Not related to your issue, but this:
<cfelseif isDefined("COOKIE.LogInID")>
<!--- Else the cookie WAS found, so we'll step in here
and take the cookie's LoginID value to log in --->
What is to stop me from editing my cookie and setting my ID to be
someone else?
========================================================================
===
Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc
(www.mindseye.com)
Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia)
Email : [EMAIL PROTECTED]
Blog : www.camdenfamily.com/morpheus/blog
Yahoo IM : morpheus
"My ally is the Force, and a powerful ally it is." - Yoda
> -----Original Message-----
> From: Jeff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 7:45 AM
> To: CF-Talk
> Subject: [cflogin] My Symptoms and my application.cfm code...
>
>
> There has to be something here I'm just not seeing. With this
> in the admin directory I'm thinking that if you tried to go
> to any page and weren't logged in or had a cookie, you'd be
> redirected to the login page, otherwise, you'd have a cookie
> and you'd be able to access the page fine. Or...you could
> simply be coming from the login page and actually logging in.
>
> However, whenever I type http://localhost/MySite/admin/ I get
> nothing. The page just sits there for a second "loading" and
> then it just stops, and says, "done". Most puzzling, and
> kinda hard to debug.
>
> Any ideas?
>
> <cfapplication clientmanagement="yes" sessionmanagement="yes"
> name="Login">
>
> <cfset RedirectFlag = "0">
> <CFSET Application.DataSource = "MyDSN">
>
> <!--- If you're not logged in, you step inside this code
> block ---> <cflogin>
> <!--- Then, you're not logged in, so we check for the cookie
> ---> <cfif NOT isDefined("COOKIE.LogInID")>
> <!--- If the cookie isn't defined, then check for the form
> variables --->
> <cfif IsDefined("FORM.LoginPassword") AND
> IsDefined("FORM.LoginUsername")>
> <!--- If form variables are found, step into here
> and start looking for the logging in user --->
> <cfquery name="FormLogin"
> datasource="#Application.DataSource#">
> SELECT *
> FROM tblAdmin
> WHERE (admin_username = '#FORM.LoginUsername#')
> AND (admin_password = '#FORM.LoginPassword#') AND (admin_status=1)
> </cfquery>
> <!--- If the RecordCount is 1, log in the user --->
> <cfif FormLogin.RecordCount EQ 1>
> <!--- Log Them In --->
> <cfloginuser name="#FormLogin.admin_username#"
> password="#FormLogin.admin_password#" roles="#FormLogin.admin_role#">
> <!--- Check to see if they checked the SaveInfo checkbox
> and if so, set it to their Primary Key ID --->
> <cfif isDefined("FORM.SaveInfo")>
> <cfcookie name="LogInID"
> value="#FormLogin.admin_id#" expires="never">
> </cfif>
> <!--- Setting that Redirect Flag since I stepped
> in here and got logged in --->
> <cfset RedirectFlag = "1">
> <!--- Then redirect to protected index page --->
> <cfelseif FormLogin.RecordCount EQ 0>
> <cfset ErrorMessage = 1>
> </cfif>
> </cfif>
> <!--- The form variables weren't found nor was a cookie
> found, so you're not logged in --->
> <cfset RedirectFlag = "2">
> <cfelseif isDefined("COOKIE.LogInID")>
> <!--- Else the cookie WAS found, so we'll step in here
> and take the cookie's LoginID value to log in --->
> <cfquery name="CookieLogin" datasource="#Application.DataSource#">
> SELECT *
> FROM tblAdmin
> WHERE (admin_id = #COOKIE.LogInID#) AND
> (tblAdmin.admin_status=1)
> </cfquery>
> <!--- If the RecordCount is 1, log in the user --->
> <cfif CookieLogin.RecordCount EQ 1>
> <cfloginuser name="#CookieLogin.admin_username#"
> password="#CookieLogin.admin_password#"
> roles="#CookieLogin.admin_role#">
> <!--- Setting that Redirect Flag since I stepped in
> here and got logged in --->
> <cfset RedirectFlag = "3">
> <cfelseif CookieLogin.RecordCount EQ 0>
> <cfset ErrorMessage = 2>
> </cfif>
> </cfif>
> </cflogin>
>
> <cfif RedirectFlag EQ "1">
> <cflocation url="index.cfm">
> <cfelseif RedirectFlag EQ "2">
> <cflocation url="login.cfm" addtoken="no">
> </cfif>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community.
http://www.fusionauthority.com/ads.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
