Need Assistance in field validation for product serial number

[Lisa M.]

Hello:

 

I'm trying to accomplish the following:

1.  If not registered, delete all user data on application exit else preserve it: I think I've got this one figured out.

2.  Offer the user a chance to choose to register and validate the serial number based on a calculation.  If the user clicks "OK" with no data in user name, user org and serial number, proceed as if no attempt at registration had taken place.  If canceled proceed as if no attempt had taken place.  If the user has filled in all three fields, or just name and serial then update a global field that will remain set no matter what and keep the auto-delete from happening on close.

 

here's the calculation that validates the serial number:

//Check Serial Number Length as either 16 long, 17 long, or 19 long
Length ( Self ) = 16 or Length ( Self )  = 17  or Length ( Self )  = 19 and 
// Ckeck 16-character serial number value if valid
If ( Length ( Self ) = 16 ; Left ( Self ; 4) = "WXRF"  and Right ( Self; 12) and Filter ( Right ( Self; 12); 123456789)  and Right ( Self; 12 ) > 595418126959  and  Right ( Self; 12) ≤  810923554179)  xor 
// Check 17-chatacter serial number value if valid
If ( Length ( Self ) = 17 ; Left ( Self; 5) = "WXRF-"  and Right ( Self; 12) and Filter ( Right ( Self; 12); 123456789)  and Right ( UserSerial; 12 ) > 595418126959  and  Right ( UserSerial; 12) ≤  810923554179)  xor 
// Check 18-character serial number if valid
If (Length ( Self ) = 19; Left ( Self; 5) = "WXRF-"  and Right ( Self; 14) and Filter ( Right ( Self; 14); 123456789)  and Right ( Self; 14) > 595418126959  and  Right ( Self; 14) ≤  810923554179)

 

I've decided to make the serial number check a little more forgiving thus "DEMO-809718736937" is the same as "DEMO809718736937" and both are the same as "DEMO-8097-1873-6937"

 

The script I'm using on my OK button is:

// Commit Records/Requests
If [ IsValid ( regstat::UserSerial ) = 1 and Length ( regstat::UserName ) ≥ 3 and IsEmpty ( regstat::UserSerial ) = 0 ]
Commit Records/Requests
Close Window [ Current Window ]
Go to Layout [ “RedFountain_CI” (RedFountain_CI) ]
Show All Records
Set Variable [ $recordcount ; Value:Get ( FoundCount ) ]
Adjust Window
[ Minimize ]
If [ $recordcount = 0 or $recordcount = "?" ]
New Record/Request
Commit Records/Requests
Go to Record/Request/Page
[ First ]
Else If [ IsValid ( regstat::UserSerial ) = 0 and Length ( regstat::UserName ) ≤ 2 and IsEmpty ( regstat::UserSerial ) = 1 ]
Show Custom Dialog [ Title: "Registration Error"; Message: "Uh-oh! Looks like something has gone wrong with your
registration attempt. Please check the informtion entered and try again."; Default Button: “OK”, Commit: “No” ]
Exit Script [ ]
End If
#check to see if the user has seen the shout out. if so, go to person.
If [ RedFountain_CI::ShowAlert ≠ 1 or IsEmpty ( RedFountain_CI::ShowAlert ) ]
Go to Layout [ “RedFountain_CI” (RedFountain_CI) ]
Adjust Window
[ Minimize ]
Show Custom Dialog [ Title: "One Last Shout Out..."; Message: "Before we let you use the RF app for yourself, we would like
to give a special thanks to Cris Ippolite of iSolutions, Inc. Without Mr. Ippolite's training classes, this application would not
be possible. Just so you know, you'll only see this message one time"; Default Button: “Rock On!” , Commit: “Yes” ]
Set Variable [ $$dlgok; Value:Get ( LastMessageChoice ) ]
Go to Record/Request/Page
[ First ]
Set Field [ RedFountain_CI::ShowAlert ; $$dlgok ]
Commit Records/Requests
Adjust Window
[ Restore ]
Go to Layout [ “Person” (Person) ]
Else
Go to Layout [ “Person” (Person) ]
End If
Exit Script [ ]
End If

Basically the idea here is that when the user clicks ok, first check if serial number meets the validation criteria and user name is at least 3 characters long.  If that meets criteria, then commit the records and close the registration window.  Next go to layout RedFountain_CI and show all records.  Count all records in the found set and put that number in a variable called $regcount and minimize the window.  if $regcount equals 0 or ? (blank) then create a new record, commit it, and go to the first record (obviously the one just created).  If the serial number is not valid and the length of the name is 2 or less then display a dialog that indicates there is a problem with the registration attempt then exit the script.  Once outside of that conditional logic, check to see if the user's seen a one-time shout out message by checking for a filed called "ShowAlert" in the RedFountain_CI table to be set to 1.  If not 1 then show the alert and set it to 1, if 1 just go to the person file.

 

any Ideas on how to fix this one?

 

 

RedFountain_CI LIVE.fmp12

[comment]

You didn't tell us what exactly the criteria for a valid serial number are. If I am reading your existing validation formula correctly, then it could be simplified to:

Let ( [
chars = Filter ( Self ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" ) ;
num = Right ( chars ; 12 )
] ;
Length ( chars ) = 16
and
Left ( chars ; 4 ) = "WXRF"
and 
595418126959 < num and num ≤ 810923554179
)

This will disregard any punctuation or other non-digit-or-alphabet characters and perform the 3 tests on the remaining string. If you want to make it forgiving WRT to the case too, then change Self to Upper ( Self ).

I am not sure what to make of the rest of your question. Apparently you are running a script upon user entry - so I don't see why you need to validate the field instead of letting the script do it. Other than that, it seems irrelevant to the problem of validating the SN.

I'm also curious if there isn't a better scheme for verifying a legitimate entry. You didn't tell us what is the purpose of such verification,  but I would expect to see at least a check digit.

 

[Lisa M.]

3 hours ago, comment said:

You didn't tell us what exactly the criteria for a valid serial number are. If I am reading your existing validation formula correctly, then it could be simplified to:

Let ( [
chars = Filter ( Self ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" ) ;
num = Right ( chars ; 12 )
] ;
Length ( chars ) = 16
and
Left ( chars ; 4 ) = "WXRF"
and 
595418126959 < num and num ≤ 810923554179
)

This will disregard any punctuation or other non-digit-or-alphabet characters and perform the 3 tests on the remaining string. If you want to make it forgiving WRT to the case too, then change Self to Upper ( Self ).

I am not sure what to make of the rest of your question. Apparently you are running a script upon user entry - so I don't see why you need to validate the field instead of letting the script do it. Other than that, it seems irrelevant to the problem of validating the SN.

I'm also curious if there isn't a better scheme for verifying a legitimate entry. You didn't tell us what is the purpose of such verification,  but I would expect to see at least a check digit.

 

First of all, thank you so very much for your response!  I'll try that.  I was a total idiot (I've been making stupid choices all day it seems), I'll try to answer everything:

1) a valid serial number should always start with "WXRF-" or "WXRF" if you don't include the dash(es) and then have a 12-digit number which should be greater than "595418126959" but less than or equal to "810923554179" (example: WXRF-712319695825)

2) The purpose of the validation is to ensure that the serial number is valid according to those rules.  If the serial number is valid according to those rules, update the global (which then changes who the program acts on exit and on clicking "Launch RFCI" 1) If no serial or serial invalid (delete the person, notes, and preferences tables on exit), if the registration is valid, don't delete anything and the next time the person launches the database, when they click on "Launch RFCI" it will just go straight to the person file instead of going to the trial notes and credits screen.

 

Screen 1: Red Fountain CI Splash Screen

 

Screen 2: Trail Reminder Notification

Screen 3: About and Credits (option to register in lower left)

Screen 4:  Red Fountain Registration: If user clicks OK, either take the registration as valid and update the global then take to person file, if user clicks cancel... then (clear all the flags and treat it as if it were a trial)

 

To play around with the current version of RF that has the new calc implemented as serial number see the attached fmp12 file. 

 

The original intent behind this was to make it only a "technology demonstration" of an internal app and to ensure that everyone plays fair delete the data from the 3 main tables of the file (person, preference, and note)... but then I thought to myself "wait a minute... if even in its limited form someone finds it useful and they didn't have to build it... then maybe they can put in a serial number to make this a permanent software for their needs" and thus the serial screen was born.  I am actually grateful when things break because it gives me a chance to learn from others and improve my design skills.  So this has been a bit of a learning experience.  I'm still having trouble with that damned cancel button but I'll figure out that bit in some time...  Thanks all for your amazing help. 

 

NOTE: Yes, I know that posting my serial validation calculation, and a working serial number in a forum that is indexed by google and the like probably isn't that good for me as a developer; but in the final release version, I plan to change the two numbers used and maybe add some other functions.

 

I am extremely grateful to everyone that helps me when I cannot figure things out on my own and I wish I could thank each and every one of you who's helped me over the years but that would be one long credits screen!  Stay safe and happy holidays!

RedFountain_CI LIVE.fmp12

[comment]

20 hours ago, Carly F. said:

in the final release version, I plan to change the two numbers used and maybe add some other functions.

I would suggest an entirely different scheme, but ... are you still on version 12?

 

[Lisa M.]

1 hour ago, comment said:

I would suggest an entirely different scheme, but ... are you still on version 12?

 

Yes, I am still on v12.  There really are a few reasons as follows:

1) I don't do change all that well (if it ain't broke, why fix it?); plus internally some of my medical apps still run on Windows Server 2003/2008 and SQL 2005 but those are all isolated in virtual machines that are backed up regularly.  If I'm in a Windows environment, server 2003/2003 R2, or 2008 (no 2008 R2 and beyond however); client side, I prefer Windows XP, Vista I'll tolerate, and 7 is the newest I'll go.  If I'm in a mac environment, anything goes.  Same for office... I was for the last 13 years running office 2003 (as it was the last version with the classic menu bars and none of this ribbon shenanigans), finally I moved to office 2007 last year due to changes in OneNote, and finally to office 2010 due to updates in OneNote, Word, and Outlook.  In short, I don't move "when I'm told", I move when and if I need it.  The same goes for my FileMaker deploys.  Since XP is the minimum Windows client OS I'll support; if it doesn't run on XP, I'm not going anywhere near it.

2) As I plan to make technology demonstrations available to the general public, FileMaker 12 Advanced was one of the last versions to support creating stand-alone runtime applications for those who don't have FileMaker but still need to interact with the database.

3) I've spent the last 3 or so years collecting all manner of things relating to FileMaker 12 (training DVDs, physical boxed copies of software (I'm currently missing 12 Advanced as a physical boxed product and 12 Server Advanced as a physical boxed product), Digital licenses for the 12.x series products, time spent learning it, etc.) you name it... if it's v12 related, I'll probably buy it.  In short, I've got to justify my investment somehow... put a mission critical app that is is needed to keep me alive and functioning properly that needs a database on it... why not?! plus target the lowest common point of all my technology... the OS.

 

Going back to point #1 on that list, FileMaker 12 still runs fine on my Windows 11 laptop so why change it?

 

Yes, I still have some modernity in my life (e.g. Apple iPhone, Apple Watch, iPad Pro 12.9" communication tablet, Windows 11 pro on my laptop (I only run VMware Workstation 16, office 2010, FireFox, FileMaker, and Evidence Sync (the software that interfaces with my body-worn camera) on windows 11... all else, put me back to a simpler time please), the sims 3, unreal tournament 2004, gmail, reddit, Axon Body 2 body-worn camera, etc.) so I'm not a total old curmudgeon... but I can say "Back in my day...".  I know, I'm showing my age every time I reminisce about "the good 'ol days"

 

but there you go!  Yes, I'm still on 12, and that's the reasons why exactly I'm still on 12.  Hope it somewhat maker sense.

Edited November 23, 2022 by Carly F.
fixed some gramar errors

[comment]

2 minutes ago, Carly F. said:

As I plan to make technology demonstrations available to the general public, FileMaker 12 Advanced was one of the last versions to support creating stand-alone runtime applications

Actually, the last version to support the creation of runtimes was v.18. If you intend to provide runtimes to the general public, you must consider the compatibility of your runtime with the user's OS.

You are also missing out on features added since. Particularly in this case you could benefit greatly from the cryptographic functions added in v.16. 

 

[Lisa M.]

1 hour ago, comment said:

Actually, the last version to support the creation of runtimes was v.18. If you intend to provide runtimes to the general public, you must consider the compatibility of your runtime with the user's OS.

You are also missing out on features added since. Particularly in this case you could benefit greatly from the cryptographic functions added in v.16. 

 

 

Then I'll need to restart on my collection (training DVDs, physical boxed copies of software, etc.) after I complete the v.12 collection (If I ever do)... I'm not necessarily in the mood to start that all over again 😞 (at least at this time... I've already got enough going on in my personal life and with other health issues... so, I'll definitely look into it) but I'll definitely try some of the newer versions in

[comment]

Your post seems to be cut off in the middle (hopefully it's not a health issue ...😀).

Back to the original topic: I suggest you take a look at the attached demo file. I had to downgrade it to make it compatible with your version, but I believe it's still about a million times better than your proposed method.

There are 4 serial numbers that will pass verification. I am posting 2 of them here: 

4954-7406
6807-7892

Let's see if you - or anyone else interested - can discover any other combination that will successfully pass verification.

Note that the file is completely unlocked. There is no reliance on 'security by obscurity' here. Still, in real-life scenario users would not have access to the script that reveals the algorithm being used - so it would be even more difficult to hack. (And of course they could not simply add their own hash to the list, like they can with this demo file.)

Keep in mind that there are other issues that you should be concerned about, such as users circumventing your script or finding a way to set the registration field to true by other means.

 

 

 

 

 

 

SerialNumberDemo2.fmp12

Edited November 24, 2022 by comment
Replaced attachment

[comment]

Oops. I had to replace the file; it wasn't fully compatible with version 12.

[comment]

And once again.

[comment]

To all that downloaded previous versions of the demo file: 

I made a stupid mistake of calculating the divisor instead of hard-coding the calculated result. This made it significantly easier to reverse the process and find a serial number that matches one of the hashes stored in the file. I believe it would be much harder with the current file.

Of course, this is all irrelevant if you're using a more recent version (v.16 or higher) and can produce a hash using the CryptDigest() function.