LDML/Lasso 7->>Web question

[Zero Tolerence]

I recently was keeping track of all my passwords with IIS, and was using something called IIS Gate to stop people from going into folders in my web drive that they shouldn't be into. The problem with this was, while i'm pretty decent with HTML/PHP and what not, I couldn't make a page that redirected based on the user that logged in, and really, I didn't want to have to redirect in the first place.

So, using filemaker 7 and Lasso 7, I found a way to have a table that contains. "Username", "Password", and "URL".

So that when a user inputs the correct Username and Password, it directs them to the URL. So when they put in an incorrect UN or PW, there is no matching record, meaning they get no where.

Take a look:

HTML Page:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">



<html>



	<head>

		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">

		<title>New Login</title>

	</head>



	<body background="images/BG2.gif">

		<p></p>

		<p></p>

		<div align="center">

			<p>Login Page:</p>

			<p>Please type in your username and password below to be directed to your Department Home Page.</p>

		</div>

		<form id="fm1" action="direct.lasso" method="get" name="fm1" >

			<div align="center">

				<table width="180" border="1" cellspacing="2" cellpadding="0">

					<tr>

						<td>Username:</td>

						<td colspan="2"><input type="text" name="tUsername" size="24"></td>

					</tr>

					<tr>

						<td>Password:</td>

						<td colspan="2"><input type="password" name="tPassword" size="24"></td>

					</tr>

					<tr>

						<td colspan="3">

							<div align="center">

								<input type="button" name="button1" value="Submit" onclick="return OnButton1();"></div>

						</td>

					</tr>

				</table>

			</div>

		</form>

		<p></p>

	</body>

<script language="JavaScript">

function OnButton1()

{

	document.fm1.action = "direct.lasso"

	document.fm1.submit();			// Submit the page

	return true;

}



</script>

</html>

	[inline: (Action_Params), -Search, -Username='Admin', -Password='password', -Database='WebLogin', -Table='WebLogin', -Keyfield=''] <?LassoScript

Variable: 'url'=(Field: 'tUrl');

Variable: 'Found2'=(Found_Count);

If: (Variable: 'Found2') == 1; 

     Redirect_URL: (Field: 'tUrl');

Else: (Variable: 'Found2') == 0;

    Redirect_Url: 'http://www.fmserver1.com/error.html';

Else

    Redircet_Url: 'http://www.fmserver1.com/error2.html';

/If

?>[/inline]

Now to my problem, is there any way I can set a cookie, or a session so that If they try to go somewhere without going through the password screen first, it will send them somewhere else. I've done absolutley nothing with Lasso Variables, or with cookies, anyone help?

[Keith LaMarre]

you can definitely do it with Sessions - I read through and was successful at getting the Session setup. Once the Session is setup, you can assign a variable - and then check that that variable has a value when he page loads - if not go to another page.

My "Login Page" contains a "Session End" statement - this is done so that someone can't get in twice.

[session_end: -Name='account_docs']

(In this case, my session name is "account_docs")

My SUCCESSFUL Login screen assigns the session (that is - when someone logs in correctly, I assign them a session and set some variables so I know who they are (in my case I am doing a Find for their account).

The code looks like this:

[session_Start: -Name='account_docs', -uselink, -usecookie]

[session_AddVar: -Name='account_docs', 'varaccount']

So, in this case I am adding a session variable called "VARAccount" - which I assign when they have successfully found one record:

[Var: 'Varaccount' = (field:'account_number')]

On every other page that you want to use the Session with - you have to have the Session Statement (its kind of like a "keep alive"

So - In my case, the user clicks through the previous page and goes to a "search" page and on this page I have:

[session_Start: -Name='account_docs', -uselink, -usecookie]

then I do a check to see if the "VARACCOUNT" variable has any values. If it does, they're good - otherwise I put up a "Sign In Again" message - could have been a redirect.

[var:'varaccount'=(if_empty:$varaccount,'no_Session')] <!-- [$varaccount] --> [if:(var:'varaccount')=='no_session']

I'm sorry - the session has ended. Sessions end after 15 minutes.

<a href="default.htm" target="_top"> Sign in Again [else] ... continue with th page. [/if]

So, here - I'm assigning the VARACCOUNT to a value: "No Session' if there's nothing there - and leaving it be if there is something there. Then I check to see that what value it has. Probably kind of primitive but it works.

[Zero Tolerence]

Is this done with Lasso, or is that say PHP or just plain HTML?

Also, so your saying, that I can assign a variable to the session based on thier PW. I would want to check every page to make sure that the variable is still there. I'm not worried about them loggin in twice, because this is for a Department via Intranet, so there SHOULD be more than one person logged in using a given UN and PW.

So lets say I wanted to check for the right session variable in the header of each page, first I would assign it at the login page, based on their password, (or any thing I guess).

So how would I check like this?

[var:'varaccount'!="correctpassword",'no_Session']

I guess it would help if i knew what you were using so I could check into the syntax of it, but does that look about right?

[Keith LaMarre]

Its all LASSO -

You've got the right idea. Essentially when they log in - you assign a variable (it shouldn't be their password I would guess) - some other identifier (it could be a time stamp, etc.)

do this once on the page that is the "successful" login page. (Of course, I am assuming that they have successfully logged in).

i.e.: [var:'varstatus'='xxx'] where xxx is some success indicator (maybe its they're user name..., id, whatever. In my case, I am finding this account so thats what I use.

then on every other page, I use the statement:

var:'varstatus'=(if_empty:$varstatus,'no_Session')]

this will assign the variable "varstatus" to the literal string "no Session' only if there is nothing there already. Remember, there should be something there already because when they logged in, I assigned something (else). asnd this was passed with the session (don't forget the session header at the top of every page).

The next statement checks this...

[if:(var:'varstatus')=='no_session']

I'm sorry - the session has ended. Sessions end after 15 minutes.

<a href="default.htm" target="_top"> Sign in Again

[else] ... continue with the page.

[/if]

So, this statement says: if VARSTATUS = "No Session", then the user is no longer valid, otherwise they are good.