[FX.php List] Passing Data 101...Again.

Marisa Smith marisa at datasmithconsulting.net
Fri Sep 16 10:58:40 MDT 2005


Hi Jonathan-

Instead of meta-refreshing them to a new page, what if you did an INCLUDE of
detail.php if the username & password match

    include_once('detail.php');

and show an error message if they don't match?  By doing this, the recid of
the found record could be passed into the FMFind on detail.php using the
method Michael described to set $internalRecID.

You could also set a session variable to the recID of the found record and
then pass that to the FMFind on detail.php.
    AddDBParam->('-recid',$_SESSION['matched_recid'];

Marisa


On 09/16/2005 11:34 AM, "Jonathan Schwartz" <jonathan at eschwartz.com> wrote:

> Thanks, Micahel and Marisa!
> 
> Michael, I implemented your code changes and got the variable passed.
> Phew!  A bunch of monkeys at keyboards would have had better a chance
> of figuring that out, than me, at this point.
> 
> However, using recid doesn't seem to be a good idea in order to
> maintain security.  A user can easily see the recid on the browser
> address line and guess other users redid's.  The recid is only 5
> characters and they are assigned consecutively, I believe.
> 
> I was hoping that the screens following the Log On would work only
> for the record which met the log on criteria: Username and password.
> Now, I did have sessions.fp5 in the mix, but ran into problems, so I
> commented it out. I didn't see how sessions mattered in my case.
> 
> So, now that I have this working in principle, what would you suggest
> to get it where it needs to be.  Perhaps changing the passed variable
> to username= and password=.
> 
> BTW, I'm not married to any code you see.  I just copied what I could
> find.  I'm guessing that the refresh is not the best way to go.
> 
> Thanks again.
> 
> Jonathan
> 
> 
> 
> 
> At 8:55 AM -0400 9/16/05, Michael Layne wrote:
>> Jonathan,
>> 
>> I'm not 100%, and when I can , I'll mirror your code and test, but...
>> 
>> likely problem:
>> 
>> In Login_Validate.php you are refreshing to Detail.php, right?
>> Detail.php is expecting a variable ($_GET[recid] - which BTW I think
>> should be $_GET['recid'])... but you're not passing that variable.
>> 
>> Your refresh - if it is working is:    echo "<meta
>> http-equiv=refresh content=\"1;url=detail.php\">";
>> 
>> You need to come up with the real internal "recID" if that's what
>> you're using, but you can find on any unique field/fields.  keyword
>> -recid is only required for FMEdit() and FMDelete().  the long way
>> to come up with this is:
>> 
>> $recID = current($result['data']);
>> 
>> $internal = explode ('.', key($result['data']));
>> $internalRecID = $internal[0];  // this works, but I know always
>> create a calc field called "recid" and make it Get (RecordID) - in
>> 5/6 CurrentRecordID?
>> 
>> I would make it:     echo "<meta http-equiv=refresh
>> content=\"1;url=detail.php?recid=" . $internalRecID . "\">";
>> 
>> It's the only way to get a variable passed to $_GET[...]
>> 
>> I know that example you are using (DogWalk). I  found that example
>> to be a bit confusing, and it can be much easier.  If you are ever
>> interested, I have built several solutions doing exactly what you
>> are trying to do...
>> 
>> HTH and good luck!
>> 
>> 
>> 
>> 
>> 
>> On Sep 16, 2005, at 3:23 AM, Jonathan Schwartz wrote:
>> 
>>>> 
>>>> 
>>>> BTW, the "really simple answer" is different for different people.
>>>> You run the risk of offending someone trying to help, and probably
>>>> can if they are responding.  Just a friendly comment....
>>>> 
>>> 
>>> Sorry for the inappropriate words.  You're 100% right.  I'm a
>>> little tired and frustrated.
>>> 
>>> Here are the three pages of code: Logon.php, Logon_Validate.php and
>>> Detail.php.    The third page, Detail.php was lifted from another
>>> solution and has extraneous functionality.  In short, I want to
>>> create a "secure" solution where users can access their own
>>> records, but not guess URL that can access other's records.
>>> 
>>> Thanks for the help.
>>> 
>>> Jonathan
>>> ----------------------------------------------
>>> Logon.php
>>> <html>
>>> <head>
>>>     <title>Log in to Mill Valley School District Directory</title>
>>> 
>>> </head>
>>> <body>
>>> <?php
>>> include_once("includes/header.php");
>>> ?>
>>> 
>>> <br /><br />
>>> <?
>>> 
>>> if ($msg) {
>>>     echo "<center>$msg</center><br /><br />";
>>> }
>>> ?>
>>> 
>>> <form action='logon_validate.php' method='post'>
>>> 
>>> <table width='60%' border='0' align='center'>
>>>     <tr>
>>>         <td colspan='2' align='center'>Please enter username and
>>> password to edit your Student Directory information<br /><br /></td>
>>>     </tr>
>>>     <tr>
>>>         <td>Username:</td>
>>>         <td><input type='text' name='name'></td>
>>>     </tr>
>>>     <tr>
>>>         <td>Password:</td>
>>>         <td><input type='password' name='pw'></td>
>>>     </tr>
>>>     <tr>
>>>         <td colspan='2' align='center'><input type='submit'
>>> name='submit' value='submit'></td>
>>>     </tr>
>>> 
>>> </table>
>>> </form>
>>> </body>
>>> </html>:
>>> 
---------------------------------------------------------------------------->>>
-
>>> Logon_Validate.php:
>>> 
>>> <?
>>> include ("FX/FX.php");
>>> include ("prefs.php");
>>> //include ("session_handler.php");
>>> 
>>> 
>>> $query = new FX($serverIP, $port);
>>> 
>>> $query->SetDBData ('parents.fp5', 'web');
>>> 
>>> $query->AddDBParam ('username', $_POST['name'], 'eq');
>>> $query->AddDBParam ('password', $_POST['pw'], 'eq');
>>> 
>>> $result = $query->FMFind();
>>> 
>>> ?>
>>> <font color="red" style="Strong">
>>> 
>>> <?
>>> if ($_POST['name'] == "" || $_POST['pw'] == "") {
>>>     $msg= 'Please fill in both fields.';
>>>     include_once ("logon.php");
>>>             exit;
>>> }  else { $msg =" ";
>>> 
>>> ?>
>>> </font>
>>> <?
>>> 
>>> }
>>> 
>>> if ($result['foundCount'] == 1) {
>>> 
>>> //session_set_save_handler("sess_open","sess_close","sess_read","sess_write"
>>> ,"sess_destroy","sess_gc");
>>>     //setcookie("sid");
>>>     //session_start();
>>> 
>>> 
>>>     //if ($exp) {
>>>             //$msg = "Your session has expired.  You must login again.";
>>>             //include_once ("logon.php");
>>>             //exit;
>>>     //}
>>> 
>>>     //$recID = current($result['data']);
>>> 
>>>     //session_register("sessWalkerID");
>>>     //session_register("sessWalkerName");
>>> 
>>>     //$sessWalkerID = $recID['parentid'][0];
>>>     //$sessWalkerName = $recID['last'][0];
>>> 
>>>     include_once ("includes/header.php");
>>>     echo "Logging in... one moment please";
>>>     echo "<meta http-equiv=refresh content=\"1;url=detail.php\">";
>>> 
>>> 
>>>     exit;
>>> 
>>> 
>>> } else {
>>>     $msg = "Unsucessful login attempt.  Please try again.";
>>>     include ("logon.php");
>>> 
>>> }
>>> 
>>> ?>
>>> 
>>> ----------------------------------------------------------------------------
>>> ------------
>>> Detail.php:
>>> 
>>> <html>
>>> <head>
>>> <title>Mill Valley School District Student Directory</title>
>>> <link href="web_style.css" rel="stylesheet" type="text/css">
>>> <?php
>>> include_once('FX/FX.php');
>>> include_once('FX/FMErrors.php');
>>> include_once('FX/server_data.php');
>>> 
>>> $recid=$_GET[recid];
>>> 
>>> 
>>> $findrecord=new FX($serverIP,$webCompanionPort);
>>> $findrecord->SetDBData('parents.fp5','web');
>>> $findrecord->AddDBParam('-recid',$recid);
>>> 
>>> 
>>> $findResult=$findrecord->FMFind();
>>> foreach($findResult['data'] as $key=>$findData)
>>> 
>>> 
>>> 
>>> 
>>> $lists=new FX($serverIP,$webCompanionPort);
>>> $lists->SetDBData('parents.fp5','web');
>>> $listsResult=$lists->FMView();
>>> 
>>> $search2=new FX($serverIP,$webCompanionPort);
>>> $search2->SetDBData('parents.fp5','web');
>>> $search2->AddDBParam('parentid',$findData['parentid'][0]);
>>> $search2Result=$search2->FMFind();
>>> foreach($findResult['data'] as $key=>$findData)
>>> 
>>> 
>>> $search3=new FX($serverIP,$webCompanionPort);
>>> $search3->SetDBData('students.fp5','web');
>>> $search3->AddDBParam('parentid',$findData['parentid'][0]);
>>> $search3Result=$search3->FMFind();
>>> foreach($findResult['data'] as $key=>$findData)
>>> ?>
>>> 
>>> 
>>> </head>
>>> 
>>> <body>
>>> <?php
>>> include_once("includes/header.php");
>>> ?>
>>> 
>>> <p>This is the current information on file.  Click EDIT to change.</p>
>>> 
>>> 
>>> <table width="80%" border="0" cellspacing="3" cellpadding="0">
>>>   <tr class="ver12">
>>>     <td width="15%"><div align="right">First Name</div>
>>>     </td>
>>>     <td></td>
>>>     <td><?php echo $findData['first'][0]; ?>
>>>     </td>
>>>   </tr>
>>>   <tr class="ver12">
>>>     <td><div align="right">Last Name</div>
>>>     </td>
>>>       <td></td>
>>>     <td><?php echo $findData['last'][0]; ?>
>>>     </td>
>>>   </tr>
>>>     <tr class="ver12">
>>>   <td width="15%"><div align="right">Street</div>
>>>     </td>
>>>     <td></td>
>>>     <td><?php echo $findData['Street'][0]; ?>
>>>     </td>
>>>   </tr>
>>>     <tr class="ver12">
>>>   <td width="15%"><div align="right">City</div>
>>>     </td>
>>>     <td></td>
>>>     <td><?php echo $findData['City'][0]; ?>
>>>     </td>
>>>   </tr>
>>>     <tr class="ver12">
>>>   <td width="15%"><div align="right">State</div>
>>>     </td>
>>>     <td></td>
>>>     <td><?php echo $findData['State'][0]; ?>
>>>     </td>
>>>   </tr>
>>>     <tr class="ver12">
>>>   <td width="15%"><div align="right">Zip</div>
>>>     </td>
>>>     <td></td>
>>>     <td><?php echo $findData['Zip'][0]; ?>
>>>     </td>
>>>   </tr>
>>>     <tr class="ver12">
>>>   <td width="15%"><div align="right">Home Phone</div>
>>>     </td>
>>>     <td></td>
>>>     <td><?php echo $findData['PhoneHome'][0]; ?>
>>>     </td>
>>>   </tr>
>>>     <tr class="ver12">
>>>   <td width="15%"><div align="right">Email</div>
>>>     </td>
>>>     <td></td>
>>>     <td><?php echo $findData['email'][0]; ?>
>>>     </td>
>>>   </tr>
>>> </table>
>>> <p>&nbsp;</p>
>>> <a href="edit.php?recid=<?php
>>> $recordDetails=explode('.',$key);
>>> $currentRecord=$recordDetails[0];
>>> echo $currentRecord;
>>>  ?>">EDIT</a>
>>> 
>>>  <p>&nbsp;</p>
>>>  <a href="edit.php?parentid=<?php
>>> $recordDetails=explode('.',$key);
>>> $currentRecord=$recordDetails[0];
>>> echo $currentRecord;
>>>  ?>">EDIT</a>
>>> 
>>> Students Records <?php echo $search2Result['foundCount']; ?>
>>> <table>
>>> <tr>
>>> <?php foreach($search2Result['data'] as $key=>$search2Data) { ?>
>>> <td><?php echo $search2Data['first'][0]; ?> </td>
>>> <td><?php echo $search2Data['last'][0]; ?> </td>
>>> </tr>
>>> <?php  } ?>
>>> </table>
>>> 
>>> <p>&nbsp;</p>
>>> Found Records <?php echo $search3Result['foundCount']; ?>
>>> <table>
>>> <tr>
>>> <?php foreach($search3Result['data'] as $key=>$search3Data) { ?>
>>> <td><?php echo $search3Data['StudentNameFirst'][0]; ?> </td>
>>> <td><?php echo $search3Data['StudentNameLast'][0]; ?> </td>
>>> <td><?php echo $search3Data['Grade'][0]; ?> </td>
>>> </tr>
>>> <?php  } ?>
>>> </table>
>>> 
>>> </body>
>>> </html>
>>> 
>>> -----------------------------------------------------------------------
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> --
>>> 
>>> Jonathan Schwartz
>>> Schwartz & Company
>>> 817 Marin Drive
>>> Mill Valley, CA 94941
>>> Phone: 415-381-1852
>>> jonathan at eschwartz.com - http://www.eschwartz.com
>>> 
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>> 
>> 
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> 

---------------------------------------------------------------------
Marisa Smith, President
DataSmith Consulting, LLC
9206 Huron River Drive
Dexter, MI 48130
Phone: (734) 426-8077
Fax: (734) 426-7069 ­ NEW!
http://www.datasmithconsulting.net
Filemaker Solutions Alliance Associate Member




More information about the FX.php_List mailing list