WebStencils is a scripting technology, introduced with Delphi 12.2; with Delphi 13, Session Management has been added to the underlying technology making interactive web sites built with Delphi feasible without a lot of work or third-party components.
The previous iteration of this demo, WebStencils Demo, compared the old WebBroker-style tag replacement with the newer WebStencils scripting and replacement syntax but it did not use any session management for user authentication; therefore, if you logged in on one browser, then opened a different browser to the same address and port, it was already logged in! In other words, user state was maintained at the server and shared with all connected sessions. Obviously, this was for demonstration purposes only and would never be implemented in a public website.
This repository expands the CustListWebStencils demo project and adds proper session management to isolate user authentication to a single browser on a single computer.
The web application is run as Windows VCL program with the HTML files in a sub-folder; a data module accesses the Chinook SQLite database (included).
There are five pages in the application:
- Index
- Login page
- Login Error
- Customer List (lists customers in a table)
- Customer Edit (presents an edit page for the selected customer)
WebStencils template HTML files:
custlistframework1.html- template used in all pagessession_include.html- include file to show session informationrequest_include.html- include file to show request inforamtionindex.html- starting pageloginform.html- form for requesting username and passwordloginfailed.html- error page for invalid logincustlist.html- table of customerscustlist-style.html- styles for the customer tablecustedit.html- the customer edit form
WebStencils was introduced in Delphi 12.2 and Session Management (the focus of this repository) was introduced in Delphi 13 which is, therefore, required to build this project. It was built with Delphi Enterprise but should be able to be compiled with the Professional Edition without any problem. No third-party components are necessary.
The Chinook SQLite database is a popular database used for tutorials and demos and can be found in many places on the internet; it is included here for convenience. The Delphi code configures the database path to point to the current project folder so you should be able to simply compile and run.
The demo Delphi project, CustListFormsSessions, is created as a Web Server Windows GUI program, meaning it runs as a small Windows VCL program that opens a port to listen for web requests with a button to launch your default web browser; the default port is 8080.
A valid login must be entered before it will take you to the customer list. A valid login is any user in the Employees table where:
- Username is the
FirstName, case-insensitive; - Password is a concatenation of the
EmployeeIdand theLastName, case-sensitive.
For example, the first entry in the sample database I downloaded had the following first employee:
ID: 1FirstName: AndrewLastName: Adams
Therefore, to login with this employee:
- Username:
ANDREW(upper or lower or mixed case) - Password:
1Adams(exactly)
Once logged in, the customer list is shown.
To illustrate both conditional HTML scripting with WebStencils and WebBroker's new user authentication capabilities, the project implements three different roles that affect and control access to the generated web pages. These roles are defined by key words in the Title field of the Employee table:
- if the
Titlefield contains the word "Manager", the user role is MGR; - else if the
Titlefield contains the word "IT", the user role is EDITOR; - else the user role is VIEWER (no editing allowed).
The background changes color depending on the current user role. Both a MANAGER and an EDITOR will see a link under each customer's ID (left-most column) that takes them to an "edit" screen. A VIEWER will not be able to see customer details.
In the included sample database, the following user credentials are examples of each of these:
STEVE/5Johnson- VIEWERROBERT/7King- EDITORANDREW/1Adams- MANAGER
The project contains a unit, uLogging.pas, for providing simple logging to provide visibility on when various events fire. The log files are created in the same folder as the running application.
Read my First Look at WebBroker's Session Management blog to learn more about this new session management for the old WebBroker technology!