web::request
?options
? ?key
? ?value
?
web::request
?key
? ?default
?
Options are: -count, -set, -lappend, -names, -unset, -reset and -channel
web::request is an accessor to request specific information: either CGI related (stand alone Websh) or Apache related (mod_websh).
key
?default
?key
key
key
value
?value
?
?...
?key
value
?value
?
?...
?key
Special case for handling Basic Auth:
The following example provides a basic app that requires Basic Auth and completely bypasses Apache's auth mechanisms.
Example 7. web::request AUTH_USER and web::request AUTH_PW
# returns 1 if user/pass provided is websh/websh proc isAuthenticated {} { if {[web::request -count AUTH_USER]} { set user [web::request AUTH_USER] set pass [web::request AUTH_PW] if {[string eq $user "websh"] && [string eq $pass "websh"]} { return 1 } } return 0 } # the default command requests Basic Auth unless provided correctly web::command default { if {![isAuthenticated]} { web::response -set Status {401 Authorization Required} web::response -set WWW-Authenticate {Basic realm="Websh auth"} web::put "Sorry, you're out" } else { web::put "You're in" } } # command dispath web::dispatch
Note: CGI usually does not expose the Basic Auth
Authorization header for security reasons. The following configuration
for Apache (as of version 2.0.51) will allow Websh to also provide the
same functionality when running in CGI (requires mod_setenvif):
Example 8. Apache configuration for AUTH_USER and AUTH_PW to work under CGI
SetEnvIf Authorization "^(Basic .+)$" AUTH_BASIC=$1
Important security consideration: This configuration
will also expose the authentication information to Websh when Apache does
handle the authentication. Although Websh hides the information in that
case, it is always available in the CGI environment. Use this configuration
carefully!
web::param
?option
? ?key
? ?value
? ?...
?Options are: -count, -set, -lappend, -names, and -unset
web::param is an accessor to state information from the
querystring. Suppose the querystring is "lang=EN".
After web::dispatch has parsed the querystring,
web::param lang will
report EN
. Additionaly,
web::param can manage this data and add, append, and delete
parameters as needed.
key
?default
?key
key
key
value
?value
?
?...
?key
value
?value
?
?...
?key
web::formvar
?options
? ?key
? ?value
?
Exactly like web::param.
web::formvar is an accessor to HTML FORM data. After web::dispatch has parsed the POST data, you can access all form fields using web::formvar.
In addition to this, web::formvar can also handle files uploaded via Netscape 2.0 file upload mechanism. In this case, the result of web::formvar is a list with four elements: The first element contains the name of the locally saved file; the second element contains the remote file name; the third element is set to 0 if the upload was successful, -1 if upload is disabled (see web::config uploadfilesize) and n > 0 if n Bytes have been truncated, because the file was too big. The last element contains the mime type of the file.
Note that the temporary files are created with the permissions configured by web::config filepermissions, which defaults to 0644.
Example 9. web::param
% web::request CONTENT_LENGTH % web::dispatch -querystring "cmd=default&t=100" -postdata "" -cmd "" % web::param -names t cmd % web::param cmd default % web::param -set k v v % web::param -names t cmd k %