Application.cfm:
<CFAPPLICATION NAME="ISFA"
CLIENTMANAGEMENT="Yes"
SESSIONMANAGEMENT="Yes"
SETCLIENTCOOKIES="Yes"
SESSIONTIMEOUT="#CreateTimeSpan(0,0,15,0)#"
APPLICATIONTIMEOUT="#CreateTimeSpan(0,2,0,0)#">
<CFERROR MAILTO="[EMAIL PROTECTED]"
TYPE="Request" TEMPLATE="custom_error.cfm">
<CFSET web_db = "newmedia">
<CFSET yearNow=DateFormat(Now(),"YYYY")>
<cfsetting showdebugoutput="No">
-----------------------------------------------------------
Login page:
<cfif IsDefined("FORM.login")>
<cfset MM_redirectLoginSuccess="school_admin.cfm">
<cfset MM_redirectLoginFailed="logon_fail.cfm">
<cfquery name="MM_rsUser" datasource="#web_db#">
SELECT Login,Password FROM ISFA WHERE Login='#FORM.login#' AND
Password='#FORM.pword#'
</cfquery>
<cfif MM_rsUser.RecordCount NEQ 0>
<cftry>
<cflock scope="Session" timeout="30" type="Exclusive">
<cfset Session.MM_Username=FORM.login>
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfif IsDefined("URL.accessdenied") AND false>
<cfset MM_redirectLoginSuccess=URL.accessdenied>
</cfif>
<cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
<cfcatch type="Lock">
<!--- code for handling timeout of cflock --->
</cfcatch>
</cftry>
</cfif>
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
<cfelse>
<cfset MM_LoginAction=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_LoginAction=MM_LoginAction & "?" & CGI.QUERY_STRING>
</cfif>
</cfif>
AND:
<form name="form2" method="POST"
action="<cfoutput>#MM_loginAction#</cfoutput>">
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="16%"><div align="right" class="bodyText">Login
id: </div></td>
<td width="84%"><input name="login" type="text" size="30"
id="login"></td>
</tr>
<tr>
<td><div align="right" class="bodyText">Password:
</div></td>
<td><input name="pword" type="password" size="30"
id="pword"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Submit">
<input type="reset" name="Submit2" value="Reset"></td>
</tr>
</table>
</form>
------------------------------------------------------------------------
---
Secured page:
<cfif Session.MM_Username EQ ""><cflocation url="home.cfm"></cfif>
<cfif IsDefined("URL.MM_logout") AND URL.MM_logout EQ "1">
<cflock scope="Session" type="Exclusive" timeout="30"
throwontimeout="no">
<cfset Session.MM_Username="">
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfset MM_logoutRedirectPage="home.cfm">
<cfif MM_logoutRedirectPage EQ "">
<cfset MM_logoutRedirectPage=CGI.SCRIPT_NAME>
</cfif>
<cfset
MM_logoutQuery=ListDeleteAt(CGI.QUERY_STRING,ListContainsNoCase(CGI.QUER
Y_STRING,"MM_logout=","&"),"&")>
<cfif MM_logoutQuery NEQ "">
<cfif Find("?",MM_logoutRedirectPage) EQ 0>
<cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "?" &
MM_logoutQuery>
<cfelse>
<cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "&" &
MM_logoutQuery>
</cfif>
</cfif>
<cflocation url="#MM_logoutRedirectPage#" addtoken="no">
</cfif>
<cflock scope="Session" type="ReadOnly" timeout="30"
throwontimeout="no">
<cfset
MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",D
E(""))>
<cfset
MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Sess
ion.MM_UserAuthorization",DE(""))>
</cflock>
<cfif MM_Username EQ "">
<cfset MM_referer=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
</cfif>
<cfset MM_failureURL="login.cfm?accessdenied=" &
URLEncodedFormat(MM_referer)>
<cflocation url="#MM_failureURL#" addtoken="no">
</cfif>
<cfset CurrentPage=GetFileFromPath(GetTemplatePath())>
<cfparam name="SESSION.MM_Username" default="1">
------------------------------------------------------------------------
--
I don't think I've missed anything out. These are just Dreamweaver MX
behaviours . . . . .
Thanks for your time!
Cheers,
Bob
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 03 November 2003 10:16
To: '[EMAIL PROTECTED]'
Subject: RE: [ cf-dev ] Authentication problems
Importance: Low
Hi Bob
We'd need to see the code in:
1. Application.cfm
2. The login code setting the session variable which defines them as
logged
in
3. The security include/code securing all the pages
Then we'd be able to help diagnose the problem
HTH
Mark
-----Original Message-----
From: Bob Wood [mailto:[EMAIL PROTECTED]
Sent: 03 November 2003 08:42
To: [EMAIL PROTECTED]
Subject: [ cf-dev ] Authentication problems
Hi All,
I'm a CF newbie and have a dynamic site with some pages secured against
a list of login ids and passwords.
Problem is, not everyone can get in. I can, from my computer, get in as
anyone. Some people have an error come up with "MM_USERNAME is
undefined_session". I can replicate this by turning cookies off, but
other users say their browsers do have cookies enabled, but still can't
get in.
Is there something basic I'm missing? Why can I get in when others
can't?
Do I need to tweak my Application.cfm?
Any help much appreciated.
Thanks,
Bob
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
--
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]
