which narrows what rows are included in the result Consider the following select command select name passwd from employee where email mael it edu The result of this query contains only one row with two columns name passwd Martin Elsman don tforget 7 4 DATA MANIPULATION 63 Because the column email is primary key in the employee table the RDBMS maintains an index that makes lookup based on email addresses in the table effi cient thus the data model we have chosen for employees scales to work well even for millions of employees The select command may be used in many other ways than shown here in the sections to follow we shall see how the select command can be used to select data from more than one table simultaneously through what is called a join and how the group by clause may be used to compute a summary of the content of a table update
65. apping from email addresses to pairs of names and user ids Figure 6 4 shows the entry form The entry form shows first the name of cache used the cache kind and cache type Below the table you see three links Clicking the links will change the cache kind used for caching entries Notice that three different caches are created if you click the three links The cache kind is passed as a hidden form variable with name kind to the script cache add sm1 File smlserver demo www web cache sml File smlserver demo www web cache add sml 6 6 THE CACHE INTERFACE 51 val kind Option val0f Web Conn formvar kind handle _ gt Size val cache let val k case kind of WhileUsed gt Web Cache WhileUsed SOME Time fromSeconds 20 SOME 10000 TimeOut gt Web Cache TimeOut SOME Time fromSeconds 20 SOME 10000 Size gt Web Cache WhileUsed NONE SOME 10000 in Web Cache get Web Cache String Web Cache Pair Web Cache Int Web Cache String users k end The function get is used to obtain a cache with the specified name users the chosen cache kind variable k and cache type We use the type constructor Pair to build the range type using the base types Int and String A timeout value of 20 seconds is used for cache kinds WhileUsed and TimeOut A cache size of 100 bytes is used for cache kind Size The script cache_add sm1 also processes the email user id and name entered in the entry form at
66. ated with the wine entity include a name and a year vintage for the wine Attributes associated with the rating entity include a user s comments the user s fullname and email and a rating Notice that the diagram does not say any thing about the data types for the attributes The relationship between the entities wine and rating is a one to many re lationship that is to every one wine there may be many ratings This type of relationship is pictured in the diagram as a fork In general there are other types 72 CHAPTER 7 CONNECTING TO AN RDBMS of relationships besides one to many relationships including one to one relation ships and many to many relationships Before an E R diagram can be mapped to SQL data modeling commands many to many relationships are broken up by introducing intermediate entities SQL data modeling commands corresponding to the E R diagram in Figure 7 4 look as follows create sequence wid sequence create table wine wid integer primary key name varchar 100 not null year integer check 1 lt year and year lt 3000 unique name year create table rating wid integer references wine comments varchar 1000 fullname varchar 100 email varchar 100 rating integer check 0 lt rating and rating lt 6 The first command creates SQL sequence with name wid_sequence which we shall use to create fresh identifiers for identifying wines The two entities wine and r
67. ater than or equal to zero or the integer does not fit in 32 bits the function returns NONE Besides the FormVar structure the recipe program also makes use of a library function Page return which takes a heading and a page body as argument and returns a page to the client File smlserver demo web demo lib Page sml 30 CHAPTER 4 OBTAINING DATA FROM USERS Apple Pie Recipe Galeon lt Back gt gt o Gb stop 100 5 http wwnw smiserver org demo recipe sml Apple Pie Recipe To make an Apple pie for 4 persons you need the following ingredients 0 25 cups butter one cup sugar one egg 0 25 teaspoons salt one teaspoon cinnamon one teaspoon baking soda one cup flour 2 5 cups diced apples one teaspoon vanilla 2 tablespoons hot water Combine ingredients in order given Bake in greased 9 inch pie pans for 45 minutes at 50 Serve warm with whipped cream or ice cream Make another recipe Served by SMLserver Figure 4 4 The result of computing a recipe for a four person apple pie 4 3 A DYNAMIC RECIPE fun return head body Web return lt html gt lt head gt lt title gt head lt title gt lt head gt lt body bgcolor white gt lt h2 gt head lt h2 gt body lt hr gt lt i gt Served by lt a href http www smlserver org gt SMLserver lt a gt lt i gt lt body gt lt html gt 31 32
68. ating Int toString FV wrapFail FV getIntRangeErr O 6 File smlserver_demo www web rat ing add0 sml 7 7 BEST WINES WEB SITE 79 Your comments to Margaux Chateau de Lamouroux year 1988 Galeon lt Back v gt 9 top 100 Elg Bad smi name Margaux Chateau desLamouroux amp year 1988 a Your comments to Margaux Chateau de Lamouroux year 1988 Great wine Email mael it edu Name Martin Elsman Rate between 0 and 6 5 Rate it Back to Best Wines Served by SMLserver Figure 7 7 The wine rating form Users are asked to provide ratings between 0 and 6 80 CHAPTER 7 CONNECTING TO AN RDBMS rating rating val _ Db dml insert into rating wid comments fullname email rating values wid Db qqq comment Db qqq fullname Db qqq email rating val _ Web returnRedirect index sml The form variable functions provided in the FormVar structure are used to return error messages to the user in case a form variable is not present in the request or in case its content is ill formed The function Web returnRedirect is used to redirect the user to the Best Wines main page after the insert transaction is executed The script index sml The script index sml implements the Best Wines main page It presents the rated wines listing the wine with the highest average rate first Here is the script index sm1 the complex query that ca
69. ating are transformed into create table com mands with columns corresponding to attributes in Figure 7 4 Data types for the columns are chosen appropriately The relationship between the two tables is en coded by introducing an additional column wid with data type integer in each table Whereas the column wid in the wine table is declared to be primary i e no two rows have the same wid value and an index is constructed for the table making lookup based on the wid value efficient a referential integrity constraint on the wid column in the rating table ensures that a row in the rating table is at all times associated with a row in the wine table Additional consistency constraints guarantee the following properties e The year column is an integer between one and 3000 e No two rows in the wine table is associated with the same name and the same year File smlserver_demo web_demo_lib pgsql rating sql 7 7 BEST WINES WEB SITE 73 e A rating in the rating table is an integer between zero and six A list of possible transactions and associated SQL data manipulation com mands are given here Wine insertion insert into wine wid name year values 1 Margaux Chateau de Lamouroux 1988 Rating insertion insert into rating wid fullname email comments rating values 1 Martin Elsman mael it edu Great wine 5 Wine comments select comments fullname email rating from rating where
70. chine for the ML Kit Technical Report TR 2002 18 Royal Veterinary and Agricultural University of Denmark and IT University of Copenhagen August 2002 IT University Technical Report Series Martin Elsman and Niels Hallenberg Web programming with SMLserver In Fifth International Symposium on Practical Aspects of Declarative Languages PADL 03 Springer Verlag January 2003 Martin Elsman and Ken Friis Larsen Typing XHTML Web appli cations in ML In International Symposium on Practical Aspects of Declarative Languages PADL 04 Springer Verlag June 2004 Matthew Fluet and Riccardo Pucella Phantom types and subtyping In Second IFIP International Conference on Theoretical Computer Science TCS 02 pages 448 460 August 2002 Philip Greenspun Philip and Alex s Guide to Web Publishing Morgan Kaufmann May 1999 596 pages ISBN 1558605347 Michael R Hansen and Hans Rischel Introduction to Programming using SML Addison Wesley 1999 ISBN 0 201 39820 6 Robin Milner Mads Tofte Robert Harper and David MacQueen The Definition of Standard ML Revised MIT Press 1997 Lawrence C Paulson ML for the Working Programmer 2nd Edi tion ML97 Cambridge University Press 1996 ISBN 0 521 56543 X paperback 0 521 57050 6 hardback Mads Tofte Lars Birkedal Martin Elsman Niels Hallenberg Tommy Hojfeld Olesen and Peter Sestoft Programming with re gions in the ML Kit for version 4 Technical report IT University
71. cripts Implementation of SMLserver Scripts The scripts index sml wine sml add sml and addO sml make use of function ality provided in a structure RatingUtil We shall not present the structure RatingUtil here but only show its signature signature RATING UTIL sig returnPage title body returns page to browser val returnPage string gt string frag list gt unit returnPageWithTitle title body returns page to browser with title as hi header val returnPageWithTitle string gt string frag list gt unit bottleImgs n returns html code for 8File smlserver demo web demo lib Rat ingUtil sml 7 7 BEST WINES WEB SITE 75 bottle images val bottleImgs int gt string mailto email name returns mailto anchor val mailto string gt string gt string end The SMLserver scripts also make use of the structure FormVar presented in Chap ter 8 The script wine sml The script wine sm1 lists user comments for a specific wine The script assumes form variable wid that denotes the wine The script uses the Db fold function see page 67 to construct a page with the comments associated with the specific wine The page is returned to the user using the RatingUtil returnPageWithTitle function Here is the listing of the script wine sml Present comments and ratings for a specific wine val wid FormVar wrapFail FormVar getNatErr wid internal number val q
72. duled execution If serv is NONE localhost is used as server scheduleDaily s serv hour minute after a call to this function the script determined by the file s on server serv is scheduled to execute every day at the specified time hour and minute The hour can be an integer from 0 to 23 and the minute an integer from 0 to 59 If serv is NONE localhost is used as server 128 APPENDIX B THE WEB STRUCTURE scheduleWeekly s serv day hour minute after a call to this function the script determined by the file s on server serv is scheduled to execute every week at the specified time day hour and minute The day can be an integer from 0 to 6 where 0 represents Sunday The hour can be an integer from 0 to 23 and the minute an integer from 0 to 59 If serv is NONE localhost is used as server exit terminates the script by raising the exception Interrupt which is silently caught by the SMLserver module Other uncaught exceptions are logged in the log file B 2 THE WEB_CACHE SIGNATURE 129 B 2 The WEB_CACHE Signature Signature WEB_CACHE sig Cache kinds datatype kind WhileUsed of Time time option int option TimeOut of Time time option int option Cache Type type a b cache include WEB_SERIALIZE type name string Get or create a cache val get a Type b Type name kind gt a b cache Entries in a cache val lookup a b cache gt a
73. dynamic Web page for displaying a multiplication table is written as an ML Server Page ML Server Pages are stored in files with extension msp The way in which SMLserver supports msp files is by providing a tool mspcomp for compiling an msp file into an sm1 file which can then be compiled using smlserverc and served by SMLserver Section 3 5 on page 18 has more to say about projects and how msp files are compiled Here is how the ML Server Page for displaying a multiplication table looks like lt MSP local open Msp infix amp amp fun iter f n if n 0 then else iter f n 1 amp amp f n fun col r c lt td width 5 align center gt amp amp Int toString r c amp amp td fun row sz r lt tr gt amp amp iter col r sz amp amp lt tr gt in fun tab sz iter row sz sz end gt lt html gt lt body bgcolor white gt lt h2 gt Multiplication Table lt h2 gt lt table border 1 gt MSP tab 10 lt table gt File smlserver_demo www web mul msp 3 3 A MULTIPLICATION TABLE 17 Untitled Galeon d lt Back 3 Figure 3 4 The result of requesting the file mul msp using the Netscape browser The HTTP request causes the compiled mul msp program to be executed on the Web server and the response is sent via the HTTP protoco
74. e PREF ID 49cdd72654784880 TM 995888612 LM 995888612 domain google com path expires Sun 17 Jan 2038 19 14 07 GMT Content Type text html Transfer Encoding chunked 54d lt html gt lt html gt The HTTP response is divided into a status line followed by a series of response header lines and some content Each response header takes the form key value where key is a response header key and value is the associated response header value The status line specifies that the HTTP protocol in use is version 1 1 and that the status code for the request is 200 which says that some content follows after the response headers Figure 3 1 lists the most commonly used status codes and Figure 3 2 lists some commonly used response headers We have more to say about HTTP requests in Chapter 4 where we show how information typed into HTML forms turns into form data submitted with the HTTP request 3 2 Time of day We shall now see how to create a small Web service for presenting the time of day to a user The example uses the Time now function from the Standard ML Basis HTTP 1 1 supported status codes and response headers are listed in RFC 2616 See http www ietf org 3 2 TIME OF DAY Status Code Description 200 OK Indicates that everything is fine The document follows the response headers 301 Moved Permanently The requested document has moved and the URL for the new location is in the Location re sponse
75. e WEB CACHE Signature The WEB CONN Signature ees 4 The WEB COOKIE Signature 5 The WEB_DB Signature B 6 The WEB DB HANDLE Signature WEB_DYNLIB Signature B 8 The WEB_INFO Signature 020000200004 B 9 The WEB LOG Signature B 10 The WEB LOW MAIL Signature B 11 The WEB_MAIL Signature 2e B 12 The _ B 13 The WEB SERIALIZE Signature ls B 14 The WEB SET Signature B 15 The XMLRPC Signature i sa goe g B 16 The XMLRPC_TYPE 109 111 115 116 116 116 116 117 117 117 117 118 118 118 118 119 120 121 121 121 123 vi CONTENTS Preface The ideas behind the SMLserver project came up in 1999 when the first author was attending a talk by Philip Greenspun the author of the book Philip and Alex s Guide to Web Publishing Gre99 Philip and his co workers had been writing an astonishing 250 000 lines of dynamically typed TCL code to implement a community system that they planned to maintain extend and even customize for different Web sites Although Philip and his co workers were very successful with their community system the dynamic typing of TCL makes such a large system difficult to
76. e add that a user should have access to delete only those Web site entries that the particular user has added Now that the Web site diagram for the link database is in place we are ready to provide implementations for the scripts in the diagram In the following we present two of the involved scripts link index sml which shows user submitted links and link delete sml which deletes a link submitted by the user The script link index sml which is the most involved of the scripts is implemented as follows val person Auth verifyPerson val query select person person id person name link id person url as purl link url link text from person link where person person id link person File smlserver demo web demo lib pgsql link sqgl 8 The directory smlserver_demo www web link holds all involved scripts 9File smlserver demo www web link index sml 9 7 APPLYING THE AUTHENTICATION MECHANISM 101 auth send sml auth new form sml auth form sml auth send form sml email auth logout sml LINKS SMLserver Martin VoteAboutIt Martin puce pens crece ast Seah ae link add sml za pem link delete sml Figure 9 3 Web site diagram for the link database SMLserver scripts pictured under the dashed line are restricted to users that are logged in the other SMLserver scripts are accessible for all visitors 102 CHAPTER 9 AUTHENTICATION fun delete g if Int fromString g pe
77. e for showing a number of bottle images The result of presenting the Best Wines main page to a user is shown in Figure 7 8 82 CHAPTER 7 CONNECTING TO AN RDBMS Best Wines Galeon Back gt gt v d Gh G9 stop 100 eg hitp fwwsw smiserver org demorrating index sml Best Wines Wine Average Score out of 6 Ratings Margaux Chateau de Lamouroux year 1988 k k k k Pomerol Chateau Croix Taillefer year 1997 4 4 i Chateauneuf du Pape Cellier des Princes year 1996 k k Rate new wine type its and year Name Year _Rate it Served by SMLserver Figure 7 8 The main page for the Best Wine Web site Chapter 8 Checking Form Variables Checking form variables is an important part of implementing a secure and stable Web site but it is often a tedious job because the same kind of code is written in all scripts that verify form variables The FormVar module which we present in this chapter overcomes the tedious part by defining several functions which may be used to test form variables consistently throughout a large system 8 1 The Structure FormVar The idea is to define a set of functions corresponding to each type of value used in forms Each function is defined to access values contained in form variables of the particular type For instance a function is defined for accessing all possible email addresses in a form va
78. e is made to some part of the program a static type system enforces at compile time that is the change to integrate well with the entire program in a dynamically typed setting no errors are caught this early in the development cycle Standard ML is a functional language in that it supports higher order func tions that is functions may take functions as arguments and return functions as a result Although it is a functional language Standard ML also has support for imperative features such as mutable data structures like arrays and references 1 3 Outline Chapter 2 provides instructions for getting started with SMLserver Chapter presents two simple examples which illustrate the basic mechanism for writing dynamic Web pages with SMLserver Chapter 4 describes how SMLserver Web scripts may use data obtained from users Chapter 5 describes how state in Web scripts may be emulated using so called hidden form variables The concept of regular expressions and the idea of fetching data from foreign Web sites are cov ered in Chapter 6 The general interface for connecting to a Relational Database Management System RDBMS is described in Chapter 7 A mechanism for check ing that form variables contain values of the right type is presented in Chapter 8 Chapter 9 presents a user authentication mechanism based on information stored in a database and cookie information provided by the client browser Finally Chapter 10 demonstrates SMLserver s
79. earches for cookies to include in the request The cookie s domain attribute is compared against the Internet domain name of the host being requested The cookie is included in the request if there is a tail match and a path match according the the definitions below A tail match occurs if the cookie s domain attribute matches the tail of the fully qualified domain name of the requested host So for instance a domain attribute it edu matches the host names www it edu and adm it edu Only hosts within the specified domain may set a cookie for a domain and domains must have at least two periods in them to prevent matching domains of the form com and edu The default value of the domain attribute is the host name of the server that generates the cookie A path match occurs if the pathname component of the requested URL matches the path attribute of the cookie For example there is a path match if the path name component of the requested URL is foo bar html and the cookie s path attribute is foo There is no path match if the pathname component of the re quested URL is index html and the cookie s path attribute is foo The default path attribute is the pathname component of the document being described by the header containing the cookie A cookie containing the secure attribute is transmitted on secure channels only e g HTTPS requests using SSL Without the secure attribute the cookie is sent in clear tex
80. ement system instead of your home tailored file based system But there are many database management systems to choose from The next sections tell you something about what properties you want from a database management system 7 1 What to Expect from an RDBMS Decades of research and development in the area of database management systems have resulted in easily adaptable systems which efficiently solve the problem of serving more than one user at the same time In some systems such as the Oracle RDBMS readers need not even wait for writers to finish Here is a list of some of the features that an RDBMS may provide e Methods for query optimizations An RDBMS supports known methods for optimizing queries such as index creation for improving query performance e Data abstraction Through the use of SQL an RDBMS may help program mers abstract from details of data layout 7 2 THE ACID TEST 59 e Support for simultaneous users RDBMS vendors have solved the problems of serving simultaneous users which make RDBMSs ideal for Web purposes e System integration The use of standardized SQL eases system integration and inter system communication e Failure recovering A good RDBMS comes with support for recovering from system failures and provides methods for backing up data while the system is running 7 2 The ACID Test If you want to sleep well at night while your Web site is serving user requests you want your RDBMS of choice to s
81. ency rates For instance if we want to exchange one American Dollar into Danish Kroner then we use the URL http uk finance yahoo com q s USDDKK x This URL specifies a form variable s as the string USDDKK X which means that we are interested in the eXchange rate from USD US Dollars to DKK Danish kroner The currencies that we shall use in our service are abbreviated according to the following table Currency Abbreviation American Dollar USD Australian Dollar AUD Bermuda Dollar BMD Danish Kroner DKK EURO EUR Norwegian Kroner NOK Swedish Kroner SEK The service that we shall build is based on two files a simple HTML file currency form html that queries the user for the amount and currencies involved see Figure 6 1 The other file the script currency sml is the target of the H TML form the first part of the script currency sml takes the following form val getReal FormVar wrapFail FormVar getRealErr val getString FormVar wrapFail FormVar getStringErr val a getReal a amount val s getString s source currency val t getString t target currency val url http se finance yahoo com q s Web encodeUrl s Web encodeUrl t X fun errPage Page return Currency Service Error The service is currently not available probably because we have trouble getting information from the data source a href url gt url lt a gt Web exit O 6 2 REGULAR EXPRESSIONS
82. ereas data stored in an RDBMS may be restored using the durability features of the RDBMS 3 8 LOGGING MESSAGES WARNINGS AND ERRORS 21 We have more to say about emulating state using form variables in Chapter 5 Programming with cookies is covered in Chapter 9 3 8 Logging Messages Warnings and Errors When Apache starts see Chapter 2 initialization information is written to a server log file The location and name of the server log file is configurable but for many setups the log file is var log apache2 error log In addition to initialization information being written to the server log file the SMLserver module and other Apache modules may also write information to the server log file when Apache is running It is also possible for your SMLserver scripts to write messages to the server log file using the function Web log The function Web log has type Web LogSeverity string gt unit The structure Web declares the following values of the type Web LogSeverity Value Description intended use Notice Something interesting occurred Info Something interesting occurred Warning Maybe something bad occurred Error Something bad occurred Emergency Something extremely bad occurred The server will shut down after logging this message Critical Something extremely bad occurred The server will shut down after logging this message Alert Something extremely bad occurred The server will shut down after logging this message
83. eturns the query data associated with the connection and the argument key if available In addition to the use of the Web Conn formvar function the implementation of the FormVar structure also makes use of regular expressions see Section 6 2 A function Web Conn formvarAll with type string gt string list makes it possible to access all values bound to a particular form variable 8 3 IMPLEMENTATION 87 Form Error Galeon lt j Back v gt v 9 stop 100 smiserver org demo mail sml Form Error We had a problem processing your entry Error in field From You must provide a valid email fdsa safa as is not one A few examples of valid emails login it c dk o user supernet com o FirstLastname very big company com Error in field Subject You must provide a valid string Please back up using your browser correct the form and resubmit your entry Thank you Served by SMLserver Figure 8 2 When a user submits the email form with invalid entries such as an invalid email address and an empty subject field the user is presented with an error page that summarizes all errors 88 CHAPTER 8 CHECKING FORM VARIABLES Chapter 9 Authentication Dynamic Web sites often make use of an authentication mechanism that provides some form of weak identification of users The traditional authentication mecha nism allows users of a Web site to login to the Web site by pr
84. expiry domain path secure returns a string which when transmitted to a browser as part of the HTTP response header sets a cookie with the given name value expiry date domain path and security level 136 APPENDIX B THE WEB STRUCTURE setCookies ckds returns a string which when transmitted to a browser as part of the HTTP response header sets the specified cookies deleteCookie name path returns a string that when transmitted to a browser as part of the HTTP response header deletes the specified cookie by setting its expiry to some time in the past B 5 THE WEB_DB SIGNATURE 137 B 5 The WEB_DB Signature Signature WEB_DB sig structure Handle WEB_DB_HANDLE type a Type val config a Type string a gt unit Data manipulation language val val val val dml quot gt unit exec quot gt unit maybeDml quot gt unit panicDml quot gt a gt quot gt unit Stored Procedure val exec8p quot list gt unit Queries val val val val val val val val val val val val val fold string gt string a gt a gt a gt quot gt a foldCol string list gt string gt string option a gt a gt gt quot gt a app string gt string gt a gt quot gt unit appCol string list gt string gt string option gt a gt quot gt unit list string gt string g
85. function setCookie request the cookie to be included in the header part of the HTTP response instructing the client to store the cookie The function takes as argument a record with cookie attributes The name and value attributes are mandatory strings which are URL encoded so that it is possible to include characters other than letters and digits in the strings The function raises the exception CookieError if the name or value attribute contains the empty string The function setCookies generalizes the setCookie function by taking a list of cookies as argument The expiry attribute is a date that defines the life time of the cookie The cookie is removed from the browser when the expiration date is reached The life time of a cookie with no expiry attribute is the user s session only A cookie may be removed from a client by specifying an expiration date in the past or by using the function deleteCookie To generate an expiration date that lasts in 60 seconds from the present time the following Standard ML code may be used let open Time in Date fromTimeUniv now fromSeconds 60 end Notice that the symbolic identifier in the expression above refers to the identifier Time which has type Time time Time time gt Time time The date string format used in cookies is of the form Wdy DD Mon YYYY HH MM SS GMT 92 CHAPTER 9 AUTHENTICATION 9 2 Obtaining Cookies from Clients When a user requests a URL the user s browser s
86. g thus in what follows we shall use the structure Db to access the Postgresql RDBMS Figure 7 2 lists the part of the RDBMS interface that we use in the following To access or manipulate data in an RDBMS SMLserver scripts need not explic itly open a connection to the RDBMS Instead the opening of connections is done at the time the Web server i e Apache is started which avoids the overhead of opening connections every time a script is executed A database handle identifies a connection to an RDBMS and a pool is a set of database handles When the Web server is started one or more pools are created At any particular time a database handle is owned by at most one script Moreover the database handles owned by a script at any one time belong to different pools The functions shown in Figure 7 2 request database handles from the initialized pools and release the database handles again in such a way that deadlocks are avoided a simple form of deadlock is caused by one thread holding on to a resource A when attempting to gain access to a resource B while See the file sml server demo web demo lib WEB DB sml 7 6 TRANSACTIONS AS WEB SCRIPTS 67 Signature WEB_DB sig val dml quot gt unit val fold string gt string a gt a gt a gt quot gt a val oneField quot gt string val oneRow quot gt string list val zeroOrOneRow quot gt string list option val seqNextvalExp string gt st
87. he column field can contain at most 200 characters but that shorter strings use less memory The column data type date is used for storing dates The command also specifies some consistency constraints on the data namely that the columns email name and passwd must be non empty specified using the not null constraint The primary key constraint on the email column has two purposes First it specifies that no two rows in the table may have the same email address Second the constraint specifies that the RDBMS should maintain an index on the email addresses in the table so as to make lookup of email addresses in the table efficient 7 4 DATA MANIPULATION 61 alter table The alter table command is used to modify already existing tables even when data appears in the table The alter table command takes several forms The simplest form makes it possible to drop a column from a table alter table employee drop last_modified Here the column last_modified is eliminated from the table A second form makes it possible to add a column to a table alter table employee add salary integer In this example a column named salary of type integer is added to the employee table The update command may be used to initialize the new column as follows update employee set salary 0 where salary NULL drop table The drop table command is used to remove a table from a database As an example the command drop table employee removes
88. id int primary key password varchar 100 not null email varchar 20 unique not null name varchar 100 not null url varchar 200 Each person in the table is uniquely identified by a number person_id Moreover it is enforced by a consistency constraint that no two persons have the same email address The name and url columns provide additional information about a user and the password column holds passwords that are compared to the passwords entered when users login An SQL sequence person seq is used for creating unique person id numbers dynamically T wo people are inserted in the table by default create sequence person seq start 3 insert into person person id password email name url values 1 Martin mael it edu Martin Elsman http www itu dk mael File smlserver_demo web_demo_lib pgsql person sql 96 CHAPTER 9 AUTHENTICATION insert into person person_id password email name url values 2 Niels nh it edu Niels Hallenberg http www itu dk nh Now that the table for storing user information is in place it is possible to describe the authentication mechanism in detail 9 5 The Authentication Mechanism The authentication mechanism is implemented by a library structure Auth and a series of SMLserver scripts for managing the issuing of passwords sending pass words to users serving login forms to users and so on e auth_form sml Serves a
89. if a pattern p matches a string s In the context of building Web sites there are at least two important uses of regular expressions 42 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES 1 Checking form data by ensuring that data entered in forms follow the ex pected syntax If a number is expected in an HTML form the server program must check that it is actually a number that has been entered This partic ular use of regular expressions is covered in Chapter 8 Regular expressions can only check syntax that is given a date a regular expression cannot easily be used to check the validity of the date e g that the date is not February 30 However a regular expression may be used to check that the date has the ISO format YYYY MM DD 2 Extracting data from foreign Web sites as in the Currency Service above In the following we shall often use the term pattern instead of the longer regular expression The syntax of regular expressions is defined according to the description in Figure 6 2 A character class class is a set of ASCII characters defined according to Fig ure 6 3 Potential use of regular expressions is best illustrated with a series of examples e A Za z matches all characters in the english alphabet e 0 9 0 9 matches numbers containing two digits where both digits may be zero e cov pig s matches the four strings cow cows pig and pigs e alb a matches aa ba aaaa ba
90. ile You can have only one project associated with each Web server that you run Use the compiler smlserverc to compile the library and script files mentioned in the m1b file into 2 5 SO YOU WANT TO WRITE YOUR OWN PROJECT 9 bytecode Once your project is compiled the Web server answers requests of the files listed in the scripts end parts of your mlb file see Section 3 5 Library code to be shared between scripts may be stored anywhere on the system and mentioned for example in the local part in the project file look in the sample ml1b file web m1b for examples 10 CHAPTER 2 GETTING STARTED Chapter 3 Presenting Pages to Users In this chapter we show two examples of dynamic Web pages also called Web scripts written with SMLserver The first example which shows the time of day takes the form of a regular Standard ML program It uses the function Web Conn return to return the appropriate HTML code to the user requesting the page The second example which shows a simple multiplication table uses the pos sibility of writing ML Server Pages MSP with SMLserver 3 1 The HyperText Transfer Protocol Before we dive into the details of particular dynamic Web pages we briefly describe the protocol that is the basis for the World Wide Web namely the HyperText Transfer Protocol HTTP It is this protocol which dictates how Web browsers such as Microsoft s Internet Explorer or Netscape Navigator make requests to Web ser
91. ile represented by formvariable fv in file filename Raises Fail if some error happens e g filename can t be opened fv does not exists or fv is not an uploaded file headers returns as a set the HTTP headers associated with the connection 134 APPENDIX B THE WEB STRUCTURE host returns the server hostname associated with the connection 1ocation returns the HTTP location associated with the connection For example http www avalon com 81 A server may be associated with more than one location at a given time although there is always only on location associated with a connection peer returns the name of the peer associated with the connection The peer address is determined by the communications driver in use by the connection Typically it is a dotted IP address for example 199 221 53 205 but this is not guaranteed peerPort returns the port from which the peer is connected port returns the server port number associated with the connection redirect f performs an internal redirect to the file f i e makes it appear that the user requested a different URL and then run that request This form of redirect does not require the running of an additional thread server returns the name of the server associated with the connection url return the url relative to server root associated with the request hasConnection returns true if a connection is available Returns false othe
92. in Name for the mail server to use if such exists The list will be prioritized with the best server as the first element second best server as the second element etc initConn initializes a connection with the server represented by the FQDN and associates the exception with the connection initConn and sendmail may raise the exception B 10 THE WEB_LOW_MAIL SIGNATURE 151 sendmail send mails to the people through the connection given by the mailer sendmail returns the id on the mails that was accepted by the mail server closeConn closes the connection given by mailer and returns three lists The first list contain ids on mails accepted by the mail server the second list contain ids on mails that was temporary undeliverable and the third list contain ids on permanent undeliverable mails 152 APPENDIX B THE WEB STRUCTURE B 11 The WEB_MAIL Signature Signature WEB_MAIL sig type email to string list cc string list bec string list from string subject string body string extra_headers string list val sendmail email gt unit val send to string from string subject string body string gt unit datatype CharSet UTF8 IS088591 USASCII val mail gt email a CharSet option gt email string string list b gt b gt a gt b gt b end sendmail to cc bcc from subject body extra_headers sends an email to the addresses in
93. ind gt 8 cache where Type denotes the set of types supported by the cache interface As example the following expression constructs a cache named mycache which maps pairs of integers to lists of reals get Pair Int Int List Real mycache WhileUsed NONE SOME 9 1024 50 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES Caching Demonstration Galeon d lt Back gt v Oo q 9 stop 100 g hittp www smiserver org demo cache sml kind TimeOut Caching Demonstration Cache entries map email addresses to pairs of user ids and names Using cache name users and cache kind TimeOut Entries live in the cache in approximately 20 seconds The cache has ML type string int string cache Lookup Entry Add Entry Email Email nh it c aW Lookup Add to Cache You can choose among the following cache kinds Size WhileUsed TimeOut Figure 6 4 The example uses a cache to store a mapping from email addresses to pairs of names and user ids Cached values are accessible 20 seconds after the last use The cache interface also provides functions for adding entries insert looking up entries lookup and flushing caches flush The function flush deletes all entries in a cache but the cache still exists A cache cannot be deleted Caching Demonstration In the remainder of this Section we present a small caching demonstration which implements the m
94. ing string gt regexp val match regexp gt string gt bool val extract regexp gt string gt string list option end The function RegExp fromString takes a textual representation of a regular ex pression pattern and turns the textual representation into an internal represen tation of the pattern which may then be used for matching and extraction The function RegExp fromString raises the exception General Fail msg in case the argument is not a regular expression according to the syntax presented in the previous section The application RegExp match p s returns true if the pattern p matches the string s otherwise false is returned The following table illustrates the use of the RegExp match function Expression Evaluates to match fromString 0 9 99 true match fromString 0 9 aa99AA false match fromString 0 9 99AA true match fromString 0 9 99 false match fromString 0 9 99 false 6 3 THE STRUCTURE REGEXP 45 The second expression evaluates to false because the pattern 0 9 does not match the strings aa and AA A number of additional examples are available in the file smlserver_demo www web regexp sml The application RegExp extract r s returns NONE if the regular expression does not match the string s It returns SOME if the regular expression r matches the string s the list l is a list of all substrings in s matched by some regular expression appearing i
95. ing val fib m n Web Cache memoize cache fib n However the function fib m only caches the result not the intermediate re sults First evaluating fib m 1000 and then fib m 999 will not be different from evaluating fib 1000 and then fib 999 After evaluating fib m 1000 the cache will only contain one entry which cannot be used when evaluating fib m 999 The following implementation does store intermediate results in the cache which is also the implementation you find in file cache fib sml fun fib m O 1 fibm 1 1 fib m n fib n 1 fib n 2 and fib n Web Cache memoize cache fib m n 6 8 Caching Version of Currency Service In this section we demonstrate the memoization function memoize in the context of the Currency Service of Sections 6 1 and 6 4 Similarly to the Bill Gates Personal Wealth Clock our Currency Service should not access Yahoo Finance on each and 5File smlserver_demo www web cache_fib sml 54 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES every access Instead the currency rates obtained from Yahoo are cached in 300 seconds five minutes Notice the distinction between the cache strategies TimeOut and WhileUsed the service should not make use of the cache strategy WhileUsed because rates must be updated every 300 seconds irrespectively of whether the service is ac cessed every minute Here is the script currency cache sml which implements the cached version of the Currency Ser
96. ing Cookies to Clients 9 2 Obtaining Cookies from Clients 9 3 Cookie Example 9 4 Storing User Information 9 5 The Authentication Mechanism 9 6 Caching Passwords for Efficiency 9 7 Applying the Authentication Mechanism 10 Scheduling and Trapping 10 1 Initialization lee 10 2 Scheduling eile eva de et ee 10 8 Trapping aa we ee CONTENTS CONTENTS 11 Configuration 12 Summary A HTML Reference A 1 Elements Supported Inside Body Element ALE Text Elements uis a Wee ee Ere ur Yet A 1 2 Uniform Resource Locators A 1 3 Anchors and Hyperlinks Aul Headers cus Mek hl St ek dee Se Bae A 1 5 LogicalStyles s lt ccs soa ee ee ee A 1 6 Physical Styles A 1 7 Definition Lists 0 0 A 1 8 Unordered Lists lll A31 9 Ordered TAS 2 uec Thu Wwe erg meer Act T0 Characters dere rv dn mo Gl bli gon AD IDEM EOERIS 6 indue Du eru RODA UP he ASI Input A 2 2 Select Elements eo scc e e 222r A 2 3 Select Element Options AZA TEATS le ee Ge age Ge ne A 3 Miscellaneous B The Web Structure 1 The WEB Signature 2 Th
97. ion RatingUtil mailto is used to present the name of the raters as mailto anchors The script add sml The script add sml assumes either 1 the presence of a form variable wid or 2 the presence of form variables name and year In case of 1 the name and year of 7 7 BEST WINES WEB SITE TT the wine are obtained using simple select commands In case of 2 it is checked also using a select command whether a wine with the given name and year is present in the wine table already if not a new wine is inserted in the wine table Thus before a rating form is returned to the user the wine to be rated will be present in the wine table Here is the listing of the script add sm1 structure FV FormVar val wid name year case FV wrap pt FV getNatErr wid of SOME wid gt get name and year let val wid Int toString wid val query select name year from wine where wid wid in case Db oneRow query of name year gt wid name year _ gt raise Fail add sml end NONE gt let val name FV wrapFail FV getStringErr name name of wine val year FV wrapFail FV getIntRangeErr 1 3000 year year of wine val year Int toString year val query select wid from wine where name Db qqq name and year Db qqq year in case Db zero r neRow query of SOME wid gt wid name year _ gt get fresh wid from RDBMS let val wid Int toString Db seqNextval wid
98. is familiar with the programming AOLserver is a multi threaded Web server provided by America Online AOL vil viii CONTENTS language Standard ML and with functional programming in general There are several good introductory Standard ML text books available including Pau96 HR99 The present book is not meant to be a complete user s manual for SMLserver Instead the book is meant to give a broad overview of the possibilities of using SMLserver for Web application development The choice of content and the examples presented in the book are inspired from more than six years of expe rience with developing and teaching the course Web Publishing with Databases at the IT University of Copenhagen We would like to thank Lars Birkedal Ken Friis Larsen and Peter Sestoft for their many helpful comments on the project Peter developed the concept of ML Server Pages and we are happy that much of the code that Peter wrote for his Moscow ML implementation of ML Server Pages is reused in the SMLserver project in particular the Msp structure is written entirely by Peter We would also like to thank Mads Tofte for his continued encouragement on working on this project Mads is a brilliant programmer and has developed several Web applications with SMLserver including an alumni systemand a course evaluation system for the IT University of Copenhagen SMLserver is Open Source and distributed under the GNU General Public License GPL More i
99. l to the Web browser lt hr gt lt i gt Served by lt a href http www smlserver org gt SMLserver lt a gt lt i gt lt body gt lt html gt Figure 3 4 shows the result of a user requesting the file mul msp from the Web server An msp file contains HTML code with the possibility of embedding Stan dard ML code into the file using tags lt MSP and MSP gt The former type of tag makes it possible to embed Standard ML declarations into the HTML code whereas the latter type of tag makes it possible to embed Standard ML expressions into the HTML code The Msp structure which the msp file makes use of provides functionality for constructing and concatenating HTML code effi ciently by means of constructors and amp amp respectively The functions col row and tab construct the HTML multiplication table The functions use the function iter which constructs HTML code by concatenating the results of repeatedly ap plying the anonymous function given as the first argument the second argument controls the number of times the anonymous function is called 18 CHAPTER 3 PRESENTING PAGES TO USERS 3 4 How SMLserver Serves Pages Before we proceed with more examples of SMLserver Web applications we de scribe how SMLserver Web applications are compiled and loaded and finally how SMLserver scripts i e sm1 files are executed when requested by a client Apache supports dynamic loading of modules when the server i
100. lculates the scores val query select wine wid name year avg rating as average count as ratings from wine rating where wine wid rating wid group by wine wid name year order by average desc name year fun formatRow g acc let val avg g average val avgInt case Int fromString avg of SUME i gt i NONE gt case Real fromString avg of SOME r gt floor r NONE gt raise Fail Error in formatRow 12 smlserver demo www web rat ing index sml 7 7 BEST WINES WEB SITE 81 val wid g wid in acc lt tr gt lt td gt lt a href wine sml wid wid g name lt a gt year g year th RatingUtil bottlelImgs avgInt td align center g ratings lt td gt lt a href add sml wid wid rate it lt a gt lt tr gt end val _ RatingUtil returnPageWithTitle Best Wines lt table width 95 bgcolor dddddd border 1 gt lt tr gt lt th gt Wine lt th gt Average Score out of 6 lt th gt Ratings lt th gt amp nbsp Db fold formatRow query lt table gt lt form action add sml gt lt h2 gt Rate new wine type its name and year lt h2 gt lt b gt Name lt b gt lt input type text name name size 30 gt amp nbsp lt b gt Year lt b gt lt input type text name year size 4 gt amp nbsp lt input type submit value Rate it gt lt form gt The implementation uses the function RatingUtil bottleImgs to generate HTML cod
101. loyee sq 1 file is reloaded upon changes in the data model File smlserver_demo web_demo_lib pgsql employee sql 7 5 THREE STEPS TO SUCCESS 65 index html search sml Found Martin Elsman Note update sml Bman ea 8 paswa New search Search Employee Figure 7 1 Web site diagram for the employee example Administrator pages for adding and deleting employees are not shown To load the data model in a running Postgresql RDBMS run the program psql with the file employee sql as argument 4 psql f employee sql DROP psql employee sql 9 NOTICE CREATE TABLE PRIMARY KEY will create implicit index employee_pkey for table employee CREATE INSERT 167792 1 INSERT 167793 1 For larger data models it is important to give the data model more thought perhaps by constructing an Entity Relation diagram E R diagram for the model we shall see an example of such an E R diagram in Section 7 7 A simple Web site diagram for the employee example is shown in Figure 7 1 The boxes in the diagram represents the different HTML pages that the employee Web application may send to the user An edge in the diagram represents either a link or a form action A labeled edge represents an update transaction on the database The entry page to the employee example may be implemented as a simple HTML form with action search sm1 lt html gt lt head gt lt title gt Search the Employee Database lt title gt l
102. lt td gt lt input name passwd type password gt lt input type submit value Change Note gt File smlserver_demo www web employee search sml 7 6 TRANSACTIONS AS WEB SCRIPTS 69 Beck gt vy d stop 100 smiserver org demovemployee search sml Employee Search Success Niels Hallenberg nh itedu 1 ChangeNote Try new search Served by SMLserver Figure 7 3 The result of searching for an employee with email nh it edu lt td gt lt tr gt lt table gt lt form gt lt p gt Try a lt a href index html gt new search lt a gt _ gt returnPage Employee Search Failure Use the back button in your Web browser to go back and enter another email address The expression FormVar wrapFail FormVar getStringErr var name returns an error page to the user in case form variable var is not available or in case it contains the empty string The argument name is used for error reporting Searching for an employee with email nh it edu results in the Web page shown in Figure 7 3 The script update sm1 looks as follows val getString FormVar wrapFail FormVar getStringErr val email getString email email val passwd getString passwd passwd val note getString note note File smlserver_demo www web employee update sml1 70 CHAPTER 7 CONNECTING TO AN RDBMS val update update employee set note
103. lue from the given string As the first argument to configGetValue you must provide the same type as you gave configSetValue A runtime check asserts this and raises Domain if violated You may only call configSetValue in your initialization script If this rule is violated the exception Web Forbidden is raised With this scheme every change to the initialization script your configuration requires a recompilation of the project to take effect If this is not appropriate you 109 110 CHAPTER 11 CONFIGURATION can create you own configuration file and parse it in the initialization script We feel that this gives you a maximum of flexibility Example of use init sml val Web Info configSetValue Web Info Type Int Number of users 10 myproject sml val numberO0fUsers get pt Info configGetValue Web Info Type Int Number of users 5 You have to program this yourself Chapter 12 Summary This book provides a tutorial overview of programming dynamic Web applications with SMLserver through the presentation of a series of examples Starting with the basic mechanism for serving dynamic pages to users the book covers topics such as achieving and validating data from users fetching data from foreign Web sites interfacing to Relational Database Management Systems RDBMSs and authenticating users SMLserver is already used for a series of real purpose Web sites including an evaluation system an alumni system and
104. maybeDml sql executes sql and returns the value unit Does not raise Fail errors are suppressed panicDml f sql executes sql and returns the value unit On error the function f is applied to an error string The function always returns unit fold f b sql executes SQL statement sql and folds over the result set b is the base and f is the fold function the first argument to f is a function that maps column names to values Raises Fail msg on error foldSet f b sql similar to fold except that f takes the result set as argument Raises Fail msg on fail B 5 THE WEB_DB SIGNATURE 139 app f sql executes SQL statement sql and applies f on each row in the result set Raises Fail on error list f sql executes SQL statement sql and applies f on each row in the result set The result elements are returned as a list Raises Fail on error oneField sql executes SQL statement sql which must return exactly one row with one column which the function returns as a string Raises Fail on error zeroOrOneField sql executes SQL statement sql which must return either zero or one row If one row is returned then there must be exactly one column in the row Raises Fail on error oneRow sql executes SQL statement sql which must return exactly one row Returns all columns as a list of strings Raises Fail on error oneRow f sql executes SQL statement sql which must return exactly one row Returns f applied on the row Raises F
105. mportance of this part 3 Implementation of scripts including the implementation of database trans actions using the SQL data manipulation language This is the easy part We emphasize that the easy part of developing a Web site backed by a database is the third part the implementation of scripts for supporting the appropriate transactions Not surprisingly the more time spent on the first two parts the better are the chances for a satisfactory result In general the construction of a data model results in the creation of a file containing SQL data definition language commands for defining tables and perhaps data manipulation commands for inserting initial data in the tables The construction of a data model for the employee example results in a file 1 541 containing only a few data definition language commands and two insert commands for inserting example data in the table drop table employee create table employee email varchar 200 primary key not null name varchar 200 not null passwd varchar 200 not null note varchar 2000 last_modified date insert into employee name email passwd values Martin Elsman mael it edu don tforget insert into employee email name passwd note values nh it edu Niels Hallenberg hi meeting Notice that the employee sq1 file contains a drop table command this command turns out to be useful when the emp
106. n parentheses in r Strings in l appear in the same order as they appear in s Nested parentheses are supported but empty substrings of s that are matched by a regular expression appearing in a parenthesis in r are not listed in J For a group that takes part in the match repeatedly such as the group b in pattern a b when matched against the string abbabbb all matching sub strings are included in the result list bb abb bbb abbb For a group that does not take part in the match such as ab in the pattern ab cd when matched against the string cd a list of only one match is returned a match for cd cd Again the use of regular expressions for string extraction is best illustrated with a series of examples e Name and telephone The application extract Name a zA Z Tlf 0 9 1 Name Hans Hansen Tlf 55 55 55 55 evaluates to SOME Hans Hansen 55 55 55 55 e Email The application extract a zA Z 0 9a zA Z _ 0 9a zA Z _ name company com evaluates to SOME name company com The application extract a zA Z 0O 9a zA Z _ 0 9a zA Z _ name company com evaluates to NONE e Login and Email The application 46 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES extract a zA Z 0 9a zA Z _ 0 9a zA Z _ 7 joe it edu sue id edu pat it edu evaluates to SOME joe joe it edu sue sue id edu pat pat it edu
107. nchorName gt lt a gt Link to location anchorName in the present document lt a href URLitanchorName lt a gt Link to location anchorName in document specified by URL lt a href URL gt lt a gt Link to file or resource specified by URL lt a href URL nl vi amp amp nn vn lt a gt Link to file or resource URL with form variable arguments nl v1 nn nv separated by amp To be precise the anchorName and form variable arguments included in the name and href attributes in the examples above are part of the URL A 1 4 Headers hi lt hi gt Highest significant header lt h2 gt h2 lt h3 gt lt h3 gt lt 4 gt lt h4 gt lt h5 gt lt h5 gt lt h6 gt lt h6 gt Lowest significant header A 1 5 Logical Styles lt em gt lt em gt Emphasis lt strong gt lt strong gt Strong emphasis A 1 6 Physical Styles lt b gt lt b gt Boldface lt i gt lt i gt Italics lt u gt u Underline lt tt gt lt tt gt Typewriter font A 1 7 Definition Lists lt dl gt lt dt gt First term lt dd gt Definition of first term lt dt gt Next term 118 APPENDIX A HTML REFERENCE lt dd gt Definition of next term d1 The lt dl gt attribute compact which takes no argument can be used to generate a definition list tha
108. nformation about the SMLserver project can be found at the SMLserver Web site http www smlserver org Martin Elsman Niels Hallenberg Carsten Varming Copenhagen Denmark February 2002 Revised January 2003 and January 2007 for Second Edition Chapter 1 Introduction SMLserver is a Web server module for Apache 2 0 the most popular Web server on the Internet SMLserver comes with a compiler for compiling Web applica tions written in Standard ML 97 into bytecode to be interpreted by the SMLserver module SMLserver has an extensive Application Programmer Inter face API For instance SMLserver provides efficient interfaces to several Rela tional Database Management Systems RDBMSs including MySQL Postgresql and Oracle SMLserver extends Apache by providing the possibility of programming dy namic Web pages in Standard ML using its rich language features including data types pattern matching higher order functions parametric polymorphism and modules SMLserver provides a Standard ML interface to much of the Apache API thereby giving the Standard ML programmer access to many great features including the following e Different RDBMSs including Oracle Postgresql and MySQL may be ac cessed through a generic database interface e SMLserver provides easy access to HTTP header information including form content and cookie information e Efficient caching support makes it possible to decrease the load caused b
109. ngs that match either p or e g the pattern piglcow matches the strings pig and cow class matches a character in class the notion of charac ter class is defined below The pattern abci 4 matches sequences of the characters a b c 1 2 3 4 the order is insignificant class matches a character not in class The pattern abci 4 matches sequences of all the characters except a b c 1 2 3 4 matches the empty string matches 0 or 1 instances of the pattern e g the strings aa and aba matches the pattern ab a but the string abba does not match the pattern ab a Figure 6 2 The syntax of regular expressions patterns The letter p is used to range over regular expressions The word class is used to range over classes see Figure 6 3 44 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES class Definition c class containing the specific character c c class containing the escaped character c where c is one of L 1 t n f C1 C2 class containing ASCII characters in the range c4 to c2 defined by the characters ASCII value the empty class class class class composed of characters in class and class Figure 6 3 The syntax of character classes Character classes are ranged over by class 6 3 The Structure RegExp SMLserver contains a simple interface for the use of regular expressions structure RegExp sig type regexp val fromStr
110. nnection returnXHtml sc s sends XHTML string s with status code sc and B 3 THE WEB_CONN SIGNATURE 133 mime type application xhtml xml to client including HTTP headers and Cache Control header set to must revalidate May raise MissingConnection return s sends HTML string s with status code 200 to client including HTTP headers May raise MissingConnection returnFile sc mt f sends file f with status code sc to client including HTTP headers The mime type is mt Raises MissingConnection if the execution is not associated with a connection Raises Fail msg if the file cannot be opened for reading write s sends string s to client excluding HTTP headers May raise MissingConnection returnRedirect loc sends redirection HTTP response to client status code 302 with information that the client should request location loc May raise MissingConnection getQuery constructs and returns a set representing the query data associated with the connection It reads the POST content or the query string The POST content takes precedence over the query string formvar k returns the first query data associated with the key k the function returns NONE if no query data is present for the argument key k formvarAll k returns all values associated with key k in the query data the function returns the empty list if no query data is present for the argument key k storeMultiformData fv filename stores the uploaded f
111. nsitive counterpart to get getOpt s k v returns the first value associated with key k in set S returns v if no value is associated with k in s getAll s k returns all values associated with key k in set s returns the empty list if no values are associated with k in s size s returns the number of elements in a set list s returns the list representation of set s filter f s returns the list of key value pairs in s for which applying f on the pairs from left to right returns true foldl f s identical to foldl o list B 14 THE WEB SET SIGNATURE 157 foldr f acc s identical to foldr o list 158 APPENDIX B THE WEB STRUCTURE B 15 The XMLRPC Signature Signature XMLRPC sig include XMLRPC_TYPE exception TypeConversion exception MethodInvocation of int string exception ServerConnection of string val rpc a T gt b T gt url string method string gt Ca gt p type method val dispatch method list gt unit val method string gt a T gt gt gt b gt method end TypeConversion is raised whenever a recieved value dosen t match the expected type MethodInvocation code str is raised when a fault message is recieved from the server code is the error code returned and str the fault string returned ServerConnection is raised if problems occur during reading or writing to the connection rpc A B url method re
112. onsistency constraint 59 60 72 content type 16 cookie 20 90 Cookie structure 90 CookieError exception 91 92 course registration system vii 111 create sequence SQL command 72 create table SQL command 60 createdb command 8 createuser command 7 data definition language 60 data manipulation language 60 database handle 66 database user 7 Db structure 66 Db fold function 75 Db qq function 67 Db qqq function 68 DbBackend 8 DbFunctor 8 dd element 117 deadlock 66 definition list 117 delete SQL command 63 deleteCookie function 91 deSchedule function 107 diagram Entity Relationship E R 71 Web site 65 100 dl element 117 document location 116 domain cookie attribute 92 drop table 64 INDEX SQL command 61 dt element 117 durability 59 E R diagram 71 easy part 64 element 115 email sending 86 employee sql file 64 encrypted communication 2 end tag 115 Entity Relationship diagram 71 errs type 83 evaluation system 111 Example Best Wines Web site 70 caching 50 counting up and down 33 dynamic recipe 27 employee 57 guess a number 34 link database 99 memoization 53 multiplication table 16 scheduling 107 sending email 85 temperature conversion 23 time of day 12 exception Interrupt 22 uncaught 22 execution aborting 21 expiry cookie attribute 91 extensibility 111 fetchUrl function 39 fetchUrlTime function 39 filtering 2 INDEX
113. ostgresql both of which are supported by SMLserver The language used to communicate with the RDBMS is the standardized Struc tured Query Language SQL although each RDBMS has its own extensions to 60 CHAPTER 7 CONNECTING TO AN RDBMS the language SQL is divided into two parts a Data Definition Language DDL and a Data Manipulation Language DML Although this book is not meant to be an SQL reference in the next two sections we discuss the two parts of the SQL language in turns 7 3 Data Modeling The term data modeling covers the task of defining data entities tables and relations between entities The SQL data definition language contains three com mands for creating dropping and altering tables namely create table drop table and alter table create table The SQL command create table takes as argument a name for the table to create and information about the table columns in terms of a name and a data type for each column The following create table command specifies that the table employee be created with five columns email name passwd note and last_modified create table employee email varchar 200 primary key not null name varchar 200 not null passwd varchar 200 not null note varchar 2000 last_modified date There are a variety of column data types to choose from and each RDBMS has its own extensions to SQL also in this respect The column data type varchar 200 specifies that t
114. oviding an email address or some user name and a password There are several reasons for adding an authentication mechanism to a Web site e Access restriction If some information is available to only some users a mechanism is necessary to hide the restricted information from unprivileged users e User contributions If users are allowed to contribute content on the Web site it must be possible for the system to weakly identify the user so as to avoid spam content Also the user that contributes with the content and only that user should perhaps be allowed to modify or delete the contributed content e Personalization Different users of a Web site have different needs and differ ent preferences concerning page layout and so on By adding personalization to a Web site there is a chance of satisfying more users e User tracking A particular user s history on a Web site may be of great value perhaps for an administrator to see what content the user has seen when answering questions asked by the user For an in depth discussion about what a user tracking system may be used for consult Gre99 e User transactions If the Web site is an e commerce site for instance a secure authentication mechanism perhaps based on SSL Secure Socket Layer is necessary to allow a user to perform certain transactions 89 90 CHAPTER 9 AUTHENTICATION In this chapter we present a simple authentication mechanism based on cookies see the
115. p www census gov cgi bin popclock currency rate services e g http se finance yahoo com and a large number of stock quote services e g http quotes nasdaq com In this chapter we shall see how to extract data from another Web site and how to use the data for content on your own Web site using what are called regular expressions 6 1 Grabbing a Page The SMLserver API has a built in function Web fetchUr1 with type string gt string option for fetching a page from the Internet and return the page as a string Upon calling Web fetchUrl SMLserver connects to the HTTP Web server specified by the argument URL which must be fully qualified The function does not handle redirects or requests for protocols other than HTTP If the function fails for instance by trying to fetch a page from a server that is not reachable the function returns NONE Web fetchUrl has a default timeout of 60 seconds This can be changed by configuring FetchUrlTimeOut with an integer The function fetchUrlTime behaves as fetchUr1 but take a timeout as an argument Say we want to build a simple currency service that allows a user to type in an amount in some currency and request the value of this amount in some other currency First we must find a site that provides currency rates one such site is Yahoo Finance http se finance yahoo com By browsing the site we see how to 39 40 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES obtain curr
116. pe similar to Pair except that the triple is represented with as one Pair embedded in another Pair a b c where a is of type aType b is of type bType and c is of type cType Unit predefined type representing units Int predefined type representing integers B 13 THE WEB_SERIALIZE SIGNATURE 155 Real predefined type representing reals Bool predefined type representing booleans Char predefined type representing characters String predefined type representing strings Time predefined type representing Time time values 156 APPENDIX B THE WEB STRUCTURE B 14 The WEB_SET Signature Signature WEB_SET sig type set val get set val iget set string gt string option val get pt set string string gt string string gt string option val getAll set string gt string list val igetAll set val size set gt int val list set gt string string list val filter string string gt bool gt set string string list string gt string list val foldl string string a gt a gt a gt set gt a val foldr string string a gt a gt a gt set gt a end set abstract type of sequences of key value pairs returned by some calls to the web server get s k returns SOME v if v is the first value associated with key k in set s returns NONE if no value is associated with k in s iget s k is the inse
117. pic body Web return lt html gt lt head gt lt title gt title lt title gt lt head gt lt body bgcolor white gt lt center gt lt h2 gt title lt h2 gt img src pic gt lt p gt Quot toString body lt p gt lt i gt Served by lt a href http www smlserver org gt SMLserver lt a gt lt i gt lt center gt lt body gt lt html gt fun mk_form n int lt form action guess sml method post gt lt input type hidden name n value Int toString n lt input type text name guess gt lt input type submit value Guess gt lt form gt val _ case FormVar wrap pt FormVar getNatErr n of NONE gt returnPage Guess a number between O and 100 bill guess jpg mk form Random range 0 100 Random newgen SOME n gt case FormVar wrapOpt FormVar getNatErr guess of NONE gt returnPage You must type a number try again bill guess jpg mk form n SOME g gt if g gt n then returnPage Your guess is too big try again bill large jpg mk form n else if g n then returnPage Your guess is too small try again bill small jpg mk form n else File smlserver demo www web guess sml 36 USING HIDDEN FORM VARIABLES returnPage Congratulations bill_yes jpg You guessed the number Int toString n lt p gt lt a href guess sml gt Play again lt a gt In the case that no form variable n exists a new random number is generated and the game i
118. r cookie name of NONE gt CookieName SOME cn gt cn val clt case FV wrapOpt FV getIntErr cookie lt of NONE gt 60 SOME clt gt clt val cs case FV wrap pt FV getStringErr cookie secure of SOME Yes gt true _ gt false val expiry let open Time Date in fromTimeUniv now fromSeconds clt end val cookie Web Cookie setCookie name cn value cv expiry SOME expiry domain NONE path SOME secure cs val _ Web Conn returnRedirectWithCode 302 cookie sml The variables cn cv cs and clt contain the form values received from the first entry form in the page returned by the cookie sml script The action of the Delete Cookie form is the script cookie delete sml File smlserver demo www web cookie set sml File smlserver_demo www web cookie_delete sml 9 4 STORING USER INFORMATION 95 val cn case FormVar wrapOpt FormVar getStringErr cookie name of NONE gt CookieName SOME cn gt cn val Web Cookie deleteCookie name cn path SO0ME val Web Conn returnRedirectWithCode 302 cookie sml The cookie name cn is the value received from the second entry form in the page returned by the cookie sml script 9 4 Storing User Information The authentication mechanism presented below makes use of information about users stored in a person table in a database see Chapter 7 The SQL for creating the person table looks as follows create table person person_
119. r a request is loaded SMLserver executes initialization code for each library file before the bytecode associated with the request is executed Because SMLserver initiates execution in an empty heap each time a request is served it is not possible to maintain state implicitly in Web applications using Standard ML references or arrays Instead state must be maintained explicitly using a Relational Database Management System RDBMS or the cache primi tives supported by SMLserver see the WEB_CACHE signature in Appendix B An other possibility is to emulate state behavior by capturing state in form variables or cookies At first this limitation may seem like a major drawback However the limita tion has several important advantages e Good memory reuse When a request has been served memory used for serving the request may be reused for serving other requests e Support for a threaded execution model Requests may be served simul taneously by interpreters running in different threads without the need for maintaining complex locks e Good scalability properties For high volume Web sites the serving of re quests may be distributed to several different machines that communicate with a single database server Making the RDBMS deal with the many si multaneous requests from multiple clients is exactly what an RDBMS is good at e Good durability properties Upon Web server and hardware failures data stored in Web server memory is lost wh
120. r the input variable Password values are not shown on the user s form Anything entered by the user replaces any default value defined with this attribute For type checkbox or type radio Value is the value that is submitted to the server if that checkbox is selected For type reset or type submit Value is a label that appears on the submit or reset button in place of the words Submit and Reset checked no arguments For type checkbox or type radio if checked is present the input field is selected by default size Width where Width is an integer value representing the number of characters dis played for the type text or type password input field maxlength Length where Length is the maximum number of characters allowed within type text or type password variable values This attribute is used only in combi nation with the input types text and password A 2 2 Select Elements The select element lt select gt lt select gt allows a user to select between a number of options The select element requires an option element for each item in the list see below Attributes and corresponding arguments include name Name where Name is the symbolic identifier for the select element size listLength where listLength is an integer representing the maximum number of option items displayed at one time multiple no arguments If present more than one option value may be selected A 3
121. rd for the database user Answer yes to the questions asked by createuser http www unixodbc org 2 5 CHAPTER 2 GETTING STARTED As user create a database also called user as follows createdb USER You can now use the command psql to control your database and submit SQL queries and commands to your database Install the data models for the demonstration programs by executing the commands cd HOME web web_demo_lib pgsql psql c M all sql Verify that the database is available using 1541 isql psql gt select from guest You should see a message from Homer Simpson Restart Apache by executing the command sudo etc init d apache2 restart After copying the sample Web directory to HOME as described in Section 2 1 edit the file HOME web web_demo_lib Db sml Make sure that the struc ture DbBackend passed to the DbFunctor is the structure Web DbPgBackend The lines defining the Oracle structure and the MySQL structure should be commented out Edit the file HOME web web_sys init sml Enable the Postgresql configu ration lines Compile the sample Web project as described in Section 2 1 Go start your Web browser and visit the database examples available from http localhost web index sml So You Want to Write Your Own Project To write your own project create a new mlb file and make this project the project served by SMLserver by updating the Apache configuration f
122. re the properly quoted values setList nvs returns a string formatted to be part of an update statement Say nvs n1 vi1 n2 v2 then update t set Db setList nvs is turned into update t set nl vi_ n2 v2_ where vi_ are the properly quoted values 142 APPENDIX B THE WEB STRUCTURE B 6 The WEB DB HANDLE Signature Signature WEB_DB_HANDLE sig Database handles type db val getHandle unit gt db val putHandle db gt unit val wrapDb db gt a gt a Data manipulation language val dmlDb db gt quot gt unit val execDb db gt quot gt unit val panicDmlDb db gt quot gt a gt quot gt unit Transactions val dmlTransDb db gt db gt gt a val dmlTrans db gt a gt a val panicDmlTransDb db gt quot gt a gt db gt a gt a val panicDmlTrans quot gt a gt db gt a gt a Stored Procedure val execSpDb db gt quot list gt unit Queries val foldDb db gt string gt string a gt a gt gt quot gt a val foldDbCol db gt string list gt string gt string option a gt a gt gt quot gt a val appDb db gt string gt string gt a gt quot gt unit val appDbCol db gt string list gt string gt string option gt a gt quot gt unit val listDb db gt s
123. riable In case the given form variable does not contain a valid email address errors are accumulated and may be presented to the user when all form variables have been checked To deal with error accumulation properly each function takes three arguments 1 The name of the form variable holding the value 2 The name of the field in the form the user may be presented with an error page with more than one error and it is important that the error message refers to a particular field in the form 3 An accumulator of type errs used to hold the error messages sent back to the user The functions are named FormVar getTErr where ranges over possible form types In each script when all form variables have been checked using calls to particular FormVar getTErr functions a call to a function FormVar anyErrors 83 84 CHAPTER 8 CHECKING FORM VARIABLES structure FormVar sig exception FormVar of type errs type a formvar_fn val emptyErr val addErr val anyErrors val getIntErr val getNatErr val getRealErr string string errs Quot quot errs gt errs errs gt unit string errs gt a errs int formvar_fn int formvar_fn real formvar_fn val getStringErr string formvar_fn val getIntRangeErr int gt int gt int formvar_fn val getEmailErr string formvar fn val getUrlErr string formvar fn val getEnumErr string list gt string formvar fn val wrap pt 2 formvar fn gt
124. ring val qq string gt string val qqq string gt string end Figure 7 2 Parts of the WEB DB signature another thread holds on to resource B when attempting to gain access to resource A The WEB DB function dm1 with type quot unit is used to execute a data ma nipulation language command specified with the argument string in the RDBMS On error the function raises the exception General Fail msg where msg holds an error message Data manipulation language commands that may be invoked using the dm1 function include the insert and update statements The four functions fold oneField oneRow and zero r neRow may be used to access data in the database In all cases a select statement is passed as an argument to the function The function fold requires some explanation An application fold f b sql executes the SQL statement given by the quotation sql and folds over the result set The function f is the function used in the folding with base b The first argument to f is a function that maps column names into values for the row The function raises the exception General Fail msg where msg is an error message on error See the script wine sm1 listed on page 75 for an example that uses the fold function Because the number of database handles owned by a script at any one time is limited to the number of initialized pools nesting of other database access functions with the fold function is limited by the number of initialized
125. rors We now turn to an example that uses the multi error functionality of the FormVar structure The example constitutes a simple email service built from two scripts one that presents a form to the user nail form sml and one that sends an email constructed on the basis of the form content contributed by the user mail sml The script mail form sml looks as follows Page return Send an email lt form action mail sml method post gt lt table gt lt tr gt lt th align left gt To lt th gt lt td align right gt lt input type text name to gt lt td gt lt tr gt lt tr gt lt th align left gt From lt th gt lt td align right gt lt input type text name from gt lt td gt lt tr gt lt tr gt lt th align left gt Subject lt th gt lt td align right gt lt input type text name subject gt lt td gt lt tr gt lt tr gt lt td colspan 2 gt lt textarea name body cols 40 rows 10 gt Fill in lt textarea gt lt td gt lt tr gt lt tr gt lt td colspan 2 align center gt lt input type submit value Send Email gt lt td gt lt tr gt lt table gt lt form gt The action of the form is the script mail sml When the user presses the Send Email submit button the script mail sml is executed with the form variables to from subject and body set to the values contributed by the user Here is the script mail sm1 File smlserver demo www web mail form sml File smlserver demo www web mail sml 86 CHAPTE
126. rson_id person then lt a href delete sml link id g link_id gt delete lt a gt else fun layoutRow g acc f li table width 100 cellspacing 0 cellpadding 0 border 0 gt lt tr gt lt td width 50 gt lt a href g url g text lt a gt lt td gt added by lt a href g purl gt g name lt a gt lt td align right gt delete g lt tr gt lt table gt acc val loginout case person of NONE gt To manage links that you have entered please lt a href auth_form sml target link gt login lt a gt SOME p gt let val name Db oneField select name from person where person id Int toString in You are logged in as user name you may lt a href auth logout sml logout a end val list Db fold layoutRow query val _ Page return Web sites that use SMLserver loginout lt ul gt list lt p gt lt li gt lt a href add_form sml gt Add Web site lt a gt lt ul gt The script uses the function Auth verifyPerson to present delete links for those Web site entries that a user is responsible for Moreover if a user is already logged in a Logout button is presented to the user whereas a Login button is presented if the user is not logged in The result of a user requesting the file is shown in Figure 9 4 The script link delete sml is implemented by the following Standard ML 9 7 APPLYI
127. rwise For the execution of init scripts and scheduled Scripts no connection is available This function may be used to protect execution of code that requires a connection e g execution of library code add headers key value adds key value to the http header fullRequest returns the entire request as a string Raises exception MissingConnection if no connection is present B 4 THE WEB_COOKIE SIGNATURE 135 B 4 The WEB COOKIE Signature signature WEB COOKIE sig exception CookieError of string type cookiedata name string value string expiry Date date option domain string option path string option secure bool val allCookies unit gt string string list val getCookie string gt string string option val getCookieValue string gt string option val setCookie cookiedata gt unit val setCookies cookiedata list gt unit val deleteCookie name string path string option unit end 5 exception raised on error with message s cookiedata type of cookie allCookies returns a list 1 1 n2 v2 nm vm of all the name value pairs of defined cookies getCookie cn returns SOME value where value is the cn value string for the cookie cn if any otherwise returns NONE getCookieValue cn returns SOME v where v is the value associated with the cookie cn if any otherwise returns NONE setCookie name value
128. s a relationship to surrounding text The argument for align can be one of top middle or bottom border 0 Leaves out the border on the image img when it appears within lt a href img gt lt a gt lt br gt Forces a line break immediately and retains the same style lt hr gt Places a horizontal rule or separator between sections of text Appendix B The Web Structure The Web structure gives access to the Web server API The structure Web implements the WEB signature which holds often used func tionality and sub structures matching a series of signatures Reading signatures is a good way of familiarizing yourself with an API In the sections to follow we present the following signatures WEB Page 125 Main Web API WEB_CACHE Page 129 Support for caching of computations WEB_CONN Page 132 Connection dependent functionality WEB_COOKIE Page 135 Support for setting and retrieving cookie information WEB_DB Page 137 Database connectivity WEB_DB_HANDLE Page 142 Handle based database connectivity for transactions and multiple simultaneous connections WEB_DYNLIB Page 146 Support for dynamic linking WEB_INFO Page 147 Support for retrieving various kinds of connection and server information WEB_LOG Page 149 Support for writing to the Apache log file WEB_LOW_MAIL Page 150 Low level mail API WEB_MAIL Page 152 High level mail API WEB_MIME Page 153 Support for determining the MIME
129. s started Mod ules that may be loaded in this way include drivers for a variety of database vendors a module that enables support for CGI scripts and a module that en ables encryption support using Secure Socket Layer SSL Which modules are loaded when Apache starts is configurable SMLserver is implemented as a module mod_sml so which is loaded into Apache along with other modules when Apache starts When the mod_sml so module is loaded into Apache future requests for files with extension sml are served by interpreting the bytecode file that is the result of compiling the re quested sm1 file Compilation of sm1 files into bytecode files is done by explicitly invoking the SMLserver compiler smlserverc ML Server Pages i e scripts with extension msp may be compiled into scripts with extension sm1 using the mspcomp program that comes with SMLserver 3 5 ML Basis Files The SMLserver compiler smlserverc takes as argument an mlb file which lists the sml scripts that client may request along with Standard ML library code to be used by the client accessible sml scripts The result of the compilation is stored within MLB directories relative to the individual source files The MLB directories contain information that allows efficient recompilation of mlb files upon change of source code Be aware that the project file name must correspond to the string associ ated with the entry prjid in the Apache configuration file which by
130. s started by presenting an introduction line to the player along with a form for entering the first guess The Web game then proceeds by returning different pages to the user dependent on whether the user s guess is greater than smaller than or equal to the random number n Notice that the game uses the POST request method so that the random number that the user is to guess is not shown in the browser s location field Although in theory it may take up to 7 guesses for a user to guess the random number in practice with some help from the Web browser it is possible to guess the random number using only one guess it is left as an exercise to the reader to find out how Figure 5 2 shows four different pages served by the Guess a Number game 5 2 GUESS A NUMBER 37 Guess a number between and 1C 7 Your guess is too big try again Guess a number Your guess is too big between 0 and 100 try again 31 Guess Served by SMLserver Served by SMLserver Your guess is too small try again You guessed the number 37 Served by SMLserver Served by SMLserver Figure 5 2 Four different pages served by the Guess a Number game 38 USING HIDDEN FORM VARIABLES Chapter 6 Extracting Data from Foreign Web Sites The Internet hosts a large set of Web services readily available for use by your Web site Examples of such available services include real time population clocks e g htt
131. scripts do not abort execution by calling the function 0S Process exit provided in the Standard ML Basis Library The rea son is that the function OS Process exit has the unfortunate effect of terminating the Web server main process 3 10 Accessing Setup Information The structure Web Info provides an interface to accessing information about the Apache setup including the possibility of accessing the Web server configuration file settings Consult Appendix B to see the signature of the Web Info structure 8Recall that each script executes in a separate thread Chapter 4 Obtaining Data from Users One of the fundamental reasons for the success of dynamic Web applications is that Web applications can depend on user input In this chapter we present two small examples of SMLserver applications that query data from users The two examples that we present are both based on two files an HTML file for presenting a form to the user and an sml1 file that accesses the submitted data and computes and returns to the user HTML code based on the user input HTML forms provide for many different input types including text fields selection boxes radio buttons and drop down menus If you are new to HTML forms a quick reference is provided in Appendix A 2 on page 118 4 1 Temperature Conversion This section presents a Web application for converting temperatures in degrees Celsius to temperatures in degrees Fahrenheit The Web application is
132. sed as keys and elements respectively a Type abstract type of either a key or element that can be used in a cache name abstract type of the name of a cache get cn ck aType bType returns a cache which is named cn The cache will be a mapping from keys of type aType into elements of type bType The cache strategy is described by ck If no cache exists with name cn then a new cache is created If a cache c exists with name cn then there are two possibilities 1 If c is a mapping from aType to bType then c is returned 2 If c is not a mapping from aType to bType then a new cache c is created and returned It is possible to create two caches with the same name but only if they describe mappings of different type B 2 THE WEB_CACHE SIGNATURE 131 lookup c k returns the value associated with the key k in cache c returns NONE if k is not in the cache insert c k v associates a key k with a value v in the cache c overwrites existing entry in cache if k is present in which case the function returns false If no previous entry for the key is present in the cache the function returns true flush c deletes all entries in cache c memoize c f implements memoization on the function f The function f must be a mapping of keys and elements that can be stored in a cache that is f is of type a Type gt b Type memoizePartial c f memoizes function values y where f returned SOME y pp
133. slow Every time a client requests a page from the Web server the server must fork a new process and load the external application into memory before the application is executed Moreover after execution the operating system must reclaim resources used by the process One way of increasing availability and to speed up response times is to embed an interpreter within a Web server as the following picture illustrates X The Internet Web Server m X Interpreter pec 1 2 WHY STANDARD ML 3 Notice that in this setting scripts are cached in the Web server which further in creases the efficiency of script execution This is the approach taken by SMLserver 1 2 Why Standard ML Standard ML SML is a high level statically typed functional programming lan guage It is a high level programming language in the sense that it uses automatic memory management In contrast to a low level programming language such as C the programmer need not be concerned with the allocation and deallocation of memory Standard ML supports many other high level programming language fea tures as well including pattern matching and exceptions It even has an advanced modules language which enhances the possibilities of program composition In contrast to Web applications built with dynamically typed languages such as TCL Perl PHP or so systems built with statically typed languages are often more reliable and more robust When a chang
134. sm1 After an application scheduleScript f s d the script determined by the location on the server f is scheduled to execute every d seconds using s as host 10 2 SCHEDULING 107 The s is interpreted like in schedule Usually calls to the scheduleScript function appears in the initialization script e g init sm1 After an application scheduleDaily f s hour minute the script deter mined by the location on the server f is scheduled to execute every day at the specified time hour and minute The hour and minute are interpreted modulo 24 and 60 The s is interpreted like in schedule After an application scheduleWeekly f s day hour minute the script de termined by the location on the server f is scheduled to execute every week at the specified time day hour and minute The hour and minute are interpreted modulo 24 and 60 The s is interpreted like in schedule After the application deSchedule f any scheduling of the script determined by the location on the server f is canceled We have included a small script log time sml that logs the time of day in the var log apache2 error log file val time of day Date fmt ZH YM S Date fromTimeLocal Time now val _ Web log Web Notice time of day time of day You can do the following experiment if you installed SMLserver as described in Chapter 2 then it should work out of the box 1 Make sure that log time sml appears in your project file e g web mlb
135. some sort of Web server support for maintaining state between sessions to create and manipulate task specific data structures Yet another possibility is to use some proprietary relational database management system for storing and accessing data What we argue in the following is that unless you have some very good reasons you want data on the server to be maintained exclusively by a Relational Database Management System RDBMS perhaps with the addition of some simple caching support Let us assume for a moment that you have constructed a Web based system that uses the local file system for storing and accessing data By request from the management department you have constructed a Web based system for managing employee data such as office location home addresses and so on The system that you came up with even has a feature that allows an employee to maintain a What am I doing now field You have spent weeks developing the system Much of the time was spent designing the layout of the data file and for writing functions for parsing and writing employee data You have tested the system with 57 58 CHAPTER 7 CONNECTING TO AN RDBMS a few employees added to the data file and you have even been careful using locks to prevent one Web script from writing into the data file while some other Web script is reading it and vice versa The system is launched and the employees are asked to update the What am I doing now field whenever they
136. stem What 7 7 BEST WINES WEB SITE 71 un ee rating Figure 7 4 E R diagram for the Best Wine Web site The fork in the diagram specifies that the relation between the wine entity and the rating entity is a one to many relation to every one wine there may be many ratings attributes describe each object What are the relationships between objects What are the processes that access and manipulate objects As the first part of developing a data model for the Best Wines Web site we construct an Entity Relationship diagram E R diagram for the Web site which leads to the construction of SQL data modeling commands for the data model The second part of the data modeling process focuses on developing the appropriate transactions for accessing and manipulate data An entity relationship diagram is composed of three types of components 1 Entities which are drawn as rectangular boxes 2 Attributes which are drawn as ellipses 3 Relationships which connects entities When an E R diagram is constructed for a Web site it is a straightforward task to develop the corresponding SQL data modeling commands In fact entities in the E R diagram map directly to table names and attributes map to column names in the associated tables Before we say what relationships map to consider the E R diagram for the Best Wine Web site in Figure 7 4 The E R diagram contains two entities wine and rating Attributes asso ci
137. string gt a option val wrapExn 2 formvar fn gt string gt a val wrapFail 2 formvar fn gt string string gt end Figure 8 1 The signature of the FormVar structure excerpt returns an error page if any errors occurred and otherwise proceeds with the re mainder of the script If an error page is returned the script is terminated An excerpt of the FormVar interface is given in Figure 8 1 The type formvar_fn represents the type of functions used to check form variables For instance the function getIntErr has type int formvar_fn which is identical to the type string string errs gt int errs If it is not desirable to return an error page the programmer may use one of the following wrapper functions to obtain appropriate behavior smlserver_demo web_demo_lib FormVar sml 8 2 PRESENTING MULTIPLE FORM ERRORS 85 Wrapper function Description FormVar wrapOpt Returns SOME v on success where v is the form value returns NONE otherwise FormVar wrapExn Raises exception FormVar on error FormVar wrapFail On failure a page is returned The differ ence from the getT Err functions is that with wrapFail only one error is presented to the user Many of the examples in this document make use of the FormVar wrapper functions in combination with the get7 Err functions The Currency Service described in Section 6 8 on page 53 is a good example 8 2 Presenting Multiple Form Er
138. t RewriteEngine On RewriteBase secret RewriteRule server sml lt Directory gt Here requests to anything in secret is redirected to secret server sml Chapter 11 Configuration Configuration of SMLserver is divided into two parts configuration of Apache and configuration of the library and your application By keeping these concerns apart the configuration of your application does not clutter up the configuration of Apache and vice versa Thus the impact of the Apache configuration file on your project is kept at a minimum In the main Apache configuration entry for SMLserver settings for Sm1PrjId and Sm1Path must be provided A setting for SmlInitScript is optional SnlPrjlId The name of the project file e g web SmlPath The path to the project files e g home user web www SmlInitScript A script to be run at Apache initialization time This file typi cally handles configuration of your application and any other administrative tasks you would like e g home user web www sys init sml SMLserver provides two functions for supporting configuration of your appli cation as described in the information structure in the library Web Info val configGetValue Type Type string gt option val configSetValue a Type Type string a gt unit The configSetValue function lets you map a string to a value of the type given in the first argument configGetValue lets you retrieve the va
139. t a gt quot gt list listCol string list gt string gt string option gt a gt quot gt a list oneField quot gt string zero r neField quot gt string option oneRow quot gt string list oneRow string gt string gt a gt quot gt a zero r neRow quot gt string list option zeroOrOneRow string gt string gt a gt quot gt option exists neRow quot gt bool Sequences val val val seqNextvalExp string gt string seqNextval string gt int seqCurrvalExp string gt string 138 APPENDIX B THE WEB STRUCTURE val seqCurrval string gt int Miscellaneous val sysdateExp string val qq string gt string val qqq string gt string val toDate string Date date option val timestampType string val toTimestampExp string gt string val toTimestamp string Date date option val fromDate Date date gt string val toDateExp string gt string val valueList string list gt string val setList string string list gt string val toBool string gt bool option val fromBool bool gt string val toReal string gt real option val fromReal real gt string end dml sql executes the data manipulation language command sql using database handle obtained from the next pool Raises Fail msg if sql is unsuccessful msg is the error message returned from the database
140. t head gt lt body bgcolor white gt lt center gt lt h2 gt Search the Employee Database lt h2 gt lt p gt 3File smlserver_demo www web employee index sml 66 CHAPTER 7 CONNECTING TO AN RDBMS lt form action search sml method post gt Email lt input type text name email gt lt input type submit value Search gt lt form gt lt center gt lt body gt lt html gt Because the result of submitting the form is dependant on the content of the employee table HTML code for the result page must be computed dynamically which is what the file search sml1 does see the next section Moreover if a user with a valid password chooses to update the note for a given user we arrange for the employee table to be updated by executing an SQL update command from within the update sml script When the transaction is finished executing the script sends an HTTP redirect to the client saying that the client browser should request the file search sml 7 6 Transactions as Web Scripts SMLserver scripts may access and manipulate data in an RDBMS through the use of a structure that matches the WEB DB signature Because SMLserver supports the Oracle RDBMS the Postgresql RDBMS and MySQL there are three struc tures the Web structure that matches the WEB DB signature namely Web DbOra Web DbPg and Web DbMySQL T he example Web server project file includes a file Db sml which binds a top level structure Db to the structure Web DbP
141. t available to a particular user The example application that we present serves as a link database to keep track of Web sites developed with SMLserver The idea is that all visitors of the Web site have access to browse the list of Web sites submitted by SMLserver users At the same time 100 CHAPTER 9 AUTHENTICATION only registered users can add new Web sites to the list or delete entries that they have previously entered The first step in the design is to define a data model that extends the data model for the authentication mechanism the person table The following defini tion of the table link serves the purpose create table link link id int primary key person id int references person not null url varchar 200 not null text varchar 200 Each link in the table is identified with a unique link id and each link is associated with a person in the person table The two columns url and text constitute the link information provided by a user The next step in the development is to define a Web site diagram for the link database Web site Such a Web site diagram is pictured in Figure 9 3 which also pictures the scripts for the authentication mechanism The figure shows a diagram with all SMLserver scripts for the Web site Scripts that present forms are pictured as boxes whereas scripts that function as transactions on the database or have other effects such as sending emails are pictured by their name As a side remark w
142. t on insecure channels e g HTTP requests The functions allCookies getCookie and getCookieValue may be used to access cookies and their values The cookie name and value are URL decoded by the functions If SMLserver fails to read the cookies transmitted from a browser the exception CookieError is raised This error indicates an error on the browser side 9 3 Cookie Example To demonstrate the cookie interface we present a simple cookie example consisting of three scripts cookie sml cookie set sml and cookie delete sml The entry page is implemented by the cookie sml script It shows all cookies received in the header of the request and displays two forms one for adding cookies and one for removing cookies Figure 9 1 shows the result of a user requesting the file cookie sml The code for listing all cookies uses the function Web Cookie allCookies val cookies 9 3 COOKIE EXAMPLE 93 Cookie Example Galeon H Back v gt v d G9 stop 100 S e http Awww smiserver org demo cookie sml Cookie Example 002 bar2 fool bar1 Cookies may be added to the list above using the Set Cookie form The name and value attributes are mandatory and are sequences of characters The character sequences are automatically URL encoded thus it is legal to include semi colon comma and white space in both name and value A cookie is removed from the browser when the expiration date is reached The life time of
143. t uses less space A 1 8 Unordered Lists ul lt li gt First item in list li Next item in list ul A 1 9 Ordered Lists lt ol gt lt li gt First item in list li Next item in list lt ol gt A 1 10 Characters amp keyword Display a particular character identified by a special keyword For example the entity amp amp specifies the ampersand amp and the entity amp 1t specifies the less than lt character Notice that the semicolon following the key word is required A complete listing of possible keywords are available from http www w3 org amp ascii Display a character using its ascii code The semicolon following the ASCII numeric value is required A 2 HTML Forms HTML forms allow documents to contain forms to be filled out by users An HTML form element looks like this form lt form gt Inside a form element the following four elements are allowed in addition to other HTML elements e input A 2 HTML FORMS 119 e select lt select gt e lt option gt e lt textarea gt lt textarea gt A document may contain multiple form elements but form elements may not be nested Attributes to the form elements include action URL Specifies the location of the program to process the form method dataExchangeMethod The method chosen to exchange data between the client and the program to process the form The most important methods are GET and
144. ta from two external sites not only is it bad netiquette to put an extreme load on external sites for querying the same information again and again but it almost certainly causes the Web site to break down which of course lowers the popularity of the site There is a simple solution have your Web server cache the results obtained from the foreign services for a limited amount of time The wealth clock does not depend on having up to the minute information e g updates every 10 minutes 48 CHAPTER 6 EXTRACTING DATA FROM FOREIGN WEB SITES are probably accurate enough The SMLserver API has a simple caching interface that can be used to cache data so that requests may share the same information Another use of the cache mechanism is for authentication which is covered in Chapter 9 6 6 The Cache Interface SMLserver has a simple type safe caching interface that can be used to cache data so that information computed by some script invocation can be used by subsequent script invocations The cache functionality is implemented as a structure Cache which matches the signature WEB CACHE listed below signature WEB CACHE sig datatype kind WhileUsed of Time time option int option TimeOut of Time time option int option type a b cache include WEB_SERIALIZE type name string val get a Type b Type name kind gt a b cache val lookup a b cache gt a gt option val insert a b
145. th sml 9 5 THE AUTHENTICATION MECHANISM 97 Login to SMLserver org Galeon Login to SMLserver org Enter your email address and password Email address Imael it cdk Obtain Password by Email Galeon Password Obtain Password by Email If youre not already a member you may Submit your email address below ister by filling out a form ee Email address a You may obtain your password by email Send me my Password in case you forgot it Served by SMLserver Served by SMLserver Register at SMLserver org Galeon 1 4 Bak v gh 9 top 100 ef http www smniserver org dema auth_new_form sml Register at SMLserver org Enter your email address name and home page address Email address Name MatinEsman S Home Page URL ntpz wew dinakvid mael 7 Register When you register a password is sent to you by email Served by SMLserver Figure 9 2 The three different forms presented by the authentication mech anism The forms correspond to the SMLserver scripts auth form sml auth send form sml and auth new form sml respectively 98 CHAPTER 9 AUTHENTICATION structure Auth sig type person_id int val loginPage string val defaultHome string val siteName string val verifyPerson unit gt person_id option val isLoggedIn unit gt bool val newPassword int gt string val sendPassword person id gt unit end
146. the date representation used in the particular database Returns NONE if d cannot be converted into a Date date Only year month and day are considered toBool b returns the Bool bool representation of a boolean where b is the bool representation used in the particular database Returns NONE if b cannot be converted into a Bool bool timestampType returns the database type as a string representing a timestamp to have your application support different database vendors toTimestampExp d returns a string to put in a select statement which will return a timestamp representation of column d Example select Db toTimestampExp d from t where d is a column of type date in oracle or datatime in PostgreSQL and MySQL toTimestamp t returns the Date date representation of t where d is the timestap representation from the database Returns NONE if t cannot be converted into a Date date Year month day hour minutes and seconds are considered fromDate d returns a string to be used in an SQL statement to B 5 THE WEB_DB SIGNATURE 141 insert the date d in the database fromBool b returns a Bool bool used in an SQL statement to insert a bool b in the database valueList vs returns a string formatted to be part of an insert statement insert into t f1 f2 f3 values Db valueLlist f1 f2 f3 is turned into insert into t f1 f2 f3 values f1_ f2_ 3_ where fi a
147. the table employee from the database 7 4 Data Manipulation The four most useful SQL data manipulation commands are insert select delete and update In this section we give a brief overview of these commands insert Each insert command corresponds to inserting one row in a table An example insert command takes the following form insert into employee name email passwd values Martin Elsman mael it edu don tforget This form is not supported by the Postgresql 7 2 RDBMS 62 CHAPTER 7 CONNECTING TO AN RDBMS There are several things to notice from this insert command First values to insert in the table appears in the order column names are specified in the command In this way the order in which column names appeared when the table was created has no significance for the insert command Second not all columns need be specified only those columns for which a not null constraint is specified in the create table command must be mentioned in the insert command for the remaining columns null values are inserted Third string values are written in quotes For a quote to appear within a string the quote is escaped by using two quotes Here is another example insert command insert into employee email name passwd note values nh it edu Niels Hallenberg hi meeting select The select command is used for querying data from tables Here is an ex
148. to cc and bcc send to from subject body abbreviated version of sendmail mail f g a b Advanced mail interface that supports sending of multiple emails using one SMTP connection B 12 THE WEB_MIME SIGNATURE 153 B 12 The WEB_MIME Signature Signature WEB_MIME sig val getMime string gt string val addEncoding string gt string end getMime s returns the mime type of the file s based on the file s extension and it s content addEncoding s adds configured encoding to mime type s 154 APPENDIX B THE WEB STRUCTURE B 13 The WEB_SERIALIZE Signature signature WEB SERIALIZE sig type Type name string to string a gt string from string string gt val Pair a Type gt b Type gt Ca b Type val Option a Type gt a option Type val List a Type gt a list Type val Triple Type gt b Type gt Type gt a b Type val Unit unit val Int int Type val Real real Type val Bool bool Type val Char char Type val String string Type val Time Time time Type end Pair aType bType returns the pair type representing the pairs a b where a is of type aType and b is of type bType Option aType returns the type aType option representing a option where a is of type aType List aType returns the list type representing the list of elements of type aType Triple aType bType cTy
149. tring gt string gt a gt quot gt a list val listDbCol db gt string list gt string gt string option gt a gt quot gt a list val zeroOrOneRowDb db gt quot gt string list option val oneFieldDb db gt quot gt string val zeroOrOneFieldDb db gt quot gt string option val oneRowDb db gt quot gt string list val oneRowDb db gt string gt string gt a gt quot gt a B 6 THE WEB_DB_HANDLE SIGNATURE 143 val zeroOrOneRowDb db gt string gt string gt a gt quot gt option val existsOneRowDb db gt quot gt bool Sequences val seqNextvalDb db gt string gt int val seqCurrvalDb db gt string gt int end db type of database handle Whenever the Web server talks to the database it is by means of a database handle Database handles are kept in the Web server using a prioritized set of pools Each Web script obtains and releases database handles from the set of pools in a stack like manner each script may own at most one database handle from each pool This arrangement is to avoid the possibility of deadlocks in case multiple Web scripts run simultaneously getHandle returns a database handle from the next available pool Raises Fail if no more pools are available putHandle db returns the database handle db to its pool and makes the pool available to a subsequent call to getHandle initPools pools
150. turns a function of type A gt B that when called will connect to the XML RPC server resident at the address specified by url The function will call the specified method on the server The returned function raises TypeConversion if the returned XML RPC response cannot be converted to a value of type B MethodInvocation if a fault value is returned from the server B 15 THE XMLRPC SIGNATURE 159 ServerConnection if problems occur during reading or writing to the connection type method type of method method m A B f returns a method of name m bound to the function f of type A gt B dispatch ms executes the first method in the list ms for which the name equals the extracted actual method name from the client request Raises exception ServerConnection in case of connection errors 160 APPENDIX B THE WEB STRUCTURE B 16 The XMLRPC_TYPE Signature Signature XMLRPC_TYPE sig type a T val int int T val bool bool T val real real T val string string T val date Date date T val pair gt a T gt b T val list sofa gt list T val array T gt a Array array T val vector T gt Vector vector T end Lint type lt int gt and lt i4 gt bool type lt boolean gt real type lt double gt string type lt string gt date type lt dateTIme iso8601 gt pair type lt struct gt where type a member with name 1 and b
151. type of a file 123 124 APPENDIX B THE WEB STRUCTURE WEB_SERIALIZE Page 154 Type constructor specifications for type indexed se rialization used for caching configurations etc WEB_SET Page 156 Support for key value associations B 1 THE WEB SIGNATURE 125 B 1 The WEB Signature Signature WEB sig include WEB_LOG exception MissingConnection exception Forbidden type quot Quot quot val return quot gt unit val write quot gt unit val returnRedirect string gt unit val encodeUrl string gt string val decodeUrl string gt string val returnFileMime string gt string gt unit val returnFile string gt unit val fetchUrl string gt string option val fetchUrlTime int gt string gt string option val buildUrl string gt string string list gt string val schedule string gt string option gt Date date gt Time time gt unit val deSchedule string gt unit val scheduleScript string gt string option gt int gt unit val scheduleDaily string gt string option gt hour int minute int gt unit val scheduleWeekly string gt string option gt day Date weekday hour int minute int gt unit val exit unit gt a structure Set WEB SET structure Conn WEB CONN where type set Set set structure Cookie WEB COOKIE structure Info WEB INFO structure Mail WEB MAIL structure Cache WEB CACHE structure Mime WEB MIME str
152. ucture LowMail WEB LOW MAIL 126 APPENDIX B THE WEB STRUCTURE structure Db raBackend WEB_DB_BACKEND where type a Type a Info Type Type structure DbMySqlBackend WEB_DB_BACKEND where type a Type a Info Type Type structure DbPostgreSQLBackend WEB_DB_BACKEND where type a Type a Info Type Type structure WebDynlib WEB_DYNLIB structure XMLrpc XMLRPC end MissingConnection exception raised by functions that cannot be called when no connection is present e g at initialization time Forbidden exception raised by some functions on illegal input quot type of quotations return s sends HTML string s with status code 200 to client including HTTP headers May raise MissingConnection write s sends string s to client excluding HTTP headers May raise MissingConnection returnRedirect loc sends redirection HTTP response to client status code 302 with information that the client should request location loc May raise MissingConnection encodeUrl s returns an encoded version of the argument s as URL query data All characters except the alphanumerics are encoded as specified in RFC1738 Uniform Resource Locators This function can be used to append arguments to a URL as query data following a decodeUrl s decodes data s that was encoded as URL query data The decoded data is returned returnFileMime mimetype file returns the entire contents of the B 1 THE
153. uery select comments fullname email rating from rating where wid Int toString wid val lines Db fold fn g r gt let val rating case Int fromString g rating of SOME i gt i NONE gt raise Fail Rating not integer in lt tr gt lt th gt RatingUtil bottleImgs rating lt td gt g comments td RatingUtil mailto g email g fullname end r query val body 9File smlserver demo www web rat ing wine sml 76 CHAPTER 7 CONNECTING TO AN RDBMS Ratings Chateauneuf du Pape Cellier des Princes Galeon lt j Back v gt v d dj G9 stp 100 S amp http vavww smiserver org demo ratingAvine sml wid 210 Ratings Chateauneuf du Pape Cellier des Princes Rating Comment Rater k k k k Fine wine Martin Elsman 4 Ok wine Niels Hallenberg Back to Best Wines Served by SMLserver Figure 7 6 The Best Wines comment page lt table width 95 bgcolor dddddd border 1 gt lt tr gt lt th gt Rating lt th gt Comment lt th gt Rater lines lt table gt lt p gt Back to a href index sml gt Best Wines lt a gt val name Db oneField select name from wine where wid Int toString wid val _ RatingUtil returnPageWithTitle n Ratings name body The result of a user requesting the script wine sml with the form variable wid set to 1 is shown in Figure 7 6 The funct
154. upport transactions Basically what this means is that you want your RDBMS to pass the ACID test Gre99 e Atomicity A transaction is either fully performed or not performed Ex ample When money is transferred from one bank account to another then either both accounts are updated or none of the accounts is updated e Consistency A transaction sends a database from one consistent state to another consistent state Transactions that would send the database into an inconsistent state are not performed Example A bank may specify using consistency constraints that for some kinds of bank accounts the account balance must be positive Transaction specifying a transfer or a withdrawal causing the balance on such an account to be negative are not performed e Isolation A transaction is invisible to other transactions until the transac tion is fully performed Example If a bank transaction transfers an amount of money from one account to another account while at the same time an other transaction computes the total bank balance the amount transferred is counted only once in the bank balance e Durability A complete transaction survives future crashes Example When a customer in a bank has successfully transferred money from one account to another a future system crash such as power failure has no influence on the effect of the transaction Two RDBMSs that pass the ACID test are the proprietary Oracle RDBMS and the Open Source RDBMS P
155. ure cookie attribute 92 Secure Socket Layer 2 select SQL command 62 73 select box 120 select element 118 120 sending email 86 sendPassword function 98 sequence 72 95 setCookie function 91 shut down 58 SML 3 SMLserver compiler 18 19 module 18 smlserverc 5 6 8 18 19 SOAP 111 SQL 59 alter table 61 create sequence 72 create table 60 delete 63 drop table 61 group by 73 insert 61 order by 73 select 62 73 update 63 SSL 2 18 89 90 92 Standard ML 3 Standard ML Basis Library 19 standard port 116 start tag 115 state cookie 90 maintaining 20 165 static type system 3 status code 12 structured query language see SQL style logical 117 physical 117 submit input type 120 system crash 59 tag end 115 TCL 3 TCP port 116 text field 119 preformatted 116 quoted 116 textarea element 118 121 title element 115 transaction 59 trapping 2 108 tt element 117 type attribute 119 type constructor List 48 Option 48 Pair 48 Triple 48 type system 111 lt u gt element 117 lt ul gt element 118 uncaught exception 22 Uniform Resource Locator 11 uniform resource locator 116 unixODBC 7 unordered list 118 update SQL command 63 URL 11 116 166 URL decode 92 URL encode 70 91 user contribution 89 identification 89 input 23 tracking 89 transactions 89 varchar column data type 60 verifyPerson function 98
156. vers and how a Web server communicates a response back to the particular browser HTTP is a text based protocol When a Uniform Resource Locator URL such as http www amazon com is entered into a Web browser s location field the browser converts the user s request into a GET request Web browsers usually request Web pages with method GET When a user follows a link from a Web page or when a user submits a form with no method specified the request is a GET request Another often used request method is POST which supports an unlimited number of form variables with form data of non restricted size Other possible methods include DELETE and PUT When writing SMLserver applications however you need not know about methods other than GET and POST As an example of HTTP in action consider the case where a user enters the URL http www google com search q SMLserver into the location field of a 11 12 CHAPTER 3 PRESENTING PAGES TO USERS Web browser The URL specifies a form variable q read query with associated form data SMLserver As aresult the Web browser sends the following GET request to port 80 on the machine www google com GET search q SMLserver HTTP 1 1 The machine www google com may answer the request by sending the follow ing HTTP response back to the client the HTML content between lt html gt and lt html gt is left out HTTP 1 1 200 OK Date Mon 23 Jul 2001 11 43 32 GMT Server GWS 1 11 Set Cooki
157. vice structure C Web Cache val getReal FormVar wrapFail FormVar getRealErr val getString FormVar wrapFail FormVar getStringErr val a getReal a amount val s getString s source currency val t getString t target currency val url http se finance yahoo com mb s Web encodeUrl s amp t Web encodeUrl t fun errPage Page return Currency Service Error The service is currently not available probably because we have trouble getting information from the data source a href url gt url lt a gt Web exit fun getdate Date fmt Y Y m d Date fromTimeLocal Time now fun round r Real fmt StringCvt FIX SOME 2 r val pattern RegExp fromString 7 s t lt td gt 0 9 0 9 lt td gt val cache C get C String C Option C Real currency C TimeOut SOME Time fromSeconds 5 60 SOME 10000 6File smlserver_demo www web currency_cache sml 6 8 CACHING VERSION OF CURRENCY SERVICE 55 val fetch C memoize cache fn url gt case Web fetchUrl url of NONE NONE SOME pg gt case RegExp extract pattern pg of SOME ri r2 Real fromString r1 r2 _ gt NONE val _ case fetch url of NONE gt errPage SOME rate gt Page return Currency Exchange Service getdate Real toString a s gives round a rate t lt p gt The exchange rate is obtained by fetching lt
158. wealth clock 47 Web server API 15 123 restart 8 WEB signature 125 Web site real purpose 111 Web site diagram 64 100 Web structure 123 Web Conn formvar 33 86 Web Conn return 15 INDEX WEB_LOG signature 149 WEB_LOW_MAIL signature 150 WEB_MAIL signature 152 WEB_MIME signature 153 WEB_SERIALIZE signature 154 WEB_SET signature 156 XML 111 XMLRPC signature 158 XMLRPC_TYPE signature 160 XSLT 111 Web Conn returnRedirectWithCode func tion 94 Web DbMySQL structure 66 Web DbOra structure 66 Web DbPg structure 66 Web DbPgBackend 8 Web encodeUrl 41 Web exit 22 Web Info structure 22 Web Mail send 86 Web returnRedirect 70 80 WEB CACHE signature 129 WEB CONN signature 132 WEB COOKIE signature 135 WEB DB signature 137 WEB DB HANDLE signature 142 WEB DYNLIB signature 146 WEB INFO signature 147
159. well suited for caching HTML pages obtained from foreign sites In Section 6 8 we shall see how the Currency Service of Sec tions 6 1 and 6 4 is extended to cache currency information obtained from a foreign site e Keep while used caches An entry inserted with timeout t in a cache of kind WhileUsed SOME t s expires when it has not been accessed within min t t This kind of cache is useful for caching authentication information such as passwords so as to lower the pressure on the RDBMS If s is provided the cache will not grow large than this The function get obtains a cache given a domain type a range type a cache name and a cache kind The first time get is called with a particular domain type aType a particular range type b a particular cache name cn and a particular cache kind ck a new cache is constructed If a cache c with cache name cn and cache kind ck already exists then there are two possibilities to consider 1 If the cache c is a mapping from aType to b then c is returned 2 If the cache c is not a mapping from to b Type then a new cache is created and returned It is possible to create two caches with the same name but only if they describe mappings of different type or they are defined with different cache kinds Conceptually one can think of the function get as having the constrained or bounded polymorphic type FP02 Va lt Type 8 lt name k
160. y frequently run database queries such as the querying of passwords for user authentication e SMLserver supports scheduled execution of scripts e SMLserver has an advanced interface for Web applications to send emails e SMLserver has support for writing type safe XML RPC clients and servers in Standard ML 2 CHAPTER 1 INTRODUCTION Besides the above features SMLserver works well together with other Apache features and other Apache Modules For instance SMLserver works well together with Apache s Secure Socket Layer support SSL which allows for encrypted com munication between the Web server and its clients and with the Apache Rewrite Module which allows for trapping i e filtering of requests for easy access control 1 1 Web Scripting The Common Gateway Interface is a standard for interfacing external ap plications with a Web server that communicates with clients using the HyperText Transfer Protocol HTTP The situation is pictured as follows E The Internet Web SHITE Browser External Application Web Server The external application which is also called CGI program may be written in any language that allows the program to be executed on the system It is even possible to write Standard ML with your favorite Standard ML compiler using the Mosmlcgi library provided with the Moscow ML distribution Unfortunately the traditional CGI approach has a serious drawback It is
Download Pdf Manuals
Related Search