Skip to main content
N
Newsgroup_User
Inspiring
January 1, 2009
Question

CFlogin question

  • January 1, 2009
  • 1 reply
  • 273 views
If I'm using CFlogin to create a little login area for users, how can I
verify that the info that users enter for username and password (mainly
password) matches what's in the db table for that user?

Is that built into CFlogin or do I have to write the code that checks the
info entered matches what's in the db? If so, what's the benefit to having
a CFlogin?? Not trying to be snotty here, just wondering

    This topic has been closed for replies.

    1 reply

    F
    fireworld2406
    Participant
    January 1, 2009
    Hi---

    You have to enter code yourself.

    Here is an example from the ColdFusion Developer's Guide (all of the examples can be found in the ColdFusion Developers Guide under Securing Applications/Implementing User Security/Application-based user security example):

    <cfcomponent>
    <cfset This.name = "Orders">
    <cfset This.Sessionmanagement="True">
    <cfset This.loginstorage="session">

    <cffunction name="OnRequestStart">
    <cfargument name = "request" required="true"/>
    <cfif IsDefined("Form.logout")>
    <cflogout>
    </cfif>

    <cflogin>
    <cfif NOT IsDefined("cflogin")>
    <cfinclude template="loginform.cfm">
    <cfabort>
    <cfelse>
    <cfif cflogin.name IS "" OR cflogin.password IS "">
    <cfoutput>
    <h2>You must enter text in both the User Name and Password fields.
    </h2>
    </cfoutput>
    <cfinclude template="loginform.cfm">
    <cfabort>
    <cfelse>
    <cfquery name="loginQuery" dataSource="cfdocexamples">
    SELECT UserID, Roles
    FROM LoginInfo
    WHERE
    UserID = '#cflogin.name#'
    AND Password = '#cflogin.password#'
    </cfquery>
    <cfif loginQuery.Roles NEQ "">
    <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#"
    roles="#loginQuery.Roles#">
    <cfelse>
    <cfoutput>
    <H2>Your login information is not valid.<br>
    Please Try again</H2>
    </cfoutput>
    <cfinclude template="loginform.cfm">
    <cfabort>
    </cfif>
    </cfif>
    </cfif>
    </cflogin>

    <cfif GetAuthUser() NEQ "">
    <cfoutput>
    <form action="securitytest.cfm" method="Post">
    <input type="submit" Name="Logout" value="Logout">
    </form>
    </cfoutput>
    </cfif>

    </cffunction>
    </cfcomponent>

    That code is placed into an Application.cfc file, which executes before every page that is accessed.

    The advantage that I perceive from using cflogin is the role based access controls. If you look at the securitytest.cfm file...

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>Security test page</title>
    </head>

    <body>
    <cfoutput>
    <h2>Welcome #GetAuthUser()#!</h2>
    </cfoutput>

    ALL Logged-in Users see this message.<br>
    <br>
    <cfscript>
    if (IsUserInRole("Human Resources"))
    WriteOutput("Human Resources members see this message.<br><br>");
    if (IsUserInRole("Documentation"))
    WriteOutput("Documentation members see this message.<br><br>");
    if (IsUserInRole("Sales"))
    WriteOutput("Sales members see this message.<br><br>");
    if (IsUserInRole("Manager"))
    WriteOutput("Managers see this message.<br><br>");
    if (IsUserInRole("Employee"))
    WriteOutput("Employees see this message.<br><br>");
    if (IsUserInRole("Contractor"))
    WriteOutput("Contractors see this message.<br><br>");
    </cfscript>

    </body>
    </html>

    ...you can see that using a simple command, you can check to see if a user is in a specific role and output unique content to members of different roles without executing a query every time a page is loaded (at least this is my understanding). I believe that would relieve load on the database.

    Hope this helps!
    Firefly Community Gallery
    Adobe Firefly

    Remix with Firefly Community Gallery

    Thousands of free creations to fall in love with and remix in Firefly.

    Explore now
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices