Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Using user_name as session Var

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Using user_name as session Var

    Hello,
    I use the login system that is shipped with the demo database.
    Now I would like to use the user_name in grids. I guess I need to declare a session.variable that contains the value of User_Name, but I can't figure out how and where to do that.

    Once it is declared, I want to filter in a grid using session.User_Name

    Help.... please....

    Ren�
    Ren�
    Windows 7, V11
    Tags: None
    #2
    RE: Using user_name as session Var

    Rene,

    If you are using a dilog component for the login prompt, you can create your session variable in the AfterValidate event.

    The sample app login mechanism is not particularly secure, it is intended to give a simple example of how a login system could be implemented. If you are trying to protect sensitive data, you should consider a stronger login system. To bypass the demo system, all a user or hacker would need to do is append "?session.FlagIsLoggedIn=.t." to the URL they are requesting. For example, http://was.alphasoftware.com/web_applications_demo/default/sendEmail.a5w?session.FlagIsLoggedIn=.t. will bring you to the "send an email" sample and bypass the login screen.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

    Comment

      #3
      RE: Using user_name as session Var

      Thanks,

      now I now what Not to do. Now I would like to know how to do it better.

      I am a xbasic nono, so even the declaration of a session variable doesn't work, let alone developing a save hacker free environment...

      Help...?

      Ren�
      Ren�
      Windows 7, V11

      Comment

        #4
        RE: Using user_name as session Var

        We are adding advanced security to the components. This will allow you to enable security for your web project and then define which pages and components require a valid login. But this will not be released as part of V6.

        For a secure solution, what you should do is give each site visitor a unique id. You can use the automatically generated session.session_id for this. Then use a table to track the vistor's ID and their corresponding login status. However, given your level of Xbasic experience, this may be difficult for you to build.

        You could improve the security offered by the demo login system by changing the name of the variable used. Bypassing the login as I showed above depends on the hacker knowing that your app looks for a variable named "FlagIsLoggedIn". This task is made easy when you use a published example such as the demo app.

        If you were to change this variable to something unknown to anyone but you and difficult to guess, your app would be more secure than it is now. Now for a hacker to get in, they would need to determine the correct variable that you are using.

        To try to get past this changed login procedure, one would need to randomly guess at the variable name you used. There are automated tools to do this for hackers (or you could easily write one in about 5 lines of Xbasic), most of which are based on using dictionary words. So using a variable name that is not an actual word you would find in a dictionary and is long would make your app a bit more difficult to get in to.

        This still is not an ideal level of security, but it is a step in the right direction with a minimal amount of work on your part.

        -Lenny


        Lenny Forziati
        Vice President, Internet Products and Technical Services
        Alpha Software Corporation

        Comment

          #5
          RE: Using user_name as session Var

          Thanks Lenny,

          That I can do.

          Now for the session variable: I work on a devoloping computer. When I want to filter on var-"User_Id in a grid, I get an error message because that variable does not exist, which is logical because it is generated in a session. How do I cope with that?

          Ren�
          Ren�
          Windows 7, V11

          Comment

            #6
            RE: Using user_name as session Var

            You should have your filter use session.user_id, it needs the "session." prefix if you are working with a session variable.

            Also if you use the expression builder, it will tell you the variable does not exist. You will see the same result when previewing the component. However when you run the A5W page with the grid, it will force you to login first which is where you will be creating the session.user_id variable. So once published, the app will work properly.

            -Lenny

            Lenny Forziati
            Vice President, Internet Products and Technical Services
            Alpha Software Corporation

            Comment

              #7
              RE: Using user_name as session Var

              I'm sorry, Lenny, no go.

              People log in with their Surname.

              in Logindialog, "After validate" says:
              if eval_valid("session.targetUrl") then
              if session.targetURL "" "" then
              Currentform.RedirectTarget = session.targetURL
              else
              currentform.redirectTarget = "_Menu.a5w"
              end if
              else
              currentform.redirectTarget = "_Menu.a5w"
              end if
              session.User_Name=User_Name
              session.sa3dwrd= .t.

              So I think I declared a session variable with the Surname as value.

              Situation: I built a grid where every menu line (record)has one ore more users. So there is a field called "owner" that contains one or more surnames, because menu lines may be accesseable for more people.

              Now I want to filter: I want to show every record where {owner} contains session.User_Name.

              That should be simple, but I don't get it.

              I seem to go wrong on syntax, because A5 keeps telling me that I use an invalid or incomplete expression...
              Ren�
              Windows 7, V11

              Comment

                #8
                RE: Using user_name as session Var

                Still not working.

                I'll try to explain again.

                I have a grid called Menu that contains the field Eigenaar. In that field there may be one or more names, seperated by ,.

                I want to filter that grid on one of those names.
                So, if I would filter on my name, I enter in the Filter line:
                "Rene" $ Eigenaar.
                This is nice, but static.

                Now I want to filter on the user name, which I get from the LoginDialog I sort of copied from the demo database.

                To do that I declared a session variable that I call session.UserName:
                in the After Validate I added on the bottom:
                session.UserName=user_name

                So, in the grid Menu I have to adjust the filter. But how?

                I tried:
                session.UserName $ Eigenaar
                but that gives an error

                Quote(session.UserName,") $ Eigenaar
                but that gives me all records (why?).

                Can you help? And please, give me the exact lines I should use, because I have no knowledge of xbasic.

                Greetings, Ren�
                Ren�
                Windows 7, V11

                Comment

                  #9
                  RE: Using user_name as session Var

                  Rene,

                  As you have discovered, you can't use a session variable in a grid filter. Instead, you have to manipulate the grid component filter in the source for the web page.

                  Look at the following link.
                  http://msgboard.alphasoftware.com/alphaphorum/read.php3?num=16&id=200&loc=0&offset=120&sortby=lastreply&direction=desc&thread=200

                  This technique works well.

                  Pat
                  Pat Bremkamp
                  MindKicks Consulting

                  Comment

                    #10
                    RE: Using user_name as session Var

                    Pat,

                    Thank you,

                    I'm afraid I still don't get it.

                    I am typically a Monkey See Monkee Do type.

                    I tried something like
                    dbf.filter = "\"session.UserName\" $ Eigenaar"+chr(34)
                    and
                    dbf.filter = "session.UserName $ Eigenaar"+chr(34)

                    but no go. I've got no clue, sorry.
                    Ren�
                    Windows 7, V11

                    Comment

                    Previous template Next
                    Working...
                    X