[FX.php List] * and login
Jose Sevoya
jsevoya at gmail.com
Tue Oct 31 09:19:27 MST 2006
Hi Alex,
That is quite amazing that we thought of the same things when watching
those movies! As for how it works, I took the liberty of exploring the
bundled files that come with it and it seems that there is a whole
file of functions(FMStudio_Tools.php) that includes some interesting
code. Specifically the disable wildcards code looks like a mix of
regular expressions and a few other string manipulators to achieve
proper "\" based escape sequences.
As for my thoughts on FMStudio, even though I am quite new to PHP and
it is very helpful not needing to write any code at all to make sites
- I am now comfortable enough with PHP to explore the code a bit and I
would say FMStudio is certainly worth it. The main point that I can
think of in your case is that even though you have a good
understanding of queries, making a page with a results table in under
3 minutes can be an amazing time saver. I can see myself using
FMStudio to create a skeleton of a whole project for a client in under
an hour and then be able to tweak specific sections as needed instead
of spending hours creating queries manually on each page.
I was also quite impressed with their support and dedication to
answering some questions I had about working with portals - which
turned out to be extremely simple once I understood the concept of
repeating regions in Dreamweaver.
Best,
Jose
On 10/31/06, Alex Gates <alex at gandrpublishing.com> wrote:
> Jose-
>
> Thanks for your reply... the interesting thing is that I had the idea to
> try out * after watching the FMStudio videos... and I did see their
> disable wildcard option - - I'd be curious to see how the "disable
> wildcard" code looks...
>
> What are your thoughts on FMStudio? Do you feel that if you have a
> pretty good understanding of performing queries and working with arrays
> in php that the FMStudio may not be so helpful? Or, even if you've
> become quite familiar with queries and arrays, is FMStudio still worth
> it?
>
> Alex P. Gates
>
> -----Original Message-----
> From: fx.php_list-bounces at mail.iviking.org
> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Jose Sevoya
> Sent: Tuesday, October 31, 2006 9:28 AM
> To: FX.php Discussion List
> Subject: Re: [FX.php List] * and login
>
> Hi Alex,
>
> When I read your message I immediately thought of FMStudio by
> FMWebschool. One of their tutorial videos
> (http://www.fmwebschool.com/movies/fmstudio/login/login.html) shows
> how to build a login solution. The interesting part is that their
> product has a "disable wildcards" feature when specifying data
> received from the user.
>
> I have just tried it with my copy of FMStudio, and what do you know -
> the * trick it did not work, it has been such a time saver so far!
>
> As for other fields that can be used as wild card matches, there is
> the "@" character to replace sections of words as well as other
> special characters. The most secure way is actually to escape the
> special characters by adding a "\" before them, that would make the *
> for example a literal '*' character.
>
> Best,
> Jose
>
> On 10/31/06, Alex Gates <alex at gandrpublishing.com> wrote:
> > ggt-
> >
> > The foundcount is 3 - and that's the total number user/pass combos I
> > have.
> > So, it finds them all.
> >
> > Andy's trick worked - - Tom's method does, too.
> > Are they both equally secure?
> >
> >
> >
> > Alex P. Gates
> >
> > -----Original Message-----
> > From: fx.php_list-bounces at mail.iviking.org
> > [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Gjermund
> > Gusland Thorsen
> > Sent: Tuesday, October 31, 2006 7:35 AM
> > To: FX.php Discussion List
> > Subject: Re: [FX.php List] * and login
> >
> > what is then the value of foundCount?
> >
> > ggt667
> >
> > On 10/31/06, Alex Gates <alex at gandrpublishing.com> wrote:
> > > Hi everyone-
> > >
> > > I've realized that my login can easily be compromised! Thankfully I
> > > figured this out early in the development process.
> > >
> > > If I enter * for username and * for password, it logs me in as the
> > > latest registered user.
> > >
> > > This is my search syntax:
> > >
> > > $lookup=new FX($serverIP,$webCompanionPort,'FMPro7');
> > > $lookup->SetDBData('Web_Cookbook_Dev.fp7','WebLogin');
> > > $lookup->SetDBPassword('xxxxxx','xxxxxxxx');
> > > $lookup->AddDBParam('Username', $username, 'eq');
> > > $lookup->AddDBParam('Password', $password, 'eq');
> > > $lookupResult=$lookup->FMFind();
> > > $foundResult=$lookupResult['foundCount'];
> > >
> > >
> > > I'm sorry if this has been covered - I searched the archives but I
> > > didn't find anything.
> > >
> > > Is there a way I can modify this search syntax so * can't be used
> for
> > > username and password to log in?
> > >
> > > Wow - I never realized this was a possibility... I just randomly
> tried
> > > it this morning and was shocked at the result...
> > >
> > > Thanks in advance!
> > >
> > > Alex
> > >
> > >
> > > _______________________________________________
> > > FX.php_List mailing list
> > > FX.php_List at mail.iviking.org
> > > http://www.iviking.org/mailman/listinfo/fx.php_list
> > >
> > _______________________________________________
> > FX.php_List mailing list
> > FX.php_List at mail.iviking.org
> > http://www.iviking.org/mailman/listinfo/fx.php_list
> >
> >
> >
> >
> > _______________________________________________
> > FX.php_List mailing list
> > FX.php_List at mail.iviking.org
> > http://www.iviking.org/mailman/listinfo/fx.php_list
> >
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list