Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

URL Login

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
    #1

    URL Login

    I have a very low security application where I need the user to be able to login directly based on a value or values in their URL; I've seen this done in (PHP?) but I'm not sure it is possible in A5. The URL would be something like mywebsite.com/Tom123456. The URL can contain the password or I can reference a lookup table for that. Technically, the user wouldn't even have to log in since they would only have access to the first name, a unique ID and a document that they would download... but I haven't found any functions that might do that.

    I�m thinking I would use a5ws_login_user() but I can�t find any documentation on it and there is nothing in the forums that points me in the right direction. Any help would be greatly appreciated!

    Tom
    Tags: None
    #2
    Re: URL Login

    Yes, use that function. You'd add it to an A5W page maybe named autologin.a5w. Make a URL like autologin.a5w?u=steve&p=mypassword, and the the code in the A5W page would be:

    Code:
    <%a5
dim u as c
dim p as c
dim result as p
result = a5ws_login_user(u,p)
if result.error = .t.
	response.redirect("login.a5w")
else
	response.redirect("index.a5w")
end if
%>
    You are supposed to be able to use it as below, but I cannot get the function to work if the password is incorrect (works if just the username is incorrect). The code above is more flexible anyway.

    Code:
    <%a5
dim u as c
dim p as c
dim result as p
result = a5ws_login_user(u,p,"index.a5w")
response.redirect(result.RedirectURL)
%>
    Here, he value of result.RedirectURL should contain index.a5w if authenticated, or whatever you have in Web Config as redirect on failed login.

    You can get creative on what you provide in the URL for u and p. Obscure them, and then use xbasic on the autologin.a5w page to parse the true value.
    Steve Wood
    See my profile on IADN

    Comment

      #3
      Re: URL Login

      That worked perfectly. I'll have to play with it a little to get the effect that I want but it is what I was looking for.

      Thanks!

      Comment

        #4
        Re: URL Login

        Steve,

        Is there a way to assign the full URL to a variable so that I can parse it or do I have to have an = in the URL? I've been looking for a way to get the URL and can't find one.

        Comment

          #5
          Re: URL Login

          You don't need to parse it. The syntax mypage.a5w?u=steve&p=password would yield two page variables, u and p with the values after the equal sign. You can't get the full url as a variabl since the server only knows the parts relative to the server itself. But you can get various parts like page name and query_string, which is the part after the page name. Find request variables in the Help document.

          mypage = request.script_name
          myparams=request.query_string
          Steve Wood
          See my profile on IADN

          Comment

            #6
            Re: URL Login

            Thanks Steve. I actually did have the correct syntax but I just figured out that I'm not logging in because my security/user table is not updating on the WAS... but it is working locally. I re-published all of the security files without any luck. I haven't had a chance to look into that yet... do you have any suggestion? Is there a way that I can view the table remotely, like I can with the local one?

            Here is the code that I am using to update my user table. I don't tgink it's the code because it does work locally.

            Code:
            'Add New Inquiry to User Table
dim request.variables.userid as c
dim request.variables.email as c
dim request.variables.password as c

request.variables.userid = vFirst + vID
request.variables.password = vFirst + vID

dim request.variables.groups as c
request.variables.groups = "Prospects"

dim output as p
dim output.controls as p
dim output.controls.guid.value as c 

dim result as p
dim error_message as c
dim group_list as c
result = a5ws_Save_User_Values(output,request)

if result.errors = .T. then
error_message = result.error_text
end
end if 

user_guid = output.controls.guid.value

            Comment

              #7
              Re: URL Login

              To view the websecurity_users table you could add that table to your table list (File > Add Table), and create a grid against it. It's a normal table, just in a different location.

              I look at my websecurity_table when necessary by having a spare copy of A5V8 on my server. Then I just look at the table in raw table view.

              To know if your code works to add users, I'd need to see the other events, not just the Aftervalidate. The fact that you are potentially setting the GuID may be a problem if all attempts use the same GUID value.
              Steve Wood
              See my profile on IADN

              Comment

                #8
                Re: URL Login

                I don't have any code in the other events pertaining to adding users, the guid variable is empty. If the "external user ID value" and guid and ulink are one in the same (sorry, I'm new here), they are not being added to the user table locally. BTW, the group isn't being added either

                The problem that I am having is that I'm not using a traditional "add user" page; I am creating users from a inquiry form. To get unique login names, I am using the first name and the auto incremented key from the table. To keep it simple, I am using the same value for the password. These users will never (purposely) log in, they will click on a personalized URL (PURL) that I will email them, which will automatically log them in so they can download a personalized marketing brochure that will be created for them. Security is not an issue since the first name is the only personal data that will be exposed.

                I guess now that I think about it (after 14 hours staring at this screen), I probably don't need to log them in at all. I can leave the page unprotected, query the URL and use the value as a lookup for a table/grid that has just the user id and file name in it. Would that work?

                Comment

                  #9
                  Re: URL Login

                  Yes, skip the whole login process if this is a one-shot deal. It's easy to create a URL that works for a given period of time and is unique for each user.

                  There are many methods, here is one if you start with an authorized list of users (if this is not applicable, let me know):

                  Starting with a authorized list:
                  • Create a list of those you want to download this brochure.
                  • Create a UUID for each record.
                  • Include a date field named "download_complete".
                  • Send an email to each on the list with the PURL, such as:
                    mydownloadpage.a5w?uid=dff065f8049a48e8887a43be77a601db&c=401&bid=1001


                  where:
                  • uid is their unique UUID
                  • c is the Campaign ID in case you are doing this multiple times each with different parameters, and allowed time periods
                  • bid is the brochure ID, in case you have different types of brochures

                  Then you can, if you want, encrypt any parameter or the whole query string (all parameters as a string) using BASE64ENCRYPT() or stronger encryption if desired.

                  mydownloadpage.a5w would then take the parameters and:
                  • Check the uid parameter against the list of expected UUID's and allow only if the record was present.
                  • I don't know how you generate the personalized brochure, but if it is dynamically created, you can use the uid parameter to pull information from the user list for that person.
                  • Check that the download_complete date field was empty and potentially disallow subsequent download if you want.
                  • Check the c parameter against your Campaigns and see if the time period for download has expired. Disallow download if desired.
                  • Use the bid parameter to download the appropriate brochure (I don't mean their personalized information, I mean a totally different brochure if you have several).


                  This is one of many methods. You can include the URL expiration date right in the URL (encrypted) so that your mydownloadpage.a5w would decrypt that date and disallow if out of step.

                  If you do NOT have a pre-existing list of users, you can use a similar method, but the URL is created dynamically after they fill out your online form. Completing the form creates the user record, and sends the email.

                  And there are methods that do not require an existing User record at all.

                  The mydownloadpage.a5w would NOT allow any download if you just hit the page without the required parameters; you don't want the public to download the file. By the way, if these brochures are pre-prepared for each client, and you leave these brochures in your web document root unprotected, Google will eventually index them and any one can find it by searching. So you should either place them in a folder and include the folder in your ROBOTS.TXT to prohibit search engines from indexing, or put the document(s) outside of the root. If you do the latter, you need special xbasic to 'pull' the document out and present it to the user. Search for file.from_blob() for that procedure.

                  This was kinda of off-the-top, but I've implemented methods like this in other situations.
                  Steve Wood
                  See my profile on IADN

                  Comment

                    #10
                    Re: URL Login

                    Thanks again for the help and the advice on the download parameters! The users are not pre-populated and I am creating the Purls dynamically... and it is working perfectly!

                    My next task is to automate the processes offline. Once the user hits submit, I write the data to the tables, create a personalized brochure and send the email with the Purl. I had to write a VB executable to loop through the text files in a folder, open InDesign (it's scriptable), place the variable text and graphics and save the page as a PDF. I'm running everything in an After Validate event now but it takes 10-15 seconds to create the file without having multiple requests coming in at the same time. And I can't have the email get to the recipient before the brochure is completed.

                    I know I have to use WatchDirectory. The report will take care of itself but I have to figure out how to pass the variables and execute the emails. Do I send a text or batch file with the variables in it to WatchDirectory and it calls an a5w page with the email script in it? Do I need Curl to call the a5w page? If so, do I code the a5w to open the txt/bat file and parse the variables? I'm not sure how the whole process works.

                    Comment

                      #11
                      Re: URL Login

                      Tom,

                      I used to have all of this at my fingertips, but it has been a while and its a bunch of components. It's the kind of thing that deserves a white paper.

                      Before any description, want to mention that WatchDirectory is needed only if you need INSTANT reaction to whatever you want to do. If you can live with once-every-minute or some other schedule, like once-every-noon, once-every-10-minutes, etc., you can use a very simple program called CRONTAB.

                      If you only need to do some DOS type work, saving a file, and so on, you don't need CURL.EXE. But if you need to execute some xbasic, you either need CURL to fire the A5W page or somehow to execute code in a copy of Alpha Five on the server.

                      In short, you create a normal batch file using xbasic and save that batch file to a 'watched' folder. WatchDirectory sees this new file and execute it once.

                      If you need to fire an A5W page, then you need CURL. It will execute WITHOUT opening a browser window. It's best to find instructions on CURL on the web, very detailed. The format I used was:

                      curl -d "id=2&eventno=100&A5W_Sess_ID=1" //localhost/sched/http_local.a5w

                      meaning it will fire http_local.a5w with the parameters after the -d.

                      The A5W_Sess_ID=1 is mandatory, you need to set the session id or it won't work. The "1" is arbitrary, is should really be a unique UUID value now that I think of it.

                      If you cannot find CRONTAB, see my website (login first) at http://www.alphatogo.com/openfile.a5...07603D04E2AB1B

                      Also see this video which features WatchDirectory: http://www.alphatogo.com/openfile.a5...1F7EC846A58B81
                      Steve Wood
                      See my profile on IADN

                      Comment

                        #12
                        Re: URL Login

                        Tom, How did you create the ability to add the name after the URL?
                        example at www.mydomain.com/jack123 or www.mydomain.com/susan456.

                        Did you create a universal page?
                        Or did you create a page for each person?

                        Comment

                          #13
                          Re: URL Login

                          I'll briefly try to explain this the best I can.

                          Here are the definitions of some of the terms I will use:
                          PURL = Personalized URL

                          Landing Page = Page that PURL takes user to (index page in my instance)

                          Inquiry Page = Page where prospect enters info and submits/writes a new record (index page in my instance)


                          First of all, I didn't find a way to use the slash (/) character, I had to use the question mark (?) because it signals the beginning of a filter.

                          I wanted the url to be clean; I didn't want a 3w.myurl.com/download.a5w?Tom1234 situation, so I "re-used" the index page which gives me a url of 3w.myurl.com?Tom1234

                          When the user submits their entry (on my index page), I create a PURL* value by combining the first name and a unique sequential number and write it to the table with all of their other info. I had to strip out all non alphanumeric characters because spaces and other characters caused problems the filter...use remspecial(). Once they submit, I sent an email with a link created by appending the url with the PURL* value that I just created. When the user clicks on the link, it brings them to the page.

                          Since the inquiry page* and landing page* are one in the same (index page), I had to create some logic to execute the page correctly. Request.Query_String returns the value of everything after the question mark in the url; I assigned that to a variable (vPURL). I created an if/then statement on the index page. If the Request.Query_String/vPURL variable is empty (3w.myurl.com), I execute the inquiry page*. If the value is not empty (3w.myurl.com?Tom1234), I execute the landing page*. The landing page logic includes a lookup, using the vPURL value, to find the person's first name (so I can personalize the landing page). The document name that they download is derived from the vPURL value as well. You could pull as much info you want from the table but I only thaty value in this application. Technically, in my app I wouldn't even have to access the table but I want to personalize the page when they return.

                          I hope this makes sense, let me know if you need any clarification.

                          Comment

                            #14
                            Re: URL Login

                            Thanks, I will get to work on it.
                            Thanks again.

                            Comment

                              #15
                              Re: URL Login

                              Its great so far, That was a great help. But I need to impose a little more.

                              You quoted: "The landing page logic includes a lookup, using the vPURL value, to find the person's first name "

                              Is it possible to elaborate in this lookup.

                              I now have a variable with name of the person after the ?

                              I have a table with a record with that name.

                              How do I do "That lookup"?

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X