Login authorisation for different levels does not work

Forum|Forum|16 years ago
December 31, 2009
2 replies
593 views

Hey again,

So this time I've got stuck with login stuff. I'm trying to set login based on the permissions level. In database i've got three fields: username, password and user_type. user_types are admin1 and admin2.

If I login with username and password for admin1 it goes well.

If login is with username and password for admin2 it goes to index page with no error message.

Following is the code:

<cfif IsDefined("FORM.username")>
<cfset MM_redirectLoginSuccess="../admin/index.cfm">
<cfset MM_redirectLoginFailed="index.cfm?failed=y">
<cfquery name="MM_rsUser" datasource="nodatabase">
SELECT username,password,user_type FROM users WHERE username=<cfqueryparam value="#FORM.username#" cfsqltype="cf_sql_clob" maxlength="45"> AND password=<cfqueryparam value="#Hash(FORM.password, "SHA")#" cfsqltype="cf_sql_clob" maxlength="64">
</cfquery>
<cfif MM_rsUser.RecordCount NEQ 0>
    <cftry>
      <cflock scope="Session" timeout="30" type="Exclusive">
        <cfset Session.MM_Username=FORM.username>
        <cfset Session.MM_UserAuthorization=MM_rsUser.user_type[1]> WHAT IS THIS [1] ??????
      </cflock>
      <cfif IsDefined("URL.accessdenied") AND false>
        <cfset MM_redirectLoginSuccess=URL.accessdenied>
      </cfif>
      <cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
      <cfcatch type="Lock">
        
      </cfcatch>
    </cftry>
</cfif>
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
<cfelse>
<cfset MM_LoginAction=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
    <cfset MM_LoginAction=MM_LoginAction & "?" & XMLFormat(CGI.QUERY_STRING)>
</cfif>
</cfif>
<cfset CurrentPage=GetFileFromPath(GetBaseTemplatePath())>

Any thoughts where does it all go wrong?

cheers,

Simon

This topic has been closed for replies.

BKBK

Community Expert

A separate but related question. Are you going to be logging the user in at every request? I see no cflogin and no cfloginuser tags.

S

Simon.DauAuthor

Known Participant

Well, that's the code that was written automatically by coldfusion when I've chosen to create user authorisation. However when you choose to go this way coldfusion asks whether you want to authorise user by username and password only, or add permission levels. So I've chosen to authorise by all three. As mentioned in database I have added three fields: username, password and user_type. Currently I have two users. One's - admin1, and another - admin2. If I change both to admin1 - have no trouble loging in. But if second one is left as admin2, it denies access with no error.

My intentions are to separate content of the admin page with the following code:

<cfif ListContains("admin1", Session.MM_UserAuthorization)>
Content to show if user in proper access level which is Admin1.
</cfif>

but in order to achieve this I have to login users with different access level.

BKBK

Community Expert

Is the username Admin2 in the database, as well as the hash of Admin2's password?

BKBK

Community Expert

cfsqltype="cf_sql_clob"

cfsqltype="cf_sql_varchar" seems more appropriate in both cases.

<cfset Session.MM_UserAuthorization=MM_rsUser.user_type[1]> WHAT IS THIS [1] ??????

Row 1 of the result set. If you did the table correctly, then the result set will contain only one row anyhow. So, MM_rsUser.user_type and MM_rsUser.user_type[1] would mean the same thing.

<cfif IsDefined("URL.accessdenied") AND false>

Most likely an error in the logic, as it will always be false. I suspect you wanted to write

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded