@KK Sir
@trendoman
@All Couch Developers

I am having this code (below) where in i am getting the message "Cheating?!"
I am having three params sent through the URL which are:
1. username (i.e. email)
2. password
3. fcmid

Till i work with username and password all conditions are fine. But the moment I use the third param (fcmid) conditionally I get the "Cheating?!" message.

My code is:

Code: Select all

<?php require_once( 'couch/cms.php' ); ?>
<cms:template title="Aashish Try for Login Json" />
<cms:set username="<cms:gpc 'username' method='get' />" />
<cms:set password="<cms:gpc 'password' method='get' />" />
<cms:set fcmid="<cms:gpc 'fcmid' method='get' />" />

<h4>Values from cms:query tag:</h4>
<cms:capture into='sql'>
   SELECT id, email, fcmId
   FROM couch_users
   WHERE email="<cms:show username />"
</cms:capture>
<cms:query sql=sql limit='1' >
   <cms:set user_id="<cms:show id />" scope="global" />
   <cms:set user_name="<cms:show email />" scope="global" />
   <cms:set fcm_id="<cms:show fcmId />" scope="global" />
</cms:query>

<!-- User exists, i.e. email matches -->
<cms:if user_id>
<cms:set user_exists="1" />
{
   "usercheck":
   {
      "status":"200",
      "message":"User exists."
   }
}
<cms:else />
<cms:set user_exists="0" />
{
   "usercheck":
   {
      "status":"0",
      "message":"User does not exist."
   }
}
</cms:if>
<hr>
<!-- Password match? -->
<cms:set pass_word="<cms:pages masterpage=k_user_template custom_field="extended_user_id=<cms:show user_id />" limit='1'><cms:show ipt_psw /></cms:pages>" scope="global" />
<cms:if (user_exists eq '1') && (password ne '') >
   <cms:if password eq pass_word>
      <cms:set password_match="1" />
      {
         "passwordcheck":
         {
            "status":"200",
            "message":"Password Match"
         }
      }
   <cms:else />
      <cms:set password_match="0" />
      {
         "passwordcheck":
         {
            "status":"0",
            "message":"Wrong Password"
         }
      }
   </cms:if>
</cms:if>
<hr>
<!-- FCM Id exists || FCM Id blank -->
<cms:if (user_exists eq '1') && (password_match eq '1') && (fcmid ne '')>
   <cms:pages masterpage=k_user_template custom_field="extended_user_id=<cms:show user_id />" >
   <cms:if fcmid eq ipt_emp_registration_ids>
      <cms:set fcmid_exists="1" />
      {
         "status":"200",
         "message":"FCM Token match"
      }
   <cms:else_if fcmid ne ipt_emp_registration_ids />
      <cms:db_persist
         _masterpage=k_user_template
          _mode='edit'
          _page_id=k_page_id
          _invalidate_cache='1'
          _auto_title='0'

          ipt_emp_registration_ids   =   "<cms:show fcmid />"
      >
      <cms:set fcmid_exists="1" />
      {
         "status":"1",
         "message":"FCM Token updated"
      }
      </cms:db_persist>
   </cms:if>
   </cms:pages>
<cms:else_if (user_exists eq '1') && (password_match eq '1') && (fcmid eq '') />
   <cms:set fcmid_exists="0" />
   {
      "status":"0",
      "message":"FCM Token required"
   }
</cms:if>
<?php COUCH::invoke(); ?>

My test and their outputs are:
1. only username param is supplied:

URL: http://localhost/GenXCoders-CTO/DMA-Des ... @gmail.com

Code: Select all

Output:
{
   "usercheck":
   {
      "status":"200",
      "message":"User exists."
   }
}

{
   "passwordcheck":
        {
      "status":"1",
           "message":"Password Required"
        }
}

2. Using two params, username and password

URL: http://localhost/GenXCoders-CTO/DMA-Des ... ord=123456

Code: Select all

Output:
{
   "usercheck":
   {
      "status":"200",
      "message":"User exists."
   }
}

{
   "passwordcheck":
   {
      "status":"200",
      "message":"Password Match"
   }
}

{
   "status":"0",
   "message":"FCM Token required"
}

3. Now the third case, using three params (i get error)

URL: http://localhost/GenXCoders-CTO/DMA-Des ... &fcmid=456

Code: Select all

Output:
Cheating?!

The user account I am trying to update the fcmid in are authenticated users (created by the extended users module) and not super admin or admin account.

I know this is not the best way to login through mobile app but i need to update the fcmid in case the user change their handset.

Please advise.

Regards,
GenXCoders (Aashish)

BUMPING IN!!!

[trendoman]

BUMPING IN!!!

You get that (expected) result because your request is not authenticated. Variable k_user_id is "-1" if you print it on the far end. Access level of such users is "0". Authenticated user's level is at least "2" ("4" for AuthUser-Special).

You mobile app (if I got it correct) requests a given page with a given URL and your Server with Couch treats it as a regular anonymous (un-authenticated) visitor. Any changes to data protected by a password (i.e. non-public) will be rejected.