[FX.php List] Multiple Login Methods

Andy Gaunt andy at fmpug.com
Fri Apr 21 06:49:18 MDT 2006 

Jonathan,

Firstly I would recommend not using the Posted variables in your query, but
rather create variables first. This will help in preventing any potential
malicious code from running as you can verify the contents first.

OK, now onto the email question.

To pass a valid link you are going to have to pass it in the open through
the URL link. This means using the GET method. It would not hurt for you to
use a secondary logon_validate.php page that processes the GET array.

Your link would look like;

http://www.example.com/logon_validate_email.php?username=xxxx&password=xxxx

Now, as you are passing this in the open you will surely want to create new
variables to ensure the integrity of the entries.

--logon_validate_email.php

$username = $_GET['username'];
$password = $_GET['password'];

//Perform checks on values here, such as both are filled in, removing any
unwanted HTML entities etc, even checking the script came from your domain.

//Now perform your FX query
$query->AddDBParam ('username', $username, 'eq');
$query->AddDBParam ('password', $password, 'eq');
$findResult = $query->FMFind();

if ($findResult['foundCount'] == 1) {

Andy Gaunt
T: 407.810.4722
andy at fmpug.com
http://www.fmpug.com    

Recipient of FileMaker's 2005 "Mad Dog" Public Relations Award

For chapter locations, dates & times please visit the website at
http://www.fmpug.com If you can make it to a meeting, please RSVP at
http://www.fmpug.com/rsvp.php

-----Original Message-----
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Jonathan Schwartz
Sent: Friday, April 21, 2006 2:35 AM
To: FX.php Discussion List
Subject: [FX.php List] Multiple Login Methods

Well.  Upgrade of my solution from  FMP6 to FM8 is back on track.

There is nothing like an elusive error to accelerate the learning 
curve. ;-). Thanks to Andy and Greg for jumping in.

On to bigger and better things...

Currently, users log in to the solution with a username and password 
(logon.php), which is processed (logon_validate.php) and delivers 
them to a detail.php page.  I would like to accomplish the same 
result by providing a link in an email that the user would receive. 
The unique link would have username and password embedded....or the 
equivalent.

Should I be creating a second set of logon pages to process the 
query?  And....how do I do that given the current method I'm using?

Essence of logon_validate code below, which gets the username and 
password from the logon.php page:

$query->AddDBParam ('username', $_POST['name'], 'eq');
$query->AddDBParam ('password', $_POST['pw'], 'eq');
$findResult = $query->FMFind();

if ($findResult['foundCount'] == 1) {


	$recID=current($findResult['data']);
	$internal=explode('.',key($findResult['data']));
	$internalRecID=$internal[0];

	include_once("detail.php");

}

Thanks,

Jonathan

-- 

Jonathan Schwartz
Schwartz & Company
817 Marin Drive
Mill Valley, CA 94941
Phone: 415-381-1852
jonathan at eschwartz.com - http://www.eschwartz.com

_______________________________________________
FX.php_List mailing list
FX.php_List at mail.iviking.org
http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list