Copy link to clipboard
Copied
Hi,
I was just wondering how to get my text box on my login screen to remember my username when I come back to it? I'm thiking I need some sort of cookie. I want it to be as simple as possible. Below is what is on my login screen now. Does someone know how I can do this? Thanks.
Andy
<html>
<head>
<title>Ironwood Electronics Member Login</title>
<script type="text/javascript">
function rfqlogin()
{
document.foo.rfq_login.value="yes";
document.foo.eco_login.value="no"
document.foo.action ="validate.cfm";
document.foo.submit();
}
function ecologin()
{
document.foo.eco_login.value="yes";
document.foo.rfq_login.value="no";
document.foo.action ="validate.cfm";
document.foo.submit();
}
</script>
</head>
<body>
<link href="styles/admin.css" rel="stylesheet" type="text/css">
--->
<table border="0" cellpadding="0" cellspacing="0" align="center">
<tr>
<td colspan=4><img src="images/login.jpg" width="389" height="84" border="0" alt="login"></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<cfform name="foo" <!--- action="validate.cfm" ---> method="post" onSubmit="return validate()">
<tr><td width=124></td><td align="left">User name: <input type="text" name="UserName" maxlength="14" size="12"></td>
</tr>
<tr><td width=124></td>
<td align="left">Password: <input type="Password" name="password" maxlength="14" size="12"></td></tr>
<!------ IF MESSAGE EXISTS, DISPLAY ERRORS IN FORM ------->
<CFIF IsDefined("url.message")>
<CFOUTPUT>
<tr><td> </td>
<td><img src="images/warning.gif" align="left" width="22" height="22" border="0" alt="">
<span class="error">#url.message#</span>
</td></tr>
</CFOUTPUT>
</CFIF>
<tr>
<td>
</td>
<tr>
<td>
</td>
</tr>
<tr>
<td align="center" colspan=4>
<!--- This is set up now so there can be 2 different Add Buttons. --->
<cfinput type="button" name="submitBtn" onclick="rfqlogin()" value="RFQ Login">
<cfinput type="button" name="submitBtn" onclick="ecologin()" value="ECO Register Login">
<!--- These are needed if I want to do something on the next page for a certain section. --->
<cfinput type="hidden" name="rfq_login">
<cfinput type="hidden" name="eco_login">
</cfform>
</td>
</tr>
</table>
</body>
</html>
Copy link to clipboard
Copied
There are a few ways to accomplish this. I prefer an AJAX approach but for simplicity, add the following somewhere above the username field and add value="#variables.username#" in the cfinput tag for username:
<cfset variables.userName="" />
<cfif isDefined("cookies.rememberMe")>
<cfset variables.userName=htmlEditFormat(cookie.rememberMe) />
</cfif>
...
<cfinput type="text" name="UserName" maxlength="14" size="12" value="#variables.userName#" />
Like I said, I prefer AJAX to populate the UserName field. I encrypt the cookie value that is stored on the client PC and the server page that returns the AJAX response decrypts the value for me.
On a side note, notice my use of htmlEditFormat(). This is to prevent using the cookie for a cross site scripting (XSS) attack. I noticed you output url.message in your template above. This is ripe for a XSS attack. I only noticed because much of my early code used identical code and it weren't pretty when my code encountered a PCI security scanner for the first time several years back.
Copy link to clipboard
Copied
Steve,
I tried this code, but it doesn't do anything. I noticed on the If IsDeifined line, you have cookies.rememberMe and on the line below it, you have cookie.rememberMe. Does this matter? I tried putting the 2nd line to cookies.rememberMe, but it still doesn't display the username in the box. What do I have to change? Thanks.
Andy
Copy link to clipboard
Copied
jamie61880 wrote:
Steve,
I tried this code, but it doesn't do anything. I noticed on the If IsDeifined line, you have cookies.rememberMe and on the line below it, you have cookie.rememberMe. Does this matter? I tried putting the 2nd line to cookies.rememberMe, but it still doesn't display the username in the box. What do I have to change?
It does matter. Change the line <cfif isDefined("cookies.rememberMe")> to <cfif isDefined("cookie.rememberMe")>
Copy link to clipboard
Copied
Steve,
I was also wondering, does it matter how I go back to the login page? I've just been clicking a favorites tab to get back to it. It's not from a link or anything. Shouldn't the username just display in the text box anytime I come back to this log in page as long as I don't erase the cookies?
Andy
Copy link to clipboard
Copied
RE: Should username always display?
Yes, provided: the cookie didn't expire, there no page cache fighting going on, the domain remains constant (127.0.0.1 is different than localhost). I think there are other factors. Again, another reason for my preference to AJAX -- but get this working first.
Copy link to clipboard
Copied
I found this code to work:
<cfif IsDefined("cookie.UserName")>
<cfset UserName = cookie.UserName>
<cfelse>
<cfset UserName = "">
</cfif>
<cfif IsDefined("cookie.password")>
<cfset password = cookie.password>
<cfelse>
<cfset password = "">
</cfif>
<tr><td width=124></td><td align="left">User name: <input type="text" name="UserName" maxlength="14" size="12" value="#UserName#"></td>
</tr>
<tr><td width=124></td>
<td align="left">Password: <input type="Password" name="password" maxlength="14" size="12" value="#password#"></td></tr>
How can I do this now:
If someone starts typing a different username, clear out password box.
I know this is just an onclick event, but I don't understand how to just clear out the password box. Does anyone know?
Thanks.
Andy
Copy link to clipboard
Copied
Jamie61880,
Anyone can understand the need for storing the username in a cookie. However, it is inadvisable to store plain password strings in a cookie. It defeats the very purpose of a password.
Copy link to clipboard
Copied
Steve Sommers wrote:
There are a few ways to accomplish this. I prefer an AJAX approach but for simplicity, add the following somewhere above the username field and add value="#variables.username#" in the cfinput tag for username:
<cfset variables.userName="" />
<cfif isDefined("cookies.rememberMe")>
<cfset variables.userName=htmlEditFormat(cookie.rememberMe) />
</cfif>
...
<cfinput type="text" name="UserName" maxlength="14" size="12" value="#variables.userName#" />
Should this code be running on the form page? The way I see it, the username is only known after the form submits it to the action page, validate.cfm. We could then place the following code, for example, in validate.cfm:
<cfcookie name = "userName" value = "#form.userName#" expires = "1">
Copy link to clipboard
Copied
I failed to mention that you need to set the cookie value upon a successful login. You can use CFCOOKIE to do so on the page that displays after login.