AnsweredAssumed Answered

FM Account based Authentication for a PHP site?

Question asked by FM-K12 on Jul 1, 2014
Latest reply on Jul 2, 2014 by FM-K12

When I look at the code generated by the FM 11 Site Assistant for an authentication page to capture account information to allow access to the database this is what I see.

 

 

!DOCTYPE HTML>

<?php

 

/**

* FileMaker PHP File

*/

require_once "fmview.php";

$cgi = new CGI( );

$cgi->clear('userName');

$cgi->clear('passWord');

$cgi->checkStoredFile( );

 

$futurelink = $cgi->get('-link');

 

if (isset($futurelink))

$cgi->store('futurelink',$futurelink);

else $cgi->store('futurelink', 'Home');

 

?>

 

Omitted stuff -------------------------------

 

<div id="form">

<form action="<?php echo $cgi->get('file') ?>" method="post">

<input name="-action" type="hidden" value="login"> <input name="-link" type="hidden" value="<?php echo $cgi->get('futurelink'); ?>">

<table class="loginalign" border="0" align="center" cellpadding="2" cellspacing="2">

<tr>

<td colspan="2" class="loginheight">

</td>

</tr>

<tr>

<td colspan="2" align="center" class="login_title">

<?php if(isset($errormessage)){echo ('<div id ="autherror">' . $errormessage . '</div>' );} ?>Please enter a valid user name and password.

</td>

</tr>

<tr>

<td colspan="2" align="center">

</td>

</tr>

<tr>

<td class="fields">

Account Name </td>

<td>

<input name="userName" type="text">

</td>

</tr>

<tr>

<td class="fields">

Password

</td>

<td>

<input name="passWord" type="password">

</td>

</tr>

<tr class="submit_btn">

<td>

 

When I look at the FileMaker 13 API examples or in the books by Jonathan Stark or the Web School folks or elsewhere I do not see any sort of authentication apparatus where CGI is used.

 

Rather I see all sorts of other method being recommended - taught.

 

What is wrong with the CGI method; is it too difficult to do, too insecure, creates a big performance hit?

 

IF CGI is a blind alley, then what is the best method to code an authentication page with PHP that will result in the user's entry being authenticated against a FileMaker based account and that information held in a secure place for the duration of the session?

 

Thank you in advance.

Outcomes