Good point... Maybe I'll just say "Wrong Paco"
OK now for the dumb question. Where do I add the code??? >>>>I just think it would be nice to tell the visitors what went wrong. >(Wrong username, password, or both). >I wouldn't recommend doing that. If someone is trying to gain illicit access >to your site, your providing them with helpful information. For example, if >you tell them they got their username right, then they just have to brute >force attack the form with random passwords until they get in. >However, if you still want to do this, it's pretty easy. > >First check in one query to see if the user name is in the database then if >it is in a second query see if that username and password are both in the >database in the same record. > >If it is, then log them in. > >If they pass the first query test, but not the second, then you know they >entered the right username, but wrong password, this can be verified by >checking the queryname.RecordCount on the first query. If it's GT 0 they >have a username in the database. > >If they fail the first one, then they inherently failed the second test, so >you can pass back a message stating they entered an invalid >username/password combination. > >=] > >-- >Alan Rother >Adobe Certified Advanced ColdFusion MX 7 Developer >Manager, Phoenix Cold Fusion User Group, AZCFUG.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324829 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
