Skip to main content
A
Anonymous
September 6, 2012
Answered

Cflogin in application.cfc

  • September 6, 2012
  • 1 reply
  • 2350 views

Hello,

I have created a login page with cflogin which works pretty good, but i am trying to figure out a way how to check whenever a user goes to any page, lets say the main page, if he is logged in and if not for them to be presented a login page. I know this can be done inside the Application.cfc, but i'm not sure how, the examples that i found online don't seem to work. Any help would be very much appreciated.

Here is what i got so far:

3 roles - admin, sales, tech

3 users - admin1, sales1, tech1

index.cfm

===========================================

<cfform action="login.cfm" method="post" name="frmLogin">

    <table align="center">

        <tr>

            <td>UserName:</td>

            <td><cfinput type="text" name="username" required="yes" message="Please enter a username" maxlength="50"></td>

        </tr>

       

        <tr>

            <td>Password:</td>

            <td><cfinput type="password" name="password" required="yes" message="Please enter a password" maxlength="50"></td>

        </tr>

       

        <tr>

            <td colspan="2"><cfinput type="submit" name="Login" value="Login"></td>

        </tr>

    </table>

</cfform>

login.cfm

============================================

<cflogin>

   

    <!--- If the user hasn’t gotten the login form yet, display it --->

    <cfif not (isDefined("form.username") and isDefined("form.password"))>

    No login info

    <cfinclude template="index.cfm">

    <cfabort>

    <!--- Otherwise, the user is submitting the login form --->

    <!--- This code decides whether the username and password are valid --->

    <cfelse>

    <!--- Find record with this Username/Password --->

    <!--- If no rows returned, password not valid --->

   

    <cfquery name="getUser">

        SELECT uid, firstname, lastname, rTrim(type) as UserRolename

        FROM tbl_users LEFT OUTER JOIN tbl_roles

        On tbl_users.roleid = tbl_roles.roleid

        WHERE username  = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.username#">

        AND   password  = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.password#">

    </cfquery>

    <!--- If the username and password are correct... --->

    <cfif getUser.recordCount eq 1>

    <!--- Tell ColdFusion to consider the user “logged in” --->

    <!--- For the name attribute, we will provide the user’s --->

    <!--- ContactID number and first name, separated by commas --->

    <!--- Later, we can access the name value via GetAuthUser() --->

    User has been logged in

    <cfloginuser name="#getUser.uid#,#getUser.firstname#, #getUser.lastname#" password="#form.password#" roles="#getUser.UserRolename#">

   

    <cfinclude template="main.cfm">

   

    <!--- Otherwise, re-prompt for a valid username and password --->

    <cfelse>

    Sorry, that username and password are not recognized.

    Please try again.

    <cfinclude template="index.cfm">

    <cfabort>

    </cfif>

</cfif>

</cflogin>

main.cfm

==========================================================

<cfoutput>Authenticated User in Main Page: #GetAuthUser()#</cfoutput>

    This topic has been closed for replies.
    Correct answer Miguel-F

    Yes, you need to implement the cflogin code within your Application.cfc OnRequestStart method so that it runs on every request.

    It is all explained pretty well here - Application-based user security example http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7c30.html

    1 reply

    Miguel-F
    Miguel-FCorrect answer
    Inspiring
    September 6, 2012

    Yes, you need to implement the cflogin code within your Application.cfc OnRequestStart method so that it runs on every request.

    It is all explained pretty well here - Application-based user security example http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7c30.html

    A
    Anonymous
    September 6, 2012

    Ok i just added the following to the application.cfc

    =========================================

    <cffunction name="OnRequestStart">

        <cfargument name = "request" required="true"/>

        <cfif IsDefined("form.logout")>

            <cflogout>

        </cfif>

        <cflogin>

            <cfif NOT IsDefined("cflogin")>

                <cfinclude template="index.cfm">

                <cfabort>

            <cfelse>

                <cfif cflogin.name IS "" OR cflogin.password IS "">

                    <cfoutput>

                        <h2>You must enter text in both the User Name and Password fields.

                        </h2>

                    </cfoutput>

                    <cfinclude template="index.cfm">

                    <cfabort>

                <cfelse>

                    <cfquery name="loginQuery">

                        SELECT uid, firstname, lastname, rTrim(type) as UserRolename

                        FROM tbl_users LEFT OUTER JOIN tbl_roles

                        On tbl_users.roleid = tbl_roles.roleid

                        WHERE username  = <cfqueryparam cfsqltype="cf_sql_varchar" value="#cflogin.username#">

                        AND   password  = <cfqueryparam cfsqltype="cf_sql_varchar" value="#cflogin.password#">

                    </cfquery>

                    <cfif loginQuery.UserRolename NEQ "">

                        <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#"

                            roles="#loginQuery.UserRoleName#">

                    <cfelse>

                        <cfoutput>

                            <H2>Your login information is not valid.<br>

                            Please Try again</H2>

                        </cfoutput>    

                        <cfinclude template="index.cfm">

                        <cfabort>

                    </cfif>

                </cfif>    

            </cfif>

        </cflogin>

        <cfif GetAuthUser() NEQ "">

            <cfoutput>

                    <form action="securitytest.cfm" method="Post">

                    <input type="submit" Name="Logout" value="Logout">

                </form>

            </cfoutput>

        </cfif>

    </cffunction>

    But now no matter what i type in the username and password box, even if the username and password is wrong it should bring me back to index.cfm and show an error but now it doesn't, and if its right it also just takes me straight to the index.cfm page, even if i try to go directly to main.cfm it just keeps bringin me back to index.cfm

    What could i be doing wrong?

    Miguel-F
    Miguel-F
    Inspiring
    September 6, 2012

    I think the issue is that you have your login code within your index.cfm page.  index.cfm also happens to be the default document so everything is going through that page regardless.  Try moving your login/authentication code to it's own template (like in the example).  the cflogin logic should only authenticate you then, once passed, send you on to the secured page(s).

    Edit:

    Remember the other piece to this is contained in your pages.  The cflogin does nothing more than associate your user(s) with their role(s).  Your code needs to check for that and do appropriate things.  Look at the securitytest.cfm example that I linked to before.  Note that it is using the IsUserInRole("Human Resources") function to check for the user's rights.  You will need to add these checks into your pages for the secure portions (or at the beginning of a page and redirect the user if they don't have the correct role).  Does that help?

    Message was edited by: Miguel-F

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices