Jump to content

  •  

Photo

Change Password for FileMaker Account via PHP API


  • Please log in to reply
6 replies to this topic

#1 fmdataweb  newbie

fmdataweb
  • Members
  • 12 posts
  • FM Application:10 Advance
  • Time Online: 19h 20m 38s

Posted 16 May 2012 - 04:05 PM

I have a site which uses FileMaker accounts to access the site and everything is working well. I now need to give users the ability to be able to change their passwords via the site. I know there's no native method for this and FileMaker Inc recommend that "By default, web users cannot change their account passwords from a web browser. You can enable this feature for a database using the Change Password script step, which allows web users to change their passwords from browser.".

I can use newPerformScriptCommand to perform a script that has the Change Password script step - I'm just not sure how to pass the value for the "current password" and "new password" which will be entered by the user in a form. Can you pass multiple parameters to the FileMaker script using newPerformScriptCommand - as far as I can tell you can only pass one parameter.

If anyone can point out how to perform a FileMaker script that has the Change Password script step with the values for the current/new password that would be great. FileMaker Inc obviously support it as they mention this in the PHP API PDF docs but don't give anymore details about how to construct this.

Thanks,
Steve
  • 0

#2 doughemi  lifetime learner

doughemi
  • Members
  • 768 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Intermediate
  • Time Online: 94d 14h 13m 45s

Posted 16 May 2012 - 05:39 PM

One way to pass multiple parameters is to create a calculated parameter with a delimiter between individual values. I use the pipe character ( | ).

Here is the php:
If(isset ($_POST['action']) and $_POST['action']='Change') {
	if(!isset($_POST['oldpw'])) {$errmsg='Old Password must be entered';}
	elseif($_POST['oldpw'] != $_SESSION['account_password']) {
		$errmsg='That is not the password for this account';
		}
	elseif($_POST['pw1'] != $_POST['pw2']) {
		$errmsg='New passwords do not match';
		}
	elseif(is_null($_POST['pw1'])) {
		$errmsg='You cannot use a blank password';
		}
	elseif($_POST['pw1']==$_SESSION['account_user']) {
		$errmsg='You cannot use your username as a password';
		}
	elseif(strlen($_POST['pw1'])<5) {
		$errmsg='Password is too short';
		}
	else {
			$oldpw = $_POST['oldpw'];
			$newpw = $_POST['pw1'];
			$scriptparam=$oldpw.'|'.$newpw;
			$fmscript=$fm->newPerformScriptCommand('MembersChangeHold','php_changePW',$scriptparam);
			$doscript=$fmscript->execute();
			if (FileMaker::isError($doscript)) {
				echo '<p>Database error: ' . $doscript->getMessage() .'</p>';
				exit;
			}
			$errmsg='Your password has been changed';	
		}
	
}

and here is the FM script:
   Set Variable [ $param; Value:Get ( ScriptParameter ) ]
   Go to Layout [ “php_changePW” (PWChange) ]
   New Record/Request
   Set Field [ PWChange::ScriptParams; $param ]
   Set Variable [ $opw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Left($param;pipepos-1) ) ]
   Set Variable [ $npw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Right($param;Length($param) - pipepos) ) ]
   Set Field [ PWChange::oldpw; $opw ]
   Set Field [ PWChange::newpw; $npw ]
   Commit Records/Requests
   Change Password [ Old Password: $opw; New Password: $npw ]

  • 1

Give the gift of life. Register as an organ donor today!
http://www.organdonor.gov/become.asp


#3 fmdataweb  newbie

fmdataweb
  • Members
  • 12 posts
  • FM Application:10 Advance
  • Time Online: 19h 20m 38s

Posted 16 May 2012 - 05:48 PM

Thanks very much that looks like it should work if you're already doing something similar - I'll give it a go tonight.



One way to pass multiple parameters is to create a calculated parameter with a delimiter between individual values. I use the pipe character ( | ).

Here is the php:

If(isset ($_POST['action']) and $_POST['action']='Change') {
	if(!isset($_POST['oldpw'])) {$errmsg='Old Password must be entered';}
	elseif($_POST['oldpw'] != $_SESSION['account_password']) {
		$errmsg='That is not the password for this account';
		}
	elseif($_POST['pw1'] != $_POST['pw2']) {
		$errmsg='New passwords do not match';
		}
	elseif(is_null($_POST['pw1'])) {
		$errmsg='You cannot use a blank password';
		}
	elseif($_POST['pw1']==$_SESSION['account_user']) {
		$errmsg='You cannot use your username as a password';
		}
	elseif(strlen($_POST['pw1'])<5) {
		$errmsg='Password is too short';
		}
	else {
			$oldpw = $_POST['oldpw'];
			$newpw = $_POST['pw1'];
			$scriptparam=$oldpw.'|'.$newpw;
			$fmscript=$fm->newPerformScriptCommand('MembersChangeHold','php_changePW',$scriptparam);
			$doscript=$fmscript->execute();
			if (FileMaker::isError($doscript)) {
				echo '<p>Database error: ' . $doscript->getMessage() .'</p>';
				exit;
			}
			$errmsg='Your password has been changed';	
		}
	
}

and here is the FM script:
   Set Variable [ $param; Value:Get ( ScriptParameter ) ]
   Go to Layout [ “php_changePW” (PWChange) ]
   New Record/Request
   Set Field [ PWChange::ScriptParams; $param ]
   Set Variable [ $opw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Left($param;pipepos-1) ) ]
   Set Variable [ $npw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Right($param;Length($param) - pipepos) ) ]
   Set Field [ PWChange::oldpw; $opw ]
   Set Field [ PWChange::newpw; $npw ]
   Commit Records/Requests
   Change Password [ Old Password: $opw; New Password: $npw ]


  • 0

#4 doughemi  lifetime learner

doughemi
  • Members
  • 768 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Intermediate
  • Time Online: 94d 14h 13m 45s

Posted 16 May 2012 - 05:53 PM

It's been in use for over two years.
  • 0

Give the gift of life. Register as an organ donor today!
http://www.organdonor.gov/become.asp


#5 webko  master

webko
  • Members
  • 320 posts
  • LocationSydney, Australia
  • FM Application:11 Advance
  • Platform:Cross Platform
  • Skill Level:Expert
  • Membership:TechNet, FileMaker Business Alliance
  • Time Online: 25d 2h 22m 32s

Posted 17 May 2012 - 05:07 AM

Also:
Some searching shows that using a new line creates a new script parameter, supposedly... so

Code:

$script_param = $_POST['pwd1']."\n".$_
POST['pwd2'];


Should be able to be interpreted by the script by
Code:

Set Variable [$oldpwd; Value: GetValue ( Get (ScriptParamter( ; 1)]
Set Variable [$newpwd; Value: GetValue ( Get (ScriptParamter( ; 2)]


Not tested, taken from https://docs.google...._v7ic_UZ0wJpU1A
  • 0

#6 fmdataweb  newbie

fmdataweb
  • Members
  • 12 posts
  • FM Application:10 Advance
  • Time Online: 19h 20m 38s

Posted 21 May 2012 - 05:15 AM

Just confirming that the above works, i.e. you can simply use:

$scriptParam = $_POST['CurrentPassword']."\n".$_POST['NewPassword1'];

along with:

Set Variable [$oldpwd; Value: GetValue ( Get (ScriptParamter) ; 1)]
Set Variable [$newpwd; Value: GetValue ( Get (ScriptParamter) ; 2)]

to get the old and the new passwords for use with the Change Password script step.

I've been testing this and it's working well, however I've just been testing it with invalid current password values and it's not failing as expected. Looking at the Admin Console log viewer the script is generating an error as expected ("wpc1 Web Scripting Error: 213 Script: "Change Password Web", Script Step: "Change Password") but the script error isn't being captured.

The relevant part of the code looks like this:

$scriptObject = $fm->newPerformScriptCommand($layoutName, $scriptName, $scriptParam);
// Execute the script
$scriptResult = $scriptObject->execute();

 if(FileMaker::isError($scriptResult)) {
  $errorMessage = "Change My Password Error: " . $scriptResult->getMessage() . ' (' . $scriptResult->code . ')';
  } else {
  // Update Session Password
  $_SESSION['password'] = $_POST['NewPassword1'];
  $errorMessage = 'Your Password has been changed successfully';
  }

Anyone know how to capture if there has been an error performing the "Change Password" script step?
  • 0

#7 doughemi  lifetime learner

doughemi
  • Members
  • 768 posts
  • FM Application:13 Advance
  • Platform:Cross Platform
  • Skill Level:Intermediate
  • Time Online: 94d 14h 13m 45s

Posted 21 May 2012 - 11:55 AM

This part of the code traps for incorrect old password before even applying it to the change password script step:
		elseif($_POST['oldpw'] != $_SESSION['account_password']) {
				$errmsg='That is not the password for this account';
				}

The session variable is set by your login authentication (I used the code in the book FileMaker Web Publishing by Olm, Knight, and Petrov.
This is a very robust method that protects any pages you wish in the website.)
  • 0

Give the gift of life. Register as an organ donor today!
http://www.organdonor.gov/become.asp





FMForum Advertisers