Skip to main content
A
Anonymous
October 26, 2017
Question

Cold Fusion 8 - Login Problems

  • October 26, 2017
  • 2 replies
  • 2939 views

I recently started to get an error message when logging into my site after years of it working fine. I am more on the marketing/financial side so feel free to talk down to me. Here is the message:

The error occurred in C:/Websites/rc9c8dae/admin_essllc/login.cfm: line 91

Called from C:/Websites/rc9c8dae/admin_essllc/Application.cfm: line 36

Called from C:/Websites/rc9c8dae/admin_essllc/login.cfm: line 91

Called from C:/Websites/rc9c8dae/admin_essllc/Application.cfm: line 36

89 :

90 : <cfif #ParameterExists(Caller.FORM.Login)# IS "YES" AND #ParameterExists(Caller.FORM.Password)# IS "YES">

91 : <cfquery name="GetUserRecord" datasource="#Attributes.DATASOURCE#" username="#request.db_username#" password="#request.db_password#">

92 : SELECT * FROM #Attributes.TABLE#

93 : WHERE #Attributes.USERFIELD# = '#Caller.FORM.Login#' AND

There is a much more detailed message below this one which I can post if needed. Any help would be appreciated. I am using Cold Fusion Version 8 and Windows Server 2003.

This topic has been closed for replies.

2 replies

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
October 26, 2017

clueless100  wrote

90 : <cfif #ParameterExists(Caller.FORM.Login)# IS "YES" AND #ParameterExists(Caller.FORM.Password)# IS "YES">

While you're at it, change that line to

<cfif isDefined("Caller.FORM.Login") AND isDefined("Caller.FORM.Password")>

A
Anonymous
October 26, 2017

Thanks. I will try these fixes and report back.

pete_freitag
pete_freitag
Participating Frequently
October 26, 2017

You will need to post a full error message. It could be that something was changed on your database server (for example the login you are using was disabled, or the password changed) causing it to fail, but all anyone can do is speculate without the error message (just make sure the error message doesn't contain anything sensitive such as passwords, server names, etc before posting it - you can just replace the actual values with X's and then post it).

I also think it is worth pointing out that the code you have posted is vulnerable to a security hole called SQL Injection (a big reason you should not post any server names in your response). So, unfortunately another possibility as to why it is not working is that an attacker got into your database and messed around with stuff. Finally I should also point out that the end of core support for CF8 ended many years ago, so Adobe stopped providing security patches for CF8 many years ago, you should consider upgrading to ColdFusion 2016 as well.

--

Pete Freitag

Foundeo Inc. - ColdFusion Consulting & Security Products

A
Anonymous
October 26, 2017

Now I am too scared to post the full message.

pete_freitag
pete_freitag
Participating Frequently
October 26, 2017

If you want send it to me directly, you can do so here: https://foundeo.com/contact/

I can let you know if it is ok to post.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices