Argh.
I have tried both the GlobalCorp and CFHub examples for securing an
application to no avail.
I keep getting sent back to the login page. I have verified that I am
using the correct user id and password.
I bet there is something small I am overlooking. I've been at it for 2
days off and on. I hate to admit defeat.
Sorry, this will be a long one.
Let me address the CFHub method as it is the most simplistic.
Given:
Datasource: mydatasource (MSAccess)
Table: AdminAuthorize
Fields Data Type
RecID Autonumber
UserID Number
Password Text
Source Code: (3 docs: application.cfm, login.cfm, index.cfm)
application.cfm
<CFAPPLICATION NAME="Security_Test"
CLIENTMANAGEMENT="YES"
SESSIONMANAGEMENT="YES"
SESSIONTIMEOUT=#CreateTimespan(0,0,30,0)#>
login.cfm
<html>
<body>
<CFIF isDefined('Form.UserName')>
<!---This query looks for the UserName and Password that was
entered in the login form. If it does not find a match
the 'RecordCount' will be 0 and you will know that the user
should not be given access.--->
<CFQUERY datasource="mydatasource" name="Check">
SELECT *
FROM AdminAuthorize
WHERE UserID = #Form.UserID#
AND Password = '#Form.Password#'
</CFQUERY>
<!---Check whether a UserName/Password was found--->
<CFIF #Check.RecordCount# IS 0>
<!--- we have an invalid request because there were
no matching UserName/Password in the DataBase--->
Sorry, Invalid Password
<CFELSE>
<!--- we have at least one match so we give them two
variables. Auth and Admin that we can use later
to determine whether they are allowed to view pages
or not. A secure page needs to verify that Auth is
'Yes' and can then use Admin to display the UserName--->
<!---Set there 'Authorization level' to 'Yes'--->
<CFSET Session.Auth ='Yes'>
<!---Store their UserName in the Admin variable if you
want to display their name to them on a page later--->
<CFSET Session.Admin =Form.UserID>
<!---The user is now logged in. Send them to your
application--->
<CFLOCATION url="index.cfm">
</CFIF>
<!---Display the login form --->
<CFELSE>
<H1>Login</H1>
Please Log in Below.
<cfoutput>
<FORM method="post" action="login.cfm">
User ID: <INPUT type="text" name="UserID"><BR>
Password: <INPUT type="Password" name="Password"><BR>
<INPUT type="submit" value="Log In">
</FORM>
</cfoutput>
</CFIF>
</body>
</html>
index.cfm
<html>
<body>
<CFIF isDefined("Session.Auth") is NOT TRUE>
<CFLOCATION url="login.cfm">
<CFELSE>
Anything here is Viewable only
by those who have Session.Auth set to "TRUE"
</cfif>
</body>
</html>
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
