[FX.php List] Password Access

Marisa Smith marisa at datasmithconsulting.net
Wed Oct 26 09:57:29 MDT 2005 

To expand on this, I define my own ³groups² by adding a ³usertype² field to
this user table.  When the user logs in successfully (i.e. I find a matching
record in the table), I set a session variable equal to the user_type and
then check against that to show/hide different parts of my interface (VERY
BASIC EXAMPLE):

If (isset($_SESSION[³username²]))
    {
>     if ($_SESSION[³user_type²] == ³Admin²)
>     {
>     //show some administrative options
>     }
>     else if ($_SESSION[³user_type²] == ³User²)
>     {
>     //show some non admin user options
>     }
>     
>     //show some options to everyone here
> }
    else
> {
>     print ³You are not authorized to use this system. Please log in.²;
>     exit; // you can also redirect them to the login page here.
        }

This also helps with a little extra security because nothing is displayed if
they haven¹t logged in and set these session variables yet.

You can also use http authentication to set the PHP_AUTH_USER and
PHP_AUTH_PW server variables and then pass those into your FX query to check
against the user table.

Upon login, I also set session variables equal to the username and other
information in their user ³profile² so that I can personalize their
experience and also keep an audit trail of all their activities in the
system.  For the audit trail, I just have table with fields for user name,
current date and time, table name, record id, current action and query url.
I then have an audit() function that creates a new record in the audit
table, passing the session values and essential pieces of the current fx
query into the record.

In my case, I do not have any users accessing the Filemaker interface ‹
everyone gets in via the web ‹ so this is fine.  But I can see how it would
be annoying to have to keep this table in addition to the built-in FM
users/groups if you needed people to access your system from both methods.

Just my 2 cents...I¹m sure there are other ways of doing this, but this has
worked for me so far.

Marisa

On 10/24/2005 7:38 PM, "Andy Gaunt" <andy at fmpug.com> wrote:

> Peter ­
>  
> Most of the time we (and I think I speak for the majority here) will create a
> login script that looks to a user table to log people in and out of the site
> with different privileges.
>  
> The SetDBPassword is used in the FileMaker queries and so must always be
> present. You know you can make this step a little easier by including the
> username and password in the server data file and then just passing the
> variables to your page too.
>  
> The one downside of FileMaker User Accounts and PHP is that we cannot get the
> privilege set assigned to that account through the FX query (Chris, something
> for you to jump on right now!)
>  
> So, maybe you want to think about creating a login that checks the user table
> for their username and password and then you can set the rights for each page
> from there.
>  
> And you are welcome for the previous help.
>  
> 
> Andy Gaunt
> T: 407.810.4722
> andy at fmpug.com
> http://www.fmpug.com
>                  
> Recipient of FileMaker¹s 2005 ³Mad Dog² Public Relations Award
>  
> October 27th 2005, 6pm Orlando FMPug ­ What¹s Hot for FileMaker Developers, a
> presentation of FileMaker 8 Advanced features.
> For other chapter locations, dates & times please visit the website at
> http://www.fmpug.com
> If you can make it to a meeting, please RSVP at http://www.fmpug.com/rsvp.php
>  
> 
> 
> From: fx.php_list-bounces at mail.iviking.org
> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Peter Bates
> Sent: Monday, October 24, 2005 6:02 PM
> To: FX.php Discussion List
> Subject: [FX.php List] Password Access
>  
> Once again a big thanks to Andy, Chris and others that have been kind enough
> to help me out with coding. Hopefully I'll stop with these dumb questions soon
> and will be able to contribute something back to the list.
> 
>  
> 
> Considering that I have to provide the username and password in the "
> ->SetDBPassword('password','username'); " what do I do when I want either the
> access to be completely restricted (can't access the database without entering
> a username and password), or partially restricted (full access until you try
> accessing an edit page)?
> 
>  
> 
> Thanks in advance,
>  
> 
> Peter Bates
> 
> Microcomputer Network Specialist
> 
> Automated Services
> 
> St. Joseph County Public Library
> 
> 304 S. Main St.
> 
> South Bend, IN  46601
> 
> voice: (574) 282-4610
> 
> fax: (574) 282-4662
> 
> e-mail: p.bates at sjcpl.org
> 
> www:  http:/www.libraryforlife.org <http://www.libraryforlife.org>
> 
> library catalog:
> 
> http://www.libraryforlife.org/onlinecatalog/onlinecatalog.html
> 
>  
> 
> 
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.12.4/146 - Release Date: 10/21/2005
>  
> 
>   
> 
> 
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.12.4/146 - Release Date: 10/21/2005
>  
> 
> 
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list


---------------------------------------------------------------------
Marisa Smith, President
DataSmith Consulting, LLC
9206 Huron River Drive
Dexter, MI 48130
Phone: (734) 426-8077
Fax: (734) 426-7069 ­ NEW!
http://www.datasmithconsulting.net
Filemaker Solutions Alliance Associate Member

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20051026/5b22f3a2/attachment.html

More information about the FX.php_List mailing list