AndreasBoehmer

Thanks for all the ideas (and sorry it took me a while to check this post). The Hash sounds pretty good. How would I go about to do that? Wouldn't know how to write the function...?

Each one of my registered users can chose a username and password themselves. They are two normal fields in FMP and the whole security works fine. However, the way it is set up at the moment, I can simply open the database and see all their passwords. I don't really feel good about that, seeing that a lot of people use the same password for all their accounts and emails, etc. Also, I am afraid that somebody else might have a look at the database (the server is standing in a room that is sort of accessible to a few people). Is there a way to replace the password-characters in FMP with the famous asterisks? So that nobody can see them, even with full access-rights to the database?

I think you have to put the onSubmit into the form tag, not the submit button. So: <form onSubmit="yourJavascript()"> This should work.

Hasn't got anything to do with your problem, but why have you got all the commands like -edit, -delete and -find as hidden tags in your code additionally to the process you define on the submit or delete buttons? This would create a URL something like FMPro?-db=news.fmp5&-lay=newsweb&-format=reply.html&-edit&-find&-delet&-error=error.htm&-edit=submit Meaning you've got -find in there, although you aren't searching and -delete or -edit twice. I am using Webstar, Web Companion, FMPro 4. I would love to test your HTML/CDML, but haven't got access to our machine at the moment.

I just posted 7 pages of text in a FM record and it worked fine. Could you post your html/cdml that submits the form so we can have a look at it?

Well, Karen said she was trying to send 4 pages of text. That is a lot of stuff to send via Post, I agree.

There are some browsers that make trouble if you try to submit more than 32 or 64 kilobytes of text (roughly 32000 or 64000 characters). Could that be the problem?

Partha, although I was extremely unclear in my question, you still managed to answer it! :-) What actually answered my question was when you said: "when I made my Username & email fields "unique" in the FileMaker Field Description." I didn't know there was an option like that. Now I know, I found it, and everything is fine! Thanks a lot!

I have a registration facility for my users, where I want them to enter a username, password and their email-address. How can I test whether the username they enter was registered before? I was thinking about using some kind of redirect-page which searches for the username and if it doesn exist, will register the new username. But I don't know how to remember the password and the email-address that were entered on the first page. I could store all the details in cookies, but is there another possibility? Some script in Filemaker that sends an error-message if the field-entry is a duplicate?

I think if I understand Robert correctly, he wants to do this: <a href="mailto:[FMP-field: emailAdress]">[FMP-field: emailAdress]</a> The field that is holding the email address in your FMP database is called emailAdress in this case. And that's the code you would have to put on your website in order to view the content of the field and make a "clickable" (hyperlink). And you are not sure whether you can use CDML? Well, I think you probably are using CDML if your database is displayed on the internet (which you said it was). So shouldn't be any problem to insert the code above. Or did I misunderstand?

Can you post the form you are using? Do you use method POST or GET?

I had a similar problem. My solution was to set the port in Filemaker for the Web Companion to 8080. Then I was able to access it over: http://youDomainOrIPNumber:8080. Didn't work with any other port number, as the proxy and firewall settings wouldn't allow it. So give it a shot with Port 8080.

The mailhost - can you take your normal smtp for that or does the site have to be linked to a local mail-server? Meaning: I am using a free email-provider called gmx and their smtp is: mail.gmx.net Can I simply enter that as the mailhost (although my website has got nothing to do with that email-provider) or where do I get the mailhost from?

Or you could make it really simple with a stylesheet in HTML. Let's say you set two styles like this: .yes = {font-color:#00cc66} .no = {font-color:#00000} Then you could write in your HTMl: <p class="[FMP-field:Active]">This is text and it changes colour according to the active-field. </p> Of course this only works in browsers that support stylesheets (which is meanwhile all the current ones).

Beautiful! I can remember reading that thread a while ago, but forgot about it meanwhile again! Thanks so much for your help guys. In particular for the last one, Krishan!

I would love to use inline-action, but as far as I understand it's a FMP5-only feature, hey? I am stuck with FMP4, so can't use it. If that is the only way to get information from two databases, I will probably have to try something similar to what Krishan did. I was thinking about it earlier on, but encountered the problem on how to define the relationship in each database. If each user had his/her own site to view with his username/password, I guess it wouldn't be any problem. But in my case all users view the same records (it's a Forum similar to this one). That again would mean that all logincookies and logins would have to appear on each record in order to test for them. So I can't make a relationship to the UserID. But I will play around with it and see what I can get. The very last question I have is how to make an exactmatch in FMP4. How can I test whether the username matches exactly with the username in the database. At the moment, if somebody enters "a" as the username and "b" as the password, he's got pretty good chances of logging in. All he needs is a username to contain an "a" and the appropriate password to contain a "b" and he's in. Sorry about all these questions! But I need to ask them once to get going. Hope you forgive me. :-)

That doesn't sound bad. I was thinking about making a step in between. Maybe I will have another play with it. One problem I keep encountering with all these different variations is the comparison of stored data (in tokens or cookies) with the database. Krishan, you say you compare the IP and the Login with the data you have got in the database. The problem I have is that I am using three different databases. One of them is holding the user data (is called "users"), the other two are for the website content. Now if I want to compare the cookies with the content of the database, I will have to call that database on opening of every website. But I also call one of the other two websites. So I guess the problem I am having is how to call two databases in one go? The users to check whether the details are correct and the other database for the content. I guess an ODBC would be the easiest way to go again, but is there a possibility with CDML?

Thanks for the tips, guys! John, I will have a look at the link in a second. Looks helpful, as far as I can see. Anatoli, I was following the other discussions you guys had on using cookies or tokens. I see your point, there is a problem with cookies that are being controlled by users. But they give a halfway solution of loggin the user out again. Either by timing the user out or by deleting the cookie. I am not sure whether you can do that with a Token. But I will give it a try! Thanks a lot!

So how do I get the username and password to be stored in the browser then? I know there's something like FMP-ClientUsername, but how do I assign the value of the username to it? Or do you store the username and the password in cookies? What exactly is happening in your login-system and where do you store the data so that each new page knows that you are still logged in and what your username is? Sorry, I guess this question is old, but I couldn't find any answers yet. You people are my last chance!

Do you know perhaps of any sample login-system not using the web security database where I could have a look at the code? I am sure if I saw the CDML and everything it'd be easy to grasp. So far I just can't seem to get my head around it.

No I am not. What I did is create a new database in which the usernames and passwords are being stored. The login-form will ask for a username and a password. In the next step both are being checked whether they exist in that combination in the users-database. If so, I wanted to save a token with the username. This is pretty much how I am doing it in ASP, except for in ASP the user cannot control the variable that is holding the username (in this case token). So it sounds as if I am going down the wrong way? How do you get the browser to store the username (I noticed that it wouldn't forget the username when using the web security database, but how do I get that to work with my own database. Sorry, as you can see I am new to the Filemaker business and CDML. But I am willing to learn!

Hmmm.. thanks for the feedback. I will probably try out both and see how they work in IE and NEtscape. The question I still have is how to stop an unfriendly user who is trying to get around the security to simply enter the token and its value into the URL himself? The only thing I could come up with would be to do the username/password check every time you open a page. So take the currentToken and compare it with the username again. But then - how would I do that? Seeing that I have got the usernames and passwords in a seperate database, I can't call that database every time I open a page, can I? I mean, I can only call one database per page, or am I wrong?

There was a suggestion made in this thread http://www.fmforums.com/ubb/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=21&t=000050 to store the username in a token after logging in, so that the user does not have to re-enter the username constantly. I am wondering, whether that is a good solution or not? If somebody had a look at the Form that is being submitted on login, he would pretty easily see what is being done (username stored in token). Couldn't he then get around the whole security by simply entering a -token=someUsername into the URL at the top? Then he could continue working with the username ha just entered without having to go through the login procedure. Or am I wrong there? I am trying to find a halfway secure way of doing this (login with username and password and then have the browser or server remember the details). Any pros or cons?

I've taken your advice and created a new field in FM wher I make the caluclation. Works fine now, thanks. I was just wondering whether anybody knew where the problem was because it worked fine until the moment the month in the two dates differed from eachother. Well, it's working now and I am actually quite happy to get rid of this incredible FMP-IF statement I had in my files.

Hi Garry, I have tried that, but it doesn't seem to change anything. What I did was take every "escape" and "unescape" out of the script. We do have the same code, don't we?