>- see footer for list info -<
>>> [EMAIL PROTECTED] 18/10/2006 10:15 >>>
I'm not sure that you need the isDefined for form.entered_username. If
this is a form text field then it should be defined by virtue of
submitting the form.. so the len(trim() test should suffice?
>>>Snip<<<
I disagree, a user can just navigate or bookmark the second page and get there
without making any submission; or a scriptkiddie or bot can create it's own
form submission to your page. IsDefined is always good in this case.
Alternatively, declare it as a cfparam at the top and remove the IsDefined
check.
On 10/18/06, Paul Swingewood <[EMAIL PROTECTED]> wrote:
> >- see footer for list info -<
> So just to recap on this IsDefined thing .....
>
> I do this ...
>
> <cfset sp = "cfpages_Authenticate">
> <!--- Has the user entered a username and is it not equal to "" --->
> <cfif isDefined("form.entered_username") AND
> Len(Trim(form.entered_username))>
> <cfstoredproc procedure="#sp#" datasource="#Application.BackendDSN#">
> <!--- Apllication ID --->
> <cfprocparam
> cfsqltype="cf_sql_varchar"
> value="#Application.ID#">
> <!--- LoginName --->
> <cfprocparam
> cfsqltype="cf_sql_varchar"
> value="#form.entered_username#">
> <!--- Password --->
> <cfprocparam
> cfsqltype="cf_sql_varchar"
> value="#form.entered_password#">
> <cfprocresult
> name="SP_Results">
> </cfstoredproc>
>
> <cfoutput>
> <cfif SP_Results.RecordCount LT 1>
> <cffile action="Append"
> file="#application.AdminLog#"
> output="#DateFormat("#Now()#")#, #TimeFormat("#Now()#")# ACCESS
> DENIED! username = #trim(form.entered_username)#">
> <!--- Kill the login --->
> <cfset tmp2 = StructDelete(session, "loggedin")>
> <cflocation url="password.cfm">
> <cfelse>
> <cffile action="Append"
> file="#application.AccessLog#"
> output="#DateFormat("#Now()#")#,
> #TimeFormat("#Now()#")#, LOGIN (SP)-
> #SP_Results.usersname#">
> <cfset session.loggedin="1">
> <cfset session.user = "#SP_Results.UsersName#">
> <cfset session.ID = "#SP_Results.UserIDPK#">
> <cfset session.Role = "#SP_Results.FKRoleID#">
> <!--- Is this a school? --->
> <CFQUERY NAME= "GetSchoolInfo"
> DATASOURCE="#Application.SchoolsDSN#">
> SELECT DFESNoFK
> FROM tblSchools
> WHERE SchoolName = '#Session.User#'
> </CFQUERY>
> <cfif GetSchoolInfo.RecordCount gt 0 >
> <!--- Record match so this must be a school
> --->
> <cfset session.DFESNo = GetSchoolInfo.DFESNoFK>
> </cfif>
>
> <cflocation url="../default.cfm?ID=1">
> </cfif>
> </cfoutput>
> </cfif>
>
> <!--- If you are here then a blank form was submitted --->
> <!--- take the user back to the login page --->
> <cflocation url="password.cfm">
>
>
>
>
> I then use
>
> <!--- Is user logged in ? --->
> <cfif not isdefined("session.loggedin")>
> <cflocation url="login/password.cfm">
> </cfif>
>
> On every page to check for login...
>
> IS this OK or should I use the structKey thing ...?
>
>
> Regards - Paul
>
>
> >From: "Stephen Moretti" <[EMAIL PROTECTED]>
> >Reply-To: Coldfusion Development <[email protected]>
> >To: "Coldfusion Development" <[email protected]>
> >Subject: Re: [CF-Dev] Grouping and formatting ...?
> >Date: Mon, 16 Oct 2006 15:51:54 +0100
> >
> >>- see footer for list info -<
> >On 16/10/06, Mark Smyth <[EMAIL PROTECTED]> wrote:
> >>
> >> >- see footer for list info -<
> >>
> >>Cheers for that Stephen
> >>
> >>I'll shut up then :)
> >>
> >
> >heh heh - a mine of useless information thats me.... ;)
> >_______________________________________________
> >
> >For details on ALL mailing lists and for joining or leaving lists, go to
> >http://list.cfdeveloper.co.uk/mailman/listinfo
> >
> >--
> >CFDeveloper Sponsors:-
> >>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
> >>- Lists hosted by www.Gradwell.com -<
> >>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
>
>
> _______________________________________________
>
> For details on ALL mailing lists and for joining or leaving lists, go to
> http://list.cfdeveloper.co.uk/mailman/listinfo
>
> --
> CFDeveloper Sponsors:-
> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
> >- Lists hosted by www.Gradwell.com -<
> >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
>
--
Rich
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
Duncan Cumming
New Media Developer
Customer Relations Management / Education
Fife Council
700 4105 / 01592 414105
**********************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed and
should not be disclosed to any other party.
If you have received this email in error please notify your system manager and
the sender of this message.
This email message has been swept for the presence of computer viruses but no
guarantee is given that this e-mail message and any attachments are free from
viruses.
Fife Council
Tel: 08451 55 00 00
************************************************
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
