You guys are great! Once again you have pulled me out of the abyss. I have also gained several new perspectives from this that will help in the future.
-----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 6:18 PM To: CF-Talk Subject: RE: stupid newbie tricks > I am still trying to figure out the problem I have > with my login scripts. I wrote this (copied actually) > based on a tutorial located at > > http://tutorial8.easycfm.com/ > > The author says these files all go in the same directory. > The file names are. > - Application.cfm > - login.cfm > - login_process.cfm > - members_only.cfm Well, I haven't looked at the original tutorial, but if the code below is from the tutorial, it could probably be improved a bit. > When I call Login.cfm the first thing that happens is > application.cfm is processed and since I do not yet have > session.allowin defined and the default is false it gives > the "You must login" alert and sends me back to login.cfm > which repeats the same result. Oh goodie an endless error > loop. > > In application.cfm I find the following code. > > <cfif session.allowin neq "true"> > <cfif CGI.SCRIPT_NAME EQ "login.cfm"> > <cfelseif CGI.SCRIPT_NAME EQ "login_process.cfm"> > <cfelse> > <!--- this user is not logged in, alert user and redirect > to the login.cfm page ---> > <script> > alert("You must login to access this area!"); > self.location="login.cfm"; > </script> > </cfif> > </cfif> > > As someone pointed out yesterday there are two else statements > that don't seem to have an action associated with them. > > <cfif CGI.SCRIPT_NAME EQ "login.cfm"> > <cfelseif CGI.SCRIPT_NAME EQ "login_process.cfm"> You can simplify this as shown here: <cfif Session.AllowIn neq "true"> <cfif CGI.SCRIPT_NAME does not contain "login"> <script> alert("You must login to access this area!"); self.location = 'login.cfm'; </script> </cfif> </cfif> Even so, there are some significant problems with this, such as the reliance on Javascript redirection and the failure to abort processing in the page. You might be better off with something like this: <cfif Session.AllowIn neq "true"> <cfif CGI.SCRIPT_NAME does not contain "login"> <cflocation url="login.cfm"> </cfif> </cfif> If you want to show a message to the user indicating that login is required, there are various ways you could do that. You could write some code in the login form to do this, for example, if the user comes from any location other than the normal entry path. > In the first else I want processing to stop (I believe) > the second else (actually elseif) I don't think is needed > but there it is. I could get rid of the second else but > what do I do to make the first else stop processing the > error condition? To reiterate, you don't really need all the conditional branches in the original code. Basically, in pseudocode, what you want is something like this: if the user hasn't been marked as logged in if the user isn't running a login form or action page send the user to the login form instead of the current page else let the user run the login script end if end if Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
