lparameters tcUserID, tcPassword if pcount() <> 2 return .f. endif if vartype(tcUserID) <> "C" or empty(tcUserID) return .f. endif if vartype(tcPassword) <> "C" or empty(tcPassword) return .f. endif local lcUserID lcUserID = upper(alltrim(tcUserID)) *-- Application object, oApp, was created earlier in the App oApp.mResetError() && clears last error array property of oApp local lcOldError, llLoginError lcOldError = on("error") on error llLoginError = .t. && defensive programming only if NOT pemstatus(oApp, 'oSession', 5) oApp.addproperty('oSession') endif if NOT pemstatus(oApp, 'LoginSessionID', 5) oApp.addproperty('LoginSessionID', 0) endif oApp.oSession = newobject('NewSession', 'udc.fxp') oApp.oSession.Name = 'LoginSession' local lnOldDSID, lnDSID, llValidUser, llUsed, llRetVal lnOldDSID = set("DataSession") lnDSID = oApp.oSession.DataSessionID oApp.LoginSessionID = lnDSID set datasession to lnDSID set database to DATABASE_NAME && SETs are scoped to DS set talk off if !used(USER_TABLE) use USER_TABLE in 0 endif if lcUserID == "NPDES" llValidUser = .t. else select USER_TABLE locate for upper(alltrim(LoginID)) == upper(lcUserID) llValidUser = !eof(USER_TABLE) oApp.App_DataSessionID = set('DataSession') lnRetVal = oApp.GetCheckSum(USER_TABLE) oApp.App_DataSessionID = 0 if lnRetVal <> eval(USER_TABLE + ".ChkSum") llValidUser = .f. endif endif if llValidUser llRetVal = flock(USER_TABLE) && assures only 1 user is logging in at a time do while !llRetVal && needed because of upcoming DBSetProp code inkey(0.04, "H") llRetval = flock(USER_TABLE) enddo select 0 *-- The following prevents the Oracle Login form *-- from appearing. While the UserId and Password are *-- temporarily stored in the DBC, the locking of the *-- User table prevents these from getting stepped on. *-- The process is so quick, the risk of someone here *-- having a developer version of VFP running and *-- issuing a DBGetProp to steal the ID and Password *-- is acceptible [about nil]. *-- The only people who have access to the Novell *-- directory where the DBC and data reside is *-- limited to the users and LAN Admins. Therefore, *--this is a secure and acceptible process. local lcConString lcConString = "DSN=NPDES;UID=" + lcUserID + ";PWD=" ; + tcPassword + ";SERVER=Reg6;" dbsetprop(CONNECTION_NAME, 'connection', 'connectstring', lcConString) use CONNECTION_VIEW *-- Next line removes the UID and Password from the DBC dbsetprop(CONNECTION_NAME, 'connection', 'connectstring','') unlock in USER_TABLE && now other users can login llUsed = used(CONNECTION_VIEW) if llUsed *-- Store the Connection Handle for use in SPT oApp.ConnectionHandle = CursorGetProp("ConnectHandle", CONNECTION_VIEW) endif endif use in USER_TABLE set DataSession to (lnOldDSID) && revert back to original DS if !empty(lcOldError) on error &lcOldError else on error endif local lcMessage if llValidUser if !This.CheckOraPrivs(lcUserID) lcMessage = "You do not have Oracle privileges on the NPDES" + chr(13) ; + "database. Contact the database manager if you" + chr(13) ; + "think you have received this message in error." MessageBox(lcMessage, MB_ICONSTOP, "Login Error") oApp.oSession = .null. return .f. endif if !llUsed or llLoginError lcMessage = "Connection to Oracle Failed." + chr(13) ; + "Re-check UserName and Password." messagebox(lcMessage , MB_ICONSTOP, "FATAL ERROR!") oApp.oSession = .null. return .f. endif else lcMessage = "Oracle Login FAILED. Re-check UserName and Password." messagebox(lcMessage , MB_ICONSTOP, "FATAL ERROR!") oApp.oSession = .null. return .f. endif return .t.