1 Reply Latest reply on Oct 8, 2012 7:48 AM by mikebeargie

    Strategy: How create a public submission form with IWP ?

    oak

      IWP is great to put a quick application form together for the web. I would like to create an user account for the people who submit their info, so they can edit it again later if needed.


      I would like to use FM account feature to handle the login credentials. The problem with that approach is that I don't know how what the privilege set of the a first-time user should have; After-all a script must be able to create a new user account. Would granting a firts-time user those privileges great gaping security hole?

       

      Can someone recommend a strategy for creating web submission form, that can be edit by the user later?


      This is what I got so far.

      1. The first-time with 'guest' credentials log in throught a weblink.
      2. The FM startup script redirect the user to the only template the user has access to a located ONE specific record.
      3. The new-User types up a username and password and submit it. The submit-script (Full access privileges) does some anti-spam checking, checks if the username exist and if not create the user name and relogs the user in with their new credentials.

       

      Am I on the right track here? What happens if two new-user try to submit a new username at the same time? is there a way around that?

       

      Please advice.

        • 1. Re: Strategy: How create a public submission form with IWP ?
          mikebeargie

          You seem to be on the right track. The Add Account script step is indeed IWP compatible for creating a new user, re-login is also IWP compatible but can not perform the re-login without dialog (the user will be prompted to log in again manually).

           

          As far as using "run with full access privledges" on your account creation script, there is a filemaker article on that: http://help.filemaker.com/app/answers/detail/a_id/318/~/a-script-run-with-full-access-privileges-could-give-a-restricted-user

           

          You definitely want to do thorough testing of your solution to make sure it can't be abused. But it does allow you the ability to run the account creation/re-login script you outline above.

           

          As far as trying to create two accounts at the same time, there will never be a collision as filemaker is transaction based (meaning the second user would queue after the first user's request, regardless of hitting it at the same time). What you do want to watch out for is trapping the error for the second user:

           

          I believe error #12 "Name already exists" is what you want to trap for.