:hmms
If you've got advanced security, and an user database, why not just use this
code [below] ?
The cgi.* variables are all open to modification by the client...
It even handles cross-session perment unique id's by username.
This allows generlised access provided they have a passwd/username in the
user directory, then I just cfinclude the following in each 'admin' page.
I think its quite flexable, I just create a different UserObject, and
include a slightly modified security.cfm for each seperate restricted
area...
--------security.cfm---------
<cfif #IsProtected("UserObject","Manage","execute")# and
IsAuthorized("UserObject","Manage","execute")>
<!--- OK to access --->
<cfelse><cfoutput>
You do not have permissions to access these pages as the user
#cookie.username#<br>
Local security error: #IsProtected("UserObject","Manage","execute")#
and #IsAuthorized("UserObject","Manage","execute")# at #cgi.script_name#<p>
If you feel this is incorrect contact <a
href="mailto:[EMAIL PROTECTED]">Thomas Chiverton</a>, quoting this
message
</cfoutput>
<cfabort>
</cfif>
----------------------application.cfm
<!---App:<br>--->
<cfset redir=cgi.script_name>
<!---<cfoutput>#redir#</cfoutput>
<cfoutput>Are we: #IsAuthenticated()#, </cfoutput>--->
<cfparam name="haveuser" default="Yes">
<cfif IsDefined("Cookie.username")>
<cfset username=Cookie.username>
<cfelse>
<cfset username="">
<cfif IsDefined("Form.username")>
<cfset username=Form.username>
<cfcookie name="username" value="#Form.username#"
expires="10">
<cfelse>
<cfset haveuser="No">
</cfif>
</cfif>
<cfset key = "eoij"&"#username#"&"dshg">
<cfparam name="havepass" default="Yes">
<cfif IsDefined("Cookie.password")>
<cfset
pass=decrypt("#tostring(tobinary("#Cookie.password#"))#","#key#")>
<cfelse>
<cfset password="">
<cfif IsDefined("Form.password")>
<cfset pass=Form.password>
<cfcookie name="password"
value="#tobase64(encrypt("#Form.password#","#key#"))#" expires="10">
<cfelse>
<cfset havepass="No">
</cfif>
</cfif>
<!---
cookie:<cfoutput><cfif IsDefined("cookie.username")>
#cookie.username# = #cookie.password#<br>
</cfif></cfoutput>
form:<cfoutput><cfif IsDefined("form.username")>
#form.username# = #form.password#<br>
</cfif></cfoutput>
--->
<cfif not IsAuthenticated()>
<cfif haveuser and havepass>
<cftry>
<cfauthenticate securitycontext="PS_Private"
username="#username#"
password="#pass#"
setcookie="yes">
<cfcatch type="Security">
Failed auth !
<cflocation url="#redir#">
</cfcatch>
</cftry>
<cfif IsAuthenticated()>
<cfset Auth="Yes">
</cfif>
</cfif>
<cfif not IsDefined("Auth")>
<html>
<head>
<link rel=Stylesheet type="text/css" href="/styles.css">
<LINK REL="SHORTCUT ICON" href="http://www.uk.exodus.net/page.ico">
<title>Please log in</title>
</head>
<body bgcolor=white>
Please login <cfif IsAuthenticated()>again to confirm</cfif>
<cfoutput><form action="#redir#" method=post></cfoutput>
<table><tr>
<td>Username:</td><td><input type=text name=username></td>
</tr>
<tr>
<td>Password:</td><td><input type=password
name=password></td>
</tr>
<tr>
<td colspan=2><input type=submit value=LOGIN></td>
</tr>
</table>
</form>
<font size="-1">These are the same as your normal Exodus network
(domain) logon<br>
</font>
</body>
</html>
<cfabort>
</cfif>
</cfif>
<cfapplication name="exdsTEST1"
sessionmanagement="Yes"
clientmanagement="Yes"
setclientcookies="Yes"
>
<!--- make a unique userid and set in session.userid
if not in db (select * from userid where username=cookie.username)
choose an uniuque id (cftoken)
store in db
session.userid=id
else
select id from userid where username=cookie.username
session.userid=id
fi
--->
<cfquery name=IsInDB datasource=userid>
select * from userid where username='#cookie.username#'
</cfquery>
<cfif Len ("#IsInDB.username#") lt 2>
<!--- New user --->
<cfset session.userid = "#client.cftoken#">
<cfx_DomainUser domain="Sol" user="#cookie.username#"
var="FullName">
<cfset space=FindOneOf(" ",FullName)>
<cfset first=Left(FullName,Evaluate("#space#-1"))>
<CFSET rest=Right(FullName,Evaluate("#Len(FullName)#-#space#"))>
<cfquery name=Store datasource=userid>
insert into userid values
(#session.userid#,'#cookie.username#','#first#','#rest#')
</cfquery>
<cfelse>
<!--- return user = --->
<cfset session.userid = IsInDB.userid>
</cfif>
<cfif #IsProtected("UserObject","Display","execute")# and
IsAuthorized("UserObject","display","execute")>
<!--- OK to access --->
<cfelse><cfoutput>
You do not have permissions to access these pages as the user
#cookie.username#<br>
Application error: #IsProtected("UserObject","display","execute")#
and #IsAuthorized("UserObject","display","execute")# at #cgi.script_name#<p>
If you feel this is incorrect contact <a
href="mailto:[EMAIL PROTECTED]">Thomas Chiverton</a>, quoting this
message
</cfoutput>
<cfabort>
</cfif>
<!---<br>END APP<p>--->
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
