Need help w/ login script to work w/ FM v4.0!

[Melissa]

Hello! I'm new, and I have a specific problem. I work for an association. We are wanting to add a Members only section to our website. Ideally, the usernames and passwords will be kept in our FMv4.0 DB (I'm planning on using a certain field to correspond w/ their username and their Phone # field as their password), but I know very little about scripting, and I haven't seen any examples using FM. I'm not extremely concerned with security, and there'll probably just be a couple of protected pages. I just need a script that will log in hundreds of members and keep them logged in until they logout. I would appreciate any help anyone could offer! (I don't need any fancy features like "3 tries" or anything like that)

Version: v4.x

Platform: Windows 95/98

[Garry Claridge]

Have a look at using [FMP-InlineAction] tags and Tokens. These can be used together on each page to check the login and pass the details from page-to-page.

Good Luck.

Garry

[Keith M. Davie]

Hi Melissa, with FMPro 4 there is only one token available.

I don't believe there are In-line actions in 4. I haven't used it in quite a while now.

As to running ScriptMaker on the web I am the only person to have developed a work around which is successful - and I did it initially and served it on the www in Pro 4. It was just a effective in Pro 5. However I have taken so much flak from my success and so much derision, that I have quit this game. I check the board on occasion and am always amused by what has not changed.

I hope you are being paid well.

Good luck.

[Steve T.]

Hi, M! Gaagh! I'm at home right now, but at work I have an article that may help you with a simple login/password system for a record-by-record basis using an EXACT SEARCH ==, but if you want to "keep them logged in" that's whole 'nother ball game cuz you have to check their "state". Folks I've heard talk about this here typically use custom systems based on tokens or cookies, but FMP cookies have been said to be unreliable so folks using cookies have opted for JavaScript cookies (or other) instead. I think Keith is right about FMP4 only having 1 token and no inlines.

I believe Keith's ScriptMaker solution also has to do with states and toggling variables so that scripts only execute one-at-a-time, but you probably don't want to go that route, anyway.

FMP4 does come with the Web Security Database, and it is relatively easy to use. You could probably make script in your db to auto-populate (or almost automatically) the WSD when you make a new customer/person.

The EXACT SEARCH method is basically a FIND with 2 field criteria. There should be some examples of this in the posts. Of course, that only protects 1 record, but you can control visitor browsing from that point on if you don't care about them bookmarking "secure" pages once their past you're 1-record gate. Or you could use the token Garry mentioned on those pages following the gate such that with an IF statement, you can show info or no valid info if the token has not been set to a certain value. Just be aware that the value for the token only lasts for 1 page so must be renewed on every page for any subsequent pages, usually using hidden inputs INPUT TYPE="hidden" stuff.

If you can't find it in the posts, I'll see if I can dig it up at work or the posts for you later. That's the gist of it, though.

--ST

KEITH, you may be Mr. Script-over-the-Web, but that was right about the time I joined and I learned a lot from the controversy... sorry it was at your expense, though. You can always help with non-script stuff, eh?

[Jeff Spall]

Hi, I've been using cookies to detect whether someone is logged in. FileMaker cookies work reliably for a single session, which is what you want here.

1 I use a registration database to log in and use a JavaScript to make sure that both username and password are filled in

2 On a sucessful log in, the search return page uses an inline to set a session cookie of the user's ID number (just a rolling serial number plus three random numbers) like this:

[FMP-InlineAction:-DB=mydatabase,-lay=web,-View][FMP-SETCOOKIE: userid={FMP-Field:user_number}][/FMP-InlineAction]

to make this work in v4 without the benefit of inlines, you'd have to set the cookie from the log-in page when it was submitted and rely on its value being null if there was no result found, or use a second submit from the log-in reply page. Clumsier, but it would still work.

Once you have a cookie set, on the subsequent pages you can deliver the html from an "include" file, like this:

[FMP-IF: FMP-COOKIE:userid.gt.0]

[FMP-INCLUDE: thePageHtml.txt]

[FMP-Else]

[FMP-INCLUDE: theLogInPage.txt]

- you don't need any other code on your format page and it must be processed through FileMaker (so go bookmark that!)

as a nice touch you can use the cookie to deliver stuff like:

[FMP-IF: FMP-COOKIE:userid.gt.0]

[FMP-InlineAction: -DB=registerdatabase,user_number="{FMP-COOKIE:userid}",-Find]

logged in as: [FMP-FIELD: wholename], [FMP-FIELD: companyname] [/FMP-InLineAction][FMP-ELSE]

You must log in to use this site

------log-in form code--------

[/FMP-IF]

....on the home page if they should go back there. The cookie expires when the browser is quit.

I must stress that this is a "fake" secure solution that works because it really just looks for the presence of a cookie. It works fine for regular sites, but don't trust sensitive data to it!

regards, jeff

[Jeff Spall]

Woops! I edited the post above and *all* the line breaks disappeared.

It should read:

Hi, I've been using cookies to detect whether someone is logged in. FileMaker cookies work reliably for a single session, which is what you want here.

1 I use a registration database to log in and use a JavaScript to make sure that both username and password are filled in

2 On a sucessful log in, the search return page uses an inline to set a session cookie of the user's ID number (just a rolling serial number plus three random numbers) like this:

[FMP-InlineAction:-DB=mydatabase,-lay=web,-View][FMP-SETCOOKIE: userid={FMP-Field:user_number}][/FMP-InlineAction]

to make this work in v4 without the benefit of inlines, you'd have to set the cookie from the log-in page when it was submitted and rely on its value being null if there was no result found, or use a second submit from the log-in reply page. Clumsier, but it would still work.

Once you have a cookie set, on the subsequent pages you can deliver the html from an "include" file, like this:

[FMP-IF: FMP-COOKIE:userid.gt.0]

[FMP-INCLUDE: thePageHtml.txt]

[FMP-Else]

[FMP-INCLUDE: theLogInPage.txt]

- you don't need any other code on your format page and it must be processed through FileMaker (so go bookmark that!)

as a nice touch you can use the cookie to deliver stuff like:

[FMP-IF: FMP-COOKIE:userid.gt.0]

[FMP-InlineAction: -DB=registerdatabase,user_number="{FMP-COOKIE:userid}",-Find]

logged in as: [FMP-FIELD: wholename], [FMP-FIELD: companyname] [/FMP-InLineAction][FMP-ELSE]

You must log in to use this site

------log-in form code--------

[/FMP-IF]

....on the home page if they should go back there. The cookie expires when the browser is quit.

I must stress that this is a "fake" secure solution that works because it really just looks for the presence of a cookie. It works fine for regular sites, but don't trust sensitive data to it!

regards, jeff

[Melissa]

Thank you all for your ideas! I'm going to think this over a bit and see if this is the way we really want to go (or if I'm even capable of making it happen by myself). I think it was so cool how you all took the time to tell me what I need to know in order to get started! I greatly appreciate your help!

Melissa