9 Replies Latest reply on Mar 15, 2016 8:12 AM by sgasch

    How do I handle usernames and passwords when using PHP in FMP Server 14?


      I am using Custom Web Publishing and am in the process of converting my webpages from XSLT to PHP. I am working with someone else who knows php, but not Filemaker Pro. With XSLT, Filemaker Pro handles the login and then I have access to the privilege that the user has in all of my scripts. However, my co-workers says that that will not work with php and that I need to have a separate table with the usernames, passwords and privileges. Also, I need to use login php pages to work with this info.


      My question is, how should I handle this with php? Do I no longer have direct access to the user information when I use php pages instead of XSLT???


      Some guidance, please!!!

        • 1. Re: How do I handle usernames and passwords when using PHP in FMP Server 14?

          You can use the same FileMaker Accounts and Passwords that you use to login using FileMaker Pro with the PHP API.


          When you are authenticating via PHP you need to pass a valid username/password - you will have to create the login form for users to enter their credentials and then process those, but you can certainly use the same account names/passwords that you use with FileMaker Pro. Just make sure you have applied the fmphp extended privileges to the required privilege sets.






          FileMaker Business Alliance

          FileMaker 14 Certified Developer

          Xero Approved Developer

          - - - - - - - - - - - - - - - - -

          Phone: +61 2 9484 6565

          Mobile: +61 418 468 103

          Email: andrew@databuzz.com.au


          • 2. Re: How do I handle usernames and passwords when using PHP in FMP Server 14?

            Does this mean that I can't use the Filemaker login feature (which works with XSLT), but I need to have more php pages to handle the logins and what happens after that?

            • 3. Re: How do I handle usernames and passwords when using PHP in FMP Server 14?

              I'm not sure what you mean by "Filemaker login feature (which works with XSLT)" - can you explain that in some more detail as I'm not sure what you're referring to here.


              With PHP you have a number of options for authentication:


              - hardcode a FileMaker username/password in your PHP code

              - have a PHP page that allows users to login and use that username/password to authenticate. You store their credentials in PHP session globals

              - hardcode a FileMaker username/password in your PHP code but use a "users" table that users have to login and authenticate against


              FileMaker authentication is consistent across all the various clients/APIs.

              • 4. Re: How do I handle usernames and passwords when using PHP in FMP Server 14?

                What I mean is that when I used HTML and then XSLT pages, the FMP Server (or maybe the Web Publishing Engine) put up the login dialog box which authenticated the user, based on the Security table.


                I more steps are now needed because of php, I feel like this is a step backwards.

                • 5. Re: How do I handle usernames and passwords when using PHP in FMP Server 14?

                  See the Filemaker PHP API documentation under the section "Accessing a protected database".  It explains how to do it there.

                  Also on the server in the FMServer folder under documentation is the "PHP API Documentation" folder and you should pass that on to the developer.

                  There used to be example code in the FMServer folder also but that seems to be missing in FMS14 unless I just couldn't find it now.

                  • 6. Re: How do I handle usernames and passwords when using PHP in FMP Server 14?

                    You can create a basic HTML form that takes a UserName and Password, and then use that to  authenticate via php.


                    Here's a basic example php file to get you started. The authentication in this is hard coded, but you could just as easily load the username and password from the HTML form too.

                    Make sure that the user account you authenticate with has the fmphp Extended Privilege set in FileMaker. The account will also need access to all fields, layouts and scripts you intend to use.



                     * A demo file that loads some data from Filemaker, and allows the user to edit said data
                    // FileMaker Error Codes List http://www.nightwing.com.au/FileMaker/Resources/ErrorCodes.html
                    // Tutorial Source http://sixfriedrice.com/wp/up-to-speed-with-the-filemaker-php-api/
                    // Php API PDF https://www.filemaker.com/support/product/docs/12/fms/fms12_cwp_php_en.pdf
                    //Include the FileMaker Api library
                    //Our connection information
                    //NOTE: This data should not be hard coded. Pull info from SQL database table created for purpose or via HTML forms
                    $database = "ExamplePhpAccess.fmp12";
                    $host = "thehost.address.com";
                    $username = "PhpUser";
                    $password = "password";
                    //Make our Connection to FileMaker
                    $fm = new FileMaker();
                    $fm->setProperty('database', $database);
                    $fm->setProperty('hostspec', $host);
                    $fm->setProperty('username', $username);
                    $fm->setProperty('password', $password);
                    //We are now connected to Filemaker
                    //Find a given record in the table 'MyDemoTable'
                    $cmd =& $fm->newFindCommand('MyDemoTable');
                    //Find a record where the field 'FirstName' is equal to 'David'
                    $cmd->addFindCriterion('FirstName', 'David');
                    $result = $cmd->execute();
                    //Check for error. Did we find a record matching what we searched for?
                    if (FileMaker::isError($result))
                      //There was an error. Do something!
                      //Get an Array of records from our result
                      $records = $result->getRecords();
                      //Save the unique record ID
                      $recordID = $records[0]->getRecordId();
                      //If there is more than one, we found more than one record matching our find.
                      //Let's grab some info from the first record we found.
                      //specify the field names, save the data into variables.
                      $field1 = $records[0]->getField('FirstName');
                      $field2 = $records[0]->getField('LastName');
                      $field3 = $records[0]->getField('AField');
                      $field4 = $records[0]->getField('AnotherField');
                      $field5 = $records[0]->getField('MoreField');
                    //Check if form has been Submitted
                    //Get values
                    if (isset($_POST['submit']))
                      if($_POST['submit'] == 'Save Changes' && isset($_POST['recordID']))
                      //Encode characters that may confuse database 
                      $field1 = str_replace("'", "\'", htmlentities($_POST['Field1']));
                      $field2 = str_replace("'", "\'", htmlentities($_POST['Field2']));
                      $field3 = str_replace("'", "\'", htmlentities($_POST['Field3']));
                      $field4 = str_replace("'", "\'", htmlentities($_POST['Field4']));
                      $field5 = str_replace("'", "\'", htmlentities($_POST['Field5']));
                      //We saved the unique record ID in the form so the record is easy to find.
                      $recordId = $_POST['recordID'];
                      //WE are using the EditCommand to edit the record.
                      //If we wanted to create a new record instead, we'd use $cmd = $connection->newAddCommand('MyDemoTable');
                      $cmd = $fm->newEditCommand('MyDemoTable', $recordId);
                      //Don't change the first name, since we hardcoded to find 'David'
                      //$cmd->setField('FirstName', $field1);
                      $cmd->setField('LastName', $field2);
                      $cmd->setField('AField', $field3);
                      $cmd->setField('AnotherField', $field4);
                      $cmd->setField('MoreField', $field5);
                      $result = $cmd->execute();
                      if (FileMaker::isError($result))
                      * GETTING THE ERROR:
                      unable to edit the record: Field Not Found()
                      make sure the field is added on the actual layout in filemaker!!
                      echo 'unable to edit the record: ' . $result->message . '(' . $result->code . ')';
                      echo 'Changes saved.';
                    <table width="980" height="873" border="00" align="center" cellpadding="0" cellspacing="0">
                      <td height="610" align="center" valign="top" bgcolor="#FFFFFF"><p class="headline1"> </p>
                      <form name="appForm" method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>">
                      <td>Name First:</td>
                      <td><input type="text" name="Field1" <?php echo 'value="'.$field1.'"' ; ?> ></td>
                      <td>Name Last:</td>
                      <td><input type="text" name="Field2" <?php echo 'value="'.$field2.'"' ; ?> ></td>
                      <td><input type="text" name="Field3" <?php echo 'value="'.$field3.'"' ; ?> ></td>
                      <td><input type="text" name="Field4" <?php echo 'value="'.$field4.'"' ; ?> ></td>
                      <td><input type="text" name="Field5" <?php echo 'value="'.$field5.'"' ; ?> ></td>
                      <input type="hidden" value="<?=$recordID;?>" name="recordID" />
                      <input type="submit" value="Save Changes" name="submit">
                      <br />
                    • 8. Re: How do I handle usernames and passwords when using PHP in FMP Server 14?

                      Thanks so much for your help and patience.