Have a one folder for login. Enable session variables in the application.cfm file
Have another folder for protected templates. Again, enable session variables in the
application.cfm
file.
When the user successfully logs in, set a session variable to their access level.
Now, in the protected folder - application.cfm, check for the existence of the
session.accesslevel
variable. If it doesn't exist, cflocation back to the login page
If it does exist, process the users queries or location based on their level of access.
If they try to change url variables without the correct session variable set, you can
reject their
request.
If they try to go straight into a protected area without login in first, they'll be
redirected to
the login page.
Chris
> Hi, I'm 18 years old and have been working with CF for a few months now.
> I have read books, articles, etc and have learned enough on my own to use
> CF with Access 97 to make simple DB's -- adding, updating, deleting
> records, setting variables, using CFMail, etc. You know, the easy stuff.
> I think it's really cool, I love ColdFusion!
>
> My next project is to create a database of members with access levels. I
> have fields like:
>
> MemberName
> Password
> MemberSince
> AccessLevel
>
> I'm trying to figure out how to use session variables and cookies and
> stuff to log a user into a section of a website that will display certain
> options (links basically) depending on their access level (levels are
> like 1 to 5). However, the only part I have done is checking their
> username and password against the database and sending them to a page
> once they have successfully logged in. The thing is, how do you make it
> so someone cant just copy the URL they were sent to when they logged in
> and paste in a browser window and have it pop up? Cookies right?
>
> What I am looking for is someone to point me in the direction or to a
> resource that could explain how some of this works (coding wise).. any
> suggestions.. anything will help.
>
> Thanks!! :)
>
> *~Tiffany~*
>
>
> ------------------------------------------------------------------------------
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
