Sign in to follow this  
Followers 0
fmdataweb

Change Password for FileMaker Account via PHP API

7 posts in this topic

I have a site which uses FileMaker accounts to access the site and everything is working well. I now need to give users the ability to be able to change their passwords via the site. I know there's no native method for this and FileMaker Inc recommend that "By default, web users cannot change their account passwords from a web browser. You can enable this feature for a database using the Change Password script step, which allows web users to change their passwords from browser.".

I can use newPerformScriptCommand to perform a script that has the Change Password script step - I'm just not sure how to pass the value for the "current password" and "new password" which will be entered by the user in a form. Can you pass multiple parameters to the FileMaker script using newPerformScriptCommand - as far as I can tell you can only pass one parameter.

If anyone can point out how to perform a FileMaker script that has the Change Password script step with the values for the current/new password that would be great. FileMaker Inc obviously support it as they mention this in the PHP API PDF docs but don't give anymore details about how to construct this.

Thanks,

Steve

Share this post


Link to post
Share on other sites

One way to pass multiple parameters is to create a calculated parameter with a delimiter between individual values. I use the pipe character ( | ).

Here is the php:

If(isset ($_POST['action']) and $_POST['action']='Change') {

	if(!isset($_POST['oldpw'])) {$errmsg='Old Password must be entered';}

	elseif($_POST['oldpw'] != $_SESSION['account_password']) {

		$errmsg='That is not the password for this account';

		}

	elseif($_POST['pw1'] != $_POST['pw2']) {

		$errmsg='New passwords do not match';

		}

	elseif(is_null($_POST['pw1'])) {

		$errmsg='You cannot use a blank password';

		}

	elseif($_POST['pw1']==$_SESSION['account_user']) {

		$errmsg='You cannot use your username as a password';

		}

	elseif(strlen($_POST['pw1'])<5) {

		$errmsg='Password is too short';

		}

	else {

			$oldpw = $_POST['oldpw'];

			$newpw = $_POST['pw1'];

			$scriptparam=$oldpw.'|'.$newpw;

			$fmscript=$fm->newPerformScriptCommand('MembersChangeHold','php_changePW',$scriptparam);

			$doscript=$fmscript->execute();

			if (FileMaker::isError($doscript)) {

				echo '<p>Database error: ' . $doscript->getMessage() .'</p>';

				exit;

			}

			$errmsg='Your password has been changed';	

		}

	

}




and here is the FM script:



   Set Variable [ $param; Value:Get ( ScriptParameter ) ]

   Go to Layout [ “php_changePW” (PWChange) ]

   New Record/Request

   Set Field [ PWChange::ScriptParams; $param ]

   Set Variable [ $opw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Left($param;pipepos-1) ) ]

   Set Variable [ $npw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Right($param;Length($param) - pipepos) ) ]

   Set Field [ PWChange::oldpw; $opw ]

   Set Field [ PWChange::newpw; $npw ]

   Commit Records/Requests

   Change Password [ Old Password: $opw; New Password: $npw ]

1 person likes this

Share this post


Link to post
Share on other sites

Thanks very much that looks like it should work if you're already doing something similar - I'll give it a go tonight.

One way to pass multiple parameters is to create a calculated parameter with a delimiter between individual values. I use the pipe character ( | ).

Here is the php:

If(isset ($_POST['action']) and $_POST['action']='Change') {

	if(!isset($_POST['oldpw'])) {$errmsg='Old Password must be entered';}

	elseif($_POST['oldpw'] != $_SESSION['account_password']) {

		$errmsg='That is not the password for this account';

		}

	elseif($_POST['pw1'] != $_POST['pw2']) {

		$errmsg='New passwords do not match';

		}

	elseif(is_null($_POST['pw1'])) {

		$errmsg='You cannot use a blank password';

		}

	elseif($_POST['pw1']==$_SESSION['account_user']) {

		$errmsg='You cannot use your username as a password';

		}

	elseif(strlen($_POST['pw1'])<5) {

		$errmsg='Password is too short';

		}

	else {

			$oldpw = $_POST['oldpw'];

			$newpw = $_POST['pw1'];

			$scriptparam=$oldpw.'|'.$newpw;

			$fmscript=$fm->newPerformScriptCommand('MembersChangeHold','php_changePW',$scriptparam);

			$doscript=$fmscript->execute();

			if (FileMaker::isError($doscript)) {

				echo '<p>Database error: ' . $doscript->getMessage() .'</p>';

				exit;

			}

			$errmsg='Your password has been changed';	

		}

	

}




and here is the FM script:



   Set Variable [ $param; Value:Get ( ScriptParameter ) ]

   Go to Layout [ “php_changePW” (PWChange) ]

   New Record/Request

   Set Field [ PWChange::ScriptParams; $param ]

   Set Variable [ $opw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Left($param;pipepos-1) ) ]

   Set Variable [ $npw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Right($param;Length($param) - pipepos) ) ]

   Set Field [ PWChange::oldpw; $opw ]

   Set Field [ PWChange::newpw; $npw ]

   Commit Records/Requests

   Change Password [ Old Password: $opw; New Password: $npw ]

Share this post


Link to post
Share on other sites

It's been in use for over two years.

Share this post


Link to post
Share on other sites

Also:

Some searching shows that using a new line creates a new script parameter, supposedly... so

Code:

$script_param = $_POST['pwd1']."n".$_

POST['pwd2'];

Should be able to be interpreted by the script by

Code:

Set Variable [$oldpwd; Value: GetValue ( Get (ScriptParamter( ; 1)]

Set Variable [$newpwd; Value: GetValue ( Get (ScriptParamter( ; 2)]

Not tested, taken from https://docs.google.com/viewer?a=v&q=cache:WAdTiMno0C0J:www.filemaker.com/downloads/pdf/article2_php.pdf+filemaker+php+api+script&hl=en&gl=au&pid=bl&srcid=ADGEEShcgVpDSX6nJMLypuOwJzFt2R6ZHoMGpsCGcNa7DLqBV-6-f0jlVI3GDTxc5KQ2oCJbiZH7Htm3HA7oVYNWQWdqGluWGEXJ86fKjnxpjb99SugHeMxFyLkz1Jbgk9KiNVrJsn9n&sig=AHIEtbTOTTcpYer6OtH_v7ic_UZ0wJpU1A

Share this post


Link to post
Share on other sites

Just confirming that the above works, i.e. you can simply use:


$scriptParam = $_POST['CurrentPassword']."n".$_POST['NewPassword1'];





along with:



Set Variable [$oldpwd; Value: GetValue ( Get (ScriptParamter) ; 1)]

Set Variable [$newpwd; Value: GetValue ( Get (ScriptParamter) ; 2)]



to get the old and the new passwords for use with the Change Password script step.



I've been testing this and it's working well, however I've just been testing it with invalid current password values and it's not failing as expected. Looking at the Admin Console log viewer the script is generating an error as expected ("wpc1 Web Scripting Error: 213   Script: "Change Password Web", Script Step: "Change Password") but the script error isn't being captured.



The relevant part of the code looks like this:





$scriptObject = $fm->newPerformScriptCommand($layoutName, $scriptName, $scriptParam);

// Execute the script

$scriptResult = $scriptObject->execute();



 if(FileMaker::isError($scriptResult)) {

  $errorMessage = "Change My Password Error: " . $scriptResult->getMessage() . ' (' . $scriptResult->code . ')';

  } else {

  // Update Session Password

  $_SESSION['password'] = $_POST['NewPassword1'];

  $errorMessage = 'Your Password has been changed successfully';

  }

Anyone know how to capture if there has been an error performing the "Change Password" script step?

Share this post


Link to post
Share on other sites

This part of the code traps for incorrect old password before even applying it to the change password script step:


		elseif($_POST['oldpw'] != $_SESSION['account_password']) {

				$errmsg='That is not the password for this account';

				}

The session variable is set by your login authentication (I used the code in the book FileMaker Web Publishing by Olm, Knight, and Petrov.

This is a very robust method that protects any pages you wish in the website.)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • Filemaker trades stocks
      By JLanclos
      Has anyone come across a way to have filemaker execute an online trade with a brokerage account? I want a DB to place a trade buy or sell with a brokerage house - probably thru an API
      Thanks in advance
      J
    • execute block my php script
      By tatoosa
      hello,
      i'm a beginner, i have problem with a php script, i run it (1/2  minutes), reaches the command execute() and then it stop with no error message.
      this is the script:
       
      $fm_a = new FileMaker($file, $host, $username, $password);
      $a_table = $fm_a ->newFindCommand('layout_name');
      $a_table->addFindCriterion('online', '1');
      $a_result = $a_table->execute();
      if (FileMaker::isError($iconografia_result)) {
      .......
      where i'm a wrong? 
      thanx for your time and collaboration
      Simone
       
    • [PlugIn] PayPal for FileMaker
      By angelleye
      View File PayPal for FileMaker
      Easily integrate PayPal web service APIs into FileMaker applications using custom functions the same way you use any other function in FileMaker.
      Process credit cards, refund transactions, pull transaction details, and a whole lot more, all with the ease and comfort of the FileMaker scripting process.
      Our FileMaker PayPal custom functions make it quick and easy to integrate PayPal’s API platform into your FileMaker database solution.  Simply open the solution file to load the PayPal custom functions into the system, and they will be available to be used within all of your FileMaker databases.
      The functions work exactly the same as any other function you use within a FileMaker calculation.  You simply pass in request parameters and the function handles the rest.
      All PayPal response data is stored in the solution file in a single table as global fields so the data is immediately accessible via your FileMaker script to populate your own tables/layouts, make calculations, etc.
      Supported FileMaker PayPal APIs
      General
      AddressVerify DoNonReferencedCredit GetBalance GetTransactionDetails MassPay RefundTransaction TransactionSearch RefundTransaction Authorization and Capture
      DoAuthorization DoCapture DoReauthorization DoVoid DoDirectPayment Recurring Payments / Reference Transactions
      BillOutstandingAmount CreateRecurringPaymentsProfile DoReferenceTransaction GetBillingAgreementCustomerDetails GetRecurringPaymentsProfileDetails ManageRecurringPaymentsProfileStatus UpdateRecurringPaymentsProfile Demo Videos
       
       
       
       
       
       
       
       
       
      Submitter angelleye Submitted 01/17/2016 Category Plug-Ins FM Version FM Version: 1
    • PayPal for FileMaker
      By angelleye
      Easily integrate PayPal web service APIs into FileMaker applications using custom functions the same way you use any other function in FileMaker.
      Process credit cards, refund transactions, pull transaction details, and a whole lot more, all with the ease and comfort of the FileMaker scripting process.
      Our FileMaker PayPal custom functions make it quick and easy to integrate PayPal’s API platform into your FileMaker database solution.  Simply open the solution file to load the PayPal custom functions into the system, and they will be available to be used within all of your FileMaker databases.
      The functions work exactly the same as any other function you use within a FileMaker calculation.  You simply pass in request parameters and the function handles the rest.
      All PayPal response data is stored in the solution file in a single table as global fields so the data is immediately accessible via your FileMaker script to populate your own tables/layouts, make calculations, etc.
      Supported FileMaker PayPal APIs
      General
      AddressVerify DoNonReferencedCredit GetBalance GetTransactionDetails MassPay RefundTransaction TransactionSearch RefundTransaction Authorization and Capture
      DoAuthorization DoCapture DoReauthorization DoVoid DoDirectPayment Recurring Payments / Reference Transactions
      BillOutstandingAmount CreateRecurringPaymentsProfile DoReferenceTransaction GetBillingAgreementCustomerDetails GetRecurringPaymentsProfileDetails ManageRecurringPaymentsProfileStatus UpdateRecurringPaymentsProfile Demo Videos
       
       
       
       
       
       
       
       
       
    • Filemaker, Payment Gateways and XML
      By Geeksharka
      A client of mine wants to tie their solution to Converge (https://www.myvirtualmerchant.com/VirtualMerchant/). They offer an XML option, so it look feasible, but I was wondering if anyone else has tied a Filemaker solution to Converge's API?
      Also, with the new EMV Chip Cards, does anyone recommend any particular payment gateway for Filemaker? Or do the new chip cards not affect anything?
      Any and all info about payment API's most welcome.
      FM Pro and Server 14, Mac OS X environment.
      Thanks!