PHP and filepro - login lesson
Fairlight
fairlite at fairlite.com
Thu Apr 12 13:05:37 PDT 2018
I'll give you bonus points up-front for using escapeshellarg() for security
purposes.
However, I have a suspicion (though I'm not even -sure- I'm correct) that
you'd be in trouble functionality-wise if you don't have the exact number
of arguments you expect. I've seen too many array index out of bounds
errors with people's explode() usage to think that will pass muster without
crashing if it faces the unexpected. I don't see any sanity checking
against such a condition.
mark->
On Thu, Apr 12, 2018 at 02:26:51PM -0500, Richard D. Williams via Filepro-list thus spoke:
> I was going to send this as an attachment, but I don't know if the
> list would allow that.
>
> Below is a general overview, lesson, help technique, whatever you
> want to call it,
> that shows how to make a login web page that will interact with filepro.
>
> I sure hope I do not get a lot of criticism, because I am just
> trying to help those who may not know this stuff yet.
> I changed the font to courier. I find it easier to read.
>
> BTW I know, I know, everybody is using div now. I am an old dog. My bad.
>
> Here goes nothing;
>
>
> login.php:
>
> <?php
> session_start();
> ?>
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml">
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
> <title></title>
> <style type="text/css">
>
> //this make a nice rounded button
> input[type=submit], input[type=button], button {
> -webkit-border-radius: 25px;
> -moz-border-radius: 25px;
> background-color: silver;
> border-color: silver;
> border-radius: 25px;
> border: 1px solid rgba(0,0,0,0.4) ;
> font-family: Arial, Helvetica, sans-serif;
> font-size: 17px;
> line-height: 19px;
> font-weight: bold;
> }
>
> //makes a rounded corner border
> .rndcorner {
> border:1px solid black;
> padding:10px 10px;
> background:white;
> border-radius:15px;
> width:1000px;
> }
>
> .text-medium {
> font-family: 'Montserrat', sans-serif;
> font-size: 17px;
> line-height: 19px;
> }
>
> .text-large {
> font-family: 'Montserrat', sans-serif;
> font-size: 19px;
> line-height: 21px;
> font-color: black;
> }
>
> .input-big {
> width: 120px;
> height: 30px;
> font-size: 20px;
> }
>
> </style>
> </head>
> <body>
> <?php
>
> if ($_POST['user_login'] != '') {
> $string = '';
> $id = uniqid('');
> $filename = "/WEBIN/$id";
> $string="";
> system("/usr/local/yourclt/get_login " . escapeshellarg("$id") . " " .
> escapeshellarg("$user_login") . " " . escapeshellarg("$user_passwd")
> . " > /dev/null");
> if (file_exists($filename)) {
> $data = file($filename);
> $size = sizeof($data);
> for($i = 0; $i < sizeof($data); $i++) {
> $string = $data[$i];
> }
> list($clt_num,$clt_name,$clt_address1,$clt_address2,$clt_city,
> $clt_state,$clt_zip,$clt_phone,$clt_email,$clt_contact,)=explode('|',$string);
> unlink($filename);
> $_SESSION['clt_num'] = $clt_num;
> $_SESSION['clt_name'] = $clt_name;
> $_SESSION['clt_address1'] = $clt_address1;
> $_SESSION['clt_address2'] = $clt_address2;
> $_SESSION['clt_city'] = $clt_city;
> $_SESSION['clt_state'] = $clt_state;
> $_SESSION['clt_zip'] = $clt_zip;
> $_SESSION['clt_phone'] = $clt_phone;
> $_SESSION['clt_email'] = $clt_email;
> $_SESSION['clt_contact'] = $clt_contact;
> } else {
> echo ("<script>
> var msg = "Invalid Login or Password!";
> alert(msg);
> </script>");
> }
> }
>
> echo ("<FORM METHOD='post' ACTION='" . $_SERVER['PHP_SELF']) . "'
> onkeypress=\"return event.keyCode != 13;\">
> <center><div class=\"rndcorner\">
> <table width=\"100%\" border=\"0\" cellpadding='0' cellspacing='0'
> class='text-medium'>
> <tr><td>
> <table border=\"0\" width=\"100%\" class=\"text-medium\"
> cellpadding=\"0\" cellspacing=\"0\">
> <tr><td width=\"250\"><img src=\"images/your_client_logo.jpg\"></td>
> <td valign=\"middle\" align=\"center\" class=\"text-large\"
> nowrap>Login Page</td>
> <td width=\"250\"></td></tr>
> </table>
> </td></tr>");
>
> if ($_SESSION['clt_name'] == "") {
> echo ("<tr><td height=\"300\" align=\"center\" valign=\"middle\">
> <table width=\"100%\"class=\"text-medium\"border=\"0\"
> cellpadding=\"0\" cellspacing=\"0\">
> <tr><td>
> <table class=\"text-large\" cellpadding=\"0\" cellspacing=\"0\"
> valign=\"middle\" align=\"center\">
> <tr><td align=\"right\">Login:</td><td><input type=\"text\"
> class=\"input-big\" id=\"user_login\" name=\"user_login\"
> size=\"15\"></td></tr>
> <tr><td align=\"right\">Password:</td><td><input type=\"password\"
> class=\"input-big\" id=\"user_passwd\" name=\"user_passwd\"
> size=\"15\"></td></tr>
> <tr><td></td><td><input type=\"submit\" value=\"Login\"></td></tr>
> </table>
> </td></tr>
> </table></td></tr>
> </td></tr></table>
> <script>
> type=\"text/javascript\"
> language=\"javascript\">
> document.getElementById(\"user_login\").focus();
> </script>
> </div>
> </body>
> </html>
> </form>");
> exit();
> }
> ?>
>
> To get data from filepro to the web pages, I create a directory
> /WEBIN and I link it to /var/www/html/WEBIN. This must be configured
> as an accessible folder within the apache config.
> This folder is cleared out every night.
>
> I create a filepro file called "r_process" can be any file with at
> least one field.
>
> prc.get_login is used to export any and all info required for this
> login web page
> into a oipe delimited file that must be accessible by apache. I do
> not add a record
> to this file unless I need to print. I use @menu and exit out when done.
>
> /usr/local/yourclt/get_login
> PFSKIPLOCKED=5 export PFSKIPLOCKED
> TERM=ansi export TERM
> PFCMARK=30 export PFCMARK
> USER_LOGIN=$2 export USER_LOGIN
> USER_PASSWD=$3 export USER_PASSWD
> /appl/fp/dclerk r_process -Sblk -Z get_login -Y noprc -R $1
>
> i.e.
> 1 clt_num
> 2 clt_name
> 3 clt_address1
> 4 clt_address2
> 5 clt_city
> 6 clt_state
> 7 clt_zip
> 8 clt_phone
> 9 clt_email
> 10 clt_contact
>
> fa="/WEBIN/"{@PM
>
> export ascii mgr = (fa) r=\n f=|
>
> mgr(1)=clt(1);mgr(2)=clt(2);mgr(3)=clt(3);mgr(4)=clt(4);mgr(5)=clt(5)
>
> mgr(6)=clt(6);mgr(7)=clt(7);mgr(8)=clt(8);mgr(9)=clt(9);mgr(10)=clt(10)
>
> mgr(11)=""
>
> You end up with a file like this;
>
> 1000|The Application Group|123 Main Street|Suite
> 2913|Houston|TX|77272|(713) 555-1212|(281)
> 555-3232|richard at appgrp.net|Richard D. Williams|
>
> It is very important to export a last field (mgr(11)) as a blank value.
> This places a pipe at the end of the data but before the carriage return
>
> Ok. Now your data is waiting for you. Lets use php within the page to
> get it.
>
> //test to see if a user_login was typed in
> if ($_POST['user_login'] != '') {
> //this generates a unique 13 character alpha numeric value. It
> serves as your data bucket for
> //both out-going and in-coming;
> $id = uniqid('');
> //this is where your filepro program will export the pipe delimited data
> //I use a directory named WEBIN. You can use any folder you like, as
> long as apache can reach it.
> $filename = "/WEBIN/$id";
> //This is the variable that will hold the exported filepro data
> $string="";
> //execute the script, passing the unique id, user_login, user_passwd.
> @PM will hold the unique id
> //the other values will be exported to the environment by the
> script. you could use /usr/local/bin, but
> //I like making a special folder to hold these web related scripts
> system("/usr/local/yourclt/get_login " . escapeshellarg("$id") . " " .
> escapeshellarg("$user_login") . " " . escapeshellarg("$user_passwd")
> . " > /dev/null");
> //Did we get some data - yes
> if (file_exists($filename)) {
> //this opens the file containing the pipe delimited data, reads it
> into a variable, $string
> $data = file($filename);
> $size = sizeof($data);
> for($i = 0; $i < sizeof($data); $i++) {
> $string = $data[$i];
> }
> //This little wonder parses the pipe delimited string into
> individual variables
> list($clt_num,$clt_name,$clt_address1,$clt_address2,$clt_city,
> $clt_state,$clt_zip,$clt_phone,$clt_email,$clt_contact,)=explode('|',$string);
> //Remove the file containing the data, we do not need it any more
> unlink($filename);
> //set the retrieved data into SESSION variables so they can be use
> in subsequent pages.
> $_SESSION['clt_num'] = $clt_num;
> $_SESSION['clt_name'] = $clt_name;
> $_SESSION['clt_address1'] = $clt_address1;
> $_SESSION['clt_address2'] = $clt_address2;
> $_SESSION['clt_city'] = $clt_city;
> $_SESSION['clt_state'] = $clt_state;
> $_SESSION['clt_zip'] = $clt_zip;
> $_SESSION['clt_phone'] = $clt_phone;
> $_SESSION['clt_email'] = $clt_email;
> $_SESSION['clt_contact'] = $clt_contact;
> } else {
> //Oops! No data. Let the user know the login failed
> echo ("<script>
> var msg = "Invalid Login or Password!";
> alert(msg);
> </script>");
> }
> }
>
> Please note, this is very syntax heavy. Each "if" statement must be opened
> by a "{" and closed by the "}". If there is an "else", it must have a "}"
> before and a "{" after. A bracket, brace, comma, etc out of place and your
> page will not run and web programs do not give you very clear errors like
> filepro.
>
> Well, that's it for now. This may not have been a great presentation
> of this technique.
> I hope the full php page at the top helps give you a big picture and
> the explanation
> below that makes it clear.
>
> There are many ways to write in php. I prefer to start php and stay there.
> Others prefer to go in and out only when php is needed. I have always
> found that to be
> a syntax challenge.
>
> I respect those who have a different view.
>
> If this helps somebody out there, then I have started to pay back
> for all other who have
> helped me over the past 35 years.
>
> Good Luck,
>
> Richard D. Williams
>
>
> BTW, I have not scowered this for typos or other issues.
> But I will answer questions to further clarify or resolve problems.
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mailman.celestial.com/pipermail/filepro-list/attachments/20180412/20098757/attachment.html>
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list
--
Audio panton, cogito singularis.
More information about the Filepro-list
mailing list