[FX.php List] Multiple Login Methods

Michael Layne fx at 9degrees.com
Fri Apr 21 10:09:09 MDT 2006 

Also, note that you can use $_REQUEST:

$username = $_REQUEST['username'];

which will handle both $_POST and $_GET.  just make sure you don't have 
a cookie with the value.  $_REQUEST  takes in order: Cookies, Post, Get...


Andy Gaunt wrote:
> Jonathan,
>
> Firstly I would recommend not using the Posted variables in your query, but
> rather create variables first. This will help in preventing any potential
> malicious code from running as you can verify the contents first.
>
> OK, now onto the email question.
>
> To pass a valid link you are going to have to pass it in the open through
> the URL link. This means using the GET method. It would not hurt for you to
> use a secondary logon_validate.php page that processes the GET array.
>
> Your link would look like;
>
> http://www.example.com/logon_validate_email.php?username=xxxx&password=xxxx
>
> Now, as you are passing this in the open you will surely want to create new
> variables to ensure the integrity of the entries.
>
> --logon_validate_email.php
>
> $username = $_GET['username'];
> $password = $_GET['password'];
>
> //Perform checks on values here, such as both are filled in, removing any
> unwanted HTML entities etc, even checking the script came from your domain.
>
> //Now perform your FX query
> $query->AddDBParam ('username', $username, 'eq');
> $query->AddDBParam ('password', $password, 'eq');
> $findResult = $query->FMFind();
>
> if ($findResult['foundCount'] == 1) {
>
> Andy Gaunt
> T: 407.810.4722
> andy at fmpug.com
> http://www.fmpug.com    
>
> Recipient of FileMaker's 2005 "Mad Dog" Public Relations Award
>
> For chapter locations, dates & times please visit the website at
> http://www.fmpug.com If you can make it to a meeting, please RSVP at
> http://www.fmpug.com/rsvp.php
>
> -----Original Message-----
> From: fx.php_list-bounces at mail.iviking.org
> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Jonathan Schwartz
> Sent: Friday, April 21, 2006 2:35 AM
> To: FX.php Discussion List
> Subject: [FX.php List] Multiple Login Methods
>
> Well.  Upgrade of my solution from  FMP6 to FM8 is back on track.
>
> There is nothing like an elusive error to accelerate the learning 
> curve. ;-). Thanks to Andy and Greg for jumping in.
>
> On to bigger and better things...
>
> Currently, users log in to the solution with a username and password 
> (logon.php), which is processed (logon_validate.php) and delivers 
> them to a detail.php page.  I would like to accomplish the same 
> result by providing a link in an email that the user would receive. 
> The unique link would have username and password embedded....or the 
> equivalent.
>
> Should I be creating a second set of logon pages to process the 
> query?  And....how do I do that given the current method I'm using?
>
> Essence of logon_validate code below, which gets the username and 
> password from the logon.php page:
>
> $query->AddDBParam ('username', $_POST['name'], 'eq');
> $query->AddDBParam ('password', $_POST['pw'], 'eq');
> $findResult = $query->FMFind();
>
> if ($findResult['foundCount'] == 1) {
>
>
> 	$recID=current($findResult['data']);
> 	$internal=explode('.',key($findResult['data']));
> 	$internalRecID=$internal[0];
>
> 	include_once("detail.php");
>
> }
>
> Thanks,
>
> Jonathan
>
>

More information about the FX.php_List mailing list