In your code it looked like the IF's were nested incorrectly. If you
query where username=X and password=Y ..the result set you get back is
guaranteed to have a username of X and a password of Y ...so their is no
need to check in your IF conditions.
Your code could be written more compactly like below. I change the
check on record count to use exactly one (instead of MaxRows=1), Just in
case their are every more than one records in the results set. Your
database should have some constraints not allow this to happen...but
better safe than sorry...and it dosen't incur a performance hit.
BUT, the one big problem I see here is if I ever log in then bookmark
the page "webmaster.cfm" I will be able to come back to it. Because,
in this logon procedure you don't seem to be setting any session
variables something like "Session.logonName = logon.username" so that on
the webmaster.cfm page you could include a check to see if the variable
exists ...and if not kick the user back to the logon page.
<!---authenticate the user against the database--->
<CFQUERY NAME="login" DATASOURCE="Jokes">
SELECT username, password
FROM WordJokes
WHERE WordJokes.username = '#form.username#' AND
WordJokes.password = '#form.password#'
</CFQUERY>
<CFIF LOGIN.RECORDCOUNT EQ 1>
<CFLOCATION URL="webmaster.cfm">
<CFELSE IF Logon.RecordCount GT 1>
<cflocation URL="logDataIntegrityError.cfm">
<cfelse>
<CFLOCATION URL="login.cfm?errorType=badLogon">
</cfif>
Anyway, hope this helps.
-eric
------------------------------------------------
Common sense is genius dressed in its working clothes.
-- Ralph Waldo Emerson
Eric Barr
Zeff Design
(p) 212.714.6390
(f) 212.580.7181
-----Original Message-----
From: Hubert Earl [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 02, 2001 5:55 AM
To: CF-Talk
Subject: Problem with login code
Hi everyone,
The code below is a loginaction template. It's supposed to give an
error
message if the wrong id or password is given on a login form, or if
either
or both aren't given. Instead, it only gives the message if something
is
missing. If something is wrong, it simply sends the user back to the
login
page, with no error message. Is it possible to 'tweak' the code to get
it
to work (and if so, can you please suggest how to do so), or is there
something so fundamentally wrong with it that it needs to be rewritten
from
scratch?
<!---authenticate the user against the database--->
<CFQUERY NAME="login" DATASOURCE="Jokes" MAXROWS="1">
SELECT username, password
FROM WordJokes
WHERE WordJokes.username = '#form.username#' AND
WordJokes.password = '#form.password#'
</CFQUERY>
<CFIF LOGIN.RECORDCOUNT GT 0>
<CFIF LOGIN.PASSWORD IS FORM.PASSWORD>
<!---user has been authenticated; send the user to the proper page--->
<CFLOCATION URL="webmaster.cfm">
<CFELSE>
<!---login failed -- send them back to the login screen--->
<CFSET ERRORMESSAGE="You must enter a valid password and user name to
enter this site">
<CFLOCATION URL="login.cfm">
</CFIF>
<CFELSE>
<!---login failed - send them back to the login page--->
<CFSET ERRORMESSAGE="You must enter a valid password and user name to
enter this site">
<CFLOCATION URL="login.cfm">
</CFIF>
Sincerely,
---
Hubert Earl
ICQ#: 16199853
See pictures of items in my Jamaican Art, Craft & More Store Online Sale
on
my "Me" page on eBay (this tells you a little about myself, including a
photo), and there's a link to the auctions themselves:
http://members.ebay.com/aboutme/hearl1/
See pictures of all items I have:
http://www.angelfire.com/ny/hearl/link_page_on_angelfire.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
