Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Webmaster Forum / ColdFusion / Advanced Techniques / September 2006


Tip: Looking for answers? Try searching our database.

Help???.....911

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
bebeivan - 29 Sep 2006 05:22 GMT
Hi:
 First what I'm trying to do is to secure my login application, Authenticate
Users, Display users logged in and Display error messages in to my login page.
For some reason; <else>, <abort>, and the other reasons explained above are not
working. <CFLogin Tags don't work in some places. Still I can login; but I
can't  include the <include template/> tag because it will include that
template in every Page. Here is my code for the application page  any help will
be appreciated.By the way I'm working in a Mac OSX.
Thank you;
Bebeivan:confused;

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Untitled Document</title>
</head>
<cfapplication name="index.cfm"
sessionmanagement="yes" loginstorage="session">

<cffunction name="OnRequestStart">
        <cfargument name = "request" required="true"/>
        <cfif IsDefined("Form.logout")>
        </cfif>
        </cffunction>
        <cflogout>
       
<cflogin applicationtoken="token" cookiedomain="domain" idletimeout="50"/>
 <cfif NOT IsDefined("form1.Login")>
     <cfexit></cfif><cfabort>
     
     <cfif form1.Username2 IS "" OR form1.pass2 IS "">
          <cfelse>
        <cfoutput>
        <h2>You must enter text in both the User Name and Password fields.</h2>
         </cfoutput>
        </cfif>
                               
     <cfquery name="Users" dataSource="Ircprowebusers">
                                SELECT username, Priviliges
                                FROM Users
                                WHERE
                                        UserID = '#form1.username2#'
                                        AND Password = '#form1.pass2#'
                                </cfquery>
    <cfloginuser name= "#form1.Username2#" password='#form1.Pass2#' roles =
"#users.priviliges#">
   
<cfquery name="Priviliges"
   datasource="Ircprowebusers">
   select Priviliges FROM Users
   where username = <cfqueryparam value="#form1.Username2#"
      CFSQLTYPE="CF_SQL_VARCHAR">
   and password=<cfqueryparam value="#form1.pass2#"
      CFSQLTYPE="CF_SQL_VARCHAR"></cfquery>

<cfif Privileges.Roles NEQ "">
<cfoutput>
 <H2>Your login information is not valid.
 <br>
     Please Try again</H2>
     </cfoutput></cfif>
<cfloginuser name="#form1.username2#" Password = "#form1.pass2#"
 roles="#Priviliges.Roles#">
                               
                                             
            <cfif Priviliges.recordcount gt 0>
<cfloginuser name = "#form1.Username2#"
password = "#form1.pass2#"
roles = "#trim(Priviliges.Roles)#" >
</cfif>
 

 <body>
</body>
</html>
Reply to this Message
Sabaidee - 29 Sep 2006 10:18 GMT
just from a brief look at it, there are numerous wrong things with this...

1) you have doctype and other declarations as you would in a html/cfm page -
they are not needed in application.cfm page.
2) you are using functions as you would in an application.cfc, but have
doctype, head and body sections as in a regular .cfm page.... what are you
using? cfc or .cfm?
3) where is </cflogin>
4) your many <cffif> tags are empty, and after them you have the actions you
want to perform if cfif validates... like this code:

<cffunction name="OnRequestStart">
        <cfargument name = "request" required="true"/>
        <cfif IsDefined("Form.logout")>
        </cfif>
        </cffunction>
        <cflogout>

this will basically perform a logout ALWAYS

there are just too many wrong things there to list them all...
Reply to this Message
Sabaidee - 29 Sep 2006 10:33 GMT
here's a sample application.cfm to get you started...
also at the end of the code is a form to use in your login page, which in the
example below is called "login_form.cfm"
logout is perfomed through a link which point to same page user is on and adds
"?logout=1" url parameter.  (note: the login form's action attribute strips
this parameter from url after login)

Application.cfm page:

<cfapplication name="yourappname" sessionmanagement="Yes" scriptprotect="all"
sessiontimeout="#CreateTimeSpan(0,1,0,0)#" loginstorage="session">
<!--- perform login --->
<cflogin idletimeout="3600">
    <cfif NOT IsDefined("cflogin")>
        <cflock scope="session" timeout="1" type="exclusive">
        <cfset session.loginMessage = "<br>Enter your Username and Password and
click [Log In] button.<br><br>">
        </cflock>
        <cfinclude template="login_form.cfm">
        <cfabort>
    <cfelse>
        <cfif cflogin.name IS "" OR cflogin.password IS "">
            <cflock scope="session" timeout="1" type="exclusive">
            <cfset session.loginMessage = "<br>Enter both Username and
Password!<br><br>">
            </cflock>
            <cfinclude template="login_form.cfm">
            <cfabort>
        <cfelse>
            <cfquery name="getUser" datasource="yourdsn">
            SELECT *
            FROM Users
            WHERE username = '#cflogin.name#' AND password = '#cflogin.password#';
            </cfquery>
            <cfif getUser.RecordCount IS 1>
                <cflock scope="session" timeout="1" type="exclusive">
                <cfset session.userdata.userFullname = getUser.user_fullname>
                <cfset session.userdata.userRole = getUser.userrole>
                <cfset session.userdata.isLoggedIn = 1>
                </cflock>
                <cfloginuser name="#cflogin.name#" password = "#cflogin.password#"
roles="#getUser.userrole#">
            <cfelse>
                <cflock scope="session" timeout="1" type="exclusive">
                <cfset session.loginMessage = "<br>Login details invalid! Please try
again.<br><br>">
                </cflock>
                <cfinclude template="login_form.cfm">
                <cfabort>
            </cfif>
        </cfif>
    </cfif>
</cflogin>

<!--- Check for command to log out the user. --->
<cfif isDefined("url.logout")>
    <cfif isdefined("session.userdata")>
        <cflock scope="session" timeout="1" type="exclusive">
            <cfset tmp = StructClear(session.userdata)>
            <cfset tmp = StructDelete(session, "loginMessage")>
        </cflock>
    </cfif>
    <cflogout>
</cfif>

login_form.cfm page will have this form in it:

    <form action="#CGI.script_name#?#ReplaceNoCase(CGI.query_string, 'logout=1',
'', 'ALL')#" method="Post">
        <cfif isdefined("session.loginMessage")>
        <p align="center"><cfoutput>#session.loginMessage#</cfoutput></p>
        </cfif>
             <p>Username: <input type="text" name="j_username"></p>
                <p>Password: <input type="password" name="j_password"></p>
                <p><input type="submit" name="submit" value="Log In"></p>
      </form>
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.