[FX.php List] RECID anomaly, more info

Bob Patin bob at patin.com
Sat Mar 8 19:21:30 MST 2008


While I'll agree that log files can be useful, it wouldn't have helped  
me to find this bug.

Since I didn't write the code, I had to try to unravel the incredibly  
obtuse, convoluted code that was on the page. Finally I saw where he  
was bouncing from one include to another, and had slipped in a page  
whose only function was to return the RECID of the current user.

I knew what screens were causing the error; my client had kept really  
good notes... my problem was deciphering the programming.

When I write web apps with a series of EDIT screens, which I've done  
on quite a few occasions, I do 2 things that would prevent this:

1) I validate the user on every page by looking to see if an  
authorization session variable is properly set;
2) I pass the RECID of the record being edited from edit page 1 to  
edit page 2, and so on...

This guy had written the site so that you could bookmark an edit page,  
close your browser, and then return to it without logging in! Not only  
did it cause lots of problems, but it was totally insecure to boot.

They've now spent quite a bit with me just to get the thing working  
properly... sheesh... :)

Bob Patin
Longterm Solutions
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
Member of FileMaker Business Alliance and FileMaker TechNet

   CONTACT US VIA INSTANT MESSAGING:
      AIM or iChat: longterm1954
      Yahoo: longterm_solutions
      MSN: tech at longtermsolutions.com
      ICQ: 159333060

--------------------------
Contact us for FileMaker hosting and programming for all versions of  
FileMaker
PHP • CDML • Full email services • Free DNS hosting • Colocation •  
Consulting

On Mar 8, 2008, at 7:01 PM, Jonathan Schwartz wrote:

> Log file could show you the clues:
> 	- Time/Date/User/OS/Browser/Recid of last screen user viewed
> 	-  Time/Date/User/OS/Browser/Recid of when user returned
> 	-  Time/Date/User/OS/Browser/Recid of last screen that produces  
> FMEdit
> 	-  Error Code/Found Count/Recid  of actual record edited by FMEdit.



More information about the FX.php_List mailing list