[FX.php List] * and login

Gjermund Gusland Thorsen ggt667 at gmail.com
Tue Oct 31 11:00:45 MST 2006


I also do an additional check if foundCount == 1

On 10/31/06, Jose Sevoya <jsevoya at gmail.com> wrote:
> Hi Alex,
>
> That is quite amazing that we thought of the same things when watching
> those movies! As for how it works, I took the liberty of exploring the
> bundled files that come with it and it seems that there is a whole
> file of functions(FMStudio_Tools.php) that includes some interesting
> code. Specifically the disable wildcards code looks like a mix of
> regular expressions and a few other string manipulators to achieve
> proper "\" based escape sequences.
>
> As for my thoughts on FMStudio, even though I am quite new to PHP and
> it is very helpful not needing to write any code at all to make sites
> - I am now comfortable enough with PHP to explore the code a bit and I
> would say FMStudio is certainly worth it. The main point that I can
> think of in your case is that even though you have a good
> understanding of queries, making a page with a results table in under
> 3 minutes can be an amazing time saver. I can see myself using
> FMStudio to create a skeleton of a whole project for a client in under
> an hour and then be able to tweak specific sections as needed instead
> of spending hours creating queries manually on each page.
>
> I was also quite impressed with their support and dedication to
> answering some questions I had about working with portals - which
> turned out to be extremely simple once I understood the concept of
> repeating regions in Dreamweaver.
>
> Best,
> Jose
>
> On 10/31/06, Alex Gates <alex at gandrpublishing.com> wrote:
> > Jose-
> >
> > Thanks for your reply... the interesting thing is that I had the idea to
> > try out * after watching the FMStudio videos... and I did see their
> > disable wildcard option - - I'd be curious to see how the "disable
> > wildcard" code looks...
> >
> > What are your thoughts on FMStudio?  Do you feel that if you have a
> > pretty good understanding of performing queries and working with arrays
> > in php that the FMStudio may not be so helpful?  Or, even if you've
> > become quite familiar with queries and arrays, is FMStudio still worth
> > it?
> >
> > Alex P. Gates
> >
> > -----Original Message-----
> > From: fx.php_list-bounces at mail.iviking.org
> > [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Jose Sevoya
> > Sent: Tuesday, October 31, 2006 9:28 AM
> > To: FX.php Discussion List
> > Subject: Re: [FX.php List] * and login
> >
> > Hi Alex,
> >
> > When I read your message I immediately thought of FMStudio by
> > FMWebschool. One of their tutorial videos
> > (http://www.fmwebschool.com/movies/fmstudio/login/login.html) shows
> > how to build a login solution. The interesting part is that their
> > product has a "disable wildcards" feature when specifying data
> > received from the user.
> >
> > I have just tried it with my copy of FMStudio, and what do you know -
> > the * trick it did not work, it has been such a time saver so far!
> >
> > As for other fields that can be used as wild card matches, there is
> > the "@" character to replace sections of words as well as other
> > special characters. The most secure way is actually to escape the
> > special characters by adding a "\" before them, that would make the *
> > for example a literal '*' character.
> >
> > Best,
> > Jose
> >
> > On 10/31/06, Alex Gates <alex at gandrpublishing.com> wrote:
> > > ggt-
> > >
> > > The foundcount is 3 - and that's the total number user/pass combos I
> > > have.
> > > So, it finds them all.
> > >
> > > Andy's trick worked - -  Tom's method does, too.
> > > Are they both equally secure?
> > >
> > >
> > >
> > > Alex P. Gates
> > >
> > > -----Original Message-----
> > > From: fx.php_list-bounces at mail.iviking.org
> > > [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Gjermund
> > > Gusland Thorsen
> > > Sent: Tuesday, October 31, 2006 7:35 AM
> > > To: FX.php Discussion List
> > > Subject: Re: [FX.php List] * and login
> > >
> > > what is then the value of foundCount?
> > >
> > > ggt667
> > >
> > > On 10/31/06, Alex Gates <alex at gandrpublishing.com> wrote:
> > > > Hi everyone-
> > > >
> > > > I've realized that my login can easily be compromised!  Thankfully I
> > > > figured this out early in the development process.
> > > >
> > > > If I enter * for username and * for password, it logs me in as the
> > > > latest registered user.
> > > >
> > > > This is my search syntax:
> > > >
> > > >         $lookup=new FX($serverIP,$webCompanionPort,'FMPro7');
> > > >         $lookup->SetDBData('Web_Cookbook_Dev.fp7','WebLogin');
> > > >         $lookup->SetDBPassword('xxxxxx','xxxxxxxx');
> > > >         $lookup->AddDBParam('Username', $username, 'eq');
> > > >         $lookup->AddDBParam('Password', $password, 'eq');
> > > >         $lookupResult=$lookup->FMFind();
> > > >         $foundResult=$lookupResult['foundCount'];
> > > >
> > > >
> > > > I'm sorry if this has been covered - I searched the archives but I
> > > > didn't find anything.
> > > >
> > > > Is there a way I can modify this search syntax so * can't be used
> > for
> > > > username and password to log in?
> > > >
> > > > Wow - I never realized this was a possibility... I just randomly
> > tried
> > > > it this morning and was shocked at the result...
> > > >
> > > > Thanks in advance!
> > > >
> > > > Alex
> > > >
> > > >
> > > > _______________________________________________
> > > > FX.php_List mailing list
> > > > FX.php_List at mail.iviking.org
> > > > http://www.iviking.org/mailman/listinfo/fx.php_list
> > > >
> > > _______________________________________________
> > > FX.php_List mailing list
> > > FX.php_List at mail.iviking.org
> > > http://www.iviking.org/mailman/listinfo/fx.php_list
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > FX.php_List mailing list
> > > FX.php_List at mail.iviking.org
> > > http://www.iviking.org/mailman/listinfo/fx.php_list
> > >
> > _______________________________________________
> > FX.php_List mailing list
> > FX.php_List at mail.iviking.org
> > http://www.iviking.org/mailman/listinfo/fx.php_list
> >
> >
> >
> >
> > _______________________________________________
> > FX.php_List mailing list
> > FX.php_List at mail.iviking.org
> > http://www.iviking.org/mailman/listinfo/fx.php_list
> >
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


More information about the FX.php_List mailing list