• Presenting the user with the choice to change his existing registration tingsset-• Storing those new registration settings in the user database • Displaying previous purchases • Determ
Trang 1The bulk of Listing 13.11, lines 2–36, is devoted to decoding the username andpassword contained in the AUTHORIZATION header In line 38, the AUTHO-RIZATION header is retrieved from the Requestcollection If the AUTHORIZATIONheader contains no information, the status code 401 is sent to the browser to force a pass-word dialog.
In line 45, the first six characters are stripped from the AUTHORIZATION header Thesefirst six characters contain the plaintext characters BASIC, which indicate the authoriza-tion scheme We already know this, so we get rid of the characters
In line 46, the AUTHORIZATION header is base64 decoded with the help of the
Decode()function The decoded header will contain the username and password
separat-ed by a colon In lines 47–49, the VBScript SPLIT()function is used to extract the name and password from the header
user-In lines 51–56, the username and password are compared against the usernames andpasswords contained in the userlist database table If there are no matches, the statuscode 401 is sent to the browser to force the password dialog box to appear Otherwise,the user can view the page
Summary
In today’s lesson, you learned how to create a subscription Web site by implementingthree different types of authentication In the first section, you learned how to use HTTPAuthentication You were given an overview of the three types of authentication support-
ed by Internet Information Server and you learned how to enable authentication for a file,directory, or Web site
In the next section, you learned how to use database authentication to password protectareas of your Web site You created a database table named userlist that contains a list ofusernames and passwords You also created an Include file that checks usernames andpasswords against the database table
In the final section, you learned how to create a hybrid authentication system Youlearned how to force a password dialog box to appear from within an ASP script Youalso learned how to retrieve a username and password entered into the dialog box andcompare them against a database table
Do not enable any form of authentication for the directory that contains
hybrid.asp We are forcing Basic Authentication manually Only Allow Anonymous Access should be enabled.
Note
A NALYSIS
Trang 2Q&A
Q Three different methods of authentication were discussed in today’s lesson.
Which method of authentication should I use for my Web site?
A If you need to create an automated registration system, you should use either
data-base authentication or hybrid authentication By using a datadata-base to store names and passwords, you can easily create a system that supports hundreds ofthousands of registered users Storing usernames and passwords in a database alsomakes it easier to backup the data
user-Because you need to setup individual Windows accounts to use HTTPAuthentication, this form of authentication is more appropriate for password pro-tecting administrative areas of your Web site Normally, you will use HTTPAuthentication only when you need to setup a small number of user accounts
Q Doesn’t database authentication place a heavy load on my database server?
A If every user must be authenticated against the database whenever a page is
requested, database authentication can place a heavy load on your database server
However, in the database authentication script you created in today’s lesson(checkpassword.asp),Sessionvariables were also used to authenticate users
When a user is authenticated against the database after requesting a password tected page for the first time, a Sessionvariable named LoggedInis assigned thevalue Yes If the user requests additional pages, the Sessionvariable can bechecked instead of the database Of course, if someone is using a browser thatdoesn’t support Sessionvariables, the database must be accessed every time theuser requests a new page
pro-Workshop
The Quiz questions are designed to test your knowledge of the material covered in thischapter The answers are in Appendix A, “Quiz Answers.”
Quiz
1 Can you use HTTP Authentication with the Netscape Navigator browser?
2 Why is it considered a security risk to use Basic Authentication?
3 How can I force a password dialog box to appear on a Web browser?
4 When using Basic Authentication, how is a username and password passed frompage to page?
Trang 4• Presenting the user with the choice to change his existing registration tings
set-• Storing those new registration settings in the user database
• Displaying previous purchases
• Determining layout based on customer preferences
• Advertising items your customers would like
Retrieving the Existing User Settings
A user needs to see his settings before he can modify them Therefore, youneed to create a new file,mypage.aspto go into the user’s database and retrieve
Trang 5that information In order to continue, we must create a file to display settings,
mypage.asp
Creating mypage.asp
The mypage.aspfile is relatively unique among the files you’ve created thus far It canboth read from the database (to display existing settings) and write to the database (tostore the new settings) Generally, the structure thus far has been one file to read and onefile to write To better understand each of the functions performed by mypage.asp, thecode will be broken into two different listings The first bit of relevant code deals withcontrolling the flow of the site, and is contained in Listing 14.1
LISTING 14.1 Retrieve Existing User Info
1 <! #INCLUDE FILE=”adovbs.inc” >
2 <! #INCLUDE FILE=”storefuncs.asp” >
3 <%
4 ‘ Get Product ID
5 productID = TRIM( Request( “pid” ) )
6 ‘ Get Login Information
7 login = TRIM( Request( “login” ) )
8 IF login <> “” THEN
9 username = TRIM( Request( “username” ) )
10 password = TRIM( Request( “password” ) )
11 ELSE
12 username = TRIM( Request( “newusername” ) )
13 password = TRIM( Request( “newpassword” ) )
14 END IF
15 mypage = TRIM( Request( “mypage” ) )
16 error = TRIM( Request( “error” ) )
17 register = TRIM( Request( “register” ) )
18 If username = “” then
19 username = request.cookies(“username”)
20 password = request.cookies(“password”)
21 End If
22 ‘ Open Database Connection
23 Set Con = Server.CreateObject( “ADODB.Connection” )
24 Con.Open “accessDSN”
25
26 ‘ Check For Update code
27 IF mypage <> “” AND error = “” THEN
34 userID = checkpassword( username, password, Con )
Trang 635 ‘See if user exists in db, or if user info was ever passed
36 IF userID > 0 THEN
37 SET RS = Con.Execute(“SELECT * FROM users WHERE user_ID = “&userid)
38 ‘Populate string values with existing settings
The code in lines 7–16 traps the login monitor value When login is not NULL, it means
we can retrieve the user’s settings information and put it in the form for editing
Next in lines 18–21, we check to see if the username is still empty after trying to get infofrom the form If it is, we try and pull the username value from the cookie, just in case itgot missed somewhere
Lines 22–24 are the familiar ADO object instantiations we’ve seen several times before
Moving on to lines 27–28 we encounter another monitor value check If mypageis not
NULL, that means the user has submitted the update form, and wants his changes added tothe database To accomplish this, the page calls the updateUsersubroutine from the
storefuncs.aspfile
Lines 26–32 contain the last monitor value check, which tests for new account requests
If register is not NULL, it means that the user has completed the new user form and wants
to be added to the database The page then calls the addUsersubroutine from the
storefuncs.aspfile
A NALYSIS
Trang 7Lines 33–35 compare the username and password against entries in the user’s table.When both columns match, the query returns the useridof the selected row.
Lines 36–49 do two things The first two lines check to see if the useridvariable is avalid one (that is, greater than 0) If the useridis valid, the page loads all the currentuser’s settings into accessible variable and then loads them into a form, so the user canmodify them If the useridis invalid, we assume that it is for a new or non-logged inuser and go straight to the register.asppage
The actual HTML surrounding the user settings form is identical to that found in
register.aspand various other parts of the site, so I won’t repeat it here However, youshould take a look at Listing 14.2 and see how the form displays the current settings byinserting variables into the VALUE field of the input tag
LISTING 14.2 Displaying Current User Information
1 <form method=”post” action=”<%= submitpage%>”>
2 <input name=”mypage” type=”hidden” value=”1”>
3 <input name=”pid” type=”hidden” value=”<%=productID%>”>
5 <font face=”Arial” size=”2”>
6 Change the values below and hit ‘Update’ to change your personal settings:
For more information on the addUser subroutine, investigate Day 8,
“Building the Transaction Databases.” updateUser is identical to addUser
except that it updates an existing record instead of creating a new one.Note
Trang 842 <font face=”Courier” size=”2”>
43 <br><b>type of credit card:</b>
50 <br><b>credit card number:</b>
51 <input name=”ccnumber” size=20 maxlength=20
52 value=”<%=ccnumber%>”>
53 <br><b>credit card expires:</b>
54 <input name=”ccexpires” size=20 maxlength=20
55 value=”<%=ccexpires%>”>
56 <br><b>name on credit card:</b>
57 <input name=”ccname” size=20 maxlength=20
a Web browser)
Trang 9Showing Past Purchases
In the last few weeks, you have built the basic storefront for your E-Commerce Web site.You built the Product Catalog in Day 5, “Building Your Product Catalog,” and extended
it with the ability for customers to purchase items from our catalog in Day 8 You alsohave built the ability for customers to view their purchase status, such as whether theiritem had shipped, for example Today you will add the ability for your customers toreview their past purchases This facility will be straightforward and will focus only onsuccessful purchases that the customer has made
The purchases that a customer makes are recorded, as you should remember, in theOrders table of our database The Orders table is structured as follows:
• order_id—The unique numeric identifier for each order recorded
• order_productID—The numeric product identifier for the item purchased by thecustomer This identifier is based on a value in the Products table
• order_quantity—The total number of items (as identified by the previous umn) purchased by the customer
col-• order_userID—The numeric identifier that represents the customer, as determinedfrom the Users table
• order_entrydate—The date and time that the purchase order was made on ourWeb site
FIGURE 14.1
Changing your user information—
mypage.asp.
Trang 10to the customer will prove to be very easy, by adapting the code we created in Day 11,
“Working with Credit Cards,” to allow customers to view their order’s status Listing14.3 contains the code for a new page that we will add to our site,pastpurchases.asp
We will link to this page from the showorders.asppage
LISTING 14.3 Display List of Previous Orders
1 <! #INCLUDE FILE=”adovbs.inc” >
2 <! #INCLUDE FILE=”storefuncs.asp” >
3 <%
4 ‘ Get Login Information
5 username = TRIM( Request( “username” ) )
6 password = TRIM( Request( “password” ) )
7 ‘ Open Database Connection
8 Set Con = Server.CreateObject( “ADODB.Connection” )
9 Con.Open “accessDSN”
10 ‘ Get User ID
11 userID = checkpassword( username, password, Con )
12 sqlString = “Select orders.*, product_name, product_price “ &_
13 “from orders, products “ &_
14 “WHERE order_productid=product_id “ &_
15 “AND order_userid=” & userID & “ “ &_
16 “AND order_status=3 “ &_
17 “ORDER BY order_entrydate DESC”
18 SET RS = Con.Execute( sqlString )
19 %>
20 <html>
21 <head><title>Your Past Purchases</title></head>
continues
Trang 1122 <body>
23 <center>
24 <font face=”Arial” size=3 color=”darkgreen”>
25 <b><%= username %>’s past purchases:</b>
Trang 1272 END IF
73 %>
74 <p>
75 <form action=”account.asp” id=form1 name=form1>
76 <input type=”submit” value=”View Current Order Status”
➥ id=submit1 name=submit1>
77 </form>
78 <form action=”default.asp” id=form1 name=form1>
79 <input type=”submit” value=”Continue Shopping” id=submit1 name=submit1>
On lines 12–17, we build the SQL query to retrieve any records from the Orders tablewhere the order_statusis equal to 3(indicating a Shipped Order) and the
order_useridis equal to the current user We also query the Products table for the uct_nameand product_pricefor each item that the customer has purchased To ensurethat the list makes chronological sense to the customer, we set an ORDER BYclause online 16 stipulating that we want the records displayed in a descending fashion based onthe order_entrydatecolumn
prod-After executing the query on line 18, we’re ready to determine if any records werereturned by the query on line 29 Testing to see if the EOFproperty of the recordset is
TRUE, indicating no results, line 29 starts an IF THENstatement The possible actions are
• If no results are returned (EOFreturns TRUE), a message is displayed to the tomer indicating that he hasn’t placed any orders (line 31)
cus-• If records are returned, a table is built containing rows that represent each order(lines 35–70)
On line 45, we open a WHILE WENDstatement that will loop through each record in therecordset and build a table row Of note in building the rows are lines 58 and 62 On line 58, we calculate the total cost of the order to the customer by multiplying the
order_quantitycolumn value found in the Orders table against the product_price
column value found in the Products table On Line 62, just as we did with the
showorders.asppage, we call upon the showOrderStatussubroutine to display theorder’s status (which should always be “Shipped on ”) with the shipping date
A NALYSIS
Trang 13Finally, on lines 75–77, we build a new form button that allows our customers to switchfrom viewing their shipped orders to their current order’s status, via the account.asp
page
Now that we have built the pastpurchases.asppage, we need to provide a link for tomers to view it In this example, we will provide a link on the showorders.asppage,allowing customers to switch between their previously shipped orders and their currentpending orders To do so, follow these steps:
cus-1 Open the showorders.asppage in your editor
2 In the showorders.asppage, locate the following lines:
<input name=”username” type=”hidden” value=”<%=username%>”>
<input name=”password” type=”hidden” value=”<%=password%>”>
<input type=”submit” value=”View Past Purchases”>
</form>
4 Save your changes to this page
Your customers can now alternate back and forth between their current orders status andtheir past purchases The pastpurchases.asppage is illustrated in Figure 14.2
FIGURE 14.2
The
pastpurchases.asp
page.
Trang 14Advertising Items Your Customers Would Like
The next step in souping up our site is to advertise products that are of interest to ourcustomers Targeted advertising is of immense value to your business because items ofinterest to your customers will be displayed when they visit your site You can also build
an advertising system that displays certain products based on the customer’s purchasehistory; however, today we’re going to allow the customers to select what categories are
of interest to them from our catalog, and we will use that information to determine whatwill be advertised to them
Our method of determining what to feature to our customers requires the completion offollowing tasks:
• Update the Users table to store the customer’s favorite categories
• Build a new page,favorites.asp, that will be used for customers to select whattypes of products they are interested in (Novelties versus Chocolate Solids, forexample)
• Build a second page,savefavorites.asp, that will store the favorites for the tomer after they are submitted from the favorites.asppage
cus-• Update the features.aspinclusion file that will be used to target what productsare featured for the customers based on their selected favorite categories
• Update the default.asppage to personalize its content according to who is visiting
Updating the Users Table for Favorites
Before we can build any pages for our customers, we need to update the Users table tostore their favorites To store the customer’s preferences, we will add one new column tothe Users table:
• user_favorites—a text column that will store a comma separated list of gories that the customer has identified as her favorites You should provide this col-umn with a default value of “NONE” (Remember to add this default value for all theexisting rows in the users database table.) You will also need to assign the field size
cate-of this column the value 255.Using Microsoft Access, add this new column to the User table The user_favorites
column will store the full-text name of the category, as it is found in the Products table
This allows us to quickly retrieve the categories for our products without converting from
a numeric identifier This structure also allows us to add new categories without adverseeffect to our code
Trang 15Building the favorites.asp Page
Our next step is to build the page that customers will use to alter their favorite categories
of products This page will query the Products table to determine the available productcategories and present them to the customer as selectable checkboxes The customer will
be able to select (or deselect) each category as they prefer The favorites.asppage willalso retrieve the customer’s current favorites each time it is loaded to improve usability.The code that comprises the favorites.asppage can be found in Listing 14.4 (It’s alsoincluded with the CD that accompanies this book.)
LISTING 14.4 The favorites.asp Page
1 <! #INCLUDE FILE=”adovbs.inc” >
2 <! #INCLUDE FILE=”storefuncs.asp” >
3 <%
4 ‘ Get Login Information
5 username = TRIM( Request( “username” ) )
6 password = TRIM( Request( “password” ) )
7 ‘ Open Database Connection
8 Set Con = Server.CreateObject( “ADODB.Connection” )
9 Con.Open “accessDSN”
10 ‘ Get User ID
11 userID = checkpassword( username, password, Con )
12 ‘ Retrieve the existing user favorites and split them into an array
20 <font face=”Arial” size=3 color=”darkgreen”>
21 <b><%= username %>, pick your favorites:</b>
34 <form action=”savefavorites.asp” name=frmFavorites method=Post>
35 <input name=”username” type=”hidden” value=”<%=username%>”>
36 <input name=”password” type=”hidden” value=”<%=password%>”>
Trang 1637 <%
38 Set catRS = Server.CreateObject( “ADODB.Recordset” )
39 catRS.ActiveConnection = Con
40 sqlString = “SELECT DISTINCT product_category FROM Products “
41 sqlString = sqlString & “WHERE product_status=1 “
42 sqlString = sqlString & “ORDER BY product_category”
50 ‘ Check to see if the current item is already a favorite
51 ‘ If so, set the checkbox to CHECKED
on line 14 to turn the comma separated string into an array named arrFavorites
A NALYSIS
Trang 17Lines 38–43 execute a SQL query against the Products table to retrieve a distinct list ofthe product categories available This recordset will be used to build our form elements.
On line 45 we test to see if any results were returned using the EOFproperty If resultsare returned from the query (as they should), we then begin to build the rows for eachproduct category on lines 46–65
Each row is comprised of two cells—the first is an INPUTfield for the check box Usingthe arrFavoritesarray, lines 52–58 loop through each element in the array to see if thecategory in the array element matches the current category in the recordset If theymatch, we use the Response.Writemethod on line 55 to add a CHECKEDattribute to thecheckbox field, indicating that the customer has previously identified this category as afavorite category The name attribute of the check box is set to the category name, on line
60, and will be used by the savefavorites.asppage to determine which check boxesthe user selected
This process repeats itself for each category returned by the query, providing the tomer with a real-time list of categories within the Products table On line 73, we provide
cus-a Submit button thcus-at will submit the form to the savefavorites.asppage that was ified by the <FORM>tag on line 34
spec-Before we move on to the savefavorites.asppage, we need to add the
retrieveFavoritesfunction used on line 13 Without doing so, any attempt to open thispage will result in an error The retrieveFavoritesfunction is a simple set of code thatyou should add to the storefuncs.aspfile The code for this function is shown inListing 14.5
LISTING 14.5 The retrieveFavorites Function
1 FUNCTION retrieveFavorites
2 sqlString = “SELECT user_Favorites FROM users “ &_
3 “WHERE user_username=’” & Request( “username” ) & “‘“
4 SET RS = Con.Execute( sqlString )
A NALYSIS
Trang 18retrieved from the Request collection (which includes the Cookies collection), the SQLstatement will not retrieve any rows In that case, the strFavoritesvariable will havethe value NONE The favorites.asppage is shown in Figure 14.3
FIGURE 14.3
The favorites.asp
page.
The second step in allowing our customers to assign their preference to our product categories is to store their selections After completing the form provided in the
favorites.asppage, the savefavorites.asppage is called to deal with the checkboxesthat were selected The code for savefavorites.aspcan be found in Listing 14.6
LISTING 14.6 The savefavorites.asp Page
9 ‘ Provide Default Value
10 IF TRIM( arrItems ) = “” THEN arrItems = “NONE”
11
continues
Trang 1912 ‘ Get Login Information
13 username = TRIM( Request( “username” ) )
14 password = TRIM( Request( “password” ) )
15 ‘ Open Database Connection
16 Set Con = Server.CreateObject( “ADODB.Connection” )
17 Con.Open “accessDSN”
18 ‘ Get User ID
19 userID = checkpassword( username, password, Con )
20 ‘ Update the user’s favorites
We will create this subroutine in just a moment Finally, on line 22 we redirect the tomer back to the default.asppage after storing the values, thereby never displaying the
cus-savefavorites.asppage to the customer’s browser
The updateFavoritessubroutine needs to be added to the storefuncs.aspfunction filebefore the savefavorites.asppage will function The code for the updateFavorites
subroutine can be found in Listing 14.7
LISTING 14.7 The updateFavorites Subroutine
1 SUB updateFavorites( strFavorites )
2 ‘ Update user information in the database
3 sqlString = “UPDATE users SET “ &_
4 “user_favorites=’” & fixQuotes( strFavorites ) & “‘ “ &_
5 “WHERE user_id=” & userID
6 Con.Execute sqlString
7 END SUB
On lines 3–5, we build the UPDATESQL query that is used to update the currentuser’s Users table record with an up-to-date user_favoritescolumn that repre-sents their selections on the previous page The SQL query is then executed on line 6,and the subroutine returns to line 22 of Listing 14.6
LISTING 14.6 continued
A NALYSIS
A NALYSIS
Trang 20In our existing default.asppage, we call on the featured.asppage to randomly displayfeatured items on our site’s main page To personalize this for the customer’s favoriteproduct categories, we need to update the featured.asppage to display random itemsfrom the customer’s selected categories If the customer hasn’t selected any categories,however, we still want to use the existing method of a random selection of products
Open the featured.asppage in your editor and locate the following line of code:
SET Featured = Con.Execute( sqlString )
We’ll replace every line of code above the indicted line The complete code for the fied version of featured.aspis contained in Listing 14.8
modi-LISTING 14.8 The Updated featured.asp Code
9 ‘ If the customer has favorites, randomly choose one category
15 ‘ Build the featured products query with the category
16 sqlString = “SELECT product_id, product_picture, product_name,
➥ product_briefDesc “ &_
17 “FROM Products WHERE product_featured = 1 “ &_
18 “AND product_status=1 “ &_
19 “AND product_category=’” & Trim(strCategory) & “‘ “ & _
20 “ORDER BY product_name “
21 Else
22 ‘ Build the featured products query to query all categories
23 sqlString = “SELECT product_id, product_picture, product_name,
➥product_briefDesc “ &_
24 “FROM Products WHERE product_featured = 1 “ &_
25 “AND product_status=1 “ &_
26 “ORDER BY product_name “
27 End If
28 SET Featured = Con.Execute( sqlString )
continues
Trang 2129 IF NOT Featured.EOF THEN
30 featuredArray = Featured.GetRows()
31 Featured.Close 32
33 ‘ Display Featured Products
34 topFeatured = UBOUND( featuredArray, 2 ) + 1
35 skip = topFeatured / numFeatured
36 IF topFeatured <= numFeatured THEN skip = 1
43 productID = featuredArray( 0, i + offset )
44 productPicture = featuredArray( 1, i + offset )
45 productName = featuredArray( 2, i + offset )
46 productBriefDesc = featuredArray( 3, i + offset )
Trang 22This code is not all that dissimilar from the original featured.asppage Thenew additions all pertain to retrieving and acting on the current user’s favoritecategories On line 5, we use our retrieveFavoritesfunction again to determine thecurrent user’s favorite categories We store the categories as a comma separated list in thedatabase, so on line 6 we remove the trailing comma from the string The string is thenconverted into an array (arrFavorites) on line 7 using the VBScript Splitfunction
On line 11 we test to see if the current user has selected any favorites by determining thesize of the arrFavoritesarray If the array contains at least one value, a random catego-
ry is selected from the array on lines 12–13 The category is then displayed on line 14,and then used to populate the SQL SELECTquery that will retrieve items from theProducts table on lines 16–20
If the customer hasn’t specified any favorites, a separate SQL query is generated on lines23–26 that carries out a general query against the Products table for featured items, just
as with our original featured.asppage
The rest of our featured.asppage is untouched, lines 28–74, leaving the functionalitythe same as before
Before we can put our updated featured.aspto use, we need to update the default.asp
page to set the stage for our changes in the featured.aspfile Our changes to the
default.asppage will be minor cosmetic changes, such as a greeting to our customer,and the current date and time Locate the following line in the default.asppage:
<% IF cat = “Home” THEN %>
Just above the identified line, insert the following line of code:
<b><%= formatDateTime( now(), vbLongDate ) %> - Welcome Back <%= username
➥%>!</b><br>
This displays the current date and time and welcomes the customer back by name justabove the featured items
The next step is for us to provide a link to the favorites.asppage, allowing customers
to select their favorite categories Locate the following lines in the default.asppage:
<! #INCLUDE FILE=”ProductList.asp” >
<% END IF %>
Just below that line, add the following code:
<% IF Request.Cookies( “username” ) <> “” THEN %>
<a href=”favorites.asp”>Pick your favorite kind of candies!</a>
<% END IF %>
A NALYSIS
Trang 23Finally, you’ll need to check whether the storefuncs.aspfile is included in the
default.asppage If not, add the following line to the top of the default.aspfile:
Q&A
Q Why does the default.asp page sometimes not display any featured items?
A This is based on the product_featuredcolumn in the Products table and the
featured.aspfile By default, the featured.aspfile only queries for items in the Products table that have been identified as items that you want to promote or
Trang 24feature This is done by specifying a value of 1in the product_featuredcolumn
You need to be sure that there are featured items for each product category, or youpotentially won’t be displaying anything to the customer
Another option is to assume that you want to promote any item that is of interest to
a customer based on the favorite categories To do so, you could remove the uct_featured=1qualification in the SQL query
prod-Q What happens if I remove a product category from the Products table, but a customer has marked it as a favorite?
A Nothing, really When the customer visits the site, he might attempt to query for
products in a category that doesn’t exist In that case, no items would be returnedand nothing would be displayed to the customer If the customer returns to the
favorites.asppage, the category will be gone as well
Workshop
The Quiz and Exercise questions are designed to test your knowledge of the materialcovered in this chapter The answers are in Appendix A, “Quiz Answers.”
Quiz
1 What purpose does the retrieveFavoritesfunction serve?
2 Why don’t we store product categories as numeric identifiers in our example?
Exercise
Currently, our site only features items that are of interest to a customer based ontheir favorite selections Try adding to our site a display of favorites based on thepast purchases of our customer
Trang 26W EEK 2
In Review
This week, you finished building your online store In the beginning of theweek, on Days 8 and 9, you learned two methods of creating a virtual shoppingcart Next, on Day 10, you learned how to enable a customer to check out theproducts in their shopping cart and complete an order
Later in the week, on Day 11, you learned how to process credit card tions with ASP scripts You learned how to use CyberCash to authorize and set-tle credit card transactions
transac-Next, you learned how to enable customers to track their orders You created aWeb page that customers can use to check the status of their orders You alsolearned how to enable customers to compare shipping rates for shipping pack-ages from your store to their home
Finally, at the end of the week, you learned how to create a subscription Website You learned how to create a user registration system and password protectpages on your Web site so that the pages can be viewed only by paying cus-tomers
Trang 27Bonus Project Creating a Transactional Customer Feedback Form
In this week’s bonus project, you’ll modify the customer feedback form that you created
in last week’s bonus project so that it uses an Active Server Pages transaction In the son on Day 10, “Checking Out”, you learned about the advantages of using an ActiveServer Pages transaction By using a transaction, you can create a subroutine that auto-matically executes if any errors are encountered in an ASP page
les-If a customer submits his feedback through the customer feedback form and an error isencountered, an emergency customer support phone number will be displayed The idea
is that if your Web server is in such a sorry state that a customer cannot even leave back, you’ll want to know this as quickly as possible The emergency customer supportphone number is displayed only if something goes seriously wrong
feed-You’ll remember from last week’s bonus project that the customer feedback pages rely
on the following database table (named feedback):
• feedback_id—an AutoNumber field that uniquely identifies each row in the table
• feedback_email—a Text field that contains the customer’s email address
• feedback_comment—a Memo field that contains the text of the customer’s back
feed-• feedback_entrydate—a Date/Time field that automatically contains the date thefeedback is entered This field should have a default value of NOW()
A customer submits his feedback through an ASP page named feedback.asp This pagecontains a simple HTML form with no ASP scripts The customer feedback form is con-tained in Listing BP2.1 (It’s the same page as used in last week’s bonus project)
LISTING BP2.1 The Customer Feedback Form
1 <HTML>
2 <HEAD><TITLE>Customer Feedback</TITLE></HEAD>
3 <BODY>
4
5 Thank you for leaving customer feedback on our Web site.
6 <br>Please enter your feedback in the form below:
7 8
9 <FORM METHOD=”post” ACTION=”saveFeedback.asp”>
10 <P><B>Your Email Address:</B>
11 <BR><INPUT NAME=”email” size=”50” maxlength=”255”>
12 <P><B>Your Feedback:</B>
Trang 2813 <BR><TEXTAREA NAME=”comment” COLS=50 ROWS=4
save-page is contained in Listing BP2.2
LISTING BP2.2 The Transactional Save Feedback Page
1 <%@ TRANSACTION=REQUIRED %>
2 <%
3 Response.Buffer = TRUE 4
12 <B>An error was encountered while submitting your feedback.</B>
13 <BR>Please call our customer support number at:
23 FUNCTION fixQuotes( theString )
24 fixQuotes = REPLACE( theString, “‘“, “‘’” )
25 END FUNCTION 26
27 email = TRIM( Request( “email” ) )
28 comment = TRIM( Request( “comment” ) )
29 IF email <> “” AND comment <> “” THEN
30 Set Con = Server.CreateObject( “ADODB.Connection” )
31 Con.Open “accessDSN”
32 sqlString = “INSERT INTO feedback ( feedback_email, feedback_comment ) “ &_
continues
Trang 2933 “VALUES (‘“ & fixQuotes( email ) & “‘,’” & fixQuotes( comment ) & “‘)”
OnTransactionAbortsubroutine clears the error message with the Clearmethod of the
Responseobject and displays the customer support phone number
You can test the savefeedback.aspby introducing an error into the script Just stick
blah.blahwithin a script in the page and attempt to submit the customer feedback form.The customer support phone number should be displayed
LISTING BP2.2 continued
A NALYSIS
Trang 30At A Glance
In this final week, you’ll learn several methods of maintainingand promoting your commercial Web site You’ll begin bylearning how to safeguard your Web site from malicious users
You’ll learn how to use the security features of the Web serverand operating system to secure your Web site from anonymoushackers
Next, you’ll learn how to maintain your Web site by taking vantage of several debugging techniques You’ll learn how touse Microsoft Visual InterDev’s integrated debugger You’llalso learn how to create a standard library of debugging func-tions that you can use to monitor and maintain your ActiveServer Pages
ad-Later in the week, you’ll learn how to administer your Website over the Internet You’ll learn how to use a Web browser
to administer your Web server You’ll also learn how to usethe FTP service to manage your Web site’s files remotely
Next, you’ll learn how to promote your Web site through emailmarketing You’ll learn how to use the Collaboration DataObjects for Windows NT Server (CDO for NTS) to send emailfrom an ASP script You’ll learn how to use the CDO for NTS
to send batches of personalized email to promote your site
You’ll also learn how to maintain your Web site by analyzingyour Web server’s log files An overview of the different logfile formats will be presented You’ll learn how to extract andanalyze the information from the log files to monitor the per-formance of your Web site
Finally, you’ll learn how to display banner advertisements atyour Web site and generate revenue You’ll learn how to pro-mote your Web site and use the Ad Rotator component to dis-play advertisements