[FX.php List] Errors searching for email addresses
Bob Patin
bob at patin.com
Mon Jan 26 10:38:38 MST 2009
Not true... it's what I use all the time...
BP
Bob Patin
Longterm Solutions LLC
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
Twitter: bobpatin
iChat/AIM: bobpatin
FileMaker 9 Certified Developer
Member of FileMaker Business Alliance & TechNet
--------------------------
FileMaker hosting and consulting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting
On Jan 26, 2009, at 11:32 AM, Steve Winter wrote:
> Hi Bob,
>
> Which is fine so long as you're not actually using an email address
> as a username, since the stripping of the @, which your code below
> does, will result in it not working ;-)
>
> Cheers
> Steve
>
>
> On 26 Jan 2009, at 17:29, Bob Patin wrote:
>
>> This is an often-discussed topic; the other thing to consider is
>> that users can use wildcards to spoof your login system.
>>
>> Here's what I use in my web apps to validate username and password:
>>
>> $query->AddDBParam('username',"==".preg_replace('/([@*#?!=<>"])/','\
>> \\${1}',$username));
>> $query->AddDBParam('password',"==".preg_replace('/([@*#?!=<>"])/','\
>> \\${1}',$password));
>>
>> I forget who originally posted this, but it's very useful...
>>
>> Hope this helps,
>>
>> Bob Patin
>> Longterm Solutions LLC
>> bob at longtermsolutions.com
>> 615-333-6858
>> http://www.longtermsolutions.com
>> Twitter: bobpatin
>> iChat/AIM: bobpatin
>> FileMaker 9 Certified Developer
>> Member of FileMaker Business Alliance & TechNet
>> --------------------------
>> FileMaker hosting and consulting for all versions of FileMaker
>> PHP • Full email services • Free DNS hosting • Colocation •
>> Consulting
>>
>>
>> On Jan 26, 2009, at 11:13 AM, luke at soundtoys.com wrote:
>>
>>> I am using fx.php to check login credentials against our FM db and
>>> the username is the customers email address. I keep getting a 401
>>> error (no matching records) because of the @ being a special
>>> symbol in FM. How do I pass the data as an argument for
>>> AddDBParam() such that it recognizes the '@' as the actual
>>> character not the special symbol.
>>>
>>> Thanks in advance,
>>>
>>> --
>>>
>>> /***************************
>>> * Luke Awtry
>>> * Audio Plugin Developer
>>> * SoundToys, Inc.
>>> * 802.951.9700 x207
>>> * luke at soundtoys.com
>>> ***************************/
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> Steve Winter
> steve at bluecrocodile.co.nz
> m: +44 77 7852 4776
> 3 Calshot Court, Channel Way
> Ocean Village, Southampton SO14 3GR
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20090126/a5540012/attachment.html
More information about the FX.php_List
mailing list