Inspiring

Question

Direct users to page based on groupID

Forum|Forum|20 years ago
May 7, 2006
4 replies
1480 views

I have a login system which returns a message user authenticated or login failed and the users groupID which defines his/her access level. I want to find the best way to handle what happens now.
The users have three access levels (1,2,3) and can have more than one.
How do I send users to a page based on their access level? What is the most secure way of doing this? I am using cfcs so maybe I can create a method that handles this? Is it better to have the relocation done with cfifs on the actionform page (my index.cfm acts as a form and actionform page)? Thanks for any advice.

index.cfm
<cfparam name="form.username" default="">
<cfparam name="form.groupID" default="0">


<cfif structKeyExists(form,"checkAuth")>

<cfinvoke
component="security"
method="authenticate"
returnVariable="authenticated"
cfcUsername="#form.username#"
cfcPassword="#form.password#">
<cfif len(variables.authenticated)>


<cfinvoke component="security"
method="authorize"
cfcUsername="#form.username#"
returnVariable="grpID" />
<cfset groupID="#grpID#">
</cfif></cfif>

<cfif isDefined("variables.authenticated")>
<cfif variables.authenticated NEQ 0>
<b>Username and Password Authenticated Successfully!

<cfoutput>#variables.grpID#</cfoutput></b>
<cfinvoke
component="security"
method="authorize"
returnVariable="authorize"
cfcUsername="#form.username#">
<cfelse>
<b>Username and/or Password was incorrect!</b>
</cfif>
</cfif>

<form name="checkAuth" method="post" action="index1.cfm">
<br> <b>Email:</b>
<input name="username" type="Text" class="ftforminputsmall" tabindex="1" maxlength="50">
<b>Password:</b>
<input name="password" type="password" class="ftforminputsmall" maxlength="50" tabindex="2">
<input tabindex="3" type="Submit" name="checkAuth" class="ftforminputsmall">

security.cfc

<cfcomponent>
<cffunction access="public" name="authenticate" output="0">


<cfargument name="cfcUsername" type="string" required="1" />
<cfargument name="cfcPassword" type="string" required="1" />


<cfquery name="checkAuthentication" datasource="SecurityDB" username="root" password="riveravon">
SELECT username, userID, totallogins, lastIP, lastbrowser, lastlogin
FROM Security
WHERE username = '#arguments.cfcUsername#'
AND password = '#arguments.cfcPassword#'
</cfquery>


<cfif checkAuthentication.recordCount>


<cfquery name="getUserGroups" datasource="SecurityDB" username="root" password="riveravon">
SELECT security_groups.groupID, groups.groupID
FROM groups, security_groups
WHERE groups.groupID = security_groups.groupID
AND security_groups.username = '#arguments.cfcUsername#'
</cfquery>

<cfreturn checkAuthentication.username />

<cfelse>
<cfreturn 0 />
</cfif>
</cffunction>

<cffunction access="public" name="authorize" output="0">


<cfargument name="cfcUsername" type="string" required="1" />


<cfquery name="getUserGroups" datasource="SecurityDB" username="root" password="riveravon">
SELECT groupID
FROM Security_Groups
WHERE username = '#arguments.cfcUsername#'
</cfquery>


<cfif getUserGroups.recordCount>
<cfreturn getUserGroups.groupID />
<cfelse>
<cfreturn 0 />
</cfif>
</cffunction>
</cfcomponent>

Getting started

This topic has been closed for replies.

D

Dan_Bracuk

Inspiring

Quote the 1.
Also, do a cfdump of grpID for a user who is in more than one group. What does it look like?

H

HydrowizardAuthor

Inspiring

Hi Dan the cfdump gives me:
AUTHENTICATED aking
GROUPID 1

I commented out the cfinvoke as it was duplicated above. As you can see only one groupID is being shown.

<cfparam name="form.username" default="">
<cfparam name="form.password" default="">

<cfif structKeyExists(form,"checkAuth")>

<cfinvoke
component="security"
method="authenticate"
returnVariable="authenticated"
cfcUsername="#form.username#"
cfcPassword="#form.password#">
<cfif len(variables.authenticated)>


<cfinvoke component="security"
method="authorize"
cfcUsername="#form.username#"
returnVariable="groupID" />
<cfset groupID="#groupID#">
</cfif></cfif>

<cfif isDefined("variables.authenticated")>
<cfif variables.authenticated NEQ 0>
<b>Username and Password Authenticated Successfully!
<cfdump var="#variables#">



<cfelse>
<b>Username and/or Password was incorrect!</b>
</cfif>
</cfif>

D

Dan_Bracuk

Inspiring

quote:

Originally posted by: Hydrowizard
Hi Dan the cfdump gives me:
AUTHENTICATED aking
GROUPID 1


<cfelse>
<b>Username and/or Password was incorrect!</b>

In your authorize function, change this:
<cfreturn getUserGroups.groupID />
to this
<cfreturn ValueList(getUserGroups.groupID) />

H

HydrowizardAuthor

Inspiring

I have had a look at the online livedocs, I get this error Invalid CFML construct found on line 81 at column 9.
ColdFusion was looking at the following text: ListFind.

The syntax should be like this:
ListFind(list, value [, delimiters ])
What is my list name?
Thanks

<cfif isDefined("variables.authenticated")>
<cfif variables.authenticated NEQ 0>
<b>Username and Password Authenticated Successfully!
<cfoutput>#variables.grpID#</cfoutput>

<cfif ListFind(Variables.grpID) EQ 1 >
<cflocation url="member_welcome.cfm" addtoken="No">
<cfelse ListFind(Variables.grpID) EQ 2 >
<cflocation url="admin_welcome.cfm" addtoken="No">
<cfelseif ListFind(Variables.grpID) EQ 3 >
<cflocation url="premium_welcome.cfm" addtoken="No">
</cfif>
<cfinvoke
component="security"
method="authorize"
returnVariable="authorize"
cfcUsername="#form.username#">
<cfelse>
<b>Username and/or Password was incorrect!</b>
</cfif>
</cfif>

D

Dan_Bracuk

Inspiring

quote:

Originally posted by: Hydrowizard
I have had a look at the online livedocs, I get this error Invalid CFML construct found on line 81 at column 9.
ColdFusion was looking at the following text: ListFind.

The syntax should be like this:
ListFind(list, value [, delimiters ])
What is my list name?
Thanks

<cfif isDefined("variables.authenticated")>
<cfif variables.authenticated NEQ 0>
<b>Username and Password Authenticated Successfully!
<cfoutput>#variables.grpID#</cfoutput>

<cfif ListFind(Variables.grpID) EQ 1 >

With any luck, your list is Variables.grpID. That being the case, where are you supposed to put your value?
This is what you read:
ListFind(list, value [, delimiters ])
This is what you wrote:
<cfif ListFind(Variables.grpID) EQ 1 >

H

HydrowizardAuthor

Inspiring

Right I´m still getting an error Invalid CFML construct found looking at the following text:
ListFind with this <cfif ListFind(Variables.grpID,1)>
The list is: variables.grpID
The value is: 1
What are the delimiters?
Thanks

<cfif ListFind(Variables.grpID,1)>
<cflocation url="member_welcome.cfm" addtoken="No">
<cfelse ListFind(Variables.grpID,2) >
<cflocation url="admin_welcome.cfm" addtoken="No">
<cfelseif ListFind(Variables.grpID, 3) >
<cflocation url="premium_welcome.cfm" addtoken="No">
</cfif>

H

HydrowizardAuthor

Inspiring

So the code would be something like this?:

<cfif groupID=1><cflocation url = "member_welcome.cfm" addToken = "Yes" or "No">
<cfelse groupID=2><cflocation url = "admin_welcome.cfm" addToken = "Yes" or "No">
</cfif>

D

Dan_Bracuk

Inspiring

Before you start to code, you have to know what you want to do about people who have more than one access level. If you can describe that in plain English, you might be able to figure out the code yourself. If not, post the rule and we can tell you how to code it.

By the way, coding inside a cfc is a bit different than coding outside one, but the similarities outwheigh the differences.

H

HydrowizardAuthor

Inspiring

Thanks for the reply Dan. well in plain english it would be as set out below.

if groupID= 1 send to member_welcome.cfm
if groupID= 2 send to admin_welcome.cfm
if groupID= 3 send to premium_welcome.cfm
if groupID= 3 and 1 send to premium_welcome.cfm
if groupID= 3 and 2 send to admin_welcome.cfm
if groupID= 2 and 1 send to admin_welcome.cfm
if groupID= 2 and 3 send to admin_welcome.cfm
if groupID= 1 and 2 send to admin_welcome.cfm

[Levels: users (groupID 1)
administrators (groupID 2)
premium users (groupID 3)]

What is the best way to do this setting the groupID in a session and putting cflocation in the existing authroize cfc? Should I set a cfcookie to store the information? Thanks a lot

D

Dan_Bracuk

Inspiring

quote:

Originally posted by: Hydrowizard
Thanks for the reply Dan. well in plain english it would be as set out below.

if groupID= 1 send to member_welcome.cfm
if groupID= 2 send to admin_welcome.cfm
if groupID= 3 send to premium_welcome.cfm
if groupID= 3 and 1 send to premium_welcome.cfm
if groupID= 3 and 2 send to admin_welcome.cfm
if groupID= 2 and 1 send to admin_welcome.cfm
if groupID= 2 and 3 send to admin_welcome.cfm
if groupID= 1 and 2 send to admin_welcome.cfm

[Levels: users (groupID 1)
administrators (groupID 2)
premium users (groupID 3)]

What is the best way to do this setting the groupID in a session and putting cflocation in the existing authroize cfc? Should I set a cfcookie to store the information? Thanks a lot

var GoTo = "member_welcome.cfm";
if (ListFind(session.GroupId, "2")
GoTo = "admin_welcome.cfm;
else if (ListFind(session.GroupId, "3")
GoTo = "premium_welcome.cfm;

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded