Pass Hidden Field (Rep ID) as Parameter when user logs into site

Report · Jun 17, 2011

I have set-up user validation to my site based on a userID and password, but I want to also pass a hidden field/parameter (RepID) to the rest of the site pages so that I can filter my record sets on those pages based on that RepID parameter.

I have coded everything the way I thought it should be, but I'm getting the following error when I test it and from what I can see it is defined...

Element PSWD is undefined in FORM.

Here is the form coding, as well as the CF coding for the user validation...

...................................................................... ...................................................................... ..

<form id="login" name="login" method="POST" action="<cfoutput>#MM_loginAction#</cfoutput>">
                <table border="0" cellspacing="0" cellpadding="5">
                  <tr>
                    <td height="35" class="text_bold">Email</td>
                    <td height="35"><label for="email"></label>
                      <input type="text" name="email" id="email" /></td>
                  </tr>
                  <tr>
                    <td height="35" class="text_bold">Password</td>
                    <td height="35"><label for="pswd"></label>
                      <input name="pswd" type="password" id="pswd" value="<cfoutput>#rsWeblogin#</cfoutput>" /></td>
                  </tr>
                  <tr>
                    <td height="35" class="text_bold"><input name="salesman_id" type="hidden" id="salesman_id" value="<cfoutput>#rsWeblogin.SALESMAN_ID#</cfoutput>" /></td>
                    <td height="35"><input type="submit" name="submit" id="submit" value="Submit" /></td>
                  </tr>
                </table>
              </form>

...................................................................... ...................................................................... ..

<cfparam name="FORM.email" default="1">
<cfquery name="rsWeblogin" datasource="INSORB">
SELECT *
FROM dbo.WEBLOGIN
WHERE E_MAIL = <cfqueryparam value="#FORM.email#" cfsqltype="cf_sql_clob" maxlength="64">
</cfquery>
<cfif IsDefined("FORM.email")>
    <cfset MM_redirectLoginSuccess="index.cfm">
    <cfset MM_redirectLoginFailed="login.cfm">
    <cfquery name="MM_rsUser" datasource="INSORB">
    SELECT E_MAIL,PSWD FROM dbo.WEBLOGIN WHERE E_MAIL=<cfqueryparam value="#FORM.email#" cfsqltype="cf_sql_clob" maxlength="64"> AND PSWD=<cfqueryparam value="#FORM.pswd#" cfsqltype="cf_sql_clob" maxlength="15">
    </cfquery>
    <cfif MM_rsUser.RecordCount NEQ 0>
      <cftry>
        <cflock scope="Session" timeout="30" type="Exclusive">
          <cfset Session.MM_Username=FORM.email>
          <cfset Session.MM_UserAuthorization="">
        </cflock>
        <cfif IsDefined("URL.accessdenied") AND true>
          <cfset MM_redirectLoginSuccess=URL.accessdenied>
        </cfif>
        <cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
        <cfcatch type="Lock">
          
        </cfcatch>
      </cftry>
    </cfif>
    <cflocation url="#MM_redirectLoginFailed#" addtoken="no">
    <cfelse>
    <cfset MM_LoginAction=CGI.SCRIPT_NAME>
    <cfif CGI.QUERY_STRING NEQ "">
      <cfset MM_LoginAction=MM_LoginAction & "?" & XMLFormat(CGI.QUERY_STRING)>
    </cfif>
</cfif>

...................................................................... ...................................................................... ..

Any help would be greatly appreciated!

Report · Jun 17, 2011

On whatever page is throwing the error, cfdump your form before any other code is executed.

Report · Jun 17, 2011

I don't have anything definitive to offer other than a couple of questions based on what I see on your login form:

1. What is rsWeblogin that you are using to initialize the password field PSWD on the form? I would have expected the password field to be left empty in generating the form...

2. The use of "#rsWeblogin#" to initialize the PSWD field, coupled with the use of "#rsWeblogin.salesman_ID#" to initialize the hidden field strike me as odd; that second one would lead me to believe rsWeblogin is a structure of some sort, and I'm not sure what you would be getting crunched into the password field as a result...

Maybe one of those might give you some sort of clue?

In addition, if the password field is left empty on the form itself, you may well not be getting a FORM.pswd variable coming through the submittal. You may need to either check that it is defined (probably best) or cfparam it to a known value that would never be used for a "real" password (problematic for all sorts of reasons) before using it in the authentication logic.

--

/ron

Report · Jun 20, 2011

The userID and the repID are both unique to the user, but are used for different identification purposes. Both fields are in the same user login table...

I was able to solve the problem by adding <cfset Session.RepID=MM_rsUser.SALESMAN_ID> and adding the SALESMAN_ID field to the <cfquery>

Now it works great!

Thank you for all your responses!