[FX.php List] Search containing '@' sign finds no match

Erik Andreas Cayré erik at cayre.dk
Wed Oct 11 16:07:07 MDT 2006


I'm building a site with a login mechanism.

I wish to use the user's email address as the username.

My login works fine except when the username contains an @ sign...
Then I get a 401 error (FM found no matches)

Of course I triple checked that I typed the username exactly like it  
is in the DB...!

My code:

if (isset($_POST['user'])) {
	$validlogin = validateData($_POST['user'] , $_POST['pass']);

	if (is_array($validlogin)) {
		list ($validuser, $validpass) = $validlogin;
		$authstatus = DbAuth($validuser, $validpass);
	}

	if (isset ($authstatus)) {
		
		if (is_array($authstatus)) {			//successful login
			$_SESSION['permissions']['role'] = $authstatus['role'];
			$_SESSION['permissions']['contact_id'] = $authstatus['contact_id'];
			
		} else {								//some error
			$formhead = 'Prøv igen:';
			showobject ($authstatus);	// for debugging
			showobject ($validlogin);	// for debugging
		}
	} else {
		$formhead = 'Prøv igen:';
	}
	
}

These are the functions I use:

    ###
    ### Validate what the user has entered BEFORE comparisons are done.
    ### Make sure no one tries to pass malicious code through...
    ### Returns FALSE, or array $user_login(user,pass)...
    ###
    function validateData($username, $password)
    {
	   $username = trim($username);
	   $password = trim($password);
	   // any trying to submit nada for username & pass
	   if ($username == "" || $password == "") {
		   return false;
	   }
	   /* for anyone trying to sneak in delimiters
	   if (strstr($username, $this->FieldDel) || strstr($password, $this- 
 >FieldDel)) {
		   return false;
	   }
	   */
	   // for anyone trying to pass spaces through - arbitrary code
	   if (strstr($username, " ") || strstr($password, " ")) {
		   return false;
	   }
	   // make sure all quotes are properly escaped before proccessing
	   if (!get_magic_quotes_gpc()) {
		  $username = addslashes($username);
		  $password = addslashes($password);
	   }
	   $user_login[] = $username;
	   $user_login[] = $password;
	   return $user_login;
    }
    ###
    ### function for authenticating against a Filemaker database with  
FX.php
    ### by Erik Cayré, nov-dec 2005, erik at cayre.dk
    ###
    function DbAuth($username, $password)
    {
		global $fmshost;
		global $dataport;
		global $dbname;
		global $fmsuser;
		global $fmspass;
		$fx = new FX($fmshost, $dataport);
		$fx->SetDBData($dbname, 'www_login');
		$fx->SetDBUserPass($fmsuser, $fmspass);
		$fx->AddDBParam('email', $username, 'eq');
		$fx->AddDBParam('loginpass', $password, 'eq');
		$return_data = $fx->FMFind();
		
		// Transform FM data into more useful array
		if ($return_data['errorCode'] == 0 and $return_data['foundCount']  
== 1) {
			$user = array();
			
			foreach ($return_data['data'] AS $fmrec => $fmrecord) {
				foreach ($fmrecord as $data => $value) {
					if (isset($value[0])) {
						$user[$data] = $value[0];
					}
				}
			}
			addtolog ('User "' . $username . '" logged in');
			return $user;
			
		} else {
			reporterror ('DbAuth. FMerror: ' . $return_data['errorCode'] .  
'<br>Foundcount: '.$return_data['foundCount']);
			return 'FMerror: ' . $return_data['errorCode'] . '<br>Foundcount:  
' . $return_data['foundCount'];
		}
		
	}


Any clues?

---
Erik Andreas Cayré
Spangsbjerg Møllevej 169
6705 Esbjerg Ø

Privat Tel: 75150512
Mobil: 40161183

---
»Kun p....sure mennesker kan ændre verden. Innovation skabes ikke af  
'markedsanalyse', men af folk, der er afsindigt irriterede over  
tingenes tilstand «
--Tom Peters

»Hvis du ikke kan forklare det simpelt, forstår  du det ikke godt nok.«
-- Albert Einstein

»Hvis du ikke har tid til at gøre det rigtigt, hvornår vil du så have  
tid til at lave det om?«
-- John Wooden, basketball coach


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1856 bytes
Desc: not available
Url : http://www.iviking.org/pipermail/fx.php_list/attachments/20061012/9a228b50/smime.bin


More information about the FX.php_List mailing list