[FX.php List] Passing Data 101...Again.
Jonathan Schwartz
jonathan at eschwartz.com
Fri Sep 16 09:34:37 MDT 2005
Thanks, Micahel and Marisa!
Michael, I implemented your code changes and got the variable passed.
Phew! A bunch of monkeys at keyboards would have had better a chance
of figuring that out, than me, at this point.
However, using recid doesn't seem to be a good idea in order to
maintain security. A user can easily see the recid on the browser
address line and guess other users redid's. The recid is only 5
characters and they are assigned consecutively, I believe.
I was hoping that the screens following the Log On would work only
for the record which met the log on criteria: Username and password.
Now, I did have sessions.fp5 in the mix, but ran into problems, so I
commented it out. I didn't see how sessions mattered in my case.
So, now that I have this working in principle, what would you suggest
to get it where it needs to be. Perhaps changing the passed variable
to username= and password=.
BTW, I'm not married to any code you see. I just copied what I could
find. I'm guessing that the refresh is not the best way to go.
Thanks again.
Jonathan
At 8:55 AM -0400 9/16/05, Michael Layne wrote:
>Jonathan,
>
>I'm not 100%, and when I can , I'll mirror your code and test, but...
>
>likely problem:
>
>In Login_Validate.php you are refreshing to Detail.php, right?
>Detail.php is expecting a variable ($_GET[recid] - which BTW I think
>should be $_GET['recid'])... but you're not passing that variable.
>
>Your refresh - if it is working is: echo "<meta
>http-equiv=refresh content=\"1;url=detail.php\">";
>
>You need to come up with the real internal "recID" if that's what
>you're using, but you can find on any unique field/fields. keyword
>-recid is only required for FMEdit() and FMDelete(). the long way
>to come up with this is:
>
>$recID = current($result['data']);
>
>$internal = explode ('.', key($result['data']));
>$internalRecID = $internal[0]; // this works, but I know always
>create a calc field called "recid" and make it Get (RecordID) - in
>5/6 CurrentRecordID?
>
>I would make it: echo "<meta http-equiv=refresh
>content=\"1;url=detail.php?recid=" . $internalRecID . "\">";
>
>It's the only way to get a variable passed to $_GET[...]
>
>I know that example you are using (DogWalk). I found that example
>to be a bit confusing, and it can be much easier. If you are ever
>interested, I have built several solutions doing exactly what you
>are trying to do...
>
>HTH and good luck!
>
>
>
>
>
>On Sep 16, 2005, at 3:23 AM, Jonathan Schwartz wrote:
>
>>>
>>>
>>>BTW, the "really simple answer" is different for different people.
>>>You run the risk of offending someone trying to help, and probably
>>>can if they are responding. Just a friendly comment....
>>>
>>
>>Sorry for the inappropriate words. You're 100% right. I'm a
>>little tired and frustrated.
>>
>>Here are the three pages of code: Logon.php, Logon_Validate.php and
>>Detail.php. The third page, Detail.php was lifted from another
>>solution and has extraneous functionality. In short, I want to
>>create a "secure" solution where users can access their own
>>records, but not guess URL that can access other's records.
>>
>>Thanks for the help.
>>
>>Jonathan
>>----------------------------------------------
>>Logon.php
>><html>
>><head>
>> <title>Log in to Mill Valley School District Directory</title>
>>
>></head>
>><body>
>><?php
>>include_once("includes/header.php");
>>?>
>>
>><br /><br />
>><?
>>
>>if ($msg) {
>> echo "<center>$msg</center><br /><br />";
>>}
>>?>
>>
>><form action='logon_validate.php' method='post'>
>>
>><table width='60%' border='0' align='center'>
>> <tr>
>> <td colspan='2' align='center'>Please enter username and
>>password to edit your Student Directory information<br /><br /></td>
>> </tr>
>> <tr>
>> <td>Username:</td>
>> <td><input type='text' name='name'></td>
>> </tr>
>> <tr>
>> <td>Password:</td>
>> <td><input type='password' name='pw'></td>
>> </tr>
>> <tr>
>> <td colspan='2' align='center'><input type='submit'
>>name='submit' value='submit'></td>
>> </tr>
>>
>></table>
>></form>
>></body>
>></html>:
>>-----------------------------------------------------------------------------
>>Logon_Validate.php:
>>
>><?
>>include ("FX/FX.php");
>>include ("prefs.php");
>>//include ("session_handler.php");
>>
>>
>>$query = new FX($serverIP, $port);
>>
>>$query->SetDBData ('parents.fp5', 'web');
>>
>>$query->AddDBParam ('username', $_POST['name'], 'eq');
>>$query->AddDBParam ('password', $_POST['pw'], 'eq');
>>
>>$result = $query->FMFind();
>>
>>?>
>><font color="red" style="Strong">
>>
>><?
>>if ($_POST['name'] == "" || $_POST['pw'] == "") {
>> $msg= 'Please fill in both fields.';
>> include_once ("logon.php");
>> exit;
>>} else { $msg =" ";
>>
>>?>
>></font>
>><?
>>
>>}
>>
>>if ($result['foundCount'] == 1) {
>>
>>//session_set_save_handler("sess_open","sess_close","sess_read","sess_write","sess_destroy","sess_gc");
>> //setcookie("sid");
>> //session_start();
>>
>>
>> //if ($exp) {
>> //$msg = "Your session has expired. You must login again.";
>> //include_once ("logon.php");
>> //exit;
>> //}
>>
>> //$recID = current($result['data']);
>>
>> //session_register("sessWalkerID");
>> //session_register("sessWalkerName");
>>
>> //$sessWalkerID = $recID['parentid'][0];
>> //$sessWalkerName = $recID['last'][0];
>>
>> include_once ("includes/header.php");
>> echo "Logging in... one moment please";
>> echo "<meta http-equiv=refresh content=\"1;url=detail.php\">";
>>
>>
>> exit;
>>
>>
>>} else {
>> $msg = "Unsucessful login attempt. Please try again.";
>> include ("logon.php");
>>
>>}
>>
>>?>
>>
>>----------------------------------------------------------------------------------------
>>Detail.php:
>>
>><html>
>><head>
>><title>Mill Valley School District Student Directory</title>
>><link href="web_style.css" rel="stylesheet" type="text/css">
>><?php
>>include_once('FX/FX.php');
>>include_once('FX/FMErrors.php');
>>include_once('FX/server_data.php');
>>
>>$recid=$_GET[recid];
>>
>>
>>$findrecord=new FX($serverIP,$webCompanionPort);
>>$findrecord->SetDBData('parents.fp5','web');
>>$findrecord->AddDBParam('-recid',$recid);
>>
>>
>>$findResult=$findrecord->FMFind();
>>foreach($findResult['data'] as $key=>$findData)
>>
>>
>>
>>
>>$lists=new FX($serverIP,$webCompanionPort);
>>$lists->SetDBData('parents.fp5','web');
>>$listsResult=$lists->FMView();
>>
>>$search2=new FX($serverIP,$webCompanionPort);
>>$search2->SetDBData('parents.fp5','web');
>>$search2->AddDBParam('parentid',$findData['parentid'][0]);
>>$search2Result=$search2->FMFind();
>>foreach($findResult['data'] as $key=>$findData)
>>
>>
>>$search3=new FX($serverIP,$webCompanionPort);
>>$search3->SetDBData('students.fp5','web');
>>$search3->AddDBParam('parentid',$findData['parentid'][0]);
>>$search3Result=$search3->FMFind();
>>foreach($findResult['data'] as $key=>$findData)
>>?>
>>
>>
>></head>
>>
>><body>
>><?php
>>include_once("includes/header.php");
>>?>
>>
>><p>This is the current information on file. Click EDIT to change.</p>
>>
>>
>><table width="80%" border="0" cellspacing="3" cellpadding="0">
>> <tr class="ver12">
>> <td width="15%"><div align="right">First Name</div>
>> </td>
>> <td></td>
>> <td><?php echo $findData['first'][0]; ?>
>> </td>
>> </tr>
>> <tr class="ver12">
>> <td><div align="right">Last Name</div>
>> </td>
>> <td></td>
>> <td><?php echo $findData['last'][0]; ?>
>> </td>
>> </tr>
>> <tr class="ver12">
>> <td width="15%"><div align="right">Street</div>
>> </td>
>> <td></td>
>> <td><?php echo $findData['Street'][0]; ?>
>> </td>
>> </tr>
>> <tr class="ver12">
>> <td width="15%"><div align="right">City</div>
>> </td>
>> <td></td>
>> <td><?php echo $findData['City'][0]; ?>
>> </td>
>> </tr>
>> <tr class="ver12">
>> <td width="15%"><div align="right">State</div>
>> </td>
>> <td></td>
>> <td><?php echo $findData['State'][0]; ?>
>> </td>
>> </tr>
>> <tr class="ver12">
>> <td width="15%"><div align="right">Zip</div>
>> </td>
>> <td></td>
>> <td><?php echo $findData['Zip'][0]; ?>
>> </td>
>> </tr>
>> <tr class="ver12">
>> <td width="15%"><div align="right">Home Phone</div>
>> </td>
>> <td></td>
>> <td><?php echo $findData['PhoneHome'][0]; ?>
>> </td>
>> </tr>
>> <tr class="ver12">
>> <td width="15%"><div align="right">Email</div>
>> </td>
>> <td></td>
>> <td><?php echo $findData['email'][0]; ?>
>> </td>
>> </tr>
>></table>
>><p> </p>
>><a href="edit.php?recid=<?php
>>$recordDetails=explode('.',$key);
>>$currentRecord=$recordDetails[0];
>>echo $currentRecord;
>> ?>">EDIT</a>
>>
>> <p> </p>
>> <a href="edit.php?parentid=<?php
>>$recordDetails=explode('.',$key);
>>$currentRecord=$recordDetails[0];
>>echo $currentRecord;
>> ?>">EDIT</a>
>>
>>Students Records <?php echo $search2Result['foundCount']; ?>
>><table>
>><tr>
>><?php foreach($search2Result['data'] as $key=>$search2Data) { ?>
>><td><?php echo $search2Data['first'][0]; ?> </td>
>><td><?php echo $search2Data['last'][0]; ?> </td>
>></tr>
>><?php } ?>
>></table>
>>
>><p> </p>
>>Found Records <?php echo $search3Result['foundCount']; ?>
>><table>
>><tr>
>><?php foreach($search3Result['data'] as $key=>$search3Data) { ?>
>><td><?php echo $search3Data['StudentNameFirst'][0]; ?> </td>
>><td><?php echo $search3Data['StudentNameLast'][0]; ?> </td>
>><td><?php echo $search3Data['Grade'][0]; ?> </td>
>></tr>
>><?php } ?>
>></table>
>>
>></body>
>></html>
>>
>>-----------------------------------------------------------------------
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>--
>>
>>Jonathan Schwartz
>>Schwartz & Company
>>817 Marin Drive
>>Mill Valley, CA 94941
>>Phone: 415-381-1852
>>jonathan at eschwartz.com - http://www.eschwartz.com
>>
>>_______________________________________________
>>FX.php_List mailing list
>>FX.php_List at mail.iviking.org
>>http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list
--
Jonathan Schwartz
Schwartz & Company
817 Marin Drive
Mill Valley, CA 94941
Phone: 415-381-1852
jonathan at eschwartz.com - http://www.eschwartz.com
More information about the FX.php_List
mailing list