Am I blind? Where is the call for the html page and not cfm?
KM
Chris Montgomery wrote:
> Howdy,
>
> I use the application.cfm file in the "admin" directory (one level down
> from the application's root directory) to prevent unauthorized entry to
> the admin section if the administrator isn't logged in. This has
> satisfactorily worked for several applications I've built based on the
> code below....until now.
>
> I created a directory called "logs" under the admin directory and placed
> a copy of a log analysis reports page in it for the client to review
> their traffic stats. If I type the complete URL path
> (http://www.domainnamehere.com/admin/logs/report.html) to the log
> reports page in my browser without logging in as the site administrator,
> it calls up the page without throwing me over to the login page first.
>
> Any ideas where this is going wrong? Code follows:
>
> Application.cfm:
> <!--- declare application framework initial parameters --->
>
> <!--- Include main application file --->
> <cfinclude template="../application.cfm">
>
> <!--- For starters, set client logged in to "false" --->
> <cfparam name="Session.AdminLoggedIn" default=FALSE>
> <cfparam name="Session.Goto" default="">
>
> <!--- Install custom error pages --->
> <CFERROR TYPE="REQUEST" TEMPLATE="../requesterr.cfm"
> MAILTO="[EMAIL PROTECTED]">
> <CFERROR TYPE="VALIDATION" TEMPLATE="../validationerr.cfm">
>
> <!--- If user is not yet logged in, and not currently on the login
> pages, redirect them there. --->
>
> <cfif Not Session.AdminLoggedIn>
> <!--- Store the name of the page the user came from so they can return
> to it after login --->
> <cfset Session.Goto = #CGI.SCRIPT_NAME#>
> <cfif CGI.QUERY_STRING NEQ "">
> <cfset Session.Goto = #CGI.SCRIPT_NAME# & "?" & '#CGI.QUERY_STRING#'>
> </cfif>
>
> <cfif (CGI.SCRIPT_NAME IS NOT "/admin/login.cfm") AND (CGI.SCRIPT_NAME
> IS NOT "/admin/authenticate.cfm")>
> <cflocation url="/admin/login.cfm" addtoken="no">
> </cfif>
> </cfif>
>
> Thanks for any insight.
>
> Chris Montgomery
> =========================================================
> astutia.com -> http://www.astutia.com [EMAIL PROTECTED]
> Astute e-business applications & web site development
> 210-490-3249/888-745-7603 Fax 210-490-4692
> Allaire Consulting Partner/Authorized NetObjects Reseller
> Find a Job in San Antonio -> http://www.sajobnet.com
> =========================================================
>
> ------------------------------------------------------------------------------
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
>message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.