Okay - the subject doesn't say much.

I have 2 databases. The first one has no members, the second one requires authentication to post a new record. This is a crude absentee bid system. The first database has items. To place an absentee bid, there is a link from each item as "Place Bid". This will open a popup that only has Username, Password, and Bid fields. The Item ID will be listed there as well, but as text, not a modifiable field.

On submit, I want that form to simple hit the second database and if user/pass if correct, add new record with itemID and bid. If not, return the normal "bad authentication" error. Later, the owner of the site can search the second database by ItemID and choose the highest BID. That is what he takes with him to the onsite auction. Very crude, but works - almost! We are afraid if a user has to login, then type in the itemis and bid, there is too much room for error, like bidding on the wrong item!

How do I submit a record to be added, as well authenticate all in the same form?

WIDE WIDE open for ideas and thanks!!!

Matt Girgenti

If I understand you ....

Persons who are able to bid are users, to avoid the need for them to log-on, just leave them logged-on, (set time-out to really long).

So at the start of the bidding, everyone gets logged-on, with time-out set for end of bidding, then the logged-on user gets an email with an appropreate link (includes the authentication code) to place bids. you could send an email for every item, or a link for every item, or just a link to get into the list of items to bid on.

Else I don't know.

This may be the right track. Question: If I have a link to "Bidders Log In Now" can that bring up a pop-up box that allows then to log into the 2nd database, then close the window. From there, with a 24-72 hour session timeout, can they then post to the 2nd database without having to log back in? Seems easy enought, but the question lies in the 2nd browser window .. does this cause a different "session"?

So you know, this is an absentee bidding system. The highest "absentee" bid is printed and brought to an onsite live auction and placed in the live bidding system. This is not a timed online auction like ebay or ubid. (that would be easier with all the software packages for that - he he he )

Thanks for you help so far ..

Matt Girgenti

You should be able to create a link that will logon a user and following logon provide links to the second database. The links to the second database would be on the "logon success page". As far as a pop-up window, many ways to do it, none of which I use very often.

The key to allowing access to the 2nd database after logon to the first is that they need to share the same password and auth files (should be covered in LoisC's site or the tutorial).

The key to "not have to log back in" is in the auth code.
http://www.herbicide-adjuvants.com/...m=1&UserID=admin

the string of numbers allows me access to the database as long as the session is active (not active now). The next time I log in the string would be different.

As I thought about it, the better way to terminate the logons, rather than a set timeout, would be to delete or rename the auth file, which would kill all active sessions (I think so anyway?).

So if a user has an active session, and has a link with the auth code in it, a different browser window or even from a different computer?, the link should work.

If this is not right I stand corrected, got to go to work now.

Good luck!

I'm confused by what you are trying to do, but may have a suggestion as to how to keep the user sessions within the auth directory so that people can use their specific link without having to log back in. As long as both databases are set to use the same /auth then there shouldnt be a problem.

In your db.cgi file just comment out this line:

&auth_cleanup unless ($auth_no_authentication); # Remove old session files.

Then the sessions files will not get removed. You can of course FTP to your server and delete according to date, to keep it from getting too full.

Hope this helps

Unoffical DBMan FAQ
http://redundantcartridge.com/dbman/