Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Create an online forum using Filemaker?

  •
Lange
in Custom Web Publishing

Featured Replies

Does anybody know if it is possible to create a discussion forum using filemaker, instead of eg. the MySQL/PHP - solutions?

i have created a easy forum using some databases like

forums : to hold the list of forums

forumtopic : for each forum hold the diferent topics posted

forumtopicreply : for each topic hold the diferent answers posted

to post a topic or a reply use a form to add the fields to the database

and that will be the first step

then youn cand add counters to indicate the # of views , replys .. etc

Hi, Lange! I thought the concept of an FMP-driven forums board was really cool and I had been working on a somewhat similar system when I could not solve the permissions problem Jeff alludes to in the other thread "(Allowing peole to edit only their own records can be done, but it will get more complicated.)". He's better at this than I am, though. BTW, thanx for sharing your files, Jeff !

I think it's a great, fun project, but if you decide to go the PHP/MySQL route for a forums package, I'd recommend checking out http://www.opensourcecms.com where you can try out various systems before going through the trouble of installing and configuring something. I'm still working on my FMP forums-like system, but I decided to use open source packages (specifically, phpBB2) for the actual forums since they have many features already done.

Hi, allowing folk to edit their entries would mean them logging in. The sample I posted was an Intranet one and I have added a validation to it which just looks for a match in the name in our contact list.

Now this is just an idea, but if you added a user log-in, then after logging in, you could pass a session cookie of, say, a user number and then use that to add the user number to each record.

Put an "if" statement in each record maybe like: if cookie:usernumber.eq.field:usernumber

show an "edit" button

then they could only edit the posts where the numbers matched.

If you make the cookie a numeric value, then you can use that to validate whether folk have logged in, like

if cookie.usernumber.gt.0

put in the new post form

else

"you must log in to submit posts"

Maybe not seriously secure, but very simple to do. The cookie has the advantage over tokens in that it's still around if you go to a page without a FileMaker action. This would only be reliable for the session, not a "keep me logged in type.

regards, jeff

Hi, Jeff! I'll send you a private message w/the trouble I had restricting users to their own records...

--ST

Hi, thanks Steve!

You're right that if you put up this kind of solution onto the public Internet, it can definitely be hacked by anyone with a knowledge of how CDML works and I think this has to be true af almost any FMPro/CDML solution.

An edit validation idea: On editing a post, you pass the "UserNumber" from your cookie into a "UserNumber2" field in the record which has to match the "UserNumber" field that was put there when the record was created. That way, you'd need to know the number to make the edit work. Still hackable though :-(

regards, jeff

Yeah... the closest I could get was tracking who made the hack, but I could not prevent it. Since every web action must have a -format page to be valid, I figured I could put an INLINE on every single page in the Web folder to time/date stamp [FMP-ClientUserName] and [FMP-ClientAddress] for any -edit actions. That log record could also be hacked, but then there would be a record of that 2nd hack, and so on...

I have not had the opportunity to check out FMP's built-in RECORD LEVEL ACCESS feature, however, or see if it can be implemented with CDML.

--ST

Hi, here's an idea:

This checks if the current user number matches the user number of the record being accessed. As the html code is only delivered if there's a match, and the "If" statements can't be seen when looking at source, it's a bit harder to get round:

[FMP-IF:FMP-COOKIE:usernumber.eq.Field:usernumber]

[FMP-INCLUDE: thePage_html.txt]

[FMP-ELSE]

go away message

[/FMP-IF]

- the "include" would deliver all the page content.

Again, this is only "pretend" security, the data itself isn't protected at all, only the way to get at it with the format page.

regards, jeff

Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.