[FX.php List] Search containing '@' sign finds no match

Andy Gaunt andy at fmpug.com
Fri Oct 13 09:28:24 MDT 2006 

Erik

The @ symbol is a wildcard character in a FileMaker search.

You need to either;

Wrap your search that contains the @ in "s or escape the @ with a \

HTH

Andy Gaunt
Office: 321.206.3658
Mobile: 407.810.4722
andy at fmpug.com
http://www.fmpug.com    

2006 FileMaker Excellence Award Winner
Recipient of FileMaker’s 2005 “Mad Dog” Public Relations Award

For chapter locations, dates & times please visit the website at
http://www.fmpug.com If you can make it to a meeting, please RSVP at
http://www.fmpug.com/rsvp.php


-----Original Message-----
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Erik Andreas
Cayré
Sent: Wednesday, October 11, 2006 6:07 PM
To: FX.php Discussion List
Subject: [FX.php List] Search containing '@' sign finds no match

I'm building a site with a login mechanism.

I wish to use the user's email address as the username.

My login works fine except when the username contains an @ sign...
Then I get a 401 error (FM found no matches)

Of course I triple checked that I typed the username exactly like it  
is in the DB...!

My code:

if (isset($_POST['user'])) {
	$validlogin = validateData($_POST['user'] , $_POST['pass']);

	if (is_array($validlogin)) {
		list ($validuser, $validpass) = $validlogin;
		$authstatus = DbAuth($validuser, $validpass);
	}

	if (isset ($authstatus)) {
		
		if (is_array($authstatus)) {			//successful
login
			$_SESSION['permissions']['role'] =
$authstatus['role'];
			$_SESSION['permissions']['contact_id'] =
$authstatus['contact_id'];
			
		} else {
//some error
			$formhead = 'Prøv igen:';
			showobject ($authstatus);	// for debugging
			showobject ($validlogin);	// for debugging
		}
	} else {
		$formhead = 'Prøv igen:';
	}
	
}

These are the functions I use:

    ###
    ### Validate what the user has entered BEFORE comparisons are done.
    ### Make sure no one tries to pass malicious code through...
    ### Returns FALSE, or array $user_login(user,pass)...
    ###
    function validateData($username, $password)
    {
	   $username = trim($username);
	   $password = trim($password);
	   // any trying to submit nada for username & pass
	   if ($username == "" || $password == "") {
		   return false;
	   }
	   /* for anyone trying to sneak in delimiters
	   if (strstr($username, $this->FieldDel) || strstr($password,
$this- 
 >FieldDel)) {
		   return false;
	   }
	   */
	   // for anyone trying to pass spaces through - arbitrary code
	   if (strstr($username, " ") || strstr($password, " ")) {
		   return false;
	   }
	   // make sure all quotes are properly escaped before proccessing
	   if (!get_magic_quotes_gpc()) {
		  $username = addslashes($username);
		  $password = addslashes($password);
	   }
	   $user_login[] = $username;
	   $user_login[] = $password;
	   return $user_login;
    }
    ###
    ### function for authenticating against a Filemaker database with  
FX.php
    ### by Erik Cayré, nov-dec 2005, erik at cayre.dk
    ###
    function DbAuth($username, $password)
    {
		global $fmshost;
		global $dataport;
		global $dbname;
		global $fmsuser;
		global $fmspass;
		$fx = new FX($fmshost, $dataport);
		$fx->SetDBData($dbname, 'www_login');
		$fx->SetDBUserPass($fmsuser, $fmspass);
		$fx->AddDBParam('email', $username, 'eq');
		$fx->AddDBParam('loginpass', $password, 'eq');
		$return_data = $fx->FMFind();
		
		// Transform FM data into more useful array
		if ($return_data['errorCode'] == 0 and
$return_data['foundCount']  
== 1) {
			$user = array();
			
			foreach ($return_data['data'] AS $fmrec =>
$fmrecord) {
				foreach ($fmrecord as $data => $value) {
					if (isset($value[0])) {
						$user[$data] = $value[0];
					}
				}
			}
			addtolog ('User "' . $username . '" logged in');
			return $user;
			
		} else {
			reporterror ('DbAuth. FMerror: ' .
$return_data['errorCode'] .  
'<br>Foundcount: '.$return_data['foundCount']);
			return 'FMerror: ' . $return_data['errorCode'] .
'<br>Foundcount:  
' . $return_data['foundCount'];
		}
		
	}


Any clues?

---
Erik Andreas Cayré
Spangsbjerg Møllevej 169
6705 Esbjerg Ø

Privat Tel: 75150512
Mobil: 40161183

---
»Kun p....sure mennesker kan ændre verden. Innovation skabes ikke af  
'markedsanalyse', men af folk, der er afsindigt irriterede over  
tingenes tilstand «
--Tom Peters

»Hvis du ikke kan forklare det simpelt, forstår  du det ikke godt nok.«
-- Albert Einstein

»Hvis du ikke har tid til at gøre det rigtigt, hvornår vil du så have  
tid til at lave det om?«
-- John Wooden, basketball coach

More information about the FX.php_List mailing list