[Top] [All Lists]

Applicatoin.cfc - login / check

Subject: Applicatoin.cfc - login / check
From: "stephenmbell"
Date: Mon, 27 Aug 2007 04:33:25 +0000 UTC
Newsgroups: macromedia.coldfusion.cfml_general_discussion
Question about application.cfc file -- I took this from a book and modified it 
to apply to my project.  A couple things confuse me.

 Attached is my application.cfc, loginform.cfm, and logincheck.cfm.

 I understand the application file gets included at every page request.  I have 
an admin section inthe site that requires login, otherwise it is not secured.

 So I go to - and I am prompted to login.  I put 
in the proper criteria and submit the form, and I am not logged in.

 What I do not understand is... when i view the page source from my browser on 
the login form, the action is the page that I want to go to 
( not the logincheck.cfm.

 Am I just not thinking about this clearly??

 Also, what is the purose of the hidden inputs on the login form?

 FILENAME:      Application.cfc
 CREATED:       AUG 25 2007     
 This file is included in every page throughout the entire web application

 <cfcomponent output="no">
        <!--- name the application --->
        <cfset = "SliverGriffinSite">
        <!--- turn on session management --->
        <cfset this.sessionManagement = true>
        <cffunction name="onApplicationStart" output="false" returntype="void">
                <!--- create global variables to be used throughout --->
                <cfset APPLICATION.dsn = "silvergriffin">

        <cffunction name="onRequestStart" output="false" returntype="void">
                <!--- if the user is not logged in, force them to do so now --->
                <cfif Find("/admin/", #CGI.SCRIPT_NAME#)>
                        <cfif not isdefined("session.auth.IsLoggedIn")>
                                <!--- if the user is now submitting the login 
form --->
                                <!--- include login check code to validate user 
                          <cfif isDefined("")>
                                <cfinclude template="includes/logincheck.cfm">
                        <cfinclude template="includes/loginForm.cfm">

 FILENAME:              loginForm.cfm
 PURPOSE:               Presented whenever a user has not logged in yet
 **included by application.cfc
  <!--- if the user is now submitting "Login" form,  --->
  <!--- include "Login Check" code to validate user       --->
  <cfif isDefined("")>
        <cfinclude template="LoginCheck.cfm">
        <title>Silver Griffin Inc - Please Login</title>

 <!--- place cursor in the user name filed when page loads --->
 <body onLoad=";">
   <cfform action="#CGI.script_name#" name="LoginForm" method="post">
   <input type="hidden" name="email_required" />
   <input type="hidden" name="password_requred" />
   <table width="350" border="0" cellspacing="0" cellpadding="5">
     <td colspan="2" align="center">Login</td>
     <td width="175">Email:</td>
         message="Please type your Email first.">
         message="Please type your Password first.">
     <td><input type="submit" name="Submit" value="Login"></td>

   <!--- for debuggin --->
   <cfif isdefined("SESSION.auth")>
          <cfdump var="#SESSION.auth#" expand="yes">

 FILENAME:      LoginCheck.cfm
 PURPOSE:       Validates a user's password entries
 Included by application.cfc
 <!--- make sure we have login name and password ---> 
 <cfparam name="">
 <cfparam name="FORM.password">

 <!--- find record with this username / password --->
 <!--- if no rows returned, password not valid --->
 <cfquery name="qryGetUser" datasource="#APPLICATION.dsn#">
 <!--- query db for info entered in form --->
 select id, firstname, lastname
 from tblUsers
 where email = ''
 and password = '#FORM.password#'

 <!--- if the user name and password are correct --->
 <cfif qryGetUser.recordcount EQ 1>
   <!--- remember user's logged in status plus --->
   <!--- contact id, first and last name in structure --->
   <cfset session.auth = structNew()>
   <cfset SESSION.auth.IsLoggedIn = "Yes">
   <cfset =>
   <cfset SESSION.auth.firstname = qryGetUser.firstname>
   <cfset SESSION.auth.lastname = qryGetUser.lastname>
   <!--- now that the user is logged in, send them  --->
   <!--- to whatever page they were headed to --->
   <!--- <cflocation url="#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#"> --->
   <cflocation url="#CGI.SCRIPT_NAME#">

<Prev in Thread] Current Thread [Next in Thread>