> I am still trying to figure out the problem I have
> with my login scripts. I wrote this (copied actually)
> based on a tutorial located at
>
> http://tutorial8.easycfm.com/
>
> The author says these files all go in the same directory.
> The file names are.
> - Application.cfm
> - login.cfm
> - login_process.cfm
> - members_only.cfm
Well, I haven't looked at the original tutorial, but if the code below is
from the tutorial, it could probably be improved a bit.
> When I call Login.cfm the first thing that happens is
> application.cfm is processed and since I do not yet have
> session.allowin defined and the default is false it gives
> the "You must login" alert and sends me back to login.cfm
> which repeats the same result. Oh goodie an endless error
> loop.
>
> In application.cfm I find the following code.
>
> <cfif session.allowin neq "true">
> <cfif CGI.SCRIPT_NAME EQ "login.cfm">
> <cfelseif CGI.SCRIPT_NAME EQ "login_process.cfm">
> <cfelse>
> <!--- this user is not logged in, alert user and redirect
> to the login.cfm page --->
> <script>
> alert("You must login to access this area!");
> self.location="login.cfm";
> </script>
> </cfif>
> </cfif>
>
> As someone pointed out yesterday there are two else statements
> that don't seem to have an action associated with them.
>
> <cfif CGI.SCRIPT_NAME EQ "login.cfm">
> <cfelseif CGI.SCRIPT_NAME EQ "login_process.cfm">
You can simplify this as shown here:
<cfif Session.AllowIn neq "true">
<cfif CGI.SCRIPT_NAME does not contain "login">
<script>
alert("You must login to access this area!");
self.location = 'login.cfm';
</script>
</cfif>
</cfif>
Even so, there are some significant problems with this, such as the reliance
on Javascript redirection and the failure to abort processing in the page.
You might be better off with something like this:
<cfif Session.AllowIn neq "true">
<cfif CGI.SCRIPT_NAME does not contain "login">
<cflocation url="login.cfm">
</cfif>
</cfif>
If you want to show a message to the user indicating that login is required,
there are various ways you could do that. You could write some code in the
login form to do this, for example, if the user comes from any location
other than the normal entry path.
> In the first else I want processing to stop (I believe)
> the second else (actually elseif) I don't think is needed
> but there it is. I could get rid of the second else but
> what do I do to make the first else stop processing the
> error condition?
To reiterate, you don't really need all the conditional branches in the
original code. Basically, in pseudocode, what you want is something like
this:
if the user hasn't been marked as logged in
if the user isn't running a login form or action page
send the user to the login form instead of the current page
else
let the user run the login script
end if
end if
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
