10 Replies Latest reply on Feb 22, 2007 5:40 AM by hanzelmans

    help???.....with login...To:Sabaidee

    beb0 Level 1
      Hi Sabaidee;
      Here is my login_form.cfm.
      Thank you;
      Bebeivan
        • 1. Re: help???.....with login...To:Sabaidee
          azadisaryev Level 1
          well... it looks like you are trying to process user login both in login_form.cfm AND application.cfm/cfc. the login processing code in the login_form.cfm *might* work, but it sure does not use the <cflogin> framework used in the application.cfm...

          so, i suggest you get rid of this code in the login_form.cfm and leave processing user login to application.cfm...
          to do this:
          1) comment out everything before the <!DOCTYPE declaration in your login_form.cfm page
          2) change the action attribute in the <form> tag:
          just replace your opening <form> tag with the following:
          <cfoutput>
          <cfif GetFileFromPath(GetBaseTemplatePath()) IS NOT "login_form.cfm">
          <form action="#CGI.script_name#?#ReplaceNoCase(CGI.query_string, 'logout=1', '', 'ALL')#" method="Post">
          <cfelse>
          <form action="index.cfm" method="Post">
          </cfif>
          </cfoutput>
          what this does: if your user tries to access a page that requires login, the login form will be displayed, and after successful login the user will be taken to the page he requested, instead of to some pre-defined page...

          hopefully, this will solve your problem.
          i see that your current code in the login_form.cfm page uses some redirects based on unsuccessful login. the code in the application.cfm does not do that. instead it displays a message in the same login_form.cfm. it is also better not to use <cflocation> redirects on same pages as setting session-scope variables, as it may prevent variables from being set. so getting rid of the code in login_form.cfm will solve that problem, too.

          let me know how it goes. if you get any errors do not forget to post them!
          • 2. Re: help???.....with login...To:Sabaidee
            hanzelmans Level 1
            I've been following these threads and have a question.

            In an application that I'm developing for some internal users, I want all users to view some of the templates but only authorized users to access certain other templates/functions.

            If I place the cflogin in the application.cfc, it tries to force a login to any template whether secure or not. I'm able to force users to a login (using getAuthUser, isInRole, etc.) if they page requires it, but I do not want folks to login if they are only viewing the information.

            How can I structure the onRequest Start (I'm assuming that is the function I would use) so that it would only hit cflogin when necessary?

            I know that the example application (I believe it is the one for the book club) that comes with CF7 uses functionality like this, but the application.cfc is encrypted so I can't see how they handle it.

            Thanks for any help.
            • 3. Re: help???.....with login...To:Sabaidee
              Level 7
              > In an application that I'm developing for some internal users, I want all
              > users to view some of the templates but only authorized users to access
              > certain
              > other templates/functions.
              >
              > If I place the cflogin in the application.cfc, it tries to force a login
              > to
              > any template whether secure or not. I'm able to force users to a login
              > (using
              > getAuthUser, isInRole, etc.) if they page requires it, but I do not want
              > folks
              > to login if they are only viewing the information.
              >
              > How can I structure the onRequest Start (I'm assuming that is the function
              > I
              > would use) so that it would only hit cflogin when necessary?

              the easiest way would be to place all the templates you want protected in a
              separate directory with its own application.cfc file


              --
              Bryan Ashcraft (remove brain to reply)
              Web Application Developer
              Wright Medical Technology, Inc.
              ------------------------------------------------------------------
              Macromedia Certified Dreamweaver Developer
              Adobe Community Expert (DW) :: http://www.adobe.com/communities/experts/


              • 4. Re: help???.....with login...To:Sabaidee
                Level 7
                Bryan has given you the answer. put the pages you want secured into a
                different folder and put your application.cfc with login code there as well.
                --

                Azadi Saryev
                Sabai-dee.com
                http://www.sabai-dee.com
                • 5. Re: help???.....with login...To:Sabaidee
                  hanzelmans Level 1
                  Bryan and Azadi,
                  Thanks for the responses. I was planning on going that route if I couldn't solve it another way.

                  I guess my question is, how do they do it in the Book Club demo? In the example, their is not "secured" directory for those templates. All of them reside in the same directory. How is that handled?

                  Thanks again,
                  • 6. Re: help???.....with login...To:Sabaidee
                    Level 7
                    well, another possible solution, though probably useful only if you have
                    just one or a couple of pages in a folder you want to secure/unsecure is:
                    in your application.cfm/cfc inside the <cflogin> check for current
                    requested template (page) name and if it matches one of the pages you
                    want secured/unsecured, process/exit the <cflogin> sequence.

                    i did it once this way for a lost password retrieval page inside admin
                    area of a website. obviously that page had to be unsecured so users
                    could retrieve their forgotten passwords without logging in. so i added
                    <cfif listlast(cgi.SCRIPT_NAME, "/\") IS NOT "lostpassword.cfm"> right
                    after <cfif NOT IsDefined("cflogin")> (basically, wrapped all my code
                    inside <cfif NOT IsDefined("cflogin")>...<cfelse> with the cfif check
                    for page name, so if a user requested the lostpassword.cfm page he/she
                    will not be forced to log in.

                    if you need to check for several page names match, you could use
                    something like <cfif
                    listfindnocase("page1.cfm,page2.cfm,allyourpageslistedhere.cfm",
                    listlast(cgi.SCRIPT_NAME, "/\")) IS 0>... this however will not work if
                    your requested page's url has parameters... you will have to adapt the
                    code to account for those

                    hope this helps

                    • 7. Re: help???.....with login...To:Sabaidee
                      hanzelmans Level 1
                      Azadi,
                      Thanks again for the response.

                      My next question is using multiple layers of application.cfc's. In my "main" application.cfc, I create a host of application variables (dsn, basehref, paths & directories, components, etc.) in the onApplicationStart function.

                      Will I need to create all of those again in the "secure" application component? I was hoping to just be able to use the onSessionStart, onRequestStart functions in this component, but the application variables from the main component are apparently not available in the secondary component.

                      Is there a way to pass that along from one application to another? Request or session variable?

                      Thanks again,
                      • 8. Re: help???.....with login...To:Sabaidee
                        Level 7
                        Here is a couple of items that might help.
                        http://corfield.org/blog/index.cfm/do/blog.entry/entry/Extending_Your_Root_Applicationcfc
                        http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=9ce734f4

                        --
                        Bryan Ashcraft (remove brain to reply)
                        Web Application Developer
                        Wright Medical Technology, Inc.
                        ------------------------------------------------------------------
                        Macromedia Certified Dreamweaver Developer
                        Adobe Community Expert (DW) :: http://www.adobe.com/communities/experts/


                        "hanzelmans" <hanzelmans@mhs-pa.org> wrote in message
                        news:eri6ta$5f$1@forums.macromedia.com...
                        > Azadi,
                        > Thanks again for the response.
                        >
                        > My next question is using multiple layers of application.cfc's. In my
                        > "main"
                        > application.cfc, I create a host of application variables (dsn, basehref,
                        > paths
                        > & directories, components, etc.) in the onApplicationStart function.
                        >
                        > Will I need to create all of those again in the "secure" application
                        > component? I was hoping to just be able to use the onSessionStart,
                        > onRequestStart functions in this component, but the application variables
                        > from
                        > the main component are apparently not available in the secondary
                        > component.
                        >
                        > Is there a way to pass that along from one application to another?
                        > Request or
                        > session variable?
                        >
                        > Thanks again,
                        >


                        • 9. Re: help???.....with login...To:Sabaidee
                          hanzelmans Level 1
                          Bryan,
                          Thanks for the response. I came across those last night and was going to post them, but you beat me to the punch.

                          Steve
                          • 10. Re: help???.....with login...To:Sabaidee
                            hanzelmans Level 1
                            Bryan,
                            Thanks for the response. I came across those last night and was going to post them, but you beat me to the punch.

                            Steve