My preferred approach is to leverage Application.cfm since it will always be
invoked for any page. I'd make my Application.cfm look something like this:
<!--- 1) Test session scope variable to see if the user has already been
authenticated --->
<cfset Request.loggedin = "">
<cflock scope="Session" timeout="10" type="ReadOnly">
<cfif isdefined("Session.loggedin")>
<cfset Request.loggedin=Session.loggedin>
</cfif>
</cflock>
<!--- 2) If the user isn't logged in and FORM.user and FORM.password exist,
then the user is trying to log in right now so try to authenticate them --->
<cfif Len(Request.loggedin) eq 0 and IsDefined("FORM.user") and
IsDefined("FORM.password")>
<!---
...database query, CFSWITCH, LDAP call...whatever, just set
Request.loggedin to something on success
--->
<cfif Len(Request.loggedin) gt 0>
<cflock scope="Session" timeout="10"
type="Exclusive">
<cfset Session.loggedin = Request.loggedin>
</cflock>
</cfif>
</cfif>
<!--- 3) If the user still isn't logged in, display a login form with action
set to "#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" and method set to POST and
then call CFABORT --->
<cfif Len(Request.loggedin) eq 0>
<cfoutput>
<form action="#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" method="POST">
<table border="0">
<tr>
<td>User Name:</td>
<td><input type="text" name="user">
</tr>
<tr>
<td>Password:</td>
<td><input type="password"
name="password">
</tr>
<tr>
<td> </td>
<td><input type="submit"
value="Submit"></td>
</tr>
</table>
</form>
</cfoutput>
<cfabort>
</cfif>
-Chris Gilbert, Random House
[EMAIL PROTECTED]
-----Original Message-----
From: Chris Luksha [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 12:24 PM
To: CF-Talk
Subject: RE: Login forms
So far I seem to be getting great responses, but
none seem to
address the actual problem. I want the user to be sent to
the page
that he
originally requested after logging in. It should not matter
what page
he
tried to get to. He should go to that page, not a page that
is
programmed
statically into the login page.
I do not want the user to ALWAYS go to addphot.cfm
for example, but
he might go to deletephotos.cfm or updatepreferences.cfm.
This should
all
depend upon the page he tried to get to, not a preset page.
The user may just be getting in for the first time
that day and
trying to skip past the login, or the user may have sent a
link to the
page,
to a client, but I don't want the client to get there w/o
first logging
in.
I hope this makes sense. I am checking out the script from
macromedia,
just
having a hard time getting in.
Thanks
Chris
-----Original Message-----
From: Jeffry Houser [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 12:18 PM
To: CF-Talk
Subject: Re: Login forms
Yes, this is a common application. I describe how to do
this in
Instant
ColdFusion (my 1st book), but the basics are:
Create a log-in page. When the user logs in, set a
session variable,
something along the lines of 'IsLoggedIn' or if you are
dealing with
group
level access, I like to us a list of the groups the user
belongs to.
In the application.cfm in the subdirectory (Make sure your
cfapplication
tags have the same name) check the access like this:
<cfif session.isloggedin is false>
<cflocation back to login page> ( <-- not exact code )
</cfif>
At 11:52 AM 01/28/2002 -0500, you wrote:
>I am new to CF and wondering if there is a way to have a
login page
that
>would be accessed when a user comes to any page in the
application,
(Say
>they bookmarked a page deeper than the root,) and the user
would be
sent
to
>the originally requested page after logging in.
>
>ie.
>User goes to
<http://www.webaddress.com/photos/addphoto.cfm>
>ww.webaddress.com/photos/addphoto.cfm or showphots.cfm
>User is sent to to <http://www.webaddress.com/photos>
>ww.webaddress.com/photos/login.cfm
>After logging in user is replaced to
><http://www.webaddress.com/photos/addphoto.cfm>
>ww.webaddress.com/photos/addphoto.cfm or showphotos.cfm
respectively.
>
>Thanks for any help in advance.
>Chris
>
--
Jeffry Houser | mailto:[EMAIL PROTECTED]
AIM: Reboog711 | ICQ: 5246969 | Fax / Phone: 860-223-7946
--
Need a Web Developer? Contact me!
My Book: Instant ColdFusion 5 |
http://www.instantcoldfusion.com
My New Book: ColdFusion: A Beginner's Guide February 2002
--
Far Cry Fly, Alternative Folk Rock
http://www.farcryfly.com | http://www.mp3.com/FarCryFly
______________________________________________________________________
Dedicated Windows 2000 Server
PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER
Instant Activation � $99/Month � Free Setup
http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
