You have no ending double quote on the two timeout attributes: > sessiontimeout="#CreateTimeSpan(0,0,15,0)# > applicationtimeout="#CreateTimeSpan(0,2,0,0)# />
that means the parser is rolling along trying to find the other end of the quoted section. It should be: sessiontimeout="#CreateTimeSpan(0,0,15,0)#" applicationtimeout="#CreateTimeSpan(0,2,0,0)#" /> Kym On 15/01/2013 09:25, B Griffith wrote: > > Andrew - Tried your suggestion, no change > Al - Tried your suggestion, different error message: > > "Invalid CFML construct found on line 5 at column 33 > > 5: applicationtimeout="#CreateTimeSpan(0,2,0,0)#" />" > > Which according to my text-editor is the between the 'e' in Create and 'T' in > Timespan. > > I will go ahead and post the login pages that I found (at > http://tutorial8.easycfm.com/index.cfm?fuseaction=community). I made only > the simplest of changes to the existing code, namely changing the datasource > name to reflect what I have set up in Administrator and the field/database > names, and the 'members_only.cfm' goal-page to index.cfm. I have also > removed the developer's comments for brevity: > > <!--- APPLICATION.CFM ---> > <cfapplication name="MyApp" > clientmanagement="Yes" > sessionmanagement="Yes" > sessiontimeout="#CreateTimeSpan(0,0,15,0)# > applicationtimeout="#CreateTimeSpan(0,2,0,0)# /> > > <cffunction name="onApplicationStart" returnType="boolean" output="false"> > <cfset StructClear(application)/> > <cfset APPLICATION.name = "myApp"> > <cfset APPLICATION.dsn = "test"> > <cfreturn true> > </cffunction> > > <CFPARAM NAME="session.allowin" DEFAULT="false" /> > <CFPARAM NAME="session.user_id" DEFAULT="0" /> > > <cfif session.allowin neq "true"> > <cfif ListLast(CGI.SCRIPT_NAME, "/") EQ "login.cfm"> > <cfelseif ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm"> > <cfelse> > <script> > alert("You must login to access this area!"); > self.location="login.cfm"; > </script> > </cfif> > </cfif> > > <!---LOGIN.CFM---> > > <form action="login_process.cfm" method="post"> > Username: <input type="text" name="user_name" value=""><BR /> > Password: <input type="password" name="user_pass" value=""><BR /> > <input type="submit" name="login_user" value="Log In"><BR /> > </form> > > <!---LOGIN_PROCESS.CFM---> > > <cfquery name="qVerify" datasource="#APPLICATION.dsn#"> > SELECT clientID, clientName, clientPass > FROM CLIENTS > WHERE clientName = '#clientName#' > AND clientPass = '#clientPass#' > </cfquery> > > <cfif qVerify.RecordCount> > <cfset session.allowin = "True" /> > <cfset session.user_id = qVerify.user_id /> > <script> > alert("Welcome user, you have been successfully logged in!"); > self.location="/index.cfm"; > </script> > < cfelse> > <script> > alert("Your credentials could not be verified, please try again!!!"); > self.location="Javascript:history.go(-1)"; > </script> > </cfif> > > Also a big thanks to Justin for pointing out the security flaws and if you > see any in this new example please point them out to me as it will be going > into a production environment when all is said and done. I'm still a little > sketchy on the various types of variables (url, cgi, session, etc.) but any > layman's explanation on what role these might play in opening security gaps > would be of great interest to me as I need to make this site very secure. > > Thanks again for all your help and I look forward to your new responses. :) > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353870 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
