Exact find problem: any ideas? please!

[andieroid]

A while back I set up (what was meant to be...) a small protected area for our customers. Access to the site was by performing a simple "find" on the unique username and password contained in each customer record.

The site has grown quite big (400 customers) and only now do I realise that the "find" will work on EITHER password or username (and worse still on any part of either). I tested it when I first set it up and I was sure it was secure (obviously I was very wrong!)

I have added the html <INPUT TYPE="hidden" NAME="-op" VALUE="eq"> to the form, but the find continues to work as VALUE="cn".

As you can imagine - I need to find a solution very fast or take this section offline now. Can anyone tell me how to ensure that the Web Companion performs an exact find?

[Geeksharka]

Another simple way, but less error prone, is to rely on relations instead of a Find sequence. As you've discovered, using a Find function for this does not work well. Relations are based on exact matches, and are well-suited for this.

Create a small table of users, with a password field.

Then in the entry point, have a relation that utilizes the user's name, and their password, using a compound key. When they fill in their name, and then their password (using two fields), the concatenation of those two fields will either produce a relationship to their existing User file, or not. Create an Enter script (with a button) that checks to see if the relationship exists (IF COUNT = 1), and if so, allows them in.

Having a User Table also allows you to assign each user their own password, plus makes it easier to add or delete users to and from the system as time goes on. It's also handy for many other things in a multi-user system, but that's another post.

HTH

[andieroid]

Many thanks for this,

I suspected that I may have gone about my customer database a little bit simplistically!

There are actually three entry validation fields in the database, one for username, one for password the other, a concatenated field that I am currently doing the "find" on.

I thought I could do more-or-less what you have suggested on the concatenated field, but you are hinting that a relationship would achieve the "exact" match that a simple "find" can't do properly?

I'll have a try at the relations approach.

Thanks again