3 Replies Latest reply on Dec 6, 2007 3:39 PM by mohadi

    login question

    tracjerian Level 1
      I have a login script that verifies against a database. The script verifies the user name and password.
      I need to verify the user type and then depending on the user type send the user to one of two pages i.e. user type 1 would go to index.cfm and user type 2 would go to user.cfm.
      Any help would be greatly appreciated. here is my code:

      <cfquery name="qVerify" datasource="clients">
      SELECT TblUser.User_id, TblUser.User_Password, TblUser.User_Type
      FROM TblUser, TblUserType
      WHERE user_id = '#username#' AND User_password = '#password#'
      </cfquery>

      <cfif Verify.Recordcount>
      <cfset session.allowin = "True">
      <cfset SESSION.UserID = qVerify.user_id />
      <script>
      alert("Welcome! You have been successfully logged in!");
      self.location="Processors_Home.cfm";
      </script>
      <cfelse>
      <script>
      alert("Your credentials could not be verified, please try again!!");
      self.location="Javascript:history.go(-1)";
      </script>
      </cfif>
        • 1. Re: login question
          Level 7


          tracjerian wrote:
          > I have a login script that verifies against a database. The script verifies the
          > user name and password.
          > I need to verify the user type and then depending on the user type send the
          > user to one of two pages i.e. user type 1 would go to index.cfm and user type 2
          > would go to user.cfm.
          > Any help would be greatly appreciated. here is my code:
          >
          > <cfquery name="qVerify" datasource="clients">
          > SELECT TblUser.User_id, TblUser.User_Password, TblUser.User_Type
          > FROM TblUser, TblUserType
          > WHERE user_id = '#username#' AND User_password = '#password#'
          > </cfquery>
          >

          not related to your direct question, but...
          1) i would use a proper INNER JOIN in your query instead of the
          Cartesian join you are using
          2) i would suggest scoping your username and password variables and USE
          CFQUERYPARAM!

          > <cfif Verify.Recordcount>
          > <cfset session.allowin = "True">
          > <cfset SESSION.UserID = qVerify.user_id />
          > <script>
          > alert("Welcome! You have been successfully logged in!");
          > self.location="Processors_Home.cfm";
          > </script>

          OK, so in order to tell which type current user is, you need to either
          store that info somewhere (like SESSION scope var) or query your db each
          time you need that info (not an optimal option).
          I suggest you also store User-Type in the session scope (add <cfset
          SESSION.UserType = qVerify.User_Type> to the script block above) and on
          your Processor_Home.cfm page you will need to have an cfif/cfelse block
          to check the value of this var and cflocate to correct page.

          > <cfelse>
          > <script>
          > alert("Your credentials could not be verified, please try again!!");
          > self.location="Javascript:history.go(-1)";
          > </script>
          > </cfif>
          >
          >

          alternatively, you may want to look at the cf's LOGIN and LOGINUSER
          tags. Using the login framework gives you access to such useful
          functions as isUserInRole, getAuthUser, etc

          hth

          ---
          Azadi Saryev
          Sabai-dee.com
          http://www.sabai-dee.com
          • 2. Re: login question
            aqlongnion Level 1
            Also, use cflocation to redirect instead of javascript, as you never want to rely on JS for crucial parts of your app like logins. Best wishes
            • 3. Re: login question
              mohadi Level 1
              I have not tested this code, but you could try something like this: