Restricting access to one record

[furnk]

I have a client database that is using custom web publishing with PHP. I want clients to be able to "log in" using their name and client ID, which will in turn simply find their record and allow them to make changes.

The problem, however, is that it's a simple Filemaker find function. So if they find "Smith" and leave the ID field blank, it will return ALL records with clients named "Smith." Worse, if they leave both fields blank and simply hit "Find," they will have access to all of the records.

Anyone have thoughts on how to accomplish this, or perhaps even a more elegant log-in solution that will allow users access to only one record?

[jasonwood]

before you pass the user-entered name & ID to the find command, make sure they are not empty and add double equal signs "==" before them to perform an exact contents match.

[furnk]

Thanks, Jason. That is a very smart way to do this.

I'd like to use javascript or PHP to require the find fields to be filled, and although I've found several scripts online that do that, they all require the field name, when my php code is using this for the input field:

                                "<?php echo $record->getField('Client ID', 0) ;?>">  

What would I use for the field name in a javascript code like this?

if (document.form.fieldnamegoeshere.value=="") {

themessage = themessage + " -  Client ID";

}

[Baloo]

use the id attribute instead

 





if(document.getElementById('username').value == ""){

   /*don't submit form*/

}

you can also use php's count() function to make sure the find returns a single record

Edited March 11, 2009 by Guest

[furnk]

Thanks, Baloo. I'm very, very close now.

I can get the error message to come up now, but after I hit "OK" in the dialogue box, the form still processes and gives the results. Relevant code below.

and the form itself:

action="recordlist.php">



Last Name 

size="30" name="<?php echo getFieldFormName('Last Name', 0, $record);?>"

value= "<?php echo $record->getField('Last Name', 0) ;?>"> 

[Baloo]

You're nearly there you're just missing how javascript works with forms. The onsubmit handler fires when the form is submitted so if you are going to use that event handler you don't need to have your verify() function submit the form.

You also need to tell the event handler to expect a return value from the verify() function.

i.e.

function verify() {

var validform = true;/*don't have your string do double duty*/

/*otherwise you'll have to edit it twice if you want to make a change*/

var themessage = "You must complete the following fields: ";

  if(document.getElementById('lastname').value=="") {

    themessage = themessage + " - Last Name";

    validform = false;

}





  if (!validform){

    alert(themessage);

    return false;

  }

}

 





action="recordlist.php">



Last Name 







 

 



option 2 is to bypass the onsubmit function and have verify submit the form rather than a submit button.

function verify() {

var validform = true;/*don't have your string do double duty*/

/*otherwise you'll have to edit it twice if you want to make a change*/

var themessage = "You must complete the following fields: ";



 if(document.getElementById('lastname').value=="") {

    themessage = themessage + " - Last Name";

    validform = false;

}





  if (validform){

     document.form.submit();

  }else{

      alert(themessage);

      return false;

   }

}

 







Last Name