Brad... thanks this is very helpful... a first question (if I become annoying, shoo me away)
Why must you first define the default values for username & password? I guess another way of putting it, what harm would it do to not have this section? -----Original Message----- From: Brad Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 11:02 AM To: CF-Talk Subject: RE: login/PW (one more time please) Here's some code that might help. I use something similar, however this is pretty basic. I didn't test the code, but it should get you started. There's five files: loginForm.cfm - just the login form login.cfm - the action page that the login form submits to a_protected_page.cfm - just an example of requiring login for a certain page requirelogin.cfm - the page that is included at the top of protected pages. logout.cfm - deletes client variables, logging the user out. Of course, if you are going to use client (or session) variables, make sure <cfapplication> has run before you access any client or session variables (usually, you use it in application.cfm) <cfapplication clientmanagement="yes" setclientcookies="yes" sessionmanagement="yes"> <!--- ======= LOGINFORM.CFM ======= ---> <form action="login.cfm" method="post"> username: <input type="text" name="username" /><br /> password: <input type="password" name="password" /><br /> <input type="submit" value="login >" /> </form> <!--- ======= LOGIN.CFM ======= ---> <!--- FIRST, DEFINE DEFAULT VALUES FOR USERNAME AND PASSWORD ---> <cfparam name="form.username" default=""> <cfparam name="form.password" default=""> <!--- IF USERNAME OR PASSWORD ARE NOT VALID (ZERO LENGTH), RETURN THE USER TO THE LOGIN FORM ---> <cfif len(trim(form.username)) EQ 0 OR len(trim(form.password)) EQ 0> <cflocation url="loginform.cfm"> <cfabort> </cfif> <!--- IF WE GOT THIS FAR, THE USERNAME AND PASSWORD ARE GOOD, LET'S QUERY THE DATABASE TO SEE IF WE HAVE A MATCH ---> <cfquery name="qLogin" datasource="myDSN" maxrows="1"> select user_id, user_firstName, user_lastName from tbl_users where user_loginName = '#trim(form.username)#' AND user_password = '#trim(form.password)#' </cfquery> <!--- IF THE QUERY DID NOT RETURN ANY RECORDS, THE LOGIN FAILED RETURN THE USER TO THE LOGIN FORM ---> <cfif qLogin.recordCount EQ 1> <cflocation url="loginform.cfm"> <cfabort> </cfif> <!--- IF WE GOT THIS FAR, THE LOGIN WAS SUCCESSFUL, SET A CLIENT (OR SESSION) VARIABLE TO "FLAG" THE USER AS LOGGED IN ---> <cfset client.userID = qLogin.user_id> <cfset client.firstName = qLogin.user_firstName> <cfset client.lastName = qLogin.user_lastName> <!--- WELCOME THE USER BACK ---> <cfoutput>Welcome back, #client.firstName#!</cfoutput> <!--- ======= A_PROTECTED_PAGE.CFM ======= ---> <cfinclude template="requireLogin.cfm"> <cfoutput> Hello #client.firstName#. Welcome to the member only page. </cfoutput> <!--- ======= REQUIRELOGIN.CFM ======= ---> <!--- DEFINE A DEFAULT FOR THE USER ID (IN CLIENT SCOPE HERE, BUT COULD BE IN SESSION SCOPE) ---> <cfparam name="client.userID" default="0"> <!--- IF THE USER ID IS NOT VALID (GREATER THAN ZERO), REDIRECT THE USER TO THE LOGIN FORM ---> <cfif val(client.userID) EQ 0> <cflocation url="loginform.cfm"> <cfabort> </cfif> <!--- ======= LOGOUT.CFM ======= ---> <!--- LOOP THROUGH AND DELETE ALL CLIENT VARIABLES ---> <cfloop list="#getClientVariablesList()#" index="i"> <cfset deleteClientVariable(i)> </cfloop> You are logged out! > -----Original Message----- > From: Tim Laureska [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 25, 2003 10:08 AM > To: CF-Talk > Subject: login/PW (one more time please) > > > I have followed threads about this topic during the last couple of > months and am now going at it for the first time myself...There are > obviously many different approaches. I'm doing this from scratch so I > fully understand the process. I have set up a form to submit a username > & password to a query page to verify that username/pw exist in the > database. my questions start there > > This is an excerpt from one of the previous thread messages: > "You have a login page. The user puts their username and password in and > it submits to an action page that checks to see if they are a user. You > then set a variable (I usually use session variables). Then you check > for that session variable on the pages that are protected. Typically, I > have everything that they need to log into put in a separate folder. > Then I have code in the application.cfm to say that if the path is to > the protected folder, check for the variable otherwise redirect to the > login page." > > My first question is regarding the statement "you then set a variable" .. > do you do that in the application.cfm file or elsewhere? And how do you > actually set and check for one particular session variable? I think I > understand how to enable session variables but the "setting" of one and > giving it certain criteria is where I get stuck > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
