For starters, this statement evaluates to true, even if you put total junk
in the text fields:
"<cfif Password IS Password AND LoginName IS LoginName>"
so as far as the template is concerned, the person logged in. So, it
displays the info, just minus the actual details because the query will
fail, because the junk in the text fields doesn't match anything in the
database.
Instead, how about something like this?
<!--- Assigns blank values in case they didn't enter anything in one of the
fields --->
<cfparam name="Form.LoginName" default="">
<cfparam name="Form.Password" default="">
<!--- standard query stuff --->
<cfquery datasource="GradTrack" Name="GradDetails">
SELECT LoginName, Password, Name, Birthday, Age, PictureName,
StreetAddress, etc, etc, etc, ...
FROM Grad94
WHERE LoginName='#Form.LoginName#' AND Password='#Form.Password#'
</cfquery>
<!--- If the query returned a row, then that means the LoginName/Password
combo was found in the database, which means that's the correct login stuff,
so do whatever you do when someone makes it in. Otherwise, do your 'login
error' stuff --->
<cfif GradDetails.RecordCount>
Yay! You are logged in.
<cfelse>
Oops! Login failed.
</cfif>
Make sure to scope all of your variables too. I.E. If you have a variable
that was creadted through a form submission, stick 'Form' in front of it,
etc.
Todd
----- Original Message -----
From: "Mark Smeets" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 31, 2000 10:36 PM
Subject: login verification problem
> Hi,
>
> Here's my problem, I've got a login page, in which when you login, you are
> presented with your specific details that you filled out etc...
>
> Now, the problem is, if I just put in whatever text for the login and the
> password (obviously not stored in the database under that persons entry)
> instead of getting an error, I get the output page but just no details.
Not
> something I want to have happen.
>
> Here's what I have for code;
>
> I need a way to check and see if the form entry is being checked against
the
> database entry.
>
> <cfif LoginName IS NOT LoginName>
>
> You are attempting to gain access into a restricted area.
> </cfif>
>
> <cfif Password IS NOT Password>
>
> You are attempting to gain access into a restricted area.
> </cfif>
>
> <cfif Password IS Password AND LoginName IS LoginName>
>
> <CFQUERY DATASOURCE = "GradTrack" Name="GradDetails">
> SELECT LoginName,
> Password,
> Name,
> Birthday,
> Age,
> PictureName,
> StreetAddress,
> City,
> Country,
> Phone,
> Email,
> WebSite,
> Question2,
> Question3,
> Question4,
> Question7,
> Question8,
> Question9,
> Question10,
> Question11,
> Question12,
> Question13,
> Question14,
> Question15,
> Question16,
> Question17,
> GeneralComments,
> EmailList,
> ICQ
> FROM Grad94
> WHERE (LoginName='#LoginName#' AND Password='#Password#')
> </cfquery>
>
> and of course, the HTML goes below here for the output etc...and its
closed
> off with the </CFIF> tag (not put in, just to save space), so the process
> works however it'll process anything for a login but just won't output
> anything when the login and password is wrong.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
