Jump to content

Please Help! Login and Password?


This topic is 8377 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Hello.

I am just a beginner with FMPro. I am learning to publish my database on the web.

I have created a login page for my web site, where the user has to type in two inputs - their "UserName" and "Password". The two inputs are then sent to my FMPro Users.fp5 database and filemaker searches for the record that "equals" both the UserName and Password inputs.

I am using the following form within the body of my login page:

---------

<form action="FMPro" method="post" name="loginform">

<input type="hidden" name="-DB" value="Users.fp5">

<input type="hidden" name="-Format" value="userhome.html">

<table width="250" border="0" cellspacing="0" cellpadding="0">

<tr>

<td>User Name</td>

<td>

<input type="hidden" name="-op" value="eq">

<input type="text" name="UserName" size="20">

</td>

</tr>

<tr>

<td>Password</td>

<td>

<input type="hidden" name="-op" value="eq">

<input type="password" name="Password" size="20">

</td>

</tr>

<tr>

<td> </td>

<td>

<input type="submit" name="-find" value="Enter">

</td>

</tr>

</table>

</form>

---------

UserNames are unique.

If I leave the Password blank and I type in, for example, "Sam" into the UserName field I will still get the record which has the exact same UserName.

If one of the inputs is left blank then the <input type="hidden" name="-op" value="eq"> tag has no effect! FMPro just finds the record(s) that match the other input.

How do I create a secure login page?

Thanks for your help!!!

Link to comment
Share on other sites

Hello lightstardust,

USE THIS RESOURCE OFTEN.

http://www.filemaker.com/support/index.html

Search and read: Article Number: 104829, and Article Number: 105687.

For practical examples of this and other cdml tag usage, I have written specifically for the beginning developer "SIMPLIFY, Custom Publishing Basics for FMPro Solutions, A Browser Demonstration of html/cdml".

I also have just developed a freebie "When Scripts Collide" which shows how you, the developer, can see what occurs when near-simultaneous calls are made via the web on a ScriptMaker

Link to comment
Share on other sites

Jeff Spall, you wrote, "To get FileMaker to only return a find when both fields match, you just need to add this tag to the page: <INPUT TYPE="hidden" NAME="-lop" VALUE=AND> if this is missing it'll return a result from either field.

But lightstardust correctly observed, "If one of the inputs is left blank then the <input type="hidden" name="-op" value="eq"> tag has no effect!"

Jeff I am afraid you may be headed down a primrose path. Have you tested your code to see what is returned if just one of the two inputs is submitted (i.e., one is left blank)? That was the problem lightstardust was having. Also, are you aware that there is a difference in the way FMP 4 and FMP 5 handle "required" values when those are approached from a browser?

Obviously I am biased since I authored it, but I would recommend that you consider getting a copy of "SIMPLIFY, Custom Publishing Basics for FMPro Solutions, A Browser Demonstration of html/cdml". You will find this a great help if all you want to do is modify the wheel. If you feel it is necessary to you to reinvent the wheel, then you are headed down the right path. To help you continue down that primrose path, you need only to look at the publishing examples which FileMaker provides. Been there, done that.

SIMPLIFY ...

Keith

Link to comment
Share on other sites

what you need is plain and simple javascript form validation..

put this code in the head of your document.

(between the tags: <head> and </head> )

code:


<script language="javascript">

function validate()

{

if ((document.loginform.UserName.value=="")||

(document.loginform.Password.value==""))

{

alert ("You must enter a username and password!")

return false

}

}

</script>

then you just make one small change to your form (the part in bold).

<form action="FMPro" method="post" name="loginform" onSubmit="return validate()">

<input type="hidden" name="-DB" value="Users.fp5">

<input type="hidden" name="-Format" value="userhome.html">

<table width="250" border="0" cellspacing="0" cellpadding="0">

<tr>

<td>User Name</td>

<td>

<input type="hidden" name="-op" value="eq">

<input type="text" name="UserName" size="20">

</td>

</tr>

<tr>

<td>Password</td>

<td>

<input type="hidden" name="-op" value="eq">

<input type="password" name="Password" size="20">

</td>

</tr>

<tr>

<td> </td>

<td>

<input type="submit" name="-find" value="Enter">

</td>

</tr>

</table>

</form>

[ April 19, 2001: Message edited by: bman ]

Link to comment
Share on other sites

bman, please do not take this as an attack on JavaScript, which is a very useful language for web designers.

The problem which lightstardust expressed was premised upon the fact that two fields must have data input to gain entry; that a search must be performed on two fields in the database. The problem is that if just one of the two inputs was filled with an acceptible criteria, entry would be granted. Thus the search was being performed on but one field. lightstardust wants to know how to require that both fields have data entered in order to meet the search criteria.

The problem is in the cdml tags.

I have a junk program in which I run little experiments such as you have offered. Followed your code to a "T". Plugged right in, no problema. Reconfigured my Mac to run this on the fake LAN. Went to the page confirm.htm which was where I put your code. Entered just one criteria - not two - and was given entry. Should not have happened. Sure a window popped up which said "Object expected", click acknolwedged that and then made the submission anyhow - and gained the entry. The JavaScript IS NEITHER THE PROBLEM NOR THE ANSWER. If you would like to see this for yourself, let me know and I will send you a compressed version of my junk files with your code. Just tell me if you want zip or Stuffit. It is in FMPro 5 only. I'll send you explicit instructions as well on the WebSecurity settings you'll need to set, etc. Or you could just test your code on what you have of your own. BUT WHAT YOU HAVE OFFERED STILL ALLOWS ENTRY WITH JUST ONE FIELD SEARCHED!!!!!!!!!

The problem is that in spite of what FileMaker, Inc. would have us all believe, the tags "-op" and "-lop" and their subsequent parameters (e.g., "eq") are virtually useless in form action calls.

There is a workable approach which can be handled strictly through cdml/html. YES it can be ENHANCED with JavaScript. Most objects can be enhanced with JavaScript. But the answer lies in the proper use of cdml tags.

SIMPLIFY ...

Keith

PS, after writing the above, I rechecked and verified that I could gain entry with just one criteria using the JavaScript code which was provided. That done, now I can post this. Pardon my flame.

Link to comment
Share on other sites

This is the method I use:

<script language="Javascript">

function ckpw(f) {

with (document.loginfm) {

if ( password.value == "") { password.value = "empty"; }

submit();

}}

</script>

</head>

<body bgcolor="white">

<form action="FMPRO" method="POST" name="loginfm">

<input type="hidden" name="-db" value="v5pd.fp5">

<input type="hidden" name="-lay" value="allfields">

<input type="hidden" name="-format" value="login_check.html">

<input type="hidden" name="-err" value="login.html">

<input type="hidden" name="-lop" value="AND">

<input type="hidden" name="-op" value="eq">

<input type="text" name="code" size="24">

<input type="hidden" name="-op" value="eq">

<input type="password" name="password" size="24">

<input type="hidden" name="-find">

<input type="button" name="-find" value="Login" onclick="ckpw(this);">

This allows FMP to return a "Record not Found" error.

Hope this helps.

Garry

Link to comment
Share on other sites

Kieth, i use that very solution i gave on my Intranet site. it works just find, granted there are ways around it. for one, just turn off javascript. all the code does it not let the form submit if either of the fields is empty.

quote:

a window popped up which said "Object expected",


if you got an object expected error than the problem is with the way the code was implemented, possibly the name of the form or form fields that are called in the javascript are not the names of the actual form or form fields used in the actual form.

what should happen is, if you leave either field blank, an error comes up and says "please enter a login name and password" then the form will stop from being submitted.

however like i said, there are ways around this, (turn off javascript, use and old browser) which is why i would only use this on an Intranet, i would never use this for an actual website on the net, but then again i would not use a filemaker/cdml solution for a actual website on the net.

Link to comment
Share on other sites

HOLY MOTHER OF BUDDHA SMOKES!!!!! You guys are making this WAY harder than it is. If the article mentioned above is the one i used to fix this problem when i was having it, then THAT'S ALL YOU NEED!!!

Simply insert one of the following tags RIGHT BEFORE BOTH OF THE FIELDS YOU ARE SEARCHING:

<input type=hidden name="UserName" Value="=="> (two "=" signs)

OR

<input type =hidden name="UserName" Value="="> (one "=" sign)

The article uses two "=" signs, but that didn't work for me. But when i use just one "=" sign, it works fine, try both, i'm sure one of those will work.

I love JS, use it all the time, but when you're trying to protect some serious stuff, why use it if you know that their are workarounds. All of our company login screens for different accesses now use Filemaker because there is NO WAY of getting around it unless they have either A.) EXTREME KNOWLEDGE OF FILEMAKER (this still may not get them in)

Or

B.) Direct access to our DB, which no one does.

So we're set. If you want to risk precious data by using javascript which can not only be disabled, but even cracked, be my guest, but i don't see the point in this situation.

JavaScript does some great things though wink.gif" border="0

Jeremy

Link to comment
Share on other sites

yafreax.. like i said, i wouldn't use this in a situation where everything needs to be totally secure.. i would however use the javascript in combination with the method you mentioned because when you use filemaker to validate the form you have to go to the next page before you find out you did somethig wrong.. with javascript it can tell you right away.

in a situation where it needs to be totally secure.. i would probably use a method such as yours, but i would add the javascript in, as it makes it a little more user friendly.

Link to comment
Share on other sites

This topic is 8377 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.