Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Login Check Not working

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
    #1

    Login Check Not working

    I have used this code many times before but now I have problems. Here is the code for the include within my a5w files to make sure the person has logged in. It works FINE on my system that has the WAS server. However, it does not work on any other systems. Even though the person has logged in, if you go back to the page it will ask that you login again.

    Code:
    <html><head>
<meta name="robots" content="noindex">
<meta http-equiv=Content-type content="text/html; charset=unicode"><%a5
if eval_valid("session.FlagIsLoggedIn") = .f. then
	session.targetURL = request.request_uri
	response.redirect("verifyreflogin.a5w")
	end
end if
%><meta content="MSHTML 6.00.2900.2627" name=GENERATOR></head>
<body></body></html>
    The
    Tags: None
    #2
    Re: Login Check Not working

    Phil,

    I don't have the answer, but I have a couple comments

    First, if you are including this page in another page, you don't need the html. You can use simply:

    Code:
     
<%a5
if eval_valid("session.FlagIsLoggedIn") = .f. then
session.targetURL = request.request_uri
response.redirect("verifyreflogin.a5w")
end
end if
%>
    Second, you are not using a protected variable for the session variable. In this case, someone could simply put the session variable in the URL and bypass your security. Here's a little snippit out of my login validation script that shows using a protected variable.

    Code:
    '==== If login is not valid or not 'Yes', send them To User_Login
if eval_valid("session.__protected__LoginValid")=.f.
response.redirect("User_Login.a5w")
end
else
if session.__protected__LoginValid<>"Yes"
response.redirect("User_Login.a5w")
end
end if
end if
    Pat
    Pat Bremkamp
    MindKicks Consulting

    Comment

      #3
      Re: Login Check Not working

      Thank you for the extra security advice. To make this work (using your example) back in the After Validate then I need to add

      Code:
      session.__protected__LoginValid = .t.
      Am I correct on this?

      Comment

        #4
        Re: Login Check Not working

        Actually, if you want to follow my example, you would use

        session.__protected__LoginValid = "Yes"

        in the AfterValidate of User_Login

        I'm partial to character variables since it eliminates a lot of converting.

        Pat
        Pat Bremkamp
        MindKicks Consulting

        Comment

          #5
          Re: Login Check Not working

          The fun continues...inserting your code I got the SAME results that I did with mine. If I navigate thru the web pages on the WAS computer using IE, everything works fine. Go to another computer and then the pages do NOT work properly. It keeps asking to login even after you have logged in....

          Comment

            #6
            Re: Login Check Not working

            Phil,

            Then, if we assume that the script is working correctly, the problem must be with assigning the session variable, not evaluating it. I would look at the script that creates the session variable in the first place (presumably the login script).

            Is verifyreflogin.a5w your login page?

            Pat
            Pat Bremkamp
            MindKicks Consulting

            Comment

              #7
              Re: Login Check Not working

              Does your browser allow cookies?
              And how is WAS configured?
              To use cookies or to add the sessionID to the URL(cookieless mode)?
              Advantage of using cookieless mode is that browsers that have cookies disabled are able to visit your site.
              But �t's less safe...
              You could try this mode, maybe it has something to due with cookies.

              Regards Brendo
              Last edited by B.B.Bongers; 12-20-2006, 05:40 PM.
              Ing./bict Brendo Bongers
              Software Engineer
              http://www.brendobongers.nl

              "There's more than one way to skin a cat."

              Comment

                #8
                Re: Login Check Not working

                Phil,

                In order to answer correctly, please post the code from your aftervalidate event on the login dialog, and the current code from the logintest page.

                The code you have in your first post here, would not properly validate for logins because you do not validate that FlagIsLoggedIn is true or false, just that the variable exists or not.
                Steve Wood
                See my profile on IADN

                Comment

                  #9
                  Re: Login Check Not working

                  Originally posted by B.B.Bongers View Post
                  Does your browser allow cookies?
                  And how is WAS configured?
                  To use cookies or to add the sessionID to the URL(cookieless mode)?
                  Advantage of using cookieless mode is that browsers that have cookies disabled are able to visit your site.
                  But �t's less safe...
                  You could try this mode, maybe it has something to due with cookies.

                  Regards Brendo
                  If the browser has cookies turned off and they are enabled on the server, the server will detect this condition and fall back to cookie-less operation for that specific visitor.

                  There could be some other cookie issue though and your suggestion is definitely worth trying.

                  Lenny Forziati
                  Vice President, Internet Products and Technical Services
                  Alpha Software Corporation

                  Comment

                    #10
                    Re: Login Check Not working

                    Thanks Brendo, your suggestion has me going in the correct path. I turned off the Cookie option in the WAS and still did not have success. I went to the browser option and began setting different cookie levels and I got things to work at the LOW level.

                    I don't want my users to have problems, what is the best way to handle this situation since it appeared that turning off the cookies in the WAS did not make any difference, only lowering the cookie level in the browser? Is there something else I can do code wise?

                    Thanks

                    Comment

                      #11
                      Re: Login Check Not working

                      You must be processing logins different than I have seen before. Manipulating cookie level does not affect my login ability, and I would not want to operate at a Low setting for security reasons. That is, I don't think you should accept this setting as your solution.

                      Did you take care of the problem I mentioned in my previous post?
                      Steve Wood
                      See my profile on IADN

                      Comment

                        #12
                        Re: Login Check Not working

                        Steve, I forgot to post the code you were referring to. When I get home tonight I will post it (as long as my feable mind remembers to do it)

                        Thanks for all your help and Merry Christmas

                        Comment

                          #13
                          Re: Login Check Not working

                          Steve, since nothing has fixed the problem other than lowering the cookie level I am showing my original code. I even disabled the option in the WAS to enable cookies for tracking and it did not correct the problem...

                          After Validate - the loginsuccess.a5w page simply displays verbage that the login was successful
                          Code:
                          session.FlagIsLoggedIn = .t.
Currentform.RedirectTarget = "loginsuccess.a5w"
                          Login Check - Include File - the verifyreflogin.a5w is the login page
                          Code:
                          <html><head>
<meta name="robots" content="noindex">
<meta http-equiv=Content-type content="text/html; charset=unicode">
<%a5
if eval_valid("session.FlagIsLoggedIn") = .f. then
	session.targetURL = request.request_uri
	response.redirect("verifyreflogin.a5w")
	end
end if
%>
<meta content="MSHTML 6.00.2900.2627" name=GENERATOR></head>
<body></body></html>

                          Comment

                            #14
                            Re: Login Check Not working

                            Beats me, looks fine. (My earlier statement about having to test for the value of session.FlagIsLoggedIn was wrong since logout or timeout delete the whole session variable. You just have to test for existance.)

                            Note - you still are not using protected variables. If I knew your URL I could login without knowing any passwords.
                            Steve Wood
                            See my profile on IADN

                            Comment

                              #15
                              Re: Login Check Not working

                              Steve, once I get this to work then I was going to protect the variable. That is minor compared to the login not working.

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X