The approach used by Alan is nice... I guess that's is the most common one
used ...
besides ... don't ever tell the visitor that he/she entered the WRONG
PASSWORD ... that's just affirming that they entered the right username ...
hence doing 50% of their work if they are trying to break into your system
:)
I hope you get the point :)
Regards,
Arsalan
--------------------------------------------------
From: "Barry Mcconaghey" <bmcconag...@gmail.com>
Sent: Thursday, July 23, 2009 6:35 AM
To: "cf-talk" <cf-talk@houseoffusion.com>
Subject: Re: Log In Form
>
> Thanks Alan.
>
> I'll test it.
>
>>It's not real or tested, but it should give you an idea how to do it.
>>
>>=]
>>
>>
>><cfquery datasource="myDSNName" name="variables.qCheckUN">
>>SELECT UserUUID, UserName
>>FROM SomeTable
>>WHERE
>>UserName = <cfqueryparam cfsqltype="CF_SQL_VARCHAR"
>>value="#Form.userLogin#">
>>AND
>>User_IsActive = 1
>></cfquery>
>>
>><!--- CF by default treats all non 0 results as True [ASR] --->
>><cfif variables.qCheckUN.RecordCount>
>><cfquery datasource="myDSNName" name="variables.qCheckPW">
>>SELECT UserUUID, UserName
>>FROM SomeTable
>>WHERE
>>UserUUID = <cfqueryparam cfsqltype="CF_SQL_VARCHAR"
>>value="#variables.qCheckUN.UserUUID#">
>>AND
>>User_Password = <cfqueryparam cfsqltype="CF_SQL_VARCHAR"
>>value="#Form.userLogin#">
>>AND
>>User_IsActive = 1
>></cfquery>
>> <cfif variables.qCheckPW.RecordCount>
>><!--- Do login stuff here, they passed all the tests [ASR] --->
>><cfelse>
>><cfset variables.ErrorMessage = "Your password did not match the one we
>>have
>>on file... or some other login error message you want it to say.">
>></cfif>
>><cfelse>
>><!--- the user name they provided was not found in the DB [ASR] --->
>><cfset variables.ErrorMessage = "We were unable to login you in, please
>>try
>>again.">
>></cfif>
>>
>><!--- Partam out the form field vars [ASR] --->
>><cfparam name="Form.userLogin" default="">
>><cfparam name="Form.userPassword" default="">
>>
>>
>>
>><cfform action="#CGI.script_name#?#CGI.query_string#" name="LoginForm"
>>method="post">
>> <!--- Make the UserLogin and UserPassword fields required --->
>> <input type="hidden" name="userLogin_required">
>> <input type="hidden" name="userPassword_required">
>> <!--- Use an HTML table for simple formatting --->
>> <table>
>> <cfif IsDefined("variables.ErrorMessage")>
>> <tr>
>><td>#variables.ErrorMessage#</td>
>></tr>
>> </cfif>
>>
>> <tr>
>> <td>Username:</td>
>> <td>
>>
>> <!--- Text field for "User Name" --->
>> <cfinput
>> type="text"
>> name="userLogin"
>> size="20"
>> value="#Form.userLogin#"
>> maxlength="100"
>> required="Yes"
>> message="Please type your Username first.">
>>
>> </td>
>> </tr><tr>
>> <td>Password:</td>
>> <td>
>>
>> <!--- Text field for Password --->
>> <cfinput
>> type="password"
>> name="userPassword"
>> size="12"
>> value="#Form.userPassword#"
>> maxlength="100"
>> required="Yes"
>> message="Please type your Password first.">
>>
>> <!--- Submit Button that reads "Enter" --->
>> <input type="Submit"
>> value="Enter"
>> title="Enter">
>> </td>
>> </tr>
>> </table>
>></cfform>
>>
>>--
>>Alan Rother
>>Adobe Certified Advanced ColdFusion MX 7 Developer
>>Manager, Phoenix Cold Fusion User Group, AZCFUG.org
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324834
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
