username and password authentication problem

Fri, 18 Aug 2000 10:24:02 -0700 

Hi Everybody,

I can't figure out why this code in the template for verifying Username
and Password will not work correctly.  I am trying to verify a Username
and Password from a Login form, then pass the user to the next page.  It
checks for the username and password correctly and will not allow anyone
to enter the protective area without a username and password, but
unfortunately, I can put in any combinations of passwords and usernames
and pass to the next page.  It does not re-route the person back to the
Login page, if the username and password are incorrect.  Any help would
greatly be appreciated. Below is the code:

<!---Check for Username--->
<CFPARAM name="HaveUsername" default="yes">

<CFIF IsDefined("Cookie.Username")>
<CFSET USERNAME=Cookie.Username>
<cfelse>
<cfset USERNAME="">
<cfif IsDefined("Form.Username")>
<cfset USERNAME=Form.Username>
<cfcookie name="username" value="#Form.Username#">
<cfelse>
<cfset HaveUsername="no">
</cfif>
</cfif>

<!---Check for a Password--->
<CFPARAM name="HavePassword" default="yes">

<cfif IsDefined("Cookie.Password")>
<cfset PASSWORD=Cookie.Password>
<cfelse>
<cfset PASSWORD="">
<CFIF IsDefined("Form.Password")>
<CFSET PASSWORD=Form.Password>
<CFCOOKIE NAME="password" VALUE="#Form.Password#">
<cfelse>
<cfset HavePassword="no">
</cfif>
</cfif>

<!---Check Authentication Status and if not authenticated handle it--->
<cfif NOT IsAuthenticated()>
<!---If we have a password and username, try authenticating--->
<cfif HaveUsername and HavePassword>
<cftry>
<cfauthenticate
SECURITYCONTEXT="Registrants"
USERNAME="#USERNAME#"
PASSWORD="#PASSWORD#"
SETCOOKIE="Yes">

<!---IF an exception is thrown, handle it--->
<CFCATCH TYPE="SECURITY">
<cfcookie name="username" value="" expires="now">
<cfcookie name="password" value="" expires="now">
<cflocation url="login.cfm">
</cfcatch>
</cftry>
</cfif>
</cfif>

<!---If not accepted, send user back to the Login page--->
<cfif IsDefined("Username") and ("Password") IS "Yes">
<cflocation url="login.cfm">
<cfelse>
<!---User is Authenticated,allow user to secure page--->
<cfif IsDefined("Username") and ("Password") IS "Yes">
<cflocation url="reg.cfm">
</cfif>
</cfif>

Thanks.

Ashley
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to