Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Web Security Functions

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
    #31
    Re: Web Security Functions

    Other than not being redirected to where I want (yet), this saves user values to both security and my local user tables.

    Jerry and Steve, thanks again for the help....Bob

    Here�s what I did:
    In the interactive window:
    ?a5ws_get_guid_from_group("Client",.T.)
    = "637fc9579ac54cf1bc33409f69f1b99c"
    ?a5ws_get_guid_from_group("Office",.T.)
    = "0a5bddc7fc074202beb118c049bd0f11"

    In my after validate page:
    a5ws_get_user_values(CurrentForm,request)

    dim tbl as p
    tbl=table.open("usersX")
    tbl.index_primary_put("id")
    recnum = tbl.fetch_find(alltrim(CurrentForm.Controls.userid))
    IF (recnum>0) THEN
    'do nothing since security will not allow duplicates
    ' this dialog is for adding, not updating
    else
    tbl.enter_begin()
    tbl.EnterDate = date()

    dim utype as C
    IF ((currentform.controls.groups.value)= "637fc9579ac54cf1bc33409f69f1b99c") THEN
    utype = "Client"
    else 'do nothing
    end if
    IF ((currentform.controls.groups.value)= "0a5bddc7fc074202beb118c049bd0f11") THEN
    utype = "Office"
    else 'do nothing
    end if

    tbl.UserType = utype
    tbl.FName = currentform.controls.fname.value
    tbl.LName = currentform.controls.lname.value
    tbl.Email = currentform.controls.email.value
    tbl.enter_end()
    end if

    request.variables.ulink = tbl.Id
    tbl.close()

    a5ws_save_user_values(CurrentForm,request)

    CurrentForm.RedirectTarget = "clientX.a5w"

    Comment

      #32
      Re: Web Security Functions

      I�ve been struggling with a redirect based on which group a user chooses to be part of. I am able to create the user in security and my local user table just fine.
      After submit is selected, it will not redirect me to the desired �Client.a5w�� page. I�ve tried a few different methods. The currentform.redirectTarget = �client.a5w� both before and after the a5ws_save_user_values(CurrentForm,request). It acts like it is trying to work. The url indicates it is trying to reach the Client page, but it goes to my index.a5w page. Here is what the url shows:
      http://localhost/mybusiness/Default/...2FClient%2Ea5w
      I think there is an issue with the ulink. If my target page is classified Always Allowed, the currentform.redirectTarget = will work just fine.

      If I try the following, data is saved in security and my local user table, but it just stays on my createwebuser page after submit
      If alltrim(lookupc("F",alltrim(session.__protected__ulink),"alltrim(Usertype)","[pathalias.adb_path]\users","Id")) = "Client"
      CurrentForm.RedirectTarget = "Client.a5w"
      else
      end if
      I inserted a request.variable.RedirPage = �Client.a5w� in my after validate section in an If Then statement to determine which group was chosen. This will not redirect me from the createnewuser page when submitted. After creating the new user, I can go to the login page, login, and I will be directed to the desired �Client.a5w� page.

      Any thoughts?

      Thanks,

      Bob

      Comment

        #33
        Re: Web Security Functions

        I'm not sure I followed everything, but it seems like your users are either not logged in, or already logged in when they get to the place where you have them choose their group, and then you expect that security to be active at that moment. In either case, if they do not log in AFTER you make your adjustments to security framework, none of what you do is going to be effective (that may not be 100% true, but someone would have to test).

        If that's what you are doing, I think you need to restructure so they log in after making these choices.
        Steve Wood
        See my profile on IADN

        Comment

          #34
          Re: Web Security Functions

          Steve,

          Thanks. I currently have my main index page with two choices: login or create new user. If you have an account, login. If you do not have an account, create one. I incorrectly assumed that in creating the new account, since the required data makes it to security and my user table, that the new user is logged in. It seems as though that is not happening. The new user will have to login, then proceed to the followon page.

          Bob

          Comment

            #35
            Re: Web Security Functions

            The best way to confirm suspicions like this it to review a dozen other website and their login process. You will find that NO other web applications (that I have see) automatically log you in after you create an account, you have to go through that process. It's also for security - your process is insecure enough considering you don't force the user to respond to an email (double opt-in). Assuming you use email address somewhere in your create an account process, that means that anyone could create an account using YOUR email address.
            Steve Wood
            See my profile on IADN

            Comment

              #36
              Re: Web Security Functions

              Steve,

              Once again, another great point. Somehow when I read the Alpha5 ad I thought this stuff would be easy. Now I have to wrap my head around your suggestion to send an email to invite a potential user. I think my brain is fried and I need a break for a day or two. Maybe I should stick to flying planes. It's much easier.

              Bob

              Comment

                #37
                Re: Web Security Functions

                If you and others are interested, I will put together a drop-in module for double opt-in. I'll make it available on my website for a very modest cost. If you do it right, there is quite a bit to the process, goes something like this:
                • Visitor registers online.
                • Dialog event code posts new user to local Users table as PENDING and posts all security information (groups, security Q&A, password, etc.) to a temporary table linked to the local users table, then sends an email to user with encrypted "confirmation" link. It posts NOTHING to Security Framework at this time.
                • Visitor receives email and clicks confirmation link.
                • Confirmation link leads to an A5W page that ONLY responds to such confirmation responses.
                • Confirmation A5W page decrypts the request, matches up to a PENDING record and post a record to Security and toggles them from PENDING to ACTIVE (and a few other things).
                • You also have to add a bunch of error checking - a) let them re-register freely if they did not get the email and, for lack of any other options, just re-register, b) provide a link on your website that fires off another confirmation email in case they cannot find the first one, c) ensure they cannot register twice once confirmed, d) dump PENDING registrations after X days without response, e) make the module flexible enough that it will work regardless of what Security options you select.


                All of this is part of the template I use internally when I create a new application. For those of you who read my paper titled "User Login and Registration Methods" (on my website), it's still useful a useful document, but it describes a method for double opt-in that I have since replaced with what I described above.
                Steve Wood
                See my profile on IADN

                Comment

                  #38
                  Re: Web Security Functions

                  Bob,

                  I take it back, I was on a website today that logged me in as soon as I completed the registration process (http://www.neosounds.com). I can see that the URL of the registration button takes me to a page with a parameter "action=login".

                  So, I guess should add, you can do this if you want to. That is, you could automatically login the person as soon as they complete your registration process.

                  The function you want is a5ws_login_user(). It's not in the official help document, but you can find help on the parameters if you type that function in code.

                  So, in your Dialog for registration you would just finish off with that function, providing it with the userid, passsord, etc. It also includes options for redirect page, so you may really like it.

                  I still think double opt-in is superior, but it really depends on what kind of website you are creating.
                  Steve Wood
                  See my profile on IADN

                  Comment

                    #39
                    Re: Web Security Functions

                    Steve,

                    I just read your article "User Registrations and Login Methods". It was very insightful. I agree, with the limited knowledge that I have, that the double opt-in methods is superior. I will probably revist it in the future, but the thought of implementing it is a little overwelming for me right now. I am just happy to have my createuser page working.

                    I used the a5ws_login_user(userid, password) followed by
                    If alltrim(lookupc("F",alltrim(session.__protected__ulink),"alltrim(Usertype)","[pathalias.adb_path]\users","Id")) = "Client"
                    CurrentForm.RedirectTarget = "Client.a5w"
                    else If alltrim(lookupc_....
                    I don't know if this redirect is the optimal way to do it, but it works.

                    Thanks again!

                    Bob

                    Comment

                      #40
                      Re: Web Security Functions

                      Steve,

                      Your 4-19-08 post in this thread is the documentation that SHOULD be in the Help files to explain the AddEditUser sample. Thanks very much.

                      However, my Ulink field is not saving to security. I am using the basic code and structure from the help file and WAS sample on this topic. When the form is submitted, all fields in websecurity_users are updated with values from the dlg except for Ulink. The form re-displays with a blank value in Ulink field. (Other things could affect the display, but main problem for now is web security not being updated.)

                      VALIDATE
                      Code:
                      request.variables.Email = alltrim(request.variables.userid)
'request.variables.ulink = CurrentForm.Controls.ulink.value
a5ws_save_user_values(CurrentForm,request)
                      I started with not explcitly setting request.variables.ulink, and tried a couple variations of the above commented line with no success.

                      The other difference is that in the userlist dlg App Server sample page, the Show User Record button redirects with a page variable ?guid=. I don't pass any page variables. Could this be an issue?

                      So strange Ulink is the only field not being updated. I have a session variable named session.ulink_value, but nothing else named Ulink besides the dialog variable.

                      Bill.

                      Comment

                        #41
                        Re: Web Security Functions

                        Also I need to mention that this is on localhost at this point.

                        Bill.

                        Comment

                          #42
                          Re: Web Security Functions

                          The problem turned out to be interesting???

                          On the a5w page the dlg_EditAddUser was loaded twice (once as dlg_EditAddUser1). But only x_dlg_EditAddUser1.output.body.dialog_html was in a table cell. So I must have deleted the component once, and presumably, did not tell it to delete the supporting code in the page.

                          So for the copy of the component that was loaded, but whose html was not used, the restriction on Initialize event running once must not hold. I found this when I saw that the Initialize event was being run multiple times for each Submit, etc. The extra Inits screwed up my variables.

                          So deleted the extra references and it seems to be working now.

                          Bill.

                          Comment

                          Previous 1 2 3 template Next
                          Working...
                          X