1 2 Previous Next 15 Replies Latest reply on Jul 2, 2015 10:16 AM by Karen

    How to create a Login

    carlossoares

      good Morning

      I like to create a login system where you put the username and password and the program will check a database if the information is correct and shows the user's data in a specific layout.

       

      This program will be used via WebDirect.

       

      Does anyone know a DEMO where I can learn how to make this login system?

       

      After I have user data in two global variables, I do not know what the best procedure to search the information in the database, show the layout with user information.

       

      This program will be used for a sports club where every user will create your username and password. At this point I'm putting the information manually and just want a login that identifies and let me enter a particular layout.

       

      Someone can give me a hint? :-)

       

      Best regards

        • 1. Re: How to create a Login
          erolst

          carlossoares wrote:

          After I have user data in two global variables, I do not know what the best procedure to search the information in the database, show the layout with user information.

          Why not create a relationship where

           

          Login::gUserName = Users::userName

          Login::gPassWord = Users::password

           

          and display a portal. If there is a match, you see the info automatically; if not, display a message.

           

          For a case-sensitive solution, try a calc field on both sides as

           

          Login::cCredentialsAsCode = Code ( Login::gUsername & Login::gPassword )

          Users::cCredentialsAsCode = Code ( Users::userName & Users::password )

           

          and match on Login::cCredentialsAsCode = Users::cCredentialsAsCode

          • 2. Re: How to create a Login
            Mike_Mitchell

            Please note that you are far better to use FileMaker's native security features than to "roll your own" from a security standpoint. Storing credentials (especially passwords) in a database table is an invitation to being hacked and is a poor practice.

             

            You may benefit from checking out Darren Burgess's authentication module in GitHub:

             

                 darrenburgess/FileMaker-Accounts-Module · GitHub

             

            FWIW

             

            Mike

            • 3. Re: How to create a Login
              mikebeargie

              password storage/encryption/decryption from a filemaker table is also possible FWIW, but it's much easier to use filemaker user accounts. Problem of course being management of said FM accounts when they multiply to hundreds of users, you still end up with a need for some sort of table-based solution to track and manage those accounts.

               

              For us "web guys", it makes a lot more sense to "roll our own" user account management system because standard practice is to do so on just about every other web platform.

               

              Sounds like a whitepaper in the making, now if I only had more time

              • 4. Re: How to create a Login
                Mike_Mitchell

                Having the accounts in a table is fine. Putting the passwords there without strong encryption is asking for trouble. Sorry if that was unclear.

                • 5. Re: How to create a Login
                  wimdecorte

                  Mike Beargie wrote:

                  Problem of course being management of said FM accounts when they multiply to hundreds of users, you still end up with a need for some sort of table-based solution to track and manage those accounts.

                   

                  I wouldn't think so. That's where you'd use External Authentication.  It's dead simple to set up and is there specifically for this reason.  Table-based accounts and security is always going to be a security concern, see Steven Blackwell's upcoming devcon presentation for more info there.

                   

                  The long and short is: FM has the tools for efficient account management, even for hundreds of accounts, without the need for compromising the security of your solution.

                  • 6. Re: How to create a Login
                    mikebeargie

                    No, that's totally clear, storing plain text passwords in a table is total sacrilege.

                    • 7. Re: How to create a Login

                      The other approach would be to use the record locking feature of Filemaker's security.

                      You can define a privilege set, then keep drilling down to data access/records/custom privileges. Then down to the file record. where the user name in the record = "Get(AccountName)"  Of course you need your username to exist in the record you'd like them to access.

                       

                      It's kind of buried but it is rock solid.

                       

                      Kurt

                      • 8. Re: How to create a Login
                        ibrahim_bittar

                        From what I understood, Carlos wants to log into a WebDirect solution from a website.

                         

                        If he wants to do the login without reinventing the wheel he can create the whole website in the FileMaker Server http root folder and then embed the web direct login page with an iFrame, more or less something like this:


                        Home | My Website


                        But instead of having a WebDirect solution that automatically logs in, he can modify the WebDirect home page and embed it instead of the complete URL.

                        • 9. Re: How to create a Login
                          mikebeargie

                          External Authentication for WebDirect though? Then instead of filemaker, your domain controller is flooded with hundreds of accounts. I would think (given my outdated active directory experience) that would make things even harder to manage than filemaker accounts.

                           

                          If you think about WebDirect security in parallel to what you would use for say a LAMP stack site:

                          • Root User:
                            • LAMP: this is the master account for your MySQL database.
                            • FM: this would be your full access filemaker developer account.
                          • Data Level Connecting User:
                            • LAMP: this would be the single account who's credentials are stored in a .php config file to connect to the MySQL database.
                            • FM: a restricted generic filemaker account with WD (and no other) permissions to connect to the database.
                          • Accessing User:
                            • LAMP: this is a user who's info is stored inside of a table inside of MySQL. PHP scripts handle the login/encryption/decryption of passwords. Session variables can be used to store privileges
                            • FM: table based user accounts. FM scripts handle the encryption/decryption/verification of user. Re-login script step can then be used to escalate/deny accessing user to a different data level user account or even boot them out.


                          All in all, you would be able to at least come up with something as secure as a generic LAMP stack login system, as long as you were using something like Troi Encryptor to make sure your password strings never exist in committed data as plain-text.

                           

                          Just something to think about really. If you're trying to create a system to handle hundreds of users, then it's worth it in administrative labor savings to develop a robust (and secure) user management system. If you're only expecting a few dozen users, then the regular built in filemaker security account are probably fine, and that account module by Darren is a great example.

                          • 10. Re: How to create a Login
                            ibrahim_bittar

                            Hi Carlos, I think you need two solutions:

                             

                            A "Sign Up" WebDirect solution which would be like a form, where you collect user information and then have a script to create an account in FileMaker and eventually store non sensitive user information in a users table.

                             

                            A "Sign In" solution which would be the actual WebDirect solution you want. You can redirect your users from the website to this solution in a separate page.

                            • 11. Re: How to create a Login
                              wimdecorte

                              Mike Beargie wrote:

                               

                              External Authentication for WebDirect though? Then instead of filemaker, your domain controller is flooded with hundreds of accounts. I would think (given my outdated active directory experience) that would make things even harder to manage than filemaker accounts.

                               

                              Why would it?  That's what it is designed for, it's what it is good at.  Fully scriptable, high performant...  I wouldn't call hundreds of accounts a flood, again that is what AD is designed for.

                              • 12. Re: How to create a Login
                                mikebeargie

                                I guess I’m getting at “right tool for the job”, based on my experience as a web developer. If I’m creating a website or web application for someone, the first thing that comes to mind isn’t “I really need to add a domain controller to handle security”. I’ve always just written or used something in PHP/MySQL for it.

                                 

                                If the client has an existing domain controller, and has already established filemaker to work with external authentication, then it would be an option that makes much more sense. Otherwise it just seems like you’re adding hardware, admin time and extra licensing fees to setup an AD.

                                • 13. Re: How to create a Login
                                  wimdecorte

                                  EA does not require AD or OD, it works just as well with local accounts and groups.  But mgmt is easier with an AD/OD obviously.

                                  • 14. Re: How to create a Login
                                    Karen

                                    How many files in the solution? If several:

                                     

                                    At the NYFMP user group a while back, J. from Colibri Solutions presented a nice concept. The first table is individual accounts by real name, after authenticating, the user is relogged in to the main solution under an account based on privs.


                                    This method would be much easier than scripting the adding of every account to every file, and allowing the client personnel manager to add/remove users. I had adapted this method years ago from a magazine article, but haven't tried Darren's final version, or J.'s as yet.

                                    1 2 Previous Next