Page restriction setup help

Forum|Forum|15 years ago
August 11, 2010
3 replies
1071 views

Hi I have an admin section I of course want to restrict site visitors from gaining access to. I have a login form, a login error template, application template, and a logout template. I also have a restrictAccess.cfm template that has a cfif condition. I can login in and everything redirects the way it is suposed too. I can logout as well. I can type the wrong username and password and get redirected to the loginError page, but I can still type in the URL to my adminHome page and it doesnt restrict my access. I have a cfinclude for the restrictAccess.cfm at the beginning of the adminHome page, but that doesnt seem to do anything.

here is my restrictAccess.cfm code.

This is the cfinclude on my adminHome.cfm

and here is the application.cfm

<cfapplication name="login" sessionmanagement="Yes">
         <cfparam name="SESSION.login" default="No" type="any">

I tried using the restrict access tool in DW, but didnt have much luck. Can someone please give me some pointers as to why this isnt working properly. Thanks so much!

This topic has been closed for replies.

A

Anonymous

ok well you might know it was my hosting site! lol....A week or so ago I was having another issue with data. So I remember them saying they had moved my database to another server. Well they didnt tell me what the new server hostname was. So I have the new hostname set up and all is working! Thanks again for all your help!

Tony

J

JR__Bob__Dobbs

Inspiring

You may want to review the "Securing Applications" section of the CF documentation.

http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7e34.html

A

Anonymous

Hi Bob, thanks for the info! I did go over those tutorials and pretty much have the same code as suggested when using a database to handle login info here is my loginAction code:

<cfparam name="FORM.username" default="1" type="any">
<cfparam name="FORM.password" default="None" type="any">

<cfquery name="rsLogin" datasource="rlbulbs">
SELECT userName, passWord
FROM rlbadmin
WHERE userName = '#FORM.username#'
AND passWord = '#FORM.password#'
</cfquery>
<cfif rsLogin.Recordcount GT 0>
<cfset SESSION.login = "Yes">
<cflocation url="adminHome.cfm" addtoken="no">
<cfelse>
<cflocation url="loginError.cfm" addtoken="no">
</cfif>

Again. the restrictAccess.cfm is the page that should load before my adminHome page using the cfinclude. The restrictAccess page sets the SESSION.login to "NO"

J

JR__Bob__Dobbs

Inspiring

If you add to adminHome page and request the page without logging in what do you get?

tclaremont

Inspiring

There may be better ways to do it, but I have an Application.cfm file within my restricted directories that checks for authentication. If authentication fails, they are whisked away to an access request page via cflocation. Therefore people who are not authenticated never see the content within that directory.

A

Anonymous

Hi tclaremont, yes I have the application.cfm as well, but I chose to test the login condition in another file so I could just add an include to every page I wanted to restrict access too. The restrictAccess.cfm file I posted above should be coded soundly..it would appear anyway, but doesnt seem to work correctly.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded