Application Security

vinicius Wed, 03 May 2000 04:53:04 -0700
This is a multi-part message in MIME format.

------=_NextPart_000_0023_01BFA810.1DB1D500
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi there, I'm trying to build a password protec system using =
application.cfm and session variables.
I tried the "Guide to Cf logins" (or whatever) from cftutorials Its not =
working, so I tried by my self :

Application.cfm
----------------------

<CFAPPLICATION=20
    NAME=3D"MyApplication"
    SESSIONMANAGEMENT=3D"Yes"
    SESSIONTIMEOUT=3D"#CreateTimeSpan(0,0,45,0)#"=20
    APPLICATIONTIMEOUT=3D"#CreateTimeSpan(0,0,45,0)#">



<cfset application.dsn =3D "cadastro">=09


  <CFPARAM name=3D"session.LoggedIn" DEFAULT=3D"FALSE">

  <!-- If the user is not yet logged in, and not currently on the login =
pages,
        or the forgotten password page, -->
  <CFIF #session.LoggedIn# IS "FALSE">
   <cfif Cgi.scripName IS NOT "cadastro/adm/login.cfm" OR Cgi.ScriptName =
IS NOT "cadastro/adm/validar.cfm">
     <cflocation url=3D"../dcad2.html" addtoken=3D"No">
    <cfelse>
       =20
    </cfif>
    <cfelse>
  </CFIF>

login.cfm
--------------
<form action=3D"validate.cfm" method=3D"POST">
<table>
<tr>
 <td><font class=3Dpadrao>Login</td>
 <td><input type=3D"Text" name=3D"login" size=3D"10"></td>
</tr>
<tr>
 <td><font class=3Dpadrao>Senha</td>
 <td><input type=3D"Password" name=3D"pwd" size=3D"10"></td>
</tr>
</table>
<input type=3D"Submit" value=3D"Enviar" class=3D"padrao">
</form>
<cfset session.loggedin =3D false>

validate.cfm
----------------


 <cfquery name=3D"checkuser" datasource=3D"#application.dsn#" =
dbtype=3D"ODBC">
  SELECT Login, pwd
 FROM Usuarios
 WHERE Login =3D '#Form.Login#'
 AND   pwd =3D '#Form.pwd#'
 </cfquery>

<cfif checkuser.recordcount GT 0>
 <cfset session.loggedin =3D true>
 <cflocation url=3D"adm/adm.cfm" addtoken=3D"No">
<cfelse>
<cfset session.loggedin =3D false>
 <cflocation url=3D"login.cfm" addtoken=3D"No">
</cfif>

What=B4s happening here is that the system will never a user get in the =
dir adm, even if he enters the correct login/pwd.
Could someone help me please? If you don=B4t want to correct this =
horrible code, please send me one that works

THANKS  A LOT GUYS
Vinicius

------=_NextPart_000_0023_01BFA810.1DB1D500
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D2>Hi there, I'm trying to build a password protec =
system using=20
application.cfm and session variables.</FONT></DIV>
<DIV><FONT size=3D2>I tried the &quot;Guide to Cf logins&quot; (or =
whatever) from=20
cftutorials Its not working, so I tried by my self :</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>Application.cfm</FONT></DIV>
<DIV><FONT size=3D2>----------------------</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>&lt;CFAPPLICATION <BR>&nbsp;&nbsp;&nbsp;=20
NAME=3D&quot;MyApplication&quot;<BR>&nbsp;&nbsp;&nbsp;=20
SESSIONMANAGEMENT=3D&quot;Yes&quot;<BR>&nbsp;&nbsp;&nbsp;=20
SESSIONTIMEOUT=3D&quot;#CreateTimeSpan(0,0,45,0)#&quot; =
<BR>&nbsp;&nbsp;&nbsp;=20
APPLICATIONTIMEOUT=3D&quot;#CreateTimeSpan(0,0,45,0)#&quot;&gt;</FONT></D=
IV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>&lt;cfset application.dsn =3D=20
&quot;cadastro&quot;&gt;        </FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2><BR>&nbsp; &lt;CFPARAM =
name=3D&quot;session.LoggedIn&quot;=20
DEFAULT=3D&quot;FALSE&quot;&gt;</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>&nbsp; &lt;!-- If the user is not yet logged in, and =
not=20
currently on the login =
pages,<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; or=20
the forgotten password page, --&gt;<BR>&nbsp; &lt;CFIF =
#session.LoggedIn# IS=20
&quot;FALSE&quot;&gt;<BR>&nbsp;&nbsp; &lt;cfif Cgi.scripName IS NOT=20
&quot;cadastro/adm/login.cfm&quot; OR Cgi.ScriptName IS NOT=20
&quot;cadastro/adm/validar.cfm&quot;&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;cflocation url=3D&quot;../dcad2.html&quot;=20
addtoken=3D&quot;No&quot;&gt;<BR>&nbsp;&nbsp;&nbsp;=20
&lt;cfelse&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
<BR>&nbsp;&nbsp;&nbsp; &lt;/cfif&gt;<BR>&nbsp;&nbsp;&nbsp;=20
&lt;cfelse&gt;<BR>&nbsp; &lt;/CFIF&gt;</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>login.cfm</FONT></DIV>
<DIV><FONT size=3D2>--------------</FONT></DIV>
<DIV><FONT size=3D2>&lt;form action=3D&quot;validate.cfm&quot;=20
method=3D&quot;POST&quot;&gt;<BR>&lt;table&gt;<BR>&lt;tr&gt;<BR>&nbsp;&lt=
;td&gt;&lt;font=20
class=3Dpadrao&gt;Login&lt;/td&gt;<BR>&nbsp;&lt;td&gt;&lt;input=20
type=3D&quot;Text&quot; name=3D&quot;login&quot;=20
size=3D&quot;10&quot;&gt;&lt;/td&gt;<BR>&lt;/tr&gt;<BR>&lt;tr&gt;<BR>&nbs=
p;&lt;td&gt;&lt;font=20
class=3Dpadrao&gt;Senha&lt;/td&gt;<BR>&nbsp;&lt;td&gt;&lt;input=20
type=3D&quot;Password&quot; name=3D&quot;pwd&quot;=20
size=3D&quot;10&quot;&gt;&lt;/td&gt;<BR>&lt;/tr&gt;<BR>&lt;/table&gt;<BR>=
&lt;input=20
type=3D&quot;Submit&quot; value=3D&quot;Enviar&quot;=20
class=3D&quot;padrao&quot;&gt;<BR>&lt;/form&gt;<BR>&lt;cfset =
session.loggedin =3D=20
false&gt;</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>validate.cfm</FONT></DIV>
<DIV><FONT size=3D2>----------------</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2><BR>&nbsp;&lt;cfquery name=3D&quot;checkuser&quot;=20
datasource=3D&quot;#application.dsn#&quot; =
dbtype=3D&quot;ODBC&quot;&gt;<BR>&nbsp;=20
SELECT Login, pwd<BR>&nbsp;FROM Usuarios<BR>&nbsp;WHERE Login =3D=20
'#Form.Login#'<BR>&nbsp;AND&nbsp;&nbsp; pwd =3D=20
'#Form.pwd#'<BR>&nbsp;&lt;/cfquery&gt;</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>&lt;cfif checkuser.recordcount GT =
0&gt;<BR>&nbsp;&lt;cfset=20
session.loggedin =3D true&gt;<BR>&nbsp;&lt;cflocation =
url=3D&quot;adm/adm.cfm&quot;=20
addtoken=3D&quot;No&quot;&gt;<BR>&lt;cfelse&gt;<BR>&lt;cfset =
session.loggedin =3D=20
false&gt;<BR>&nbsp;&lt;cflocation url=3D&quot;login.cfm&quot;=20
addtoken=3D&quot;No&quot;&gt;<BR>&lt;/cfif&gt;</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>What&acute;s happening here is that the system will =
never a=20
user get in the dir adm, even if he enters the correct =
login/pwd.</FONT></DIV>
<DIV><FONT size=3D2>Could someone help me please? If you don&acute;t =
want to=20
correct this horrible code, please send me one that works</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>THANKS&nbsp; A LOT GUYS</FONT></DIV>
<DIV><FONT size=3D2>Vinicius</FONT></DIV></BODY></HTML>

------=_NextPart_000_0023_01BFA810.1DB1D500--

------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Application Security

Reply via email to
