help???.....with login...To:Sabaidee

Report · Oct 01, 2006

Hi Sabaidee;
Here is my login_form.cfm.
Thank you;
Bebeivan

Report · Oct 01, 2006

well... it looks like you are trying to process user login both in login_form.cfm AND application.cfm/cfc. the login processing code in the login_form.cfm *might* work, but it sure does not use the <cflogin> framework used in the application.cfm...

so, i suggest you get rid of this code in the login_form.cfm and leave processing user login to application.cfm...
to do this:
1) comment out everything before the <!DOCTYPE declaration in your login_form.cfm page
2) change the action attribute in the <form> tag:
just replace your opening <form> tag with the following:
<cfoutput>
<cfif GetFileFromPath(GetBaseTemplatePath()) IS NOT "login_form.cfm">
<form action="#CGI.script_name#?#ReplaceNoCase(CGI.query_string, 'logout=1', '', 'ALL')#" method="Post">
<cfelse>
<form action="index.cfm" method="Post">
</cfif>
</cfoutput>
what this does: if your user tries to access a page that requires login, the login form will be displayed, and after successful login the user will be taken to the page he requested, instead of to some pre-defined page...

hopefully, this will solve your problem.
i see that your current code in the login_form.cfm page uses some redirects based on unsuccessful login. the code in the application.cfm does not do that. instead it displays a message in the same login_form.cfm. it is also better not to use <cflocation> redirects on same pages as setting session-scope variables, as it may prevent variables from being set. so getting rid of the code in login_form.cfm will solve that problem, too.

let me know how it goes. if you get any errors do not forget to post them!

Report · Feb 20, 2007

I've been following these threads and have a question.

In an application that I'm developing for some internal users, I want all users to view some of the templates but only authorized users to access certain other templates/functions.

If I place the cflogin in the application.cfc, it tries to force a login to any template whether secure or not. I'm able to force users to a login (using getAuthUser, isInRole, etc.) if they page requires it, but I do not want folks to login if they are only viewing the information.

How can I structure the onRequest Start (I'm assuming that is the function I would use) so that it would only hit cflogin when necessary?

I know that the example application (I believe it is the one for the book club) that comes with CF7 uses functionality like this, but the application.cfc is encrypted so I can't see how they handle it.

Thanks for any help.

Report · Feb 20, 2007

> In an application that I'm developing for some internal users, I want all
> users to view some of the templates but only authorized users to access
> certain
> other templates/functions.
>
> If I place the cflogin in the application.cfc, it tries to force a login
> to
> any template whether secure or not. I'm able to force users to a login
> (using
> getAuthUser, isInRole, etc.) if they page requires it, but I do not want
> folks
> to login if they are only viewing the information.
>
> How can I structure the onRequest Start (I'm assuming that is the function
> I
> would use) so that it would only hit cflogin when necessary?

the easiest way would be to place all the templates you want protected in a
separate directory with its own application.cfc file

--
Bryan Ashcraft (remove brain to reply)
Web Application Developer
Wright Medical Technology, Inc.
------------------------------------------------------------------
Macromedia Certified Dreamweaver Developer
Adobe Community Expert (DW) :: http://www.adobe.com/communities/experts/

Report · Feb 20, 2007

Bryan has given you the answer. put the pages you want secured into a
different folder and put your application.cfc with login code there as well.
--

Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com

Report · Feb 21, 2007

Bryan and Azadi,
Thanks for the responses. I was planning on going that route if I couldn't solve it another way.

I guess my question is, how do they do it in the Book Club demo? In the example, their is not "secured" directory for those templates. All of them reside in the same directory. How is that handled?

Thanks again,

Report · Feb 21, 2007

well, another possible solution, though probably useful only if you have
just one or a couple of pages in a folder you want to secure/unsecure is:
in your application.cfm/cfc inside the <cflogin> check for current
requested template (page) name and if it matches one of the pages you
want secured/unsecured, process/exit the <cflogin> sequence.

i did it once this way for a lost password retrieval page inside admin
area of a website. obviously that page had to be unsecured so users
could retrieve their forgotten passwords without logging in. so i added
<cfif listlast(cgi.SCRIPT_NAME, "/\") IS NOT "lostpassword.cfm"> right
after <cfif NOT IsDefined("cflogin")> (basically, wrapped all my code
inside <cfif NOT IsDefined("cflogin")>...<cfelse> with the cfif check
for page name, so if a user requested the lostpassword.cfm page he/she
will not be forced to log in.

if you need to check for several page names match, you could use
something like <cfif
listfindnocase("page1.cfm,page2.cfm,allyourpageslistedhere.cfm",
listlast(cgi.SCRIPT_NAME, "/\")) IS 0>... this however will not work if
your requested page's url has parameters... you will have to adapt the
code to account for those

hope this helps

Report · Feb 21, 2007

Azadi,
Thanks again for the response.

My next question is using multiple layers of application.cfc's. In my "main" application.cfc, I create a host of application variables (dsn, basehref, paths & directories, components, etc.) in the onApplicationStart function.

Will I need to create all of those again in the "secure" application component? I was hoping to just be able to use the onSessionStart, onRequestStart functions in this component, but the application variables from the main component are apparently not available in the secondary component.

Is there a way to pass that along from one application to another? Request or session variable?

Thanks again,

Report · Feb 21, 2007

Here is a couple of items that might help.
http://corfield.org/blog/index.cfm/do/blog.entry/entry/Extending_Your_Root_Applicationcfc
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=9ce734f4

--
Bryan Ashcraft (remove brain to reply)
Web Application Developer
Wright Medical Technology, Inc.
------------------------------------------------------------------
Macromedia Certified Dreamweaver Developer
Adobe Community Expert (DW) :: http://www.adobe.com/communities/experts/

"hanzelmans" <hanzelmans@mhs-pa.org> wrote in message
news:eri6ta$5f$1@forums.macromedia.com...
> Azadi,
> Thanks again for the response.
>
> My next question is using multiple layers of application.cfc's. In my
> "main"
> application.cfc, I create a host of application variables (dsn, basehref,
> paths
> & directories, components, etc.) in the onApplicationStart function.
>
> Will I need to create all of those again in the "secure" application
> component? I was hoping to just be able to use the onSessionStart,
> onRequestStart functions in this component, but the application variables
> from
> the main component are apparently not available in the secondary
> component.
>
> Is there a way to pass that along from one application to another?
> Request or
> session variable?
>
> Thanks again,
>

Report · Feb 22, 2007

Bryan,
Thanks for the response. I came across those last night and was going to post them, but you beat me to the punch.

Steve

Report · Feb 22, 2007

Bryan,
Thanks for the response. I came across those last night and was going to post them, but you beat me to the punch.

Steve