Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

adding users and security

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
    #1

    adding users and security

    I'm not sure if i have the right understanding of adding users to the security group and would be grateful if someone could help me out.

    i have created a table for members, in the table are fields for a username and a password.

    i have a page called 'join.a5w' allowing a new user to submit their personal details creating a unique username and password.

    Security is set up to with a ulink to userid (username) and takes the password from the table. (i was hoping to use the email address as the username)

    i have imported my test records into the security group.

    my question is, if a new user submits their details via the 'join.a5w' page, where does this data go and how does the security function pick up the new users login details?? How soon after joining could a user log in and use the service?

    thanks

    richard
    Tags: None
    #2
    Re: adding users and security

    You may need to show the code in your join.a5w and describe the dialog for Login for anyone to know how it affects/does not affect security. Does your login dialog write to the Security Framework or to your own Users table, or both?

    If it just writes to your own local Users table, then the join page will never update security, and no one who "joins" can log in. I've responded in the past that you should not and need not have a field for password in your local Users table. Its your choice, but it doesn't need to be there and is counter to the philosophy of the Security Framework.

    I think what you have been doing is creating a local User record, and then importing that table into security.
    Steve Wood
    See my profile on IADN

    Comment

      #3
      Re: adding users and security

      Steve,

      thanks for your reply. ok i understand about passwords and of course would prefer to implement this, but i wasnt sure how to go about allowing a user to set their own password.

      the problem i am having is trying to undertsand and set up a system in which a new user can create their own new record (in security and also for these details to be passed to a table) and then also have almost instant access to their own records.

      My join.a5w page uses a web component to collect the required data for the table, but i assume that this is not being passed to the security framework (although i though i had done this through the ulink field).

      Security is set up as follows;

      user id configuration = Value
      cross file validation is from a table 'tmembership'

      in customisation options -
      i have set the enable external user id field as true
      session variable _protected_userid

      not sure if the above helps but thought more is better.

      any further suggestions ( i think i need help in understanding more than the answer itself).

      thanks again

      Comment

        #4
        Re: adding users and security

        I'd encourage you to read the Alpha Help on this topic and go through the samples in the Web Application Demo. There is a specific section on Adding a User from a Web Form. You seem to be mixing Security Framework and non-Framework concepts. If you review that Help section it will help you understand the concepts regarding adding a user (that's more difficult to convey on this forum). Cross file validation would not be necessary as the Framework would take care of rejecting duplicates. On the protected variable, you need to use double underscore, not single: __protected__userid.
        Steve Wood
        See my profile on IADN

        Comment

          #5
          Re: adding users and security

          Richard, I also have a membership application, and here's what I did:

          Getting the member information like name and address is straightforward, and I do that first so I can use some of the info to prefill the login creation form. The real question is this login and password creation form.

          I created a dialog component with three controls:
          UserId titled Login Email Address
          Password titled Login Password
          Confirm_Password titled Confirm Password

          Also, created hidden fields
          guid
          ulink
          RedirPage
          groups

          The initialize event is:
          Code:
           
Dim session.__protected__UserId as C
Dim session.__protected__UserEmail as C
a5ws_get_user_values(CurrentForm,request)
CurrentForm.Controls.UserId.value=alltrim(session.__protected__UserEmail)
CurrentForm.Controls.ulink.value=alltrim(session.__protected__UserId)
CurrentForm.Controls.RedirPage.value="ev_route.a5w"
CurrentForm.Controls.groups.value=a5ws_get_guid_from_group("Users",request)
          where session.__protected__UserId is the record id from the people table they already filled out and session.__protected__UserEmail is the preferred contact email address they entered on that form. Ev_route is a page I use to reroute them based on what they are doing (there are several possibilities that cause them to end up here) and Users is the security group I want them in.

          The Validate event is
          Code:
           
a5ws_save_user_values(CurrentForm,request)
session.__protected__UserId=alltrim(CurrentForm.Controls.ulink.value)
session.__protected__UserEmail=alltrim(CurrentForm.Controls.UserId.value)
'==== login the user. If it fails, user will get login screen
Dim pReturn as p
vRT="ev_route.a5w"
vID=alltrim(CurrentForm.Controls.UserId.value)
vPW=alltrim(CurrentForm.Controls.Password.value)
pReturn=a5ws_Login_User(vID,vPW,vRT)
          Here, I revise the session variables in case the user has changed them and the a5ws_Login_User() function logs them in so they don't have to go back through the login component.

          AfterValidate is
          Code:
           
a5ws_get_user_values(CurrentForm,request)
CurrentForm.RedirectTarget = "Ev_Route.a5w"
          This gets the values for the security system and sends them on their way to the routing page.

          Pat
          Pat Bremkamp
          MindKicks Consulting

          Comment

            #6
            Re: adding users and security

            Hello Pat (or anyone),

            For my NewUser dialog, I have
            userid (character set as session)
            password
            confirm_password
            UserEmail (character set as session)
            Account_Type (they choose job seeker or employer)
            RedirPage (hidden)
            groups (hidden)
            guild (hidden, set as session)
            ulink hidden, set as session)

            Initialize
            Dim session.__protected__UserId as C
            Dim session.__protected__UserEmail as C
            Dim session.__protected__Account_Type as C
            a5ws_get_user_values(CurrentForm,request)
            CurrentForm.Controls.UserId.value=alltrim(session.__protected__UserId)
            CurrentForm.Controls.ulink.value=alltrim(session.__protected__UserId)
            CurrentForm.Controls.UserEmail.value=alltrim(session.__protected__UserEmail)
            CurrentForm.Controls.RedirPage.value="Employer_Register.a5w"
            CurrentForm.Controls.groups.value=a5ws_get_guid_from_group("Users",request)

            After Validate
            If a5ws_get_user_values(CurrentForm,request)
            CurrentForm.RedirectTarget = "Employer_Register.a5w"
            Else
            CurrentForm.RedirectTarget = "NewUser.a5w"
            End if

            Activate
            pagelist = a5ws_get_page_list(request)
            grouplist = a5ws_get_groups(request,.T.)

            1) Will this create enough session variables? Will this allow me to filter pages, etc. to only the particular user who is logged in?
            2) Will this allow me to auto-populate fields in my Employer_Register.a5w page? This is important.

            Thanks for all the help!
            Last edited by EricN; 01-06-2008, 01:08 AM.
            Eric

            Alpha Five Websites
            longlivepuppies.com
            socialservicenetwork.com
            -------------------------------------------------
            socialservicenetwork.org

            Comment

              #7
              Re: adding users and security

              1) Will this create enough session variables? Will this allow me to filter pages, etc. to only the particular user who is logged in?
              2) Will this allow me to auto-populate fields in my Employer_Register.a5w page? This is important.
              I know this is driving you nuts but...

              There is nothing in this code that will create ANY session variables. Rather, it assumes that they already exist. Since they don't (or probably don't) and you have no error checking, the page will probably bomb.

              You left out the Validate event, but nothing here will save anything to the Security Framework.

              The only session variable you need (to do what you want so far) is either ulink or userid (protected), depdending on how you want to filter records.

              You spelled guid wrong (guild)

              I think on this one you need to take another look at the Help on Adding a User from a web form. The xbasic in the events is really as simple as shown in the example.
              Steve Wood
              See my profile on IADN

              Comment

                #8
                Re: adding users and security

                sorry to raise this again and i must sound really dumb, but i just can't figure out how to do this;

                i have a dialog to accept new registrations and this is all ok.
                i have set the security and have my ulink value.
                i have pages with components built filtered at the grid level to the ulink value

                this is where i am struggling (i have checked the help files, the msg bioard, the applicaiton server samples and the alpha sports sample)

                a user has registered in to the web security framework. how do i then pass the value's used in registration, to a table in my database, which in turn will will allow the user to login and open a page filtered to them.

                my ulink is based upon a unique value in the 'casefile' table which acts as the filter for all subsequent pages. but the unique value is not set at the point of registration, its set when a new record is added to the 'casefile' table.

                sorry to be a pain on this subject.

                Comment

                  #9
                  Re: adding users and security

                  i think i may be getting there - btw, i am now on v9, but this was originally started in v8.

                  i think i need some code in the aftervalidate event of a dialog to pass the values from the registation dialog to the table.

                  i found this code in the sports app.

                  Code:
                  if eval_valid("session.dataclear")
	if session.dataclear = .T. ' skip validate if clearing data
		end
	end if 
end if 
session.__protected__chkoutprogress = 2 ' this page is complete

dim session.__protected__chkout as p
session.__protected__chkout.Firstname =  alltrim(CurrentForm.Controls.Firstname)
session.__protected__chkout.Lastname =  alltrim(CurrentForm.Controls.Lastname)
session.__protected__chkout.Company =  alltrim(CurrentForm.Controls.company)
session.__protected__chkout.Email =  alltrim(CurrentForm.Controls.Email)
session.__protected__chkout.Phone =  transform(remspecial(CurrentForm.Controls.phone),"@R (999) 999-9999") ' convert to standard mask template
session.__protected__chkout.Bill_address_1 =  alltrim(CurrentForm.Controls.Bill_address_1)
session.__protected__chkout.Bill_address_2 =  alltrim(CurrentForm.Controls.Bill_address_2)
session.__protected__chkout.Bill_city =  alltrim(CurrentForm.Controls.Bill_city)
session.__protected__chkout.Bill_state_region =  alltrim(CurrentForm.Controls.Bill_state_region)
session.__protected__chkout.Bill_postal_code =  alltrim(CurrentForm.Controls.Bill_postal_code)
session.__protected__chkout.Ship_to_name =  alltrim(CurrentForm.Controls.Ship_to_Name)
session.__protected__chkout.Ship_address_1 =  alltrim(CurrentForm.Controls.Ship_address_1)
session.__protected__chkout.Ship_address_2 =  alltrim(CurrentForm.Controls.Ship_address_2)
session.__protected__chkout.Ship_city =  alltrim(CurrentForm.Controls.Ship_City)
session.__protected__chkout.Ship_same =  alltrim(CurrentForm.Controls.Ship_same)
session.__protected__chkout.Ship_state_region =  alltrim(CurrentForm.Controls.Ship_state_region)
session.__protected__chkout.Ship_postal_code =  alltrim(CurrentForm.Controls.Ship_postal_code)
session.__protected__chkout.Customer_id = alltrim(CurrentForm.Controls.customer_id)
session.__protected__chkout.taxable =  alltrim(CurrentForm.Controls.taxable)
session.__protected__chkout.saveship =  alltrim(CurrentForm.Controls.saveship)

if CurrentForm.Controls.customer_id <> ""	'	values came from a table record
    query.filter = "customer_id = "+quote(CurrentForm.Controls.customer_id) ' find the record
    query.order = "customer_id"
    tbl = table.open("[PathAlias.ADB_Path]\customer.dbf")
    qdx = tbl.query_create()
    if qdx.records_get() = 1 then 'record found - update
    	tbl.change_begin()
        tbl.Firstname =  alltrim(CurrentForm.Controls.Firstname)
        tbl.Lastname =  alltrim(CurrentForm.Controls.Lastname)
        tbl.Company =  alltrim(CurrentForm.Controls.company)
        tbl.Email =  alltrim(CurrentForm.Controls.Email)
        tbl.Phone =  transform(remspecial(CurrentForm.Controls.phone),"@R (999) 999-9999") ' convert to standard mask template
        tbl.Bill_address_1 =  alltrim(CurrentForm.Controls.Bill_address_1)
        tbl.Bill_address_2 =  alltrim(CurrentForm.Controls.Bill_address_2)
        tbl.Bill_city =  alltrim(CurrentForm.Controls.Bill_city)
        tbl.Bill_state_region =  alltrim(CurrentForm.Controls.Bill_state_region)
        tbl.Bill_postal_code =  alltrim(CurrentForm.Controls.Bill_postal_code)
        if alltrim(CurrentForm.Controls.saveship) = "True" ' save shipping information in customer record
	        tbl.Ship_to_name =  alltrim(CurrentForm.Controls.Ship_to_Name)
	        tbl.Ship_address_1 =  alltrim(CurrentForm.Controls.Ship_address_1)
	        tbl.Ship_address_2 =  alltrim(CurrentForm.Controls.Ship_address_2)
	        tbl.Ship_city =  alltrim(CurrentForm.Controls.Ship_City)
	        tbl.Ship_state_region =  alltrim(CurrentForm.Controls.Ship_state_region)
	        tbl.Ship_postal_code =  alltrim(CurrentForm.Controls.Ship_postal_code)
	        if alltrim(CurrentForm.Controls.ship_same) = "True"
	        	tbl.Ship_same = .T.
	        else
	        	tbl.Ship_same = .F.
	        end if 
	    end if 
        if alltrim(CurrentForm.Controls.taxable) = "True"
        	tbl.taxable = .T.
        else
        	tbl.taxable = .F.
        end if 
        tbl.change_end()
    end if	
	tbl.close()
end if 

dim redirect_target as c = "checkoutcomp.a5w"
if file.exists(request.applicationRoot+"project.customsettings")
	dim p as p
	file.to_property(request.applicationRoot+"project.customsettings",p)
	if p.sales_method = "PayPal"
		redirect_target = "checkoutcompPayPal.a5w"
	end if
end if 
CurrentForm.RedirectTarget = redirect_target
                  am i on the right track??? what i still dont get, is that the value i use for my ulink field is not generated until a record has been written to the 'casefile' table.

                  i would be really grateful if someone could step me through the process of a new user completing my registration form, logging in and then completing a dialog to write data to my table. im just a little confused on what value is passed to recognise the user form registration to the security framework to the dialog to accept the users data which will be written to my table. then once the record has been writtem to my table how do i then get the ulink value back to the security framework?

                  thanks

                  richard

                  Comment

                    #10
                    Re: adding users and security

                    Hello Richard,
                    Pat’s post #5 above is great and should help a lot. I know this can be daunting; it certainly was for me at first.

                    Does your registration dialog contain the controls Pat suggests? If not, you should revisit #5.

                    how do i then pass the value's used in registration, to a table in my database,
                    My registration dialog contains what Pat suggests plus this dialog writes data to my users’s table.

                    dim tbl as P
                    '=================== Open member table and write data ===================
                    tbl=table.open("[pathalias.adb_path]\users")
                    tbl.enter_begin(.T.)
                    tbl.Userid = alltrim(Userid)
                    tbl.Ulink = ulink
                    tbl.Secquest = alltrim(SecQues)
                    tbl.Secanswer = alltrim(SecAns)
                    tbl.User_type = groups
                    tbl.Email = Email
                    tbl.enter_end(.T.)
                    tbl.close()

                    When the user logs in using my login dialog, the security framework looks at the “groups” and assigns the user the group he/she registered for. Then the user seamlessly passes through my “redirect_login.a5w” page Note my pic regarding security framework. where I assign additional session variables. Then, depending on their “permissions,” the user is sent to the appropriate page.

                    Here is some of my code in my redirect_login page:
                    ' ========================================================================
                    ' Login session.variables
                    session.First_name = alltrim(lookupc("F",alltrim(session.__Protected__Userid),"alltrim(First_name)","[pathalias.adb_path]\users","userid"))
                    session.Last_name = alltrim(lookupc("F",alltrim(session.__protected__userid),"alltrim(Last_name)","[pathalias.adb_path]\users","userid"))
                    session.Company_name = alltrim(lookupc("F",alltrim(session.__protected__userid),"alltrim(Company_name)","[pathalias.adb_path]\users","userid"))
                    session.permissions = alltrim(lookupc("F",alltrim(session.__protected__userid),"alltrim(Permissions)","[pathalias.adb_path]\users","userid"))

                    My groups are either Employer or JobSeeker and are assigned when user registers and this info is written in my users table. "user type"
                    If session.permissions = "Employer"
                    response.redirect("EmHomePg.a5w")
                    elseif session.permissions = "JobSeeker"
                    response.redirect("JSHomePg.a5w")
                    else
                    ? "This is a bad login!" + "<BR>"
                    ? "<BR>"
                    ? "Please contact us!"
                    end if
                    ' ========================================================================

                    … which in turn will will allow the user to login and open a page filtered to them
                    There are a few ways to filter pages for the specific user. Here are two:
                    1) I use If eval_valid("session.__protected__userid") to test if the session.__protected__userid is available. (There is a lot of info in forum and help regarding the uses for this) When it is available, I can also define additional session.variables.

                    2) Define arguments in grids. (see pic) This is where you can filter the grid to only display that particular user’s information.

                    Hope this helps!
                    Last edited by EricN; 01-21-2009, 12:50 AM.
                    Eric

                    Alpha Five Websites
                    longlivepuppies.com
                    socialservicenetwork.com
                    -------------------------------------------------
                    socialservicenetwork.org

                    Comment

                      #11
                      Re: adding users and security

                      after a long time i am back to this (previously abandoned). i really thought i was getting somewhere and understood it.

                      i have set up a 2 stage registration process

                      1. user enters personal details to a dialog which writes to a local table. page name 'register1.a5w' and component 'cust_register' submit button takes user to step 2

                      2. page 'register.a5w' - component 'register' brings forward values from first step and then writes the client to the security table.

                      step 1 is working fine and successfully writes to the db table and proceeds to page2, but i get an error at this time, that it cant find the 'custid'.

                      i have tried but am lost, just when i though i was doing quite well.

                      if someone has the time to look at my code, id be grateful and let me know where i have gone wrong. i think i have tried so many different things it might be a bit of a mess now.

                      Comment

                        #12
                        Re: adding users and security

                        back to this... i am now in v10

                        i have created a grid to add a record (few basic details for a customer added to the customer table). i now want to get details to pass to the security table.

                        in the grids 'afterinsert' event i have added this
                        Code:
                        e.rv.session.__protected__caseparent = CurrentForm.Controls.case__parent__id
e.rv.session.__protected__clientemail = CurrentForm.Controls.clientemail
                        my questions is, i need to get the value of the case_parent_id (auto increment) field created when the record was submitted.

                        am i on the right track?

                        Comment

                          #13
                          Re: adding users and security

                          got this all sorted.

                          Comment

                            #14
                            Re: adding users and security

                            I tried to follow this thread because I want to do the same. Is there in V10.5 another way to do this or is your way the best?
                            Ren�
                            Windows 7, V11

                            Comment

                              #15
                              Re: adding users and security

                              hi, with the help of the board i did get this done. im sure its the right way and it works well for me.

                              i will find the component and post here shortly.

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X