Question
Newbie cfc question
I have an index.cfm with a login form which uses the
security.cfc below
There are two cffunctions.
The first one "authenticate" works fine which checks the passed username and password from the login form
and returns the result to the index.cfm page
The next one is "authorize" which finds the corresponding groupID(s) -the access level- from the db based on the username in the login. There are three levels of groupIDs 1, 2 or 3.
What I don´t understand is how to "combine the two functions" so they are both invoked when a user logins in so I can control what happens to a user after they have logged in based on their groupID.
At the moment only the authentication function is invoked. Should I have just one function? How can I make the authorize function work? Thanks a lot for any help greatly appreciated so I can understand this
security.cfc
<cfcomponent>
<cffunction access="public" name="authenticate" output="0">
<!--- security authentication function --->
<!--- username and password required --->
<cfargument name="cfcUsername" type="string" required="1"/>
<cfargument name="cfcPassword" type="string" required="1"/>
<!--- query the SecurityDB for the passed username and password --->
<cfquery name="checkAuthentication" datasource="SecurityDB" username="root" password="riveravon">
SELECT username, userID
FROM Security
WHERE username = '#arguments.cfcUsername#'
AND password = '#arguments.cfcPassword#'
</cfquery>
<!--- return the appropriate result --->
<cfif checkAuthentication.recordCount>
<!--- check the users security groups so we can see what groupID and therefore access level they have --->
<cfquery name="getUserGroups" datasource="SecurityDB" username="root" password="riveravon">
SELECT security_groups.groupID, groups.groupID
FROM groups, security_groups
WHERE groups.groupID = security_groups.groupID
AND security_groups.username = '#arguments.cfcUsername#'
</cfquery>
<cfreturn checkAuthentication.username/>
<cfelse>
<cfreturn 0/>
</cfif>
</cffunction>
<cffunction access="public" name="authorize" output="0">
<!--- security function finding what groupID and therefore access level--->
<!--- username from login form used to check group IDs --->
<cfargument name="cfcUsername" type="string" required="1"/>
<!--- query the SecurityDB and get all group id for the passed username --->
<cfquery name="getUserGroups" datasource="SecurityDB" username="root" password="riveravon">
SELECT groupID
FROM Security_Groups
WHERE username = '#arguments.cfcUsername#'
</cfquery>
<!--- return the appropriate groupID(s) --->
<cfif getUserGroups.recordCount>
<cfreturn getUserGroups.groupID/>
<cfelse>
<cfreturn 0/>
</cfif>
</cffunction>
</cfcomponent>
index.cfm
<cfparam name="form.username" default="">
<cfparam name="form.groupID" default="0">
<!--- Check for form submission --->
<cfif structKeyExists(form,"checkAuth")>
<!--- The user pressed the authenticate button --->
<cfinvoke
component="security"
method="authenticate"
returnVariable="authenticated"
cfcUsername="#form.username#"
cfcPassword="#form.password#">
</cfif>
<body>
<div id=navbar2>
<cfif isDefined("variables.authenticated")>
<cfif variables.authenticated NEQ 0>
<b>Username and Password Authenticated Successfully!</b>
<cfelse>
<b>Username and/or Password was incorrect!</b>
</cfif>
</cfif>
<form name="checkAuth" method="post" action="index.cfm">
<br> <b>Email:</b>
<input name="username" type="Text" class="ftforminputsmall" tabindex="1" maxlength="50">
<b>Password:</b>
<input name="password" type="password" class="ftforminputsmall" maxlength="50" tabindex="2">
<input tabindex="3" type="Submit" name="checkAuth" class="ftforminputsmall">
</form>
</div>
</body>
There are two cffunctions.
The first one "authenticate" works fine which checks the passed username and password from the login form
and returns the result to the index.cfm page
The next one is "authorize" which finds the corresponding groupID(s) -the access level- from the db based on the username in the login. There are three levels of groupIDs 1, 2 or 3.
What I don´t understand is how to "combine the two functions" so they are both invoked when a user logins in so I can control what happens to a user after they have logged in based on their groupID.
At the moment only the authentication function is invoked. Should I have just one function? How can I make the authorize function work? Thanks a lot for any help greatly appreciated so I can understand this
security.cfc
<cfcomponent>
<cffunction access="public" name="authenticate" output="0">
<!--- security authentication function --->
<!--- username and password required --->
<cfargument name="cfcUsername" type="string" required="1"/>
<cfargument name="cfcPassword" type="string" required="1"/>
<!--- query the SecurityDB for the passed username and password --->
<cfquery name="checkAuthentication" datasource="SecurityDB" username="root" password="riveravon">
SELECT username, userID
FROM Security
WHERE username = '#arguments.cfcUsername#'
AND password = '#arguments.cfcPassword#'
</cfquery>
<!--- return the appropriate result --->
<cfif checkAuthentication.recordCount>
<!--- check the users security groups so we can see what groupID and therefore access level they have --->
<cfquery name="getUserGroups" datasource="SecurityDB" username="root" password="riveravon">
SELECT security_groups.groupID, groups.groupID
FROM groups, security_groups
WHERE groups.groupID = security_groups.groupID
AND security_groups.username = '#arguments.cfcUsername#'
</cfquery>
<cfreturn checkAuthentication.username/>
<cfelse>
<cfreturn 0/>
</cfif>
</cffunction>
<cffunction access="public" name="authorize" output="0">
<!--- security function finding what groupID and therefore access level--->
<!--- username from login form used to check group IDs --->
<cfargument name="cfcUsername" type="string" required="1"/>
<!--- query the SecurityDB and get all group id for the passed username --->
<cfquery name="getUserGroups" datasource="SecurityDB" username="root" password="riveravon">
SELECT groupID
FROM Security_Groups
WHERE username = '#arguments.cfcUsername#'
</cfquery>
<!--- return the appropriate groupID(s) --->
<cfif getUserGroups.recordCount>
<cfreturn getUserGroups.groupID/>
<cfelse>
<cfreturn 0/>
</cfif>
</cffunction>
</cfcomponent>
index.cfm
<cfparam name="form.username" default="">
<cfparam name="form.groupID" default="0">
<!--- Check for form submission --->
<cfif structKeyExists(form,"checkAuth")>
<!--- The user pressed the authenticate button --->
<cfinvoke
component="security"
method="authenticate"
returnVariable="authenticated"
cfcUsername="#form.username#"
cfcPassword="#form.password#">
</cfif>
<body>
<div id=navbar2>
<cfif isDefined("variables.authenticated")>
<cfif variables.authenticated NEQ 0>
<b>Username and Password Authenticated Successfully!</b>
<cfelse>
<b>Username and/or Password was incorrect!</b>
</cfif>
</cfif>
<form name="checkAuth" method="post" action="index.cfm">
<br> <b>Email:</b>
<input name="username" type="Text" class="ftforminputsmall" tabindex="1" maxlength="50">
<b>Password:</b>
<input name="password" type="password" class="ftforminputsmall" maxlength="50" tabindex="2">
<input tabindex="3" type="Submit" name="checkAuth" class="ftforminputsmall">
</form>
</div>
</body>
AdChoices