----- Original Message -----
From: "Guy J. McDowell" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, January 19, 2001 10:24 AM
Subject: Securing Applications
> Argh.
>
> I have tried both the GlobalCorp and CFHub examples for securing an
> application to no avail.
> I keep getting sent back to the login page. I have verified that I am
> using the correct user id and password.
> I bet there is something small I am overlooking. I've been at it for 2
> days off and on. I hate to admit defeat.
>
> Sorry, this will be a long one.
>
> Let me address the CFHub method as it is the most simplistic.
>
> Given:
> Datasource: mydatasource (MSAccess)
> Table: AdminAuthorize
> Fields Data Type
> RecID Autonumber
> UserID Number
> Password Text
>
> Source Code: (3 docs: application.cfm, login.cfm, index.cfm)
> application.cfm
>
> <CFAPPLICATION NAME="Security_Test"
> CLIENTMANAGEMENT="YES"
> SESSIONMANAGEMENT="YES"
> SESSIONTIMEOUT=#CreateTimespan(0,0,30,0)#>
>
> login.cfm
>
> <html>
> <body>
> <CFIF isDefined('Form.UserName')>
>
>
> <!---This query looks for the UserName and Password that was
> entered in the login form. If it does not find a match
> the 'RecordCount' will be 0 and you will know that the user
> should not be given access.--->
> <CFQUERY datasource="mydatasource" name="Check">
> SELECT *
> FROM AdminAuthorize
> WHERE UserID = #Form.UserID#
> AND Password = '#Form.Password#'
> </CFQUERY>
>
> <!---Check whether a UserName/Password was found--->
> <CFIF #Check.RecordCount# IS 0>
>
> <!--- we have an invalid request because there were
> no matching UserName/Password in the DataBase--->
> Sorry, Invalid Password
>
>
> <CFELSE>
> <!--- we have at least one match so we give them two
> variables. Auth and Admin that we can use later
> to determine whether they are allowed to view pages
> or not. A secure page needs to verify that Auth is
> 'Yes' and can then use Admin to display the UserName--->
>
> <!---Set there 'Authorization level' to 'Yes'--->
> <CFSET Session.Auth ='Yes'>
>
> <!---Store their UserName in the Admin variable if you
> want to display their name to them on a page later--->
> <CFSET Session.Admin =Form.UserID>
>
> <!---The user is now logged in. Send them to your
> application--->
> <CFLOCATION url="index.cfm">
>
> </CFIF>
>
>
>
> <!---Display the login form --->
> <CFELSE>
>
> <H1>Login</H1>
> Please Log in Below.
>
> <cfoutput>
> <FORM method="post" action="login.cfm">
> User ID: <INPUT type="text" name="UserID"><BR>
> Password: <INPUT type="Password" name="Password"><BR>
> <INPUT type="submit" value="Log In">
> </FORM>
> </cfoutput>
>
> </CFIF>
> </body>
> </html>
>
> index.cfm
>
> <html>
> <body>
> <CFIF isDefined("Session.Auth") is NOT TRUE>
> <CFLOCATION url="login.cfm">
> <CFELSE>
>
> Anything here is Viewable only
> by those who have Session.Auth set to "TRUE"
>
> </cfif>
> </body>
> </html>
>
>
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
