<cfargument name="email" required="false"/>
<cfargument name="password" required="false"/>
<CFQUERY name="GetUser" datasource="#DSN#">
SELECT tblSFUsers.UserID, tblSFUsers.User_Name, tblSFUsers.Password
FROM tblSFUsers
WHERE User_Name= <cfqueryparam value="#arguments.email#" cfsqltype="cf_sql_varchar">
AND Password = <cfqueryparam value="#Hash(arguments.password)#" cfsqltype="cf_sql_varchar">
</CFQUERY>
<cfset ucomparison = Compare(arguments.email, getuser.user_name )/>
<cfset pcomparison = Compare(Hash(arguments.password), getuser.password)/>
<CFIF GetUser.recordcount gt 0 AND ucomparison eq 0 AND pcomparison eq 0>
<cfquery name="GetSessionSecurity" datasource="#DSN#">
SELECT tblSFAccessLevels.LevelID, tblSFSecurity_Framework.levelid, tblSFSecurity_Framework.userid
FROM tblSFAccessLevels INNER JOIN tblSFSecurity_Framework ON tblSFAccessLevels.LevelID = tblSFSecurity_Framework.levelid
WHERE tblSFSecurity_Framework.userid = <cfqueryparam value="#getuser.userid#" cfsqltype="cf_sql_integer">
</cfquery>
<cfset userRole = #valuelist(GetSessionSecurity.levelid)#>
<cfreturn true>
<CFELSE>
<cfreturn false>
</CFIF>
</cffunction>
Can we see the CFC?Shan
From: [email protected] [mailto:[email protected]] On Behalf Of Nick Collins
Sent: Wednesday, July 12, 2006 9:18 AM
To: flexcoders
Subject: [Junk E-Mail - LOW] [flexcoders] My authentication helpI saw someone else posting about having custom authentication, but my issue is a bit different. I have an authentication script done in CFMX7 that seems to be working on the coldfusion side. Essentially it checks to see if the user is valid, if yes, it looks up the role they are assigned and returns that role along with a boolean value of TRUE that they are a valid user. If they're not a valid user, it returns FALSE. Simple enough. However, my problem is in integrating it on the Flex2 side. If I have the CFMX script return nothing when the username or password is invalid, it "works" and doesn't let them in. However, if I actually have it return the value of FALSE, for some reason it still lets them in. Not good. :-)
Here's what I've got for my script, and as you can see, for the most part it's the same as what the CF Application Wizard generates.
<mx:Script>
<![CDATA[
import mx.events.ValidationResultEvent ;
import mx.rpc.events.ResultEvent;
import mx.rpc.events.FaultEvent;
import mx.utils.ObjectUtil;
import mx.controls.Alert;
private var lso:SharedObject;
private function initApp():void
{
this.lso = SharedObject.getLocal("auth");
if( this.lso.data['email'] != null )
{
this.email.text = this.lso.data['email'];
this.rememberLogin.selected = true;
}
if( this.lso.data['password'] != null )
{
this.password.text = this.lso.data['password'];
this.rememberLogin.selected = true;
}
}
private function isValid():Boolean
{
var emailValidResult:ValidationResultEvent = this.emailValidate.validate(this.email.text);
var pswdValidResult:ValidationResultEvent = this.pswdValidate.validate(this.password.text );
if (emailValidResult.type==ValidationResultEvent.VALID
&& pswdValidResult.type==ValidationResultEvent.VALID)
{
return true;
}
else
{
return false;
}
}
private function authenticateUser():void
{
if( isValid() )
{
authManager.login( this.email.text, this.password.text );
}
}
private function errorMessage(msg:String):void
{
//Alert.show( ObjectUtil.toString(event.message) );
this.errorMsg.text = msg;
this.errorMsg.height = 15;
this.errorMsg.visible = true;
}
private function serverFault(event:FaultEvent):void
{
errorMessage( event.message['message']);
}
private function login_result(event:ResultEvent):void
{
// login successful, remember the user.
if( Boolean(event.result) )
{
if( this.rememberLogin.selected )
{
this.lso.data['email'] = this.email.text;
this.lso.data['password'] = this.password.text;
}
else
{
this.lso.data['email'] = null;
this.lso.data['password'] = null;
}
this.dispatchEvent( new Event('loginSuccessful') );
}
else
{
// login didn't work. show message
errorMessage("Login unsuccessful");
}
}
]]>
</mx:Script>
In the login_result function it's checking the boolean result from the RemoteObject, yes? So how come when the remoting returns FALSE it still goes through? Any ideas?
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.10/386 - Release Date: 7/12/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.10/386 - Release Date: 7/12/2006
__._,_.___
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
![]()
SPONSORED LINKS
Web site design development Computer software development Software design and development Macromedia flex Software development best practice
YAHOO! GROUPS LINKS
- Visit your group "flexcoders" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
__,_._,___
- [flexcoders] My authentication help Nick Collins
- RE: [Junk E-Mail - LOW] [flexcoders] My authentication ... Shannon Hicks
- Re: [Junk E-Mail - LOW] [flexcoders] My authenticat... Tom Chiverton
- Re: [Junk E-Mail - LOW] [flexcoders] My authent... Nick Collins
- RE: [Junk E-Mail - LOW] [flexcoders] My aut... Shannon Hicks
- Re: [Junk E-Mail - LOW] [flexcoders] My authenticat... Nick Collins
Reply via email to
