Prompt Login with False "-edit"

[RobR]

Steve T recommended a while ago that I include a false -edit command to prompt a login when using the Web Security Databases. I have a site that gives all web users limited search capabilities, while letting only certain users to have full search access. I have configured the WSD to allow all webusers to browse but only subscribers to edit. When users navigate to a "subscriber only" section I want to prompt a login (via a false edit) to allow only subscribers in.

The following code (in the body) prompts the login, but it returns a javascript error saying it cannot find the record and the page gets bounced:

<body onload="document.location='FMPro?-db=DB.fp5&-format=search.html&-recid=1&-edit';"></body>

Anyone have an idea for code that prompts the login via a false edit command? Many thanks.

[Garry Claridge]

You can add an "error" parameter:

<body onload="document.location='FMPro?-db=DB.fp5&-format=search.html&-error=search.html&-recid=1&-edit';"></body>

Good Luck.

Garry

[RobR]

Hey, Garry. Yeah, I tried that (see, I am starting to get the hang of this) but unfortunately this sets up an endless error loop. After it prompts the login, it catches an error (record not found) and loads the error page, which is the same page, thus you get a loop. It loads, errs, loads, errs, etc. If I remove the error page, it bounces by default to the previously viewed page.

[Vaughan]

You can also use the -Find, -FindAll or -FindAny tags to force authentication.

[RobR]

Vaughan -- don't think this will work when, as in my case, all users are given full search access. Which I have to do if non-subscribers are to be afforded access to the database on certain pages only. Unfortunately the WSD does not let you apply access rights to certain pages--it applies to all or none.

So, I need some line of code that attempts to edit the database when the page loads, prompting the login.

[Vaughan]

I'm sure that FMP 6 CDML has a tag that lets you determine privileges... something like [FMP-AllowEdit]. Perhaps you could use this in a conditional instead of performing a superfluous edit.

[Vaughan]

I'm sure that FMP 6 CDML has a tag that lets you determine privileges... something like [FMP-AllowEdit]. Perhaps you could use this in a conditional instead of performing a superfluous edit.

I just realised that you are allowing web users to browse and edit the Web Security databases... you are a braver man than me.

[Garry Claridge]

You can test the error in the "search.html" page with a [FMP-If] tag. If it is "Record Not Found" allow the page to be displayed, else redirect!

Good Luck.

Garry

[RobR]

OK, I've got it working. But I think Vaughan has got it right -- there has to be a better way than this!

I want my home page to pull some information ("www.design-calendar.com" -- check it out) automatically from the database. This information will be available to everyone, not just subscribers, so "All Users" in WSD must have "browse" capabilities.

The trick is that I want to limit more powerful searches to subscribers-only. When visitors go to the "search" page on my site, I want to prompt a login.

Any suggestions? One idea I had was to have two databases: one for the home page, one for the search page. They would be identical but would have different access privileges. The problem is how to keep them sync-ed.

Any bright ideas appreciated. I'm burnt out on this.

[Garry Claridge]

If you are using a computer with OS X as the server you can use PHP to control this sort of access. You do not have to use FX you can just use php "include()" functions.

All the best.

Garry

[Steve T.]

Howdy! Oops. I just answered this in a private message but I'll try to recount the gist of it here for our listening audience. I needed to prompt for the FM login window since there's no command for it, so I created a tiny web form that surrounded an IMG that had "LOGIN" on it (you can use an IMG instead of a submit button).

The web form performed an -edit on a dummy record <input type="hidden" name="myrecordID" value="0000">, and this edit forced the login window to pop up. If the user logged in correctly, they would go to the proper -format page; if they did not login correctly, they went to an error page that let them try to login again. That's all... nothing fancy.

That part of my project worked great, but I ended up scrapping the project in FM and re-wrote it for PHP/MySQL for other reasons.

--ST

[RobR]

Thanks, Steve. Very clever. Appreciate the help. RR

[Steve T.]

Hi, RR! Glad it can be helpful to someone... I spent a long time on that project before switching technologies. Hmm.... I just realized that you may have to use

<input type="hidden" name="-recID" value="(whatever dummy recordID is">

in order for the -edit to work. If I recall correctly, -edit will not work without -recID in most cases.

Good luck!

--ST