Create an online forum using Filemaker?

[Lange]

Does anybody know if it is possible to create a discussion forum using filemaker, instead of eg. the MySQL/PHP - solutions?

[Monbasstic]

i have created a easy forum using some databases like

forums : to hold the list of forums

forumtopic : for each forum hold the diferent topics posted

forumtopicreply : for each topic hold the diferent answers posted

to post a topic or a reply use a form to add the fields to the database

and that will be the first step

then youn cand add counters to indicate the # of views , replys .. etc

[Jeff Spall]

Hi, There was a very similar question a while back I posted a simple example bulletin board as a file:

http://www.fmforums.com/threads/download.php?Number=62994

Search the "publishing filemaker online" for the subject "discussion forum" to read the thread.

regards, jeff

[Steve T.]

Hi, Lange! I thought the concept of an FMP-driven forums board was really cool and I had been working on a somewhat similar system when I could not solve the permissions problem Jeff alludes to in the other thread "(Allowing peole to edit only their own records can be done, but it will get more complicated.)". He's better at this than I am, though. BTW, thanx for sharing your files, Jeff !

I think it's a great, fun project, but if you decide to go the PHP/MySQL route for a forums package, I'd recommend checking out http://www.opensourcecms.com where you can try out various systems before going through the trouble of installing and configuring something. I'm still working on my FMP forums-like system, but I decided to use open source packages (specifically, phpBB2) for the actual forums since they have many features already done.

[Jeff Spall]

Hi, allowing folk to edit their entries would mean them logging in. The sample I posted was an Intranet one and I have added a validation to it which just looks for a match in the name in our contact list.

Now this is just an idea, but if you added a user log-in, then after logging in, you could pass a session cookie of, say, a user number and then use that to add the user number to each record.

Put an "if" statement in each record maybe like: if cookie:usernumber.eq.field:usernumber

show an "edit" button

then they could only edit the posts where the numbers matched.

If you make the cookie a numeric value, then you can use that to validate whether folk have logged in, like

if cookie.usernumber.gt.0

put in the new post form

else

"you must log in to submit posts"

Maybe not seriously secure, but very simple to do. The cookie has the advantage over tokens in that it's still around if you go to a page without a FileMaker action. This would only be reliable for the session, not a "keep me logged in type.

regards, jeff

[Steve T.]

Hi, Jeff! I'll send you a private message w/the trouble I had restricting users to their own records...

--ST

[Jeff Spall]

Hi, thanks Steve!

You're right that if you put up this kind of solution onto the public Internet, it can definitely be hacked by anyone with a knowledge of how CDML works and I think this has to be true af almost any FMPro/CDML solution.

An edit validation idea: On editing a post, you pass the "UserNumber" from your cookie into a "UserNumber2" field in the record which has to match the "UserNumber" field that was put there when the record was created. That way, you'd need to know the number to make the edit work. Still hackable though :-(

regards, jeff

[Steve T.]

Yeah... the closest I could get was tracking who made the hack, but I could not prevent it. Since every web action must have a -format page to be valid, I figured I could put an INLINE on every single page in the Web folder to time/date stamp [FMP-ClientUserName] and [FMP-ClientAddress] for any -edit actions. That log record could also be hacked, but then there would be a record of that 2nd hack, and so on...

I have not had the opportunity to check out FMP's built-in RECORD LEVEL ACCESS feature, however, or see if it can be implemented with CDML.

--ST

[Jeff Spall]

Hi, here's an idea:

This checks if the current user number matches the user number of the record being accessed. As the html code is only delivered if there's a match, and the "If" statements can't be seen when looking at source, it's a bit harder to get round:

[FMP-IF:FMP-COOKIE:usernumber.eq.Field:usernumber]

[FMP-INCLUDE: thePage_html.txt]

[FMP-ELSE]

go away message

[/FMP-IF]

- the "include" would deliver all the page content.

Again, this is only "pretend" security, the data itself isn't protected at all, only the way to get at it with the format page.

regards, jeff