Re: [ cf-dev ] Authentication problems

Damian Watson Mon, 03 Nov 2003 08:23:33 -0800

Bob,

Seems strange this error would be thrown and it should be nothing to do with
cookies. If the login is successful then the session var (MM_username)
should be set up. Anyone else see anything in this?


What happens when you put incorrect login details in?

d


----- Original Message ----- 
From: "Bob Wood" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 03, 2003 11:59 AM
Subject: RE: [ cf-dev ] Authentication problems


> Application.cfm:
>
>
> <CFAPPLICATION NAME="ISFA"
> CLIENTMANAGEMENT="Yes"
> SESSIONMANAGEMENT="Yes"
> SETCLIENTCOOKIES="Yes"
> SESSIONTIMEOUT="#CreateTimeSpan(0,0,15,0)#"
> APPLICATIONTIMEOUT="#CreateTimeSpan(0,2,0,0)#">
>
> <CFERROR MAILTO="[EMAIL PROTECTED]"
> TYPE="Request" TEMPLATE="custom_error.cfm">
>
>
>
> <CFSET web_db = "newmedia">
>
> <CFSET yearNow=DateFormat(Now(),"YYYY")>
>
> <cfsetting  showdebugoutput="No">
>
> -----------------------------------------------------------
>
>
> Login page:
>
>
> <cfif IsDefined("FORM.login")>
>   <cfset MM_redirectLoginSuccess="school_admin.cfm">
>   <cfset MM_redirectLoginFailed="logon_fail.cfm">
>   <cfquery  name="MM_rsUser" datasource="#web_db#">
>   SELECT Login,Password FROM ISFA WHERE Login='#FORM.login#' AND
> Password='#FORM.pword#'
>
>   </cfquery>
>   <cfif MM_rsUser.RecordCount NEQ 0>
>     <cftry>
>       <cflock scope="Session" timeout="30" type="Exclusive">
>         <cfset Session.MM_Username=FORM.login>
>         <cfset Session.MM_UserAuthorization="">
>       </cflock>
>       <cfif IsDefined("URL.accessdenied") AND false>
>         <cfset MM_redirectLoginSuccess=URL.accessdenied>
>       </cfif>
>       <cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
>       <cfcatch type="Lock">
>         <!--- code for handling timeout of cflock --->
>       </cfcatch>
>     </cftry>
>   </cfif>
>   <cflocation url="#MM_redirectLoginFailed#" addtoken="no">
>   <cfelse>
>   <cfset MM_LoginAction=CGI.SCRIPT_NAME>
>   <cfif CGI.QUERY_STRING NEQ "">
>     <cfset MM_LoginAction=MM_LoginAction & "?" & CGI.QUERY_STRING>
>   </cfif>
> </cfif>
>
> AND:
>
>       <form name="form2" method="POST"
> action="<cfoutput>#MM_loginAction#</cfoutput>">
>         <table width="100%" border="0" cellspacing="0" cellpadding="5">
>           <tr>
>             <td width="16%"><div align="right" class="bodyText">Login
> id: </div></td>
>             <td width="84%"><input name="login" type="text" size="30"
> id="login"></td>
>           </tr>
>           <tr>
>             <td><div align="right" class="bodyText">Password:
> </div></td>
>             <td><input name="pword" type="password" size="30"
> id="pword"></td>
>           </tr>
>           <tr>
>             <td>&nbsp;</td>
>             <td><input type="submit" name="Submit" value="Submit">
> <input type="reset" name="Submit2" value="Reset"></td>
>           </tr>
>         </table>
>       </form>
>
> ------------------------------------------------------------------------
> ---
>
> Secured page:
>
>
> <cfif Session.MM_Username EQ ""><cflocation url="home.cfm"></cfif>
>
> <cfif IsDefined("URL.MM_logout") AND URL.MM_logout EQ "1">
>   <cflock scope="Session" type="Exclusive" timeout="30"
> throwontimeout="no">
>     <cfset Session.MM_Username="">
>     <cfset Session.MM_UserAuthorization="">
>   </cflock>
>   <cfset MM_logoutRedirectPage="home.cfm">
>   <cfif MM_logoutRedirectPage EQ "">
>     <cfset MM_logoutRedirectPage=CGI.SCRIPT_NAME>
>   </cfif>
>   <cfset
> MM_logoutQuery=ListDeleteAt(CGI.QUERY_STRING,ListContainsNoCase(CGI.QUER
> Y_STRING,"MM_logout=","&"),"&")>
>   <cfif MM_logoutQuery NEQ "">
>     <cfif Find("?",MM_logoutRedirectPage) EQ 0>
>       <cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "?" &
> MM_logoutQuery>
>       <cfelse>
>       <cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "&" &
> MM_logoutQuery>
>     </cfif>
>   </cfif>
>   <cflocation url="#MM_logoutRedirectPage#" addtoken="no">
> </cfif>
> <cflock scope="Session" type="ReadOnly" timeout="30"
> throwontimeout="no">
>   <cfset
> MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",D
> E(""))>
>   <cfset
> MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Sess
> ion.MM_UserAuthorization",DE(""))>
> </cflock>
> <cfif MM_Username EQ "">
>   <cfset MM_referer=CGI.SCRIPT_NAME>
>   <cfif CGI.QUERY_STRING NEQ "">
>     <cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
>   </cfif>
>   <cfset MM_failureURL="login.cfm?accessdenied=" &
> URLEncodedFormat(MM_referer)>
>   <cflocation url="#MM_failureURL#" addtoken="no">
> </cfif>
> <cfset CurrentPage=GetFileFromPath(GetTemplatePath())>
> <cfparam name="SESSION.MM_Username" default="1">
>
>
> ------------------------------------------------------------------------
> --
>
> I don't think I've missed anything out. These are just Dreamweaver MX
> behaviours . . . . .
>
> Thanks for your time!
>
> Cheers,
> Bob
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 03 November 2003 10:16
> To: '[EMAIL PROTECTED]'
> Subject: RE: [ cf-dev ] Authentication problems
> Importance: Low
>
> Hi Bob
>
> We'd need to see the code in:
>
> 1. Application.cfm
>
> 2. The login code setting the session variable which defines them as
> logged
> in
>
> 3. The security include/code securing all the pages
>
> Then we'd be able to help diagnose the problem
>
> HTH
> Mark
>
> -----Original Message-----
> From: Bob Wood [mailto:[EMAIL PROTECTED]
> Sent: 03 November 2003 08:42
> To: [EMAIL PROTECTED]
> Subject: [ cf-dev ] Authentication problems
>
>
> Hi All,
>
> I'm a CF newbie and have a dynamic site with some pages secured against
> a list of login ids and passwords.
>
> Problem is, not everyone can get in. I can, from my computer, get in as
> anyone. Some people have an error come up with "MM_USERNAME is
> undefined_session". I can replicate this by turning cookies off, but
> other users say their browsers do have cookies enabled, but still can't
> get in.
>
> Is there something basic I'm missing? Why can I get in when others
> can't?
> Do I need to tweak my Application.cfm?
>
> Any help much appreciated.
>
> Thanks,
> Bob
>
>
> -- 
> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For human help, e-mail: [EMAIL PROTECTED]
>
> -- 
> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For human help, e-mail: [EMAIL PROTECTED]
>
>
>
> -- 
> ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/
>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For human help, e-mail: [EMAIL PROTECTED]
>
>



-- 
** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For human help, e-mail: [EMAIL PROTECTED]

Re: [ cf-dev ] Authentication problems

Reply via email to