RE: How to find out the page to send 'em back to
I could never use this technique. Why is my CGI.Authorization always an empty string? Anybody know? I use , though, to great effect. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED]] Sent: Friday, October 05, 2001 1:34 PM To: CF-Talk Subject: Re: How to find out the page to send 'em back to > If you want I can send a code example tonight. Code is below (does this list accept attachments?). This code still is based on session variables, but that should be easy to solve. If the user needs to log in an HTTP statuscode 401 is send. This results in a browser popup. When the user submits username&password these are send as the HTTP header "authorization" with the form ToBase64(username:password). I would recommend reading the first 2 chapters of RFC 2617 for background info (5 pages). Have fun. Jochem [snip] ~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: How to find out the page to send 'em back to
> If you want I can send a code example tonight.
Code is below (does this list accept attachments?). This code still is
based on session variables, but that should be easy to solve.
If the user needs to log in an HTTP statuscode 401 is send. This results
in a browser popup. When the user submits username&password these are
send as the HTTP header "authorization" with the form
ToBase64(username:password).
I would recommend reading the first 2 chapters of RFC 2617 for
background info (5 pages).
Have fun.
Jochem
variables.dsn = "login";
variables.dsn_username = "";
variables.dsn_password = "";
variables.dsn_usertable = "users";
variables.realmname = "Login application";
if (IsDefined("session.user")) {
request.user = Duplicate(session.user);
variables.showloginform = FALSE;
}
SELECT *
FROM#variables.dsn_usertable#
WHERE #variables.dsn_usertable#.UserName =
AND #variables.dsn_usertable#.Password =
variables.user = StructNew();
for (i = 1 ; i LTE ListLen(qUser.ColumnList) ; i = i +
1)
"variables.user.#ListGetAt(qUser.ColumnList,i)#" = Evaluate("qUser." &
ListGetAt(qUser.ColumnList,i));
session.user = Duplicate(variables.user);
~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: How to find out the page to send 'em back to
I would love to have a look at that as well. Cheers Kola -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED]] Sent: Friday, October 05, 2001 4:11 PM To: CF-Talk Subject: RE: How to find out the page to send 'em back to Yes please! This seems such a simple answer. I had never thought of that approach.I would be very grateful if you would send me that code example. Thanks! Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks When you want a user to log in don't send him to a form or something. Just use cfheader to send a HTTP 401 (or was it 403?) to the user. Include some realm info as per RFC 2617 and make the authentication type basic. User gets a popup window which asks for authentication info. Upon completion of username and password the browser simply repeats the original HTTP reqeust, but adds a header with the authentication info. On the server, catch the header, extract the username and password and set a client variable (your specs above leave the possibility of using client variables and storing them in your own database). If you want I can send a code example tonight. ~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: How to find out the page to send 'em back to
Yes please! This seems such a simple answer. I had never thought of that approach.I would be very grateful if you would send me that code example. Thanks! Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks When you want a user to log in don't send him to a form or something. Just use cfheader to send a HTTP 401 (or was it 403?) to the user. Include some realm info as per RFC 2617 and make the authentication type basic. User gets a popup window which asks for authentication info. Upon completion of username and password the browser simply repeats the original HTTP reqeust, but adds a header with the authentication info. On the server, catch the header, extract the username and password and set a client variable (your specs above leave the possibility of using client variables and storing them in your own database). If you want I can send a code example tonight. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: How to find out the page to send 'em back to
Mike Kear wrote: > I am working on a login system that has so many limitations you couldn't > imagine it. I want to have the actual login form and processing page as a > single pair of templates in a single location for the whole site. If any > page requires a user to be logged in, and they're not, they'll be sent to > this page and then sent back to the original page once satisfactorily logged > in against a table in the datasource. > > Not so difficult you'd have thought. I still think so ;) > So let me put some limitations on there and see if it's still so easy: > > No client variables. Not allowed - all state management has to be in our > site's own datasources > No session variables - it's a clustered environment. > No custom tags permitted Still not so difficult. When you want a user to log in don't send him to a form or something. Just use cfheader to send a HTTP 401 (or was it 403?) to the user. Include some realm info as per RFC 2617 and make the authentication type basic. User gets a popup window which asks for authentication info. Upon completion of username and password the browser simply repeats the original HTTP reqeust, but adds a header with the authentication info. On the server, catch the header, extract the username and password and set a client variable (your specs above leave the possibility of using client variables and storing them in your own database). If you want I can send a code example tonight. Jochem ~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: How to find out the page to send 'em back to
To add to this discussion, don't forget to append the Query String as well. And make sure you surround any redirect with a conditional that stops a loop if the user is looking at the login form. Since you're not using cookies or session vars, you'll have to pass the CFID and CFTOKEN between all page requests or come up with a unique number to pass around. Of course, this leaves your system wide open because you would be passing those unique identifiers through form and url variables, but hey you gotta do what you gotta do. ---mark = Mark Warrick - Fusioneers.com Personal Email: [EMAIL PROTECTED] Business Email: [EMAIL PROTECTED] Phone: 714-547-5386 Efax: 801-730-7289 Personal URL: http://www.warrick.net Business URL: http://www.fusioneers.com ICQ: 125160 AIM: markwarric Yahoo: Serengeti = -Original Message- From: Ryan Farrell [mailto:[EMAIL PROTECTED]] Sent: Friday, October 05, 2001 7:07 AM To: CF-Talk Subject: RE: How to find out the page to send 'em back to Hmmm, maybe I don't understand the full scope of what you're asking, but seems like you could do this: - When a user hits a secure page, redirect to the login page with a URL variable containing the page they hit (for example, <.cflocation url="login.cfm?referer=#cgi.script_name#">). - Pass that URL variable to the form processing page via a hidden form field. - If the user is authenticated, use the hidden field to redirect back to the page they were originally trying to hit. - If the user is not authenticated, use the hidden field to redirect back to the login page with the hidden field as a URL variable (starts the whole process over). Hope that works for you! Ryan -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED]] Sent: Friday, October 05, 2001 8:47 AM To: CF-Talk Subject: How to find out the page to send 'em back to I am working on a login system that has so many limitations you couldn't imagine it. I want to have the actual login form and processing page as a single pair of templates in a single location for the whole site. If any page requires a user to be logged in, and they're not, they'll be sent to this page and then sent back to the original page once satisfactorily logged in against a table in the datasource. Not so difficult you'd have thought. So let me put some limitations on there and see if it's still so easy: No client variables. Not allowed - all state management has to be in our site's own datasources No session variables - it's a clustered environment. No custom tags permitted Ok, so I could have the referring page add it's own location to the parameters passed to the login page. Except that #cgi.path_info# doesn't work. Gives null as a response. So the login page could use #http_referrer# (which does work) to specify where to sent the user back. But what happens when the login page goes round fhe second time or third time because they've put in the wrong password or something. It'll only have the correct #http_referrer# the first time through the page won't it? Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks ~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: How to find out the page to send 'em back to
Hmmm, maybe I don't understand the full scope of what you're asking, but seems like you could do this: - When a user hits a secure page, redirect to the login page with a URL variable containing the page they hit (for example, <.cflocation url="login.cfm?referer=#cgi.script_name#">). - Pass that URL variable to the form processing page via a hidden form field. - If the user is authenticated, use the hidden field to redirect back to the page they were originally trying to hit. - If the user is not authenticated, use the hidden field to redirect back to the login page with the hidden field as a URL variable (starts the whole process over). Hope that works for you! Ryan -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED]] Sent: Friday, October 05, 2001 8:47 AM To: CF-Talk Subject: How to find out the page to send 'em back to I am working on a login system that has so many limitations you couldn't imagine it. I want to have the actual login form and processing page as a single pair of templates in a single location for the whole site. If any page requires a user to be logged in, and they're not, they'll be sent to this page and then sent back to the original page once satisfactorily logged in against a table in the datasource. Not so difficult you'd have thought. So let me put some limitations on there and see if it's still so easy: No client variables. Not allowed - all state management has to be in our site's own datasources No session variables - it's a clustered environment. No custom tags permitted Ok, so I could have the referring page add it's own location to the parameters passed to the login page. Except that #cgi.path_info# doesn't work. Gives null as a response. So the login page could use #http_referrer# (which does work) to specify where to sent the user back. But what happens when the login page goes round fhe second time or third time because they've put in the wrong password or something. It'll only have the correct #http_referrer# the first time through the page won't it? Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
