Please Help! Login and Password?

Krishan · April 15, 2001

Hello.

I am just a beginner with FMPro. I am learning to publish my database on the web.

I have created a login page for my web site, where the user has to type in two inputs - their "UserName" and "Password". The two inputs are then sent to my FMPro Users.fp5 database and filemaker searches for the record that "equals" both the UserName and Password inputs.

I am using the following form within the body of my login page:

---------

<tr>

<td>

</td>

</tr>

<tr>

<td>Password</td>

<td>

</td>

</tr>

<tr>

<td>

</td>

</tr>

</table>

</form>

---------

UserNames are unique.

If I leave the Password blank and I type in, for example, "Sam" into the UserName field I will still get the record which has the exact same UserName.

If one of the inputs is left blank then the <input type="hidden" name="-op" value="eq"> tag has no effect! FMPro just finds the record(s) that match the other input.

How do I create a secure login page?

Thanks for your help!!!

Garry Claridge · April 15, 2001

I use Javascript to test the password field. If it is empty I replace the field with the word "empty" and submit the form then let FMP do the error (not found) handling.

Hope this helps.

Garry Claridge

Keith M. Davie · April 15, 2001

Hello lightstardust,

USE THIS RESOURCE OFTEN.

http://www.filemaker.com/support/index.html

Search and read: Article Number: 104829, and Article Number: 105687.

For practical examples of this and other cdml tag usage, I have written specifically for the beginning developer "SIMPLIFY, Custom Publishing Basics for FMPro Solutions, A Browser Demonstration of html/cdml".

I also have just developed a freebie "When Scripts Collide" which shows how you, the developer, can see what occurs when near-simultaneous calls are made via the web on a ScriptMaker

Krishan · April 17, 2001

Thanks a lot for all your help! I really appreciate it. I will try out all the recommendations that were given. Hopefully, I'll be able to figure things out easily! Thanks again.

Jeff Spall · April 19, 2001

To get FileMaker to only return a find when both fields match, you just need to add this tag to the page:

if this is missing it'll return a result from either field

regards, jeff

Keith M. Davie · April 19, 2001

Jeff Spall, you wrote, "To get FileMaker to only return a find when both fields match, you just need to add this tag to the page: <INPUT TYPE="hidden" NAME="-lop" VALUE=AND> if this is missing it'll return a result from either field.

But lightstardust correctly observed, "If one of the inputs is left blank then the <input type="hidden" name="-op" value="eq"> tag has no effect!"

Jeff I am afraid you may be headed down a primrose path. Have you tested your code to see what is returned if just one of the two inputs is submitted (i.e., one is left blank)? That was the problem lightstardust was having. Also, are you aware that there is a difference in the way FMP 4 and FMP 5 handle "required" values when those are approached from a browser?

Obviously I am biased since I authored it, but I would recommend that you consider getting a copy of "SIMPLIFY, Custom Publishing Basics for FMPro Solutions, A Browser Demonstration of html/cdml". You will find this a great help if all you want to do is modify the wheel. If you feel it is necessary to you to reinvent the wheel, then you are headed down the right path. To help you continue down that primrose path, you need only to look at the publishing examples which FileMaker provides. Been there, done that.

SIMPLIFY ...

Keith

elvis_impersonating_penguin · April 19, 2001

what you need is plain and simple javascript form validation..

put this code in the head of your document.

(between the tags: <head> and </head> )

code:

function validate()

{

if ((document.loginform.UserName.value=="")||

(document.loginform.Password.value==""))

{

alert ("You must enter a username and password!")

return false

}

</script>

then you just make one small change to your form (the part in bold).

<tr>

<td>

</td>

</tr>

<tr>

<td>Password</td>

<td>

</td>

</tr>

<tr>

<td>

</td>

</tr>

</table>

</form>

[ April 19, 2001: Message edited by: bman ]

Keith M. Davie · April 19, 2001

bman, please do not take this as an attack on JavaScript, which is a very useful language for web designers.

The problem which lightstardust expressed was premised upon the fact that two fields must have data input to gain entry; that a search must be performed on two fields in the database. The problem is that if just one of the two inputs was filled with an acceptible criteria, entry would be granted. Thus the search was being performed on but one field. lightstardust wants to know how to require that both fields have data entered in order to meet the search criteria.

The problem is in the cdml tags.

I have a junk program in which I run little experiments such as you have offered. Followed your code to a "T". Plugged right in, no problema. Reconfigured my Mac to run this on the fake LAN. Went to the page confirm.htm which was where I put your code. Entered just one criteria - not two - and was given entry. Should not have happened. Sure a window popped up which said "Object expected", click acknolwedged that and then made the submission anyhow - and gained the entry. The JavaScript IS NEITHER THE PROBLEM NOR THE ANSWER. If you would like to see this for yourself, let me know and I will send you a compressed version of my junk files with your code. Just tell me if you want zip or Stuffit. It is in FMPro 5 only. I'll send you explicit instructions as well on the WebSecurity settings you'll need to set, etc. Or you could just test your code on what you have of your own. BUT WHAT YOU HAVE OFFERED STILL ALLOWS ENTRY WITH JUST ONE FIELD SEARCHED! !!! !! !!!

The problem is that in spite of what FileMaker, Inc. would have us all believe, the tags "-op" and "-lop" and their subsequent parameters (e.g., "eq") are virtually useless in form action calls.

There is a workable approach which can be handled strictly through cdml/html. YES it can be ENHANCED with JavaScript. Most objects can be enhanced with JavaScript. But the answer lies in the proper use of cdml tags.

SIMPLIFY ...

Keith

PS, after writing the above, I rechecked and verified that I could gain entry with just one criteria using the JavaScript code which was provided. That done, now I can post this. Pardon my flame.

Garry Claridge · April 20, 2001

This is the method I use:

function ckpw(f) {

with (document.loginfm) {

if ( password.value == "") { password.value = "empty"; }

submit();

}}

</script>

</head>

This allows FMP to return a "Record not Found" error.

Hope this helps.

Garry

elvis_impersonating_penguin · April 20, 2001

Kieth, i use that very solution i gave on my Intranet site. it works just find, granted there are ways around it. for one, just turn off javascript. all the code does it not let the form submit if either of the fields is empty.

quote:

a window popped up which said "Object expected",

if you got an object expected error than the problem is with the way the code was implemented, possibly the name of the form or form fields that are called in the javascript are not the names of the actual form or form fields used in the actual form.

what should happen is, if you leave either field blank, an error comes up and says "please enter a login name and password" then the form will stop from being submitted.

however like i said, there are ways around this, (turn off javascript, use and old browser) which is why i would only use this on an Intranet, i would never use this for an actual website on the net, but then again i would not use a filemaker/cdml solution for a actual website on the net.

yafreax · April 20, 2001

HOLY MOTHER OF BUDDHA SMOKES! !!! ! You guys are making this WAY harder than it is. If the article mentioned above is the one i used to fix this problem when i was having it, then THAT'S ALL YOU NEED!!!

Simply insert one of the following tags RIGHT BEFORE BOTH OF THE FIELDS YOU ARE SEARCHING:

<input type=hidden name="UserName" Value="=="> (two "=" signs)

OR

<input type =hidden name="UserName" Value="="> (one "=" sign)

The article uses two "=" signs, but that didn't work for me. But when i use just one "=" sign, it works fine, try both, i'm sure one of those will work.

I love JS, use it all the time, but when you're trying to protect some serious stuff, why use it if you know that their are workarounds. All of our company login screens for different accesses now use Filemaker because there is NO WAY of getting around it unless they have either A.) EXTREME KNOWLEDGE OF FILEMAKER (this still may not get them in)

Or

B.) Direct access to our DB, which no one does.

So we're set. If you want to risk precious data by using javascript which can not only be disabled, but even cracked, be my guest, but i don't see the point in this situation.

JavaScript does some great things though wink.gif" border="0

Jeremy

elvis_impersonating_penguin · April 20, 2001

yafreax.. like i said, i wouldn't use this in a situation where everything needs to be totally secure.. i would however use the javascript in combination with the method you mentioned because when you use filemaker to validate the form you have to go to the next page before you find out you did somethig wrong.. with javascript it can tell you right away.

in a situation where it needs to be totally secure.. i would probably use a method such as yours, but i would add the javascript in, as it makes it a little more user friendly.

Keith M. Davie · April 20, 2001

bman, then perhaps you should include your disclaimer when you make a posting about a solution using JavaScript. That will be an aid to those who are not well versed in JavaScript.

SIMPLIFY ...

Keith

Garry Claridge · April 20, 2001

Please note the difference between submit() and onSubmit(). With scripting disabled in the browser, the form will not be submitted if submit() is used. The page will just sit there!

This is because the button is not of the type submit.

Garry

Krishan · April 21, 2001

Hi guys... thanks a lot for all the help with the username and password problem. I ended up following yafreax's advice and using the "=" as a hidden value for both fields.... cheers, it works great!

Sign In

Please Help! Login and Password?

Recommended Posts

Krishan

Garry Claridge

Keith M. Davie

Krishan

Jeff Spall

Keith M. Davie

elvis_impersonating_penguin

Keith M. Davie

Garry Claridge

elvis_impersonating_penguin

yafreax

elvis_impersonating_penguin

Keith M. Davie

Garry Claridge

Krishan

Create an account or sign in to comment

Create an account

Sign in

Browse

Site Support

Forums

Blogs

Marketplace

Activity

Important Information