I inherited an application and I need to know how to make this particular
piece of code go into an Appication or Session variable: What this is doing
is grabbing the login name of the user on the machine and then it appends it
to a URL variable. Problem is, I can change the URL variable once I am
logged in and impersonate any user I want, including user ID's that do not
exist. This is NOT the way to go since we are tracking the user by this URL
variable.
<cfoutput>
<object classid="CLSID:4F021AE3-9E98-11D0-A808-00C04FDCD94A"
id="NWDir1"
width=32
height=32
name="Login"
Action="Create">
</object>
<script language="VBScript">
Dim vbuser
Sub Window_OnLoad()
On Error Resume next
vbuser = NWDir1.LoginName
vbuser = StrReverse(vbuser)
initInd = InStr(vbuser, Chr(92))
if initInd <> 0 Then
vbuser = Left(vbuser, initInd-1)
vbuser = StrReverse(vbuser)
End if
// REDIRECTION beware
document.location.href = "DONE.cfm?docookietest=" + vbuser
Exit sub
End Sub
</script>
<cfabort>
</cfoutput>
--
Bruce Sorge
"I'm a mawg: half man, half dog. I'm my own best friend!"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:267743
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
