Inspiring

Answered

Logging into a directory with application.cfc?

Forum|Forum|18 years ago
February 26, 2008
7 replies
2037 views

Hello;
I currently upgraded a log in that I made to a directory in my web site. I used application.cfm to lock it down and it worked nice. I upgraded my code to work on application.cfc. and it seems to keep me out of the directory, but my log in code doesn't work now. Can anyone help me? I attached the code so you can see what is going on.

Right now, my log in won't allow me to log in. I don't understand why.

Can anyone help me out?
Thank you.

Phoenix

Advanced techniques

This topic has been closed for replies.

Correct answer Irish-Phoenix

Ok, I did some reading and found a way to make the main application.cfc file work with the application.cfc file in the sub directory. I added a ProxyApplication.cfc with this code in it:

<cfcomponent extends="Application">
</cfcomponent>

and put this code in my application.cfc file in my sub directory:

<cfcomponent output="false" extends="ProxyApplication">

<cffunction name="onRequestStart" returnType="void" output="false">
</cffunction>

<cffunction name="onRequest" returntype="void">
<cfif NOT IsDefined("SESSION.user.firstname")>
<cflocation url="../sitemanager.cfm" addtoken="yes">
</cfif>

<cfif IsDefined("COOKIE.CFID") AND IsDefined("COOKIE.CFTOKEN")>
<cfset cfid_local = COOKIE.CFID>
<cfset cftoken_local = COOKIE.CFTOKEN>

<cfcookie NAME="CFID" VALUE="#cfid_local#">
<cfcookie NAME="CFTOKEN" VALUE="#cftoken_local#">
</cfif>
</cffunction>

<cffunction name="onRequestEnd" returnType="void" output="true">
</cffunction>

</cfcomponent>

Now it locks down my directory, BUT it still kicks me out when I log in properly. WHY? I don't understand why it is not reading this code properly. No errors, just won't let me log in.

D

Dan_Bracuk

Inspiring

Add some logic for that directory you want to protect.

I

Irish-PhoenixAuthor

Inspiring

How would I write that. Please forgive me, I am learning, don't know what logic to add, would that also solve the log in problem?

D

Dan_Bracuk

Inspiring

Now I can see it.

The onRequestStart runs before any code in any .cfm template, including the template that accepts your login form. That means session.user.firstname never gets defined.

Your 1st post had this in the onSessionStart function. Hence my confusion.

I

Irish-PhoenixAuthor

Inspiring

What do I do to fix it?

D

Dan_Bracuk

Inspiring

I would put it in the application.cfc.

Look at your cgi variables. See if any of them help you see what directory you are in.

I

Irish-PhoenixAuthor

Inspiring

It is my application.cfc file causing the problem. I have gotten that figured out. What I did wrong in the code on this file is beyond me. Now, it doesn't lock down the directory, nor does it log me in. and in my book it says this is how it is supposed to be written.

<cfcomponent output="false">
<cfset this.name="mySite">
<cfset this.sessionmanagement=true>

<cffunction name="onApplicationStart" returntype="void" output="false">
<cfset request.datasource = "myDB">
<cfset APPLICATION.companyname = "myCompany">
</cffunction>

<cffunction name="onRequestStart" output="false" returntype="void">
<cfif NOT IsDefined("SESSION.user.firstname")>
<cflocation url="../sitemanager.cfm" addtoken="yes">
</cfif>

<cfif IsDefined("COOKIE.CFID") AND IsDefined("COOKIE.CFTOKEN")>
<cfset cfid_local = COOKIE.CFID>
<cfset cftoken_local = COOKIE.CFTOKEN>

<cfcookie NAME="CFID" VALUE="#cfid_local#">
<cfcookie NAME="CFTOKEN" VALUE="#cftoken_local#">
</cfif>
</cffunction>
</cfcomponent>

Any ideas? It is this page causing the problems.

D

Dan_Bracuk

Inspiring

<cfdump variable="#variables#"> will always give you something, usually more than you had hoped for. Putting "this is function whatever <br />" in each function might be more useful.

Two application.cfc files would probably make matters worse.

I

Irish-PhoenixAuthor

Inspiring

how about if we make matters more simple? What would I use to make a directory in cf 8 locked down so you need a password to access it instead of an application.cfm inside the directory? Would I put it all on the main application.cfc file? if so How would that be written?

D

Dan_Bracuk

Inspiring

Sounds like your onSessionStart is running on every page request. Test this by having it output some text.

The onRequestStart function goes into your application.cfc. You write it the same way to write any other function.

By the way, it's a good practice to use the var keyword when setting varialbles inside a function.

I

Irish-PhoenixAuthor

Inspiring

I was wrong, I do have an onRequestStart I took the code out of cffunction session and put it into onRequestStart. It locks down my directory still, but it doesn't allow me to log in, I had it thrown an error, so it is reading the code. It boots me back to the sitemanager.cfm and adds the token to the url.

Would it make a difference if there are 2 application.cfc files in this site. one is in the main directory of the site, and this one I am working on is in the directory I am trying to lock down and log into. I know application.cfm didn't have a problem with this, but does .cfc see it differently?

Also, if I do a cfdump what would the variable be I would want to find out where the information is getting lost?

D

Dan_Bracuk

Inspiring

What actually happens when you log in correctly?

Also, do you have an onRequestStart function?

I

Irish-PhoenixAuthor

Inspiring

When I try and log in properly, it just kicks me back to the sitemanager.cfm file and that page isn't saying weather or not I am logged in or didn't provide the proper username and password.

No I do not have an onRequestStart function. Where would I put that and how would I write it? I don't think it is getting to the application.cfc file yet, I think my problem is on the login.cfm file.

Could this site being on an ip address be the problem?

D

Dan_Bracuk

Inspiring

What's on this page?
<cflocation url="../sitemanager.cfm" addtoken="yes">