RE: Login forms

Mon, 28 Jan 2002 23:54:10 -0800 

This is actually the way we do it too. But we also include all form
variables comming with the original request.

Pascal

-----Original Message-----
From: Gilbert, Chris [mailto:[EMAIL PROTECTED]]
Sent: maandag 28 januari 2002 21:14
To: CF-Talk
Subject: RE: Login forms


My preferred approach is to leverage Application.cfm since it will
always be
invoked for any page. I'd make my Application.cfm look something like
this:

<!--- 1) Test session scope variable to see if the user has already been
authenticated --->
<cfset Request.loggedin = "">
<cflock scope="Session" timeout="10" type="ReadOnly">
        <cfif isdefined("Session.loggedin")>
        <cfset Request.loggedin=Session.loggedin>
        </cfif>
</cflock>

<!--- 2) If the user isn't logged in and FORM.user and FORM.password
exist,
then the user is trying to log in right now so try to authenticate them
--->
<cfif Len(Request.loggedin) eq 0 and IsDefined("FORM.user") and
IsDefined("FORM.password")>
        <!---
                 ...database query, CFSWITCH, LDAP call...whatever, just
set
Request.loggedin to something on success
                --->
                <cfif Len(Request.loggedin) gt 0>
                        <cflock scope="Session" timeout="10"
type="Exclusive">                               <cfset Session.loggedin=
Request.loggedin>
                </cflock>
                </cfif>

</cfif>

<!--- 3) If the user still isn't logged in, display a login form with
action
set to "#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#" and method set to POST and
then call CFABORT --->
<cfif Len(Request.loggedin) eq 0>
        <cfoutput>
        <form action="#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#"
method="POST">
                <table border="0">
                        <tr>
                                <td>User Name:</td>
                                <td><input type="text" name="user">
                                </tr>
                                <tr>
                                        <td>Password:</td>
                                        <td><input type="password"
name="password">
                                </tr>
                                <tr>
                                        <td>&nbsp;</td>
                                        <td><input type="submit"
value="Submit"></td>
                                </tr>
                </table>
</form>
</cfoutput>
<cfabort>
</cfif>

-Chris Gilbert, Random House
[EMAIL PROTECTED]
______________________________________________________________________
Get Your Own Dedicated Windows 2000 Server
  PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER
  Instant Activation � $99/Month � Free Setup
  http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to