Andrew - Tried your suggestion, no change Al - Tried your suggestion, different error message:
"Invalid CFML construct found on line 5 at column 33 5: applicationtimeout="#CreateTimeSpan(0,2,0,0)#" />" Which according to my text-editor is the between the 'e' in Create and 'T' in Timespan. I will go ahead and post the login pages that I found (at http://tutorial8.easycfm.com/index.cfm?fuseaction=community). I made only the simplest of changes to the existing code, namely changing the datasource name to reflect what I have set up in Administrator and the field/database names, and the 'members_only.cfm' goal-page to index.cfm. I have also removed the developer's comments for brevity: <!--- APPLICATION.CFM ---> <cfapplication name="MyApp" clientmanagement="Yes" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0,0,15,0)# applicationtimeout="#CreateTimeSpan(0,2,0,0)# /> <cffunction name="onApplicationStart" returnType="boolean" output="false"> <cfset StructClear(application)/> <cfset APPLICATION.name = "myApp"> <cfset APPLICATION.dsn = "test"> <cfreturn true> </cffunction> <CFPARAM NAME="session.allowin" DEFAULT="false" /> <CFPARAM NAME="session.user_id" DEFAULT="0" /> <cfif session.allowin neq "true"> <cfif ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm"> <cfelseif ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm"> <cfelse> <script> alert("You must login to access this area!"); self.location="login.cfm"; </script> </cfif> </cfif> <!---LOGIN.CFM---> <form action="login_process.cfm" method="post"> Username: <input type="text" name="user_name" value=""><BR /> Password: <input type="password" name="user_pass" value=""><BR /> <input type="submit" name="login_user" value="Log In"><BR /> </form> <!---LOGIN_PROCESS.CFM---> <cfquery name="qVerify" datasource="#APPLICATION.dsn#"> SELECT clientID, clientName, clientPass FROM CLIENTS WHERE clientName = '#clientName#' AND clientPass = '#clientPass#' </cfquery> <cfif qVerify.RecordCount> <cfset session.allowin = "True" /> <cfset session.user_id = qVerify.user_id /> <script> alert("Welcome user, you have been successfully logged in!"); self.location="/index.cfm"; </script> < cfelse> <script> alert("Your credentials could not be verified, please try again!!!"); self.location="Javascript:history.go(-1)"; </script> </cfif> Also a big thanks to Justin for pointing out the security flaws and if you see any in this new example please point them out to me as it will be going into a production environment when all is said and done. I'm still a little sketchy on the various types of variables (url, cgi, session, etc.) but any layman's explanation on what role these might play in opening security gaps would be of great interest to me as I need to make this site very secure. Thanks again for all your help and I look forward to your new responses. :) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353865 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
