Login page

The page as shown is a self-contained ColdFusion script. There is nothing there that tells it not to execute. I presume you want something like...

<CFIF loggedIn>
code as shown above
<CFELSE>
error - please log in.
</CFIF>

I created this based on coding that someone else had set up in a tutorial. As I understand it, wouldn't my <cfinclude template="include_CheckAuthority.cfm" statement have the page first use the checkAutority.cfm page code first which verifies if the user is logged in?

Here's the coding for that page along with its comments:

<!--- include_CheckAuthority.cfm --->
<!--- This file is used to check whether or not a user is logged in, and can be included --->
<!--- in any page that needs to be "protected" from the unauthorized user --->

<!--- Initialize our boolean flag to FALSE, saying the user is not yet verified --->
<cfset bLoggedIn = False>

<!--- First, we check the session variable --->
<cfif IsDefined("Session.UserID")>
<cfif Session.UserID neq "">
<!--- if it is not false, we can assume that we have stored the session.userid --->
<!--- so we set logged in to True - meaning the user is verified --->
<cfset bLoggedIn = True>
</cfif>


<cfelse>
<!--- If there is NO session variable, that's OK, we can check for a cookie that we set --->
<!--- to store the user id long term. --->
<cfif IsDefined("Cookie.UserID")>
<cfif Cookie.UserID neq "">
<!--- if there is a cookie, save it into the session variable --->
<cfset Session.UserID = Cookie.UserID>
<!--- set logged in to True, because this user is verified --->
<cfset bLoggedIn = True>
</cfif>
</cfif>
</cfif>

<!--- Check to make sure that the user was verified --->
<cfif bLoggedIn eq False>
<!--- If not, then include an error file -basically saying you are not authorized --->
<!--- to view this page, and then exit processing of the template, so they don't see the rest --->
<cfinclude template="myErrorFile.cfm">
<cfexit>
</cfif>

Yes, it came with that coding as well.

Here it is:

<cfapplication name="loginApp" sessionmanagement="Yes" clientmanagement="yes" sessiontimeout="20">
<cfparam name="Session.UserName" default="">
<cfparam name="Session.Password" default="">

That didn't seem to help. Just to verify, I want to make sure you understand what my problem is. When I try to access the page that requires user authentification, it does give my error message that I need to go to the login page. But it also displays the sensitive database information. So what's happening is that it goes through my checkAuthority.cfm template which says I didn't enter a username and to send back the error message, but it also is processing the rest of the page to include the database info which should not be processed. I want the page to stop processing at that point. Hope that helps.

Save your current page, without the line <cfinclude template="include_CheckAuthority.cfm"> , as updatePage.cfm. Then do something along the lines of the code below.

With the coding you have above, is that going at the beginning of the updatepage.cfm page itself ?

Actually, I did the small revision that D.Brown suggested and it seemed to work- it just sent me to my login page. That should solve the issue for me. Thanks for all your help everyone!

Dave

With the coding you have above, is that going at the beginning of the updatepage.cfm page itself ?

No. Put it in the usual place for such authentication code, in Application.cfm.