View Complete Thread | FoxWeb Forum Home
Search:
Date:    Msg ID:   
From:    Thread:   
Subject:   
Every single protected script must call Auth.Authenticate with the same AuthTable, AuthList and CaseSensitive properties.  The easiest way to do this is to place this code in a separate prg or fwx file that gets called at the top of each protected script.

FoxWeb Support Team
support@foxweb.com email

Sent by Ali Koumaiha on 06/22/2005 10:42:14 AM:
Thanks for the reply.  I am using the login.fwx that came with FoxWeb. I modified it and i have the following:
 
Login.fwx
<%
**********************************************************
* This program illustrates the use of the Auth object
* To log in use the following credentials
*               Userid: "user" password: "pass"
*               or
*               Userid: "john" password: "doe"
*
* Notes: All links include a random token, generated by
* the SYS(3) function in the Query String.  This ensures
* that browsers do not use a cached copy of the page.
**********************************************************
AuthMessage = ""
Auth.AuthTable = "c:\sign.dbf"
Auth.Header = [<center><h3>This is a protected area<br>Please enter your User ID and Password</h3></center><br>]
*Auth.Footer = [<br><br><center><table border=0><tr><td>This is a program demonstrating FoxWeb's Auth object.<br>To log in use "<b>john</b>" as the User ID and "<b>doe</b>" as the password.</td></tr></table></center>]
* JavaScript code to be executed when the "Cancel" button is clicked
Auth.CancelAction = "window.location='http://www.wirelesstoyz.com'"
* Offer option to remember user id and password
Auth.SaveCookie = 0
IF Request.QueryString('logout') = '1'
 * The "Logout" link has been clicked
 AuthMessage = "User " + Auth.userid + " was logged out"
 Auth.Logout()
 DO SendHeader
 %>
 <font color="red"><i><%=AuthMessage%>&nbsp;</font></i><p>
 <a href="login.fwx?<%=SYS(3)%>">Login</a><p>
 <%
ELSE
 * Authenticate user
 Auth.Authenticate
 * All code past this point will only be executed if the user
 * has been successfully authenticated
 DO CASE
 CASE Auth.NewLogin
  * The user has just logged in
  AuthMessage = "User has just logged in"
  Server.Transfer("window_sign.fwx")
 CASE Request.QueryString('ForgetPass') = '1'
  * The "Forget Password" link has been clicked
  Auth.ForgetPassword
  AuthMessage = "Password cookie was deleted"
 ENDCASE
* DO SendHeader
 %>
 <font color="red"><i><%=AuthMessage%>&nbsp;</font></i><p>
 <b>User:</b> <%=Auth.userid%><br>
 <b>Login Time:</b> <%=Auth.LoginTime%><br>
 <b>Last Hit:</b> <%=Session.LastHit%>
 <p>
 <a href="login.fwx?logout=1&<%=SYS(3)%>">Logout</a> |
 <a href="login.fwx?ForgetPass=1&<%=SYS(3)%>">Forget Password</a> |
 <a href="login.fwx?<%=SYS(3)%>">Refresh</a>
 <%
ENDIF
%>
</body>
</html>
<%

* The SendHeader procedure sends an HTML header to the browser
PROCEDURE SendHeader
 %>
 <html>
 <head><title>Wireless Toyz Web Server</title></head>
 <font face="verdana, arial, helvetica" size=2>
 <h3>Window Sign Order Form</h3>
 <%
ENDPROC
*********************
Now, in the window_sign.fwx, i wanna make sure it has been authenticated and i wanna make sure the userid is not empty.  So, i have to issue Auth.Authenticate() again? in the window_sign.fwx script?
 
Thanks
Sent by FoxWeb Support on 06/21/2005 09:28:28 PM:
It's possible that these users are timing out, but there's no way to know for sure.  What is your Session timeout set for?  Unless you are overriding this in code, you should be able to find it in the Configuration page of the FoxWeb Control Center.  You should set this value to a high enough number, so that your users don't timeout between requests.  The Auth.Timeout can be lower and will simply force user to re-login, without disrupting the regular flow of their session.
 
By the way, the way you are using the Auth object is incorrect.  Checking the value of Auth.userid does not ensure that the user is authenticated properly.  The right technique is to call the Auth.Authenticate method at the top of EACH page that needs to be protected.  The easiest way to do this is to include all necessary code in a common file, which gets called for all protected scripts:
 
Here's a sample common authentication file (login.fwx):
<%
Auth.AuthTable = "c:\data\users.dbf"
Auth.Header = "You are entering a protected area. Please authenticate yourself."
Auth.Footer = '&copy; ACME Corporation 1998-2000'
Auth.Authenticate()
%>
 
Here's how your script should be modified:
<%server.Execute('login.fwx')%>
<body>
<center>
<img src="/images/wtlogosmall.gif"><br>
<font name="Tahoma" size="2">| <a href="login.fwx?logout=1&<%=SYS(3)%>">Logout</a> |</font>
</center>
<% if not used('sign.dbf')
 use \sign.dbf in 0 alias signTable again
   endif
   cName    = ''
   cAddress = ''
   cCity    = ''
   cWork    = ''
   cUserEmail = upper(trim(Auth.userid))+"@wirelesstoyz.com"
%>
etc.. etc..
 

FoxWeb Support Team
support@foxweb.com email

Sent by Ali Koumaiha on 06/21/2005 07:38:04 AM:
I have a form which contains some options the users can select and then there is a submit button.
 
when submit is click the form's content gets sent via email.
 
however, some users are experiencing that when they click on the submit button, they are being transfered to the login.fwx screen.
 
i have this in the beggining of the page.
 
<%
  if empty(Auth.userid)
  server.Transfer('login.fwx')
  endif
%>
<body>
<center>
<img src="/images/wtlogosmall.gif"><br>
<font name="Tahoma" size="2">| <a href="login.fwx?logout=1&<%=SYS(3)%>">Logout</a> |</font>
</center>
<% if not used('sign.dbf')
 use \sign.dbf in 0 alias signTable again
   endif
   cName    = ''
   cAddress = ''
   cCity    = ''
   cWork    = ''
   cUserEmail = upper(trim(Auth.userid))+"@wirelesstoyz.com"
%>
etc.. etc..