Re: Need help with login script...

Sat, 22 Mar 2003 16:03:14 -0800 

> <CFIF IsDefined("form.username")>
>
>   <cfquery name="getUsers" datasource="resDB">
>    Select * from USERS Where
>    UserID = '#form.UserName#'
>   </cfquery>
>
>   <cfif getUsers.recordCount EQ 0>
>     <cfset IsAuthenticated = FALSE>
>     There is no user by that name.<br>
>     <a href="mailto:[EMAIL PROTECTED]">Get help</a>
>
>   <cfelseif form.Password = "getUsers.Password" AND form.UserName =
> getUsers.UserID>
>     <cfset IsAuthenticated = TRUE>
>   <cfelse>
>     <cfset IsAuthenticated = FALSE>
>     Sorry, your password does not match.<br>
>     <a href="mailto:[EMAIL PROTECTED]">Get help</a>
>
>   </cfif>
>
> </CFIF>

It's that elseif statement that's causing it to bomb:

1. You need to use EQ instead of = (this is where the error's coming in)
2. Putting "getUsers.Password" in quotes will cause CF to check for the
password to equal the literal string "getUsers.Password" instead of treating
it as a CF variables. Remove the quotes and you'll be fine.

Some other suggestions:
1. IsAuthenticated is a function in CF 5 and below. As a matter of good
habit, I try not to use variable names that have the same name as any sort
of CF tag, function or other reserved word. Not a huge deal, but just a
thought.
2. * queries are bad for DB performance. A best practice is to only select
back the columns you actually need.
3. Look into using cfqueryparam to prevent SQL injection attacks and improve
your query performance.
4. Again, just as a best practice, when using "if" statements, it's best to
put the condition that will be true the most first and so on. This way CF
doesn't have to constantly parse that whole statement just to get to the
correct condition. If you think most users will be authenticated cleanly,
try moving that one up and leaving a completely bad authentication condition
for last.

Just my two cents, and I apologize if I was a bit "intrusive" into your
code!!

Regards,
Dave.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to