CFLOGIN help Needed

Report · Aug 11, 2013

As funding is an issue, my hosting space is currently CF 6, and am stuck with this version for about another year, so I must make the best of it. I have a big challenge with CFLOGIN. My goal is to have family members sign into the family site, and have their navigation to go from page to page. I am baffled as to how to implement cookies, with a backup database to hold their login data, in case their machine is set to not allow cookies. I've got a lot of people waiting for me to accomplish this! The code here, is not CFLOGIN, but the book says it will!

Right now, the table in the database is named permissions, and the two fields are un and pw.

I am typing from the Inside Coldfusion MX book, by John Cummings. I looked at another book, by Ben Nadel, and typed his code verbatum also. I triple-checked every character, and things are not working with either code sets. The site is a family site, and security is not a big issue, but I wish to implement a login, anyway. I've no SSL (because its just a family site for now).

Here's the code from the book by John C. :

The title of this section of the book is "Conditional Logic for Authentication Processing" but things are not clear as to what goes into the application.cfm and what goes into the page.

in my application.cfm :

<cfapplication name = "dougs_mobile_site"

sessionTimeout = #CreateTimeSpan(0, 0, 0, 60)#

sessionManagement = "Yes">

<CFPARAM

NAME="family"

DEFAULT="9130.fam">

</cfif>

my login.cfm page :

<HTML>

<HEAD>

<TITLE>Login Page</TITLE>

</HEAD>

<BODY>

</BODY>

</HTML>

in my cfinclude, named login_form_.cfm :

</CFIF>

<FORM

ACTION="#url#"

METHOD="post">

<TABLE>

<TR>

<HR>

</TD>

</TR>

<TR>

<TABLE>

<TR>

You are not currently logged into the system.

</TD>

</TR>

<TR>

Username:

</TD>

<TD>

</TD>

</TR>

<TR>

Password:

</TD>

<TD>

</TD>

</TR>

<TR>

</TD>

</TR>

</TABLE>

</TD>

</TR>

</TABLE>

</FORM>

</CFOUTPUT>

Report · Aug 11, 2013

I realize I forgot the query. I put it into the application.cfm, but that didn't get it working, either:

The use of a query is obvious, but the book said nothing about it....

SELECT permissions.* FROM permissions;

</CFQUERY>

</CFSAVECONTENT>

and, of course at the top of the login page:

#q_login#

</CFOUTPUT>

Report · Aug 12, 2013

Where does 'LoggedIn' get created? That's not obvious from your code.

What you should have is the page the form submits to should look up the username and password in the DB, then set the loggedin flag to true.

So probably at the top of login_form.cfm, something like:

SELECT permissions.* FROM permissions

WHERE un = <cfqueryparam value="#form.un#" CFSQLType="CF_SQL_VARCHAR">

AND pw = <cfqueryparam value="#form.pw#" CFSQLType="CF_SQL_VARCHAR">

</CFQUERY>

</cfif>

(although ideally you'd be hashing your passwords not storing them as plaintext, right?)

This code is redundant:

</CFIF>

<FORM

ACTION="#url#"

METHOD="post">

Just use an empty action attribute, it'll do the same thing (of submitting to the current URL).

<FORM

ACTION=""

METHOD="post">