[FX.php List] Search containing '@' sign finds no match
Erik Andreas Cayré
erik at cayre.dk
Wed Oct 11 16:07:07 MDT 2006
I'm building a site with a login mechanism.
I wish to use the user's email address as the username.
My login works fine except when the username contains an @ sign...
Then I get a 401 error (FM found no matches)
Of course I triple checked that I typed the username exactly like it
is in the DB...!
My code:
if (isset($_POST['user'])) {
$validlogin = validateData($_POST['user'] , $_POST['pass']);
if (is_array($validlogin)) {
list ($validuser, $validpass) = $validlogin;
$authstatus = DbAuth($validuser, $validpass);
}
if (isset ($authstatus)) {
if (is_array($authstatus)) { //successful login
$_SESSION['permissions']['role'] = $authstatus['role'];
$_SESSION['permissions']['contact_id'] = $authstatus['contact_id'];
} else { //some error
$formhead = 'Prøv igen:';
showobject ($authstatus); // for debugging
showobject ($validlogin); // for debugging
}
} else {
$formhead = 'Prøv igen:';
}
}
These are the functions I use:
###
### Validate what the user has entered BEFORE comparisons are done.
### Make sure no one tries to pass malicious code through...
### Returns FALSE, or array $user_login(user,pass)...
###
function validateData($username, $password)
{
$username = trim($username);
$password = trim($password);
// any trying to submit nada for username & pass
if ($username == "" || $password == "") {
return false;
}
/* for anyone trying to sneak in delimiters
if (strstr($username, $this->FieldDel) || strstr($password, $this-
>FieldDel)) {
return false;
}
*/
// for anyone trying to pass spaces through - arbitrary code
if (strstr($username, " ") || strstr($password, " ")) {
return false;
}
// make sure all quotes are properly escaped before proccessing
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
$password = addslashes($password);
}
$user_login[] = $username;
$user_login[] = $password;
return $user_login;
}
###
### function for authenticating against a Filemaker database with
FX.php
### by Erik Cayré, nov-dec 2005, erik at cayre.dk
###
function DbAuth($username, $password)
{
global $fmshost;
global $dataport;
global $dbname;
global $fmsuser;
global $fmspass;
$fx = new FX($fmshost, $dataport);
$fx->SetDBData($dbname, 'www_login');
$fx->SetDBUserPass($fmsuser, $fmspass);
$fx->AddDBParam('email', $username, 'eq');
$fx->AddDBParam('loginpass', $password, 'eq');
$return_data = $fx->FMFind();
// Transform FM data into more useful array
if ($return_data['errorCode'] == 0 and $return_data['foundCount']
== 1) {
$user = array();
foreach ($return_data['data'] AS $fmrec => $fmrecord) {
foreach ($fmrecord as $data => $value) {
if (isset($value[0])) {
$user[$data] = $value[0];
}
}
}
addtolog ('User "' . $username . '" logged in');
return $user;
} else {
reporterror ('DbAuth. FMerror: ' . $return_data['errorCode'] .
'<br>Foundcount: '.$return_data['foundCount']);
return 'FMerror: ' . $return_data['errorCode'] . '<br>Foundcount:
' . $return_data['foundCount'];
}
}
Any clues?
---
Erik Andreas Cayré
Spangsbjerg Møllevej 169
6705 Esbjerg Ø
Privat Tel: 75150512
Mobil: 40161183
---
»Kun p....sure mennesker kan ændre verden. Innovation skabes ikke af
'markedsanalyse', men af folk, der er afsindigt irriterede over
tingenes tilstand «
--Tom Peters
»Hvis du ikke kan forklare det simpelt, forstår du det ikke godt nok.«
-- Albert Einstein
»Hvis du ikke har tid til at gøre det rigtigt, hvornår vil du så have
tid til at lave det om?«
-- John Wooden, basketball coach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1856 bytes
Desc: not available
Url : http://www.iviking.org/pipermail/fx.php_list/attachments/20061012/9a228b50/smime.bin
More information about the FX.php_List
mailing list