Jump to content
Sign in to follow this  
fmdataweb

Change Password for FileMaker Account via PHP API

Recommended Posts

fmdataweb    0

I have a site which uses FileMaker accounts to access the site and everything is working well. I now need to give users the ability to be able to change their passwords via the site. I know there's no native method for this and FileMaker Inc recommend that "By default, web users cannot change their account passwords from a web browser. You can enable this feature for a database using the Change Password script step, which allows web users to change their passwords from browser.".

I can use newPerformScriptCommand to perform a script that has the Change Password script step - I'm just not sure how to pass the value for the "current password" and "new password" which will be entered by the user in a form. Can you pass multiple parameters to the FileMaker script using newPerformScriptCommand - as far as I can tell you can only pass one parameter.

If anyone can point out how to perform a FileMaker script that has the Change Password script step with the values for the current/new password that would be great. FileMaker Inc obviously support it as they mention this in the PHP API PDF docs but don't give anymore details about how to construct this.

Thanks,

Steve

Share this post


Link to post
Share on other sites
doughemi    82

One way to pass multiple parameters is to create a calculated parameter with a delimiter between individual values. I use the pipe character ( | ).

Here is the php:

If(isset ($_POST['action']) and $_POST['action']='Change') {

	if(!isset($_POST['oldpw'])) {$errmsg='Old Password must be entered';}

	elseif($_POST['oldpw'] != $_SESSION['account_password']) {

		$errmsg='That is not the password for this account';

		}

	elseif($_POST['pw1'] != $_POST['pw2']) {

		$errmsg='New passwords do not match';

		}

	elseif(is_null($_POST['pw1'])) {

		$errmsg='You cannot use a blank password';

		}

	elseif($_POST['pw1']==$_SESSION['account_user']) {

		$errmsg='You cannot use your username as a password';

		}

	elseif(strlen($_POST['pw1'])<5) {

		$errmsg='Password is too short';

		}

	else {

			$oldpw = $_POST['oldpw'];

			$newpw = $_POST['pw1'];

			$scriptparam=$oldpw.'|'.$newpw;

			$fmscript=$fm->newPerformScriptCommand('MembersChangeHold','php_changePW',$scriptparam);

			$doscript=$fmscript->execute();

			if (FileMaker::isError($doscript)) {

				echo '<p>Database error: ' . $doscript->getMessage() .'</p>';

				exit;

			}

			$errmsg='Your password has been changed';	

		}

	

}




and here is the FM script:



   Set Variable [ $param; Value:Get ( ScriptParameter ) ]

   Go to Layout [ “php_changePW” (PWChange) ]

   New Record/Request

   Set Field [ PWChange::ScriptParams; $param ]

   Set Variable [ $opw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Left($param;pipepos-1) ) ]

   Set Variable [ $npw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Right($param;Length($param) - pipepos) ) ]

   Set Field [ PWChange::oldpw; $opw ]

   Set Field [ PWChange::newpw; $npw ]

   Commit Records/Requests

   Change Password [ Old Password: $opw; New Password: $npw ]

  • Like 1

Share this post


Link to post
Share on other sites
fmdataweb    0

Thanks very much that looks like it should work if you're already doing something similar - I'll give it a go tonight.

One way to pass multiple parameters is to create a calculated parameter with a delimiter between individual values. I use the pipe character ( | ).

Here is the php:

If(isset ($_POST['action']) and $_POST['action']='Change') {

	if(!isset($_POST['oldpw'])) {$errmsg='Old Password must be entered';}

	elseif($_POST['oldpw'] != $_SESSION['account_password']) {

		$errmsg='That is not the password for this account';

		}

	elseif($_POST['pw1'] != $_POST['pw2']) {

		$errmsg='New passwords do not match';

		}

	elseif(is_null($_POST['pw1'])) {

		$errmsg='You cannot use a blank password';

		}

	elseif($_POST['pw1']==$_SESSION['account_user']) {

		$errmsg='You cannot use your username as a password';

		}

	elseif(strlen($_POST['pw1'])<5) {

		$errmsg='Password is too short';

		}

	else {

			$oldpw = $_POST['oldpw'];

			$newpw = $_POST['pw1'];

			$scriptparam=$oldpw.'|'.$newpw;

			$fmscript=$fm->newPerformScriptCommand('MembersChangeHold','php_changePW',$scriptparam);

			$doscript=$fmscript->execute();

			if (FileMaker::isError($doscript)) {

				echo '<p>Database error: ' . $doscript->getMessage() .'</p>';

				exit;

			}

			$errmsg='Your password has been changed';	

		}

	

}




and here is the FM script:



   Set Variable [ $param; Value:Get ( ScriptParameter ) ]

   Go to Layout [ “php_changePW” (PWChange) ]

   New Record/Request

   Set Field [ PWChange::ScriptParams; $param ]

   Set Variable [ $opw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Left($param;pipepos-1) ) ]

   Set Variable [ $npw; Value:Let( [pipepos=Position ( $param ; "|" ; 1;1 )]; Right($param;Length($param) - pipepos) ) ]

   Set Field [ PWChange::oldpw; $opw ]

   Set Field [ PWChange::newpw; $npw ]

   Commit Records/Requests

   Change Password [ Old Password: $opw; New Password: $npw ]

Share this post


Link to post
Share on other sites
doughemi    82

It's been in use for over two years.

Share this post


Link to post
Share on other sites
webko    52

Also:

Some searching shows that using a new line creates a new script parameter, supposedly... so

Code:

$script_param = $_POST['pwd1']."n".$_

POST['pwd2'];

Should be able to be interpreted by the script by

Code:

Set Variable [$oldpwd; Value: GetValue ( Get (ScriptParamter( ; 1)]

Set Variable [$newpwd; Value: GetValue ( Get (ScriptParamter( ; 2)]

Not tested, taken from https://docs.google.com/viewer?a=v&q=cache:WAdTiMno0C0J:www.filemaker.com/downloads/pdf/article2_php.pdf+filemaker+php+api+script&hl=en&gl=au&pid=bl&srcid=ADGEEShcgVpDSX6nJMLypuOwJzFt2R6ZHoMGpsCGcNa7DLqBV-6-f0jlVI3GDTxc5KQ2oCJbiZH7Htm3HA7oVYNWQWdqGluWGEXJ86fKjnxpjb99SugHeMxFyLkz1Jbgk9KiNVrJsn9n&sig=AHIEtbTOTTcpYer6OtH_v7ic_UZ0wJpU1A

Share this post


Link to post
Share on other sites
fmdataweb    0

Just confirming that the above works, i.e. you can simply use:


$scriptParam = $_POST['CurrentPassword']."n".$_POST['NewPassword1'];





along with:



Set Variable [$oldpwd; Value: GetValue ( Get (ScriptParamter) ; 1)]

Set Variable [$newpwd; Value: GetValue ( Get (ScriptParamter) ; 2)]



to get the old and the new passwords for use with the Change Password script step.



I've been testing this and it's working well, however I've just been testing it with invalid current password values and it's not failing as expected. Looking at the Admin Console log viewer the script is generating an error as expected ("wpc1 Web Scripting Error: 213   Script: "Change Password Web", Script Step: "Change Password") but the script error isn't being captured.



The relevant part of the code looks like this:





$scriptObject = $fm->newPerformScriptCommand($layoutName, $scriptName, $scriptParam);

// Execute the script

$scriptResult = $scriptObject->execute();



 if(FileMaker::isError($scriptResult)) {

  $errorMessage = "Change My Password Error: " . $scriptResult->getMessage() . ' (' . $scriptResult->code . ')';

  } else {

  // Update Session Password

  $_SESSION['password'] = $_POST['NewPassword1'];

  $errorMessage = 'Your Password has been changed successfully';

  }

Anyone know how to capture if there has been an error performing the "Change Password" script step?

Share this post


Link to post
Share on other sites
doughemi    82

This part of the code traps for incorrect old password before even applying it to the change password script step:


		elseif($_POST['oldpw'] != $_SESSION['account_password']) {

				$errmsg='That is not the password for this account';

				}

The session variable is set by your login authentication (I used the code in the book FileMaker Web Publishing by Olm, Knight, and Petrov.

This is a very robust method that protects any pages you wish in the website.)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Similar Content

    • By Jake Thomann
      For anyone interested in an npm package that communicates with Filemaker's data API, I am currently developing here - https://github.com/thomann061/fmrest
    • By gczychi
      Hi,
      I want to access a data base «Import.fmp12» hosted on FMS 16 with the new Rest API but cannot get it to work.
      Testing with «ARC Plugin for Chrome» (great tool, btw) and Postman.
      In ARC, I get the error 802 – Unable to open file; in Postman, I won't even get that far:  «Could not get any response»
       

      This is what I did so far:
       – The file is accessible fine with any FileMaker client using FileMaker username and password (triple checked spelling, etc.)
       – Can connect fine to WebDirect with any browser and http
       – Cannot connect using Rest API and http, so went for https
       – Got an authentication error with https, so
       – Installed a self-signed certificate both on the server Mac and on local Mac for my myowndomain.com
      Getting mixed results:
       – Firefox: myowndomain.com certificate: Error code: SEC_ERROR_UNKNOWN_ISSUER  (to be expected)
       – Safari: FMI Default Certificate: Certificate not valid (host name mismatch). For whatever reason, Safari doesn't use my certificate.
       – Chrome: strikethrough https but shows the WebDirect server
       – ARC Plugin: Using https://myowndomain.com/fmi/rest/api/auth/Import Can get now through to the server (no SSL-Auth problems anymore), but the result is: {"errorMessage": "Unable to open file","errorCode": "802"}
       – Postman: Using https://myowndomain.com/fmi/rest/api/auth/Import «Could not get any response» and an error message: «{"errorMessage":"Method Not Allowed"}»
       
      Any ideas?
      Thanks  for any help.
       
      Gary
       
    • By jamescv7
      XML error: No memory at line 1
      Greetings, this error occurred when the Filemaker API cannot generate a bunch of records. (1000+ records and above)
      I've adjusted the time out settings for PHP even the memory limits.
      Is there any possible solution for this?
       
      According to some information, the error turns out that the 10 MB XML scripts is unchangeable.
      thanks.
    • By charmcello
      I am tasked with troubleshooting a web registration form that queries a Filemaker Pro v12 database via a Filemaker PHP API.
      The web form had been running well for a couple of months after major revision, when all of a sudden:
      All dropdowns are empty All radio buttons are missing These symptoms appear to be browser-independent. The appearance of these symptoms is mysterious:
      Nobody has modified the PHP code for the web form - I've done a compare with a backup done at the time when the web form was not broken and it is identical to what is currently on the server.  The Filemaker Pro layout that the web form is querying is just fine - all the value lists for the dropdowns and radio buttons are present. I've created a stripped-down version of the web form: https://campmeetings.cccsda.org/test_form.php and I've also attached the php source code file.
      The date and record fields are populating correctly. Notice the empty dropdown list after "Church I attend."
      Could this be caused by an incompatibility between the FMP PHP API and PHP libraries on the server? Perhaps due to a PHP update on the server? Any ideas how to troubleshoot this? 
      test_form.php
    • By DeathRobot
      Hi. I am trying to script the getting of some data from a website that has an API. I have BaseElementsPlugin and was given an example bit of code by the website:
       data = {'domain': domain, 'include_generic': True}
                  headers = {'X-Api-Key': 'xyz123'}
                  resp = requests.post('https://api.anymailfinder.com/v3.0/search/domain.json', data=data, headers=headers)
      I have never dealt with this kind of programming and am not even sure where this info would go or what script step(s) I would use to call this. Is this CURL? Are you aware of sample FM scripting that I could use as a model to figure this out?
      Thanks for any help with this!
×

Important Information

By using this site, you agree to our Terms of Use.