[FX.php List] Login from ASP site

Wed Aug 15 12:01:25 MDT 2007

I have an FX.PHP/FileMaker site that gets some login information from
another site that is ASP.  This worked fine last year when we used it.
However, they have changed some things and I have changed some things.  So
when we went to set up the link again. We are having communication problems
and the there page doesn't want to play with my pages.

They speak ASP and I don't!  I speak PHP (some an any rate) and they don't!
So although we are NOT at a stand off, I am not sure what to tell them and
they are not sure what to tell me.

Last years link used two hidden values, a user id, which I have all of those
in my Accounts table of my FMP data base, and a pass phrase so that we are
sure that anyone who is submitting data into my pages came from their login
security system.

The users login to their system with a user id (School_ID on my pages) and
there own password.  Then on a link on there page the user is sent to my
page were the pass phrase (password) is sent and my page checks it for and
exact match.  I store this passed information in two session variables,
School_ID and password.

Last year, the user had to click an extra button to log into my pages.  They
have changed a few things on there page and are trying to streamline and
take out that extra button.  (For some reason some us music people like to
take any short cut we can find and that extra button really bothered some of
them!)  The reason for the extra button was to send the information,
School_ID and esp. the password hidden.

In the link shown below, you will notice that when trying to access my pages
it kicks them to a login error page and asks them to login again.  That
would tell me that my pages are not picking up the two varables that they
are passing to me.  PLUS it shows the School_ID of the first record of about
600 and the password we are trying to hide in url.  That would tell me that
the FMFind did not work or it found ALL of the records and not the School ID
they were passing which is 9990.

Any help on what to tell them or ask them to do would be helpful.

Here is the url that they get when they try to login and are booted to an
error page:

https://www.igsmasouth.org/ihsa/ihsa_login_verify.php?School_ID=0101&passwor
d=XXXXXXXXX (hidden for security reasons)

My code at the top of my page:

<?php
session_start();

include_once('../FX/FX.php');

include_once('../FX/server_data.php');

$user = $_POST['School_ID'];

$pass = $_POST['password'];

$login = new FX($serverIP,$webCompanionPort);

$login -> SetDBData('Manager_IHSA.fp7','Accounts');

$login -> SetDBPassword('','Admin');

$login -> AddDBParam('School_ID','='.$user);

$loginResult = $login -> FMFind();

$loginData = current($loginResult['data']);

$_SESSION['School_ID'] = $user;

$_SESSION['password'] = $pass;

$_SESSION['School'] = $loginData['School'][0];

$_SESSION['Class'] = $loginData['Class'][0];

$_SESSION['user_level'] = $loginData['user_level'][0];

$_SESSION['solo_site'] = $loginData['solo_site'][0];

$_SESSION['org_site'] = $loginData['org_site'][0];

print_r($_SESSION);

if(!isset($_SESSION['password'])){

//this will change to password !== there passphrase later but is set to this
now so I could login from my own login page for testing.
include_once('ihsa_login_error.php');

}else{

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml">

Jon Montgomery
Illinois Grade School Music Association