PHP and filepro - login lesson
Jose Lerebours
fpgroups at gmail.com
Thu Apr 12 14:07:57 PDT 2018
lol, simple but probably functional. There are so many login templates
out there and yet, I do not think I ever wrote two exactly the same.
I would suggest:
(a) Name your session
(b) Only start session if not already started due to previous attempts
(c) In lieu of sending stdin as parameters, write to a file and send the
file as source for filePro to import
~/bin/phpLogin [file source] [file out]
Writing to a file eliminates your need to worry about escaping and
decoding ... Since file_put_contents() will not open a shell should the
user attempt to inject/attack your site.
This is exactly why I wrote fp2php.com but gave up on it since no one
thought the community needed PHP at all :-(
On 04/12/2018 03:26 PM, Richard D. Williams via Filepro-list wrote:
> I was going to send this as an attachment, but I don't know if the
> list would allow that.
>
> Below is a general overview, lesson, help technique, whatever you want
> to call it,
> that shows how to make a login web page that will interact with filepro.
>
> I sure hope I do not get a lot of criticism, because I am just trying
> to help those who may not know this stuff yet.
> I changed the font to courier. I find it easier to read.
>
> BTW I know, I know, everybody is using div now. I am an old dog. My bad.
>
> Here goes nothing;
>
>
> login.php:
>
> <?php
> session_start();
> ?>
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml">
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
> <title></title>
> <style type="text/css">
>
> //this make a nice rounded button
> input[type=submit], input[type=button], button {
> -webkit-border-radius: 25px;
> -moz-border-radius: 25px;
> background-color: silver;
> border-color: silver;
> border-radius: 25px;
> border: 1px solid rgba(0,0,0,0.4) ;
> font-family: Arial, Helvetica, sans-serif;
> font-size: 17px;
> line-height: 19px;
> font-weight: bold;
> }
>
> //makes a rounded corner border
> .rndcorner {
> border:1px solid black;
> padding:10px 10px;
> background:white;
> border-radius:15px;
> width:1000px;
> }
>
> .text-medium {
> font-family: 'Montserrat', sans-serif;
> font-size: 17px;
> line-height: 19px;
> }
>
> .text-large {
> font-family: 'Montserrat', sans-serif;
> font-size: 19px;
> line-height: 21px;
> font-color: black;
> }
>
> .input-big {
> width: 120px;
> height: 30px;
> font-size: 20px;
> }
>
> </style>
> </head>
> <body>
> <?php
>
> if ($_POST['user_login'] != '') {
> $string = '';
> $id = uniqid('');
> $filename = "/WEBIN/$id";
> $string="";
> system("/usr/local/yourclt/get_login " . escapeshellarg("$id") . "
> " . escapeshellarg("$user_login") . " " .
> escapeshellarg("$user_passwd") . " > /dev/null");
> if (file_exists($filename)) {
> $data = file($filename);
> $size = sizeof($data);
> for($i = 0; $i < sizeof($data); $i++) {
> $string = $data[$i];
> }
> list($clt_num,$clt_name,$clt_address1,$clt_address2,$clt_city,
> $clt_state,$clt_zip,$clt_phone,$clt_email,$clt_contact,)=explode('|',$string);
>
> unlink($filename);
> $_SESSION['clt_num'] = $clt_num;
> $_SESSION['clt_name'] = $clt_name;
> $_SESSION['clt_address1'] = $clt_address1;
> $_SESSION['clt_address2'] = $clt_address2;
> $_SESSION['clt_city'] = $clt_city;
> $_SESSION['clt_state'] = $clt_state;
> $_SESSION['clt_zip'] = $clt_zip;
> $_SESSION['clt_phone'] = $clt_phone;
> $_SESSION['clt_email'] = $clt_email;
> $_SESSION['clt_contact'] = $clt_contact;
> } else {
> echo ("<script>
> var msg = "Invalid Login or Password!";
> alert(msg);
> </script>");
> }
> }
>
> echo ("<FORM METHOD='post' ACTION='" . $_SERVER['PHP_SELF']) . "'
> onkeypress=\"return event.keyCode != 13;\">
> <center><div class=\"rndcorner\">
> <table width=\"100%\" border=\"0\" cellpadding='0' cellspacing='0'
> class='text-medium'>
> <tr><td>
> <table border=\"0\" width=\"100%\" class=\"text-medium\"
> cellpadding=\"0\" cellspacing=\"0\">
> <tr><td width=\"250\"><img src=\"images/your_client_logo.jpg\"></td>
> <td valign=\"middle\" align=\"center\" class=\"text-large\"
> nowrap>Login Page</td>
> <td width=\"250\"></td></tr>
> </table>
> </td></tr>");
>
> if ($_SESSION['clt_name'] == "") {
> echo ("<tr><td height=\"300\" align=\"center\" valign=\"middle\">
> <table width=\"100%\"class=\"text-medium\"border=\"0\"
> cellpadding=\"0\" cellspacing=\"0\">
> <tr><td>
> <table class=\"text-large\" cellpadding=\"0\"
> cellspacing=\"0\" valign=\"middle\" align=\"center\">
> <tr><td align=\"right\">Login:</td><td><input type=\"text\"
> class=\"input-big\" id=\"user_login\" name=\"user_login\"
> size=\"15\"></td></tr>
> <tr><td align=\"right\">Password:</td><td><input
> type=\"password\" class=\"input-big\" id=\"user_passwd\"
> name=\"user_passwd\"
> size=\"15\"></td></tr>
> <tr><td></td><td><input type=\"submit\"
> value=\"Login\"></td></tr>
> </table>
> </td></tr>
> </table></td></tr>
> </td></tr></table>
> <script>
> type=\"text/javascript\"
> language=\"javascript\">
> document.getElementById(\"user_login\").focus();
> </script>
> </div>
> </body>
> </html>
> </form>");
> exit();
> }
> ?>
>
> To get data from filepro to the web pages, I create a directory
> /WEBIN and I link it to /var/www/html/WEBIN. This must be configured
> as an accessible folder within the apache config.
> This folder is cleared out every night.
>
> I create a filepro file called "r_process" can be any file with at
> least one field.
>
> prc.get_login is used to export any and all info required for this
> login web page
> into a oipe delimited file that must be accessible by apache. I do not
> add a record
> to this file unless I need to print. I use @menu and exit out when done.
>
> /usr/local/yourclt/get_login
> PFSKIPLOCKED=5 export PFSKIPLOCKED
> TERM=ansi export TERM
> PFCMARK=30 export PFCMARK
> USER_LOGIN=$2 export USER_LOGIN
> USER_PASSWD=$3 export USER_PASSWD
> /appl/fp/dclerk r_process -Sblk -Z get_login -Y noprc -R $1
>
> i.e.
> 1 clt_num
> 2 clt_name
> 3 clt_address1
> 4 clt_address2
> 5 clt_city
> 6 clt_state
> 7 clt_zip
> 8 clt_phone
> 9 clt_email
> 10 clt_contact
>
> fa="/WEBIN/"{@PM
>
> export ascii mgr = (fa) r=\n f=|
>
> mgr(1)=clt(1);mgr(2)=clt(2);mgr(3)=clt(3);mgr(4)=clt(4);mgr(5)=clt(5)
>
> mgr(6)=clt(6);mgr(7)=clt(7);mgr(8)=clt(8);mgr(9)=clt(9);mgr(10)=clt(10)
>
> mgr(11)=""
>
> You end up with a file like this;
>
> 1000|The Application Group|123 Main Street|Suite
> 2913|Houston|TX|77272|(713) 555-1212|(281)
> 555-3232|richard at appgrp.net|Richard D. Williams|
>
> It is very important to export a last field (mgr(11)) as a blank value.
> This places a pipe at the end of the data but before the carriage return
>
> Ok. Now your data is waiting for you. Lets use php within the page to
> get it.
>
> //test to see if a user_login was typed in
> if ($_POST['user_login'] != '') {
> //this generates a unique 13 character alpha numeric value. It serves
> as your data bucket for
> //both out-going and in-coming;
> $id = uniqid('');
> //this is where your filepro program will export the pipe delimited data
> //I use a directory named WEBIN. You can use any folder you like, as
> long as apache can reach it.
> $filename = "/WEBIN/$id";
> //This is the variable that will hold the exported filepro data
> $string="";
> //execute the script, passing the unique id, user_login, user_passwd.
> @PM will hold the unique id
> //the other values will be exported to the environment by the script.
> you could use /usr/local/bin, but
> //I like making a special folder to hold these web related scripts
> system("/usr/local/yourclt/get_login " . escapeshellarg("$id") . "
> " . escapeshellarg("$user_login") . " " .
> escapeshellarg("$user_passwd") . " > /dev/null");
> //Did we get some data - yes
> if (file_exists($filename)) {
> //this opens the file containing the pipe delimited data, reads it
> into a variable, $string
> $data = file($filename);
> $size = sizeof($data);
> for($i = 0; $i < sizeof($data); $i++) {
> $string = $data[$i];
> }
> //This little wonder parses the pipe delimited string into individual
> variables
> list($clt_num,$clt_name,$clt_address1,$clt_address2,$clt_city,
> $clt_state,$clt_zip,$clt_phone,$clt_email,$clt_contact,)=explode('|',$string);
>
> //Remove the file containing the data, we do not need it any more
> unlink($filename);
> //set the retrieved data into SESSION variables so they can be use in
> subsequent pages.
> $_SESSION['clt_num'] = $clt_num;
> $_SESSION['clt_name'] = $clt_name;
> $_SESSION['clt_address1'] = $clt_address1;
> $_SESSION['clt_address2'] = $clt_address2;
> $_SESSION['clt_city'] = $clt_city;
> $_SESSION['clt_state'] = $clt_state;
> $_SESSION['clt_zip'] = $clt_zip;
> $_SESSION['clt_phone'] = $clt_phone;
> $_SESSION['clt_email'] = $clt_email;
> $_SESSION['clt_contact'] = $clt_contact;
> } else {
> //Oops! No data. Let the user know the login failed
> echo ("<script>
> var msg = "Invalid Login or Password!";
> alert(msg);
> </script>");
> }
> }
>
> Please note, this is very syntax heavy. Each "if" statement must be
> opened
> by a "{" and closed by the "}". If there is an "else", it must have a
> "}"
> before and a "{" after. A bracket, brace, comma, etc out of place and
> your
> page will not run and web programs do not give you very clear errors like
> filepro.
>
> Well, that's it for now. This may not have been a great presentation
> of this technique.
> I hope the full php page at the top helps give you a big picture and
> the explanation
> below that makes it clear.
>
> There are many ways to write in php. I prefer to start php and stay
> there.
> Others prefer to go in and out only when php is needed. I have always
> found that to be
> a syntax challenge.
>
> I respect those who have a different view.
>
> If this helps somebody out there, then I have started to pay back for
> all other who have
> helped me over the past 35 years.
>
> Good Luck,
>
> Richard D. Williams
>
>
> BTW, I have not scowered this for typos or other issues.
> But I will answer questions to further clarify or resolve problems.
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://mailman.celestial.com/pipermail/filepro-list/attachments/20180412/20098757/attachment.html>
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list
--
Jose D. Lerebours
954-559-7186
https://www.cargosaas.com
http://www.ezbookeep.com
http://www.ezdaemon.com
http://www.fp2php.com
More information about the Filepro-list
mailing list