Question
Problem with a login form and secured directory
Hello;
I wrote a log in form for my application. I am locking out a directory that is in my web site root directory.
http://www.mysite.com/lockeddirectory/index.cfm
I have 2 application.cfc files, one in my root directory and one in the locked out directory. I have to use a proxyapplication.cfc to communicate between the file in the root and the locked directory. (I don't have server control)
Now the code i wrote for the log in works to a point. It does log me in, and it passes the variables to the pages I want it to. BUT when your logged into the locked directory, and you click on a link to go to one of the pages in that directory, it kicks you out and wants you to log in again. I can't figure out what I did wrong, can anyone help me out and help me tweek my code to make it work?
here is my code:
LoginCheck.cfm
<cfparam name="FORM.userLogin" type="string">
<cfparam name="FORM.userPassword" type="string">
<cfquery NAME="getUser" datasource="#APPLICATION.dataSource#">
SELECT user.id, user.Fname, user.Lname
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.UserLogin#">
AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.UserPassword#">
</cfquery>
<cfif getUser.recordCount eq 1>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedin = "yes">
<cfset SESSION.auth.id = getUser.id>
<cfset SESSION.auth.Fname = getUser.Fname>
</cflock>
<cfquery name="updateLoginInfo" datasource="#APPLICATION.dataSource#">
UPDATE user SET
lastLogin = #CreateOdbcDateTime(now())#,
hits = hits+1
WHERE ID = #val(getUser.Id)#
</cfquery>
<cflocation url="admin/index.cfm">
<cfelse>
<cflocation url="login.cfm?login=#form.UserLogin#&getUser=#getUser.recordCount#" addtoken="no">
</cfif>
Application.cfc file in locked directory:
<cfcomponent output="false" extends="ProxyApplication">
<cffunction name="OnRequestStart" output="false" returntype="void">
<cfif NOT isDefined("SESSION.auth.isLoggedIn")>
<cflocation url="../sitemanager.cfm" addtoken="no">
<cfabort>
<cfelseif isDefined("FORM.UserLogin")>
<cfinclude template="../LoginCheck.cfm">
</cfif>
</cffunction>
</cfcomponent>
I do have session management and cookies and everything turned on in the main application.cfc file. So I am confused on why this is looking to make me log back in everytime I click on a link in the protected directory.
Thank you
CFmonger
I wrote a log in form for my application. I am locking out a directory that is in my web site root directory.
http://www.mysite.com/lockeddirectory/index.cfm
I have 2 application.cfc files, one in my root directory and one in the locked out directory. I have to use a proxyapplication.cfc to communicate between the file in the root and the locked directory. (I don't have server control)
Now the code i wrote for the log in works to a point. It does log me in, and it passes the variables to the pages I want it to. BUT when your logged into the locked directory, and you click on a link to go to one of the pages in that directory, it kicks you out and wants you to log in again. I can't figure out what I did wrong, can anyone help me out and help me tweek my code to make it work?
here is my code:
LoginCheck.cfm
<cfparam name="FORM.userLogin" type="string">
<cfparam name="FORM.userPassword" type="string">
<cfquery NAME="getUser" datasource="#APPLICATION.dataSource#">
SELECT user.id, user.Fname, user.Lname
FROM user
WHERE userName =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.UserLogin#">
AND password =<cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.UserPassword#">
</cfquery>
<cfif getUser.recordCount eq 1>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.isLoggedin = "yes">
<cfset SESSION.auth.id = getUser.id>
<cfset SESSION.auth.Fname = getUser.Fname>
</cflock>
<cfquery name="updateLoginInfo" datasource="#APPLICATION.dataSource#">
UPDATE user SET
lastLogin = #CreateOdbcDateTime(now())#,
hits = hits+1
WHERE ID = #val(getUser.Id)#
</cfquery>
<cflocation url="admin/index.cfm">
<cfelse>
<cflocation url="login.cfm?login=#form.UserLogin#&getUser=#getUser.recordCount#" addtoken="no">
</cfif>
Application.cfc file in locked directory:
<cfcomponent output="false" extends="ProxyApplication">
<cffunction name="OnRequestStart" output="false" returntype="void">
<cfif NOT isDefined("SESSION.auth.isLoggedIn")>
<cflocation url="../sitemanager.cfm" addtoken="no">
<cfabort>
<cfelseif isDefined("FORM.UserLogin")>
<cfinclude template="../LoginCheck.cfm">
</cfif>
</cffunction>
</cfcomponent>
I do have session management and cookies and everything turned on in the main application.cfc file. So I am confused on why this is looking to make me log back in everytime I click on a link in the protected directory.
Thank you
CFmonger
AdChoices