[FX.php List] Results of FMNew()

andy at fmpug.com andy at fmpug.com
Mon Dec 12 08:56:51 MST 2005


Hi Bob -

$_REQUEST will accept values from either a $_GET or a $_POST.

Always use $_POST if you want to be more secure, as the variable information is not returned to the visitor in the page address.

The downside of using $_POST is that if your visitors refresh a page, they will receive a warning stating they need to resubmit the information. a $_GET will add the variables to the web address, thus allowing a refresh to happen without warnings.

Hope this helps

Andy Gaunt
andy at fmpug.com
http://www.fmpug.com

>
>Andy,
>
>I was about to save your example for future reference, but (being  
>fairly new to PHP) have a simple question: why do you use $_REQUEST  
>RATHER THAN $_POST? Is there a good reason to use one over the other?  
>I seem to recall a comment somewhere about a reason *not* to use the  
>POST command.
>
>Thanks,
>
>Bob Patin
>Longterm Solutions
>bob at longtermsolutions.com
>615-834-5264
>http://www.longtermsolutions.com
>
>   CONTACT US VIA SKYPE:
>      USERNAME: longtermsolutions
>
>   CONTACT US VIA INSTANT MESSAGING:
>      AIM or iChat: longterm1954
>      Yahoo: longterm_solutions
>      MSN: bob at patin.com
>      ICQ: 159333060
>
>
>On Dec 12, 2005, at 8:59 AM, andy at fmpug.com wrote:
>
>> Chuck -
>>
>> Here is an example login system that should work for you.
>>
>> <?php
>> //Set the variables to NULL.
>> $Username = NULL;
>> $Password = NULL;
>>
>> $Username =$_REQUEST['Username'];
>> //Create a new variable for the username search that escapes out  
>> the @ character
>> $UsernameSearch = str_replace('@','\@',$Username);
>> $Password=$_REQUEST['Password'];
>>
>> Check to see if the username AND password have content. If either  
>> are empty then redirect to a login failed page
>> if (strlen($Username) <=0 or strlen ($Password) <= 0 ) {
>> 		header ("Location:login_failed.php");
>> 		exit();
>> }
>>
>> $checklogin=new FX($serverIP,$webCompanionPort);
>> $checklogin->SetDBData('filename','layout');
>> $checklogin->SetDBPassword('password','accountname');
>>
>> $checklogin->AddDBParam('username', $UsernameSearch ,"eq");
>> $checklogin->AddDBParam('password', $Password, "eq");
>> $checkloginResult=$checklogin->FMFind();
>>
>> ?>
>>
>> This requires that BOTH the username AND password are filled in.  
>> Also requires that both the fields match for a single record (no  
>> partial matches here)
>>
>> Let me know how you get on with this one. I know this one works as  
>> we just implimented it for a client.
>>
>> Regards
>>
>> Andy
>> andy at fmpug.com
>> http://www.fmpug.com
>>
>>>
>>> Andy,
>>>
>>>> I believe an operator of 'eq' on both would find what you wish.
>>>
>>> That's what I tried first. My Logins table has a single record.
>>> EmailAddress = "chivalry at mac.com", Password = "1234". Here's the line
>>> of code that sets the database parameters:
>>>
>>>   $search->AddDBParam('Password', $Password, 'eq');
>>>   $search->AddDBParam('EmailAddress', $EmailAddress, 'eq');
>>>
>>> Searching for EmailAddress = "chiv", Password = "1234" successfully
>>> brings up the record when it shouldn't. Change the code:
>>>
>>>   $search->AddDBParam('Password', '=='.$Password);
>>>   $search->AddDBParam('EmailAddress', '=='.$EmailAddress);
>>>
>>> Now it doesn't find the record when it should. Searching for
>>> EmailAddress = "chivalry at mac.com" and Password = "1234" does not
>>> bring up the record. Change:
>>>
>>>   $search->AddDBParam('Password', '=='.$Password, 'bw');
>>>   $search->AddDBParam('EmailAddress', '=='.$EmailAddress, 'bw');
>>>
>>> Also doesn't find the record when it should. Maybe the @ symbol is
>>> causing problems because FM considers it a wildcard character.  
>>> Change:
>>>
>>>   $search->AddDBParam('Password', '=="'.$Password.'"', 'bw');
>>>   $search->AddDBParam('EmailAddress', '=="'.$EmailAddress.'"', 'bw');
>>>
>>> Searching for "chivalry at mac.com", "1234" works correctly, but the
>>> record is also found when searching for "chivalry", "1234";
>>> "hivalry", "1234". Change:
>>>
>>>   $search->AddDBParam('Password', '=="'.$Password.'"', 'eq');
>>>   $search->AddDBParam('EmailAddress', '=="'.$EmailAddress.'"', 'eq');
>>>
>>> I'm just trying randomly now. This one never finds the record.
>>>
>>>> We use a strict login system for both fields on FMPug (which in
>>>> case you were wondering is entirely FileMaker and FX.PHP driven.
>>>> Even our new footer banners are coming out of FileMaker Pro on a
>>>> rotating banner schedule) and in the new year will also be making
>>>> this case sensitive for both username and password.
>>>>
>>>> We also ensure that both fields have been filled in first. If they
>>>> have not then we use a header redirect to a login failed page
>>>> before we even try to connect to the FileMaker database.
>>>
>>> Any hopes of seeing the way you do your login system? Right now, I'm
>>> leaving the code in the second to last state above, as at least it
>>> allows me to fake the login system working correctly so I can move
>>> onto other features.
>>>
>>> Thanks,
>>> Chuck
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list


More information about the FX.php_List mailing list