Newbies TheWorm Posted June 11, 2001 Newbies Posted June 11, 2001 Heya, I have a question that I haven't been able to solve for a while so I figured I'd try you guys here and see what I can find out. I have been running for the last year a few databases served up with FileMaker and haven't had any problems. Now for the next year or so I wanted to enhance my user interface for my clients. When the person signs up they choose a password as well as they are given a unique ID number that I generate via a calculation. Both of these are a field in the Members database(Member.fp4). Now what I want to do is let someone via an HTML field enter in their ID number and password and be let into an interface for them to affect changes and searchs on the other databases. My trouble comes with, after they do a search and I get fileMaker to find the members record as an exact match(which means they have registered) I then us a condition if statement to give the desired searchs that level of user can use. Now they are off and can do what they have done for the past year using my newly redone searchs and edit pages. How could I get it so that if so much time passes then the user will need to enter their ID and password again, or enhance security. I want it so that they can log in, then do their stuff then log out. And if two hours pass they need to log in again instead of either using a bookmark for a search page or they leave a computer and someone else comes in and starts using the computer(eg. coffee shop). Any ideas, thoughts would be greatly appreciated. I have thought about using WebObjects however do not really feel like taking my G4 out of my video work right now as I would need to set up OS X server. JOS
Garry Claridge Posted June 11, 2001 Posted June 11, 2001 JOS, There has been a bit of discussion on this subject in the 'Web Companion' section in a thread called 'Web Security'. I don't think any definitive method has been given yet. However, the need exists. Myself, and others, use a users/members type database which generates a unique session id. Some may suggest the use of cookies to store this id, hence it can be checked before any database request, and it can have an expiry time. I need to setup a logout system myself, however havn't got around to it yet! All the best. Garry
camcorp Posted September 23, 2001 Posted September 23, 2001 Hi to all I'm new in this forums and I'm currently looking for the same solution that the worm is pretending to build. I know that using Webstar in combination with web sentinel you can adapt you user/password login system to this solution but it cost some $$$. The advantage of this solution is that you can customize some sign in pages, this is great and it can give more pro look and feel to the website. The second thing that i'm exploring is to use some OSX Server built in security system. Have somebody explore this issue. The Filemaker Website has now a sign sytem but from my point of view it doesn't provide a robust security solution instead of this it provide some type of customization and user registration to track who is in or out. My other doubt is that is there some way to customize the FM web secuirty databases and loging system that come with FM in order to create customs registration forms and customs fields and also this solution should give an expiration time. Garrycl is right there to much talk about this issue in many forums and nobody provides a decent solution. I haven't been able to solve this problem and if someone come out with a robust solution please le me know to explore it and to share with all of us. camcorp
Krishan Posted September 23, 2001 Posted September 23, 2001 Hi... I use an applescript to time my users out. Have a look at a question I asked in the Applescript forum. http://www.fmforums.com/ubb/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=20&t=000040 I have a database called "Users.fp5" and it has a field called "TimeIn" which contains the last time that the user signed in on my website. I have a another field called "Signed" which indicates whether or not the user is signed "In" or "Out". That value is "Out" by default. After the user has entered his username and password and they both match on the Users.fp5 database, he is then taken to another web page to continue signing in. This field gets edited when the user "signs in" and "signs out". The link to continue signing in basically edits the "Signed" field to "In". And on each web page I use a [FMP-If] tag. If the field equals "In" then it shows the usual html. If the field equals "Out" then it shows the re-login html. I have an applescript to make the field "Signed" to equal "Out" if there is more than a 4 hour difference between the "TimeIn" value and the current time. I use this as a way of timing out users and ensuring that all Users are logged out even if they do not click the "sign out" button. Good luck! When a user sucesfully signs in, I set a cookie in his browser which will expire when the browser is closed. I set a LoginCookie field (in my Users.fp5) to equal the same value which was set in the users browser. I then use cookies and logic "If" statements to make sure that the user can only view the pages, if both the LoginCookie value in the database and cookie value in the browser equal each other. Both these cookie values (in the browser and database) are then edited when the user "signs out" so that they no longer equal each other. This cookie method ensures that users have to sign in properly via the login page (which does a search for records which equal both User Names and Password values that the user types in). You can only get the cookie in your browser and database by going through the sign in page. If the cookie values don't match then you will see a "re-login" form. ....hhmmm.... hope you understand me.... [ September 23, 2001: Message edited by: Krishan ]
Krishan Posted September 23, 2001 Posted September 23, 2001 well.... I did use the applescript idea before I learnt about cookies. From now on.... I think I'll just expire my cookies after 4 hours. Then use IF statements to either view the page or view the re-login html. doh! haha...
Keith M. Davie Posted September 24, 2001 Posted September 24, 2001 So many problems can be solved by safely running scripts.
camcorp Posted October 9, 2001 Posted October 9, 2001 Hi all, I learned about cookies and I'm changing my hole solution to a cookie bases one. During my first experiences I realized that all user must to enabled cookies. We have a MAC/PC network and it seems to work fine. I use an if else statment that check if the cookie is valid or not. I have only one little problem I want to set the cookie as unique visitor so only one user should be online and not two with the same password. Another quetion how can I use the paramenters domain and path of FMP-SetCookie and how can I retrieve this information in orther to use them. Thanks to all
Recommended Posts
This topic is 8447 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now