When he types in http://www.domainnamehere.com/admin/logs/report.html
He's requesting a html file from the server instead of a cfm file.
----- Original Message -----
From: "Kevin Merker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, April 16, 2000 2:53 PM
Subject: Re: Application.cfm Not Preventing Access
> Am I blind? Where is the call for the html page and not cfm?
>
> KM
>
> Chris Montgomery wrote:
>
> > Howdy,
> >
> > I use the application.cfm file in the "admin" directory (one level down
> > from the application's root directory) to prevent unauthorized entry to
> > the admin section if the administrator isn't logged in. This has
> > satisfactorily worked for several applications I've built based on the
> > code below....until now.
> >
> > I created a directory called "logs" under the admin directory and placed
> > a copy of a log analysis reports page in it for the client to review
> > their traffic stats. If I type the complete URL path
> > (http://www.domainnamehere.com/admin/logs/report.html) to the log
> > reports page in my browser without logging in as the site administrator,
> > it calls up the page without throwing me over to the login page first.
> >
> > Any ideas where this is going wrong? Code follows:
> >
> > Application.cfm:
> > <!--- declare application framework initial parameters --->
> >
> > <!--- Include main application file --->
> > <cfinclude template="../application.cfm">
> >
> > <!--- For starters, set client logged in to "false" --->
> > <cfparam name="Session.AdminLoggedIn" default=FALSE>
> > <cfparam name="Session.Goto" default="">
> >
> > <!--- Install custom error pages --->
> > <CFERROR TYPE="REQUEST" TEMPLATE="../requesterr.cfm"
> > MAILTO="[EMAIL PROTECTED]">
> > <CFERROR TYPE="VALIDATION" TEMPLATE="../validationerr.cfm">
> >
> > <!--- If user is not yet logged in, and not currently on the login
> > pages, redirect them there. --->
> >
> > <cfif Not Session.AdminLoggedIn>
> > <!--- Store the name of the page the user came from so they can return
> > to it after login --->
> > <cfset Session.Goto = #CGI.SCRIPT_NAME#>
> > <cfif CGI.QUERY_STRING NEQ "">
> > <cfset Session.Goto = #CGI.SCRIPT_NAME# & "?" &
'#CGI.QUERY_STRING#'>
> > </cfif>
> >
> > <cfif (CGI.SCRIPT_NAME IS NOT "/admin/login.cfm") AND
(CGI.SCRIPT_NAME
> > IS NOT "/admin/authenticate.cfm")>
> > <cflocation url="/admin/login.cfm" addtoken="no">
> > </cfif>
> > </cfif>
> >
> > Thanks for any insight.
> >
> > Chris Montgomery
> > =========================================================
> > astutia.com -> http://www.astutia.com [EMAIL PROTECTED]
> > Astute e-business applications & web site development
> > 210-490-3249/888-745-7603 Fax 210-490-4692
> > Allaire Consulting Partner/Authorized NetObjects Reseller
> > Find a Job in San Antonio -> http://www.sajobnet.com
> > =========================================================
> >
>
> --------------------------------------------------------------------------
----
> > Archives: http://www.eGroups.com/list/cf-talk
> > To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
> --------------------------------------------------------------------------
----
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
