-
- Command line
- Server Settings
- Commands
- Session
- Authentication
- Custom authentication
- External authentication
- Basic authentication
- Folder Security
- Data manipulation
- Read one record
- Read many records
- Write one record
- Delete one record
- Direct Page/DQL
- Page data definition
- Directory listing
- File handling
- Prism lists
- Data Defintions
- Get data definitions
- Create data Definitions
- Update data definitions
- Delete data definitions
- Definition format
- run dql
- run script
- A web page
- Page definition
- DQL pages
- Single file/memo DQL
- Single file/memo Page
- LiveText tags
- Url commands
- Tags
- How data is triggered in a page
- About DataEaseConnect
- checkquery
- callbacksuccess
- clearrecord
- connectonfieldchange
- convertvaltonumber
- decodequery
- deletedata
- deletetdf
- displayerrormsg
- doaction
- ensurequry
- fetchrecord
- fetchrecords
- finddatatype
- findfieldindef
- formdata
- formdefs
- forminit
- forminitdone
- formloaded
- generateid
- getcookied
- getdata
- getelement
- getfield
- getmyhost
- getnumlines
- getrecordcontent
- getrecorddef
- getrecordnofromurl
- gettdf
- gettablefromurl
- istrueval
- login
- logout
- makenewline
- multirecordinit
- newdata
- newtdf
- rundql
- populateoneselect
- selectpopulate
- setcsrfheader
- setelement
- setfield
- singlerecordinit
- stringify
- stripsuffix
- updatedata
- updatetdf
- useisodatetime
- usenumber
- version
- About jsBridge.js
- Action names
- deCheckVersion
- DEOS
- getnumlines
- GetCurrent
- GetValue
- GetVar
- jsAction
- jsActionExt
- jsActionExt2
- jsAddClass
- jsDEOS
- jsDerivation
- jsDerivationDebug
- jsDocumentDelete
- jsDocumentEdit
- jsDocumentOpen
- jsExecDQL
- jsGetActiveDocState
- jsGetVar
- jsGetCurrent
- jsGetDocumentState
- jsGetValue
- jsGetPRISMValue
- jsHide
- jsInt21
- jsLiveText
- jsLog
- jsMemoExecDQL
- jsMenuItem
- jsNewBlankForm
- jsOpenAppCat
- jsPrismDerivation
- runPrismFunction
- jsRefreshDocuments
- jsReorganize
- jsReorganizeAll
- jsRemoveClass
- jsSetFixedValue
- jsSetVarFromField
- jsSetValue
- jsSetVar
- jsSetCurrent
- jsSetWebField
- jsSetWebFieldFromVar
- jsShow
- jsToggle
- jsToggleClass
- makenewline
- SetCurrent
- SetValue
- SetVar
- startdebugger
- About decommon.js
- The loader
- calccaretpos
- decodequery
- generateid
- insertitem
- loadfilelist
- loadfile
- loadinternals
- message
- rundql
- runpage
- savefile
- selectitem
- testdql
- version
- .end
- .form header
- .form trailer
- .items
- assign
- application status
- backup db
- begin transaction
- break
- call menu
- call program
- case
- cluster by
- commit
- connect
- copy all from
- data-entry
- db status
- delete records
- define
- disconnect
- do
- documents
- exec SQL
- else
- end
- enter a record
- error messages off
- error messages on
- exit
- export
- for
- global
- if
- import
- imports
- in
- input using
- install application
- into
- list records
- lock
- lock db
- modify records
- message
- named
- others
- prompt
- query selection
- record entry
- records
- reorganize
- restore db
- rollback
- run procedure
- servers
- temp
- then
- tran off
- tran on
- unclustered
- unlock
- unlock db
- via form
- while
- with
- abs
- acos
- addressof
- ampm
- anylookup
- asin
- atan
- atan2
- ceil
- CHR
- concat
- ConsoleCopy
- ConsoleMemoCopy
- ConsoleShow
- ConsoleWriteToFile
- cos
- cosh
- date
- DatePicker
- day
- DEOS
- DialogOpen
- DialogOpenRelated
- DocumentCloseName
- DoesObjectExist
- ExecDQL
- ExecuteFile
- exp
- FileExecDQL
- firstc
- firstlast
- firstw
- FixedWidth
- floor
- futurevalue
- GetCurrent
- GetVar
- hours
- if
- installment
- jointext
- julian
- lastc
- lastfirst
- lastw
- length
- log
- log10
- lower
- MemoChunk
- MemoCopy
- MemoDecodePair
- MemoExecDQL
- MemoFind
- MemoGetGlobal
- MemoLength
- MemoMemoCopy
- MemoMemoReplace
- MemoReadFromFile
- MemoReplace
- MemoSetGlobal
- MemoStringBetween
- MemoStringFrom
- MemoStringTo
- MemoWordCount
- MemoWriteToFile
- midc
- midw
- minutes
- mod
- month
- OpenForm
- OpenMenu
- OpenProcedure
- OpenReport
- periods
- power
- presentvalue
- proper
- random
- rate
- RefreshForm
- RefreshScreen
- RefreshStatus
- Remote
- Remote authentication
- Remote POP3
- Remote IMAP
- Remote SMTP
- Remote XML
- seconds
- SetColor
- SetCurrent
- SetFocus
- SetLabelText
- SetMemoValue
- SetState
- SetStyle
- SetValue
- SetVar
- sin
- sinh
- spellcurrency
- spelldate
- spellmonth
- spellnumber
- spellweekday
- sqrt
- StringBetween
- StringEscape
- StringFind
- StringFrom
- StringReplace
- StringTo
- tan
- tanh
- textpos
- timeampm
- ToText
- UniqueID
- upper
- Wait
- weekday
- WriteToFile
- year
- yearday
- yearweek
- " (quotation marks)
- () (parentheses)
- + (addition)
- , (comma)
- - (subtraction)
- . (period)
- -- (comment)
- / (division)
- * (multiplication)
- * (asterisk)
- ? (question mark)
- ~ (tilde)
- : (colon)
- := (assignment operator)
- ; (semicolon)
- < (less than)
- <= (less than or equal to)
- = (equals)
- > (greater than)
- >= (greater than or equal to)
- all
- all files
- and
- any
- between
- blank
- count
- count of
- file
- highest of
- in groups
- in groups with group-totals
- in order
- in reverse
- item (Statistical)
- item (Conditional Statistical)
- lock files
- lock nothing
- lock records
- lookup
- lowest of
- max
- mean
- mean of
- min
- not
- number
- numeric string
- or
- pause
- percent
- selected record
- std.dev.
- std.err.
- sum
- sum of
- text
- time
- to
- variance
- window
- @GetDefinition
- . document
- . listcommands
- . listdocuments
- . listdrives
- . listfiles
- . listfunctions
- . listinternals
- . listoperators
- . listrelated
- . listtables
- . object
- . table
- . testdql
- @SetDefinition
- . document
- . object
Custom authentication
By default, the server uses the DataEase Users table for authentication, but you can also use your own. To do that you have to add a few lines to the rdrrxaaa.ini file. Here are the details. All fields except the one marked as password field are also added to session variables.
Ini name What Default AuthTable This is the table that will be used for authentication Users AuthFieldUsername The field in the table used for the username. Name AuthFieldPassword The field in the table used for the password. Password AuthFieldLevel The field in the table used for the level. Level AuthLevelDefault The default level used if nothing is set in the table. Low3 AuthMethod Can be paintext of hash. The plaintext checks the password as sent from user, the hash method uses the next tree setting to define how it works. plaintext AuthHashType Can be MD5 or SHA1 AuthSaltPre The text to put in front of a password before doing the hash. AuthSaltPost The text to put after the password before doing the hash. No setting means Users.
Example of setting custom authentication
What I have done is to create a new table named "Authentication". Then I add the following fields and a button to generate the password hash manually for a new user as we show how to use hash for authentication method. In this way we will not store the actual password for the user, just a salted hash that can not be reversed, just checked if you have the right salt and hash method to use.
Field What Map to EMail We use the email as user name when authenticating. It is much easier to remember and there is no need for both a username and a email address as long as this is what we use AuthFieldUsername FirstName Persons first name to be used in heading. Extra PWHash AuthFieldPassword LastName Person last name. Extra Level A choice field with level. Should not be shown to people that is registering online. This should have a low default and be raised by a administrator. To save data you would need Medium3. AuthFieldLevel Password A virtual editable field where you can add your password in clear text and a button that saved to hash to the PWHash field that will be stored. This fields and button can be used to reset passwords for users, but the password it self can never be restored by reading the hash. Virtual List of fields and what we use them for.
define temp "TheHash" Text 250. define temp "PW" Text 250 . define temp "prehash" Text 250 . define temp "posthash" Text 250 . define temp "Dummy" Text . prehash := DEOS("@AppIniGet" , "Server" , "AuthSaltPre") . --Dummy := alert(concat("Prehash: " , prehash)) . posthash := DEOS("@AppIniGet" , "Server" , "AuthSaltPost") . --Dummy := alert(concat("Posthash: " , posthash)) . PW := GetValue("Password") . TheHash := DEOS("@Hash", "SHA1", concat(prehash , PW , posthash)) . PW := SetValue("PWHash",TheHash) .
Code on button with Action Execute DQL to create and store a password in form. If you look at the concat for creating the hash with DEOS("@Hash"...) there are a prehash and posthash var that is read from the [Server] section in the RDRRxAAA.INI file for AuthSaltPre and AuthSaltPost values. These are needed by the password check routine to validate the password.
Next step is to configure the method in the RDRRxAAA.INI file used for application configurations.
[Server] ServerPort=8284 AuthTable=Authentication AuthFieldUsername=EMail AuthFieldPassword=PWHash AuthFieldLevel=Level AuthMethod=Hash AuthHashType=SHA1 AuthSaltPre=yourowngeneratedpre AuthSaltPost=yourowngeneratedpost
This example is for the live server, to use it with the development server change [Server] to [DevServer]. Generate at least 20 char long pre and post salt using a password generator.