Hello all..its me again =)
I'm writing a small intranet application, that has areas limited to certain
users with the correct Secuity Access Level.
I have a table with Username, Password, and Access Level.
I am thinking at the top of each page, to put a CFIF script to check for the
prescence of a cookie called Authenticated, which will be set when the user
fills out the Login page at the beginnning of the application.
The value of that cookie will be the access level retrieved from the
database.
THis is what I have in the login page:
__________________________________
<CFIF IsDefined('form.username')>
<cfquery name="verifyuser" datasource="bp2" dbtype="ODBC"
username="bpamoco" password="bpamoco">
Select * FROM bpamoco.users
Where User = #form.username# AND Password = #form.password#
</cfquery>
<CFIF verifyuser.recordcount IS 0>
You have entered an incorrect username and password. Please try again.
<CFABORT>
<CFELSE>
User Verified.
<CFCOOKIE Name="authenticated" Value="verifyuser.securelevel">
</CFIF>
</CFIF>
_________________________________________
And htis is what I have on the Edit Employee page:
_________________________________________
<CFIF NOT IsDefined ('cookie.authenticated')>
You have not successfully logged into the system!<br>
Please enter you're login information below!
<CFINCLUDE TEMPLATE="login.cfm">
<CFABORT>
<CFELSE>
<CFIF cookie.authenticated NEQ "Administrator">
You do not have permission to view this page
<CFINCLUDE TEMPLATE="login.cfm">
<CFABORT>
</CFIF>
</CFIF>
_______________________________________
To me this seems..well...dirty.
I know that there is a more elegant way to do this, and I know one of you is
just dying to show me the path to enlightenment :-)
-Gel
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
