macromedia.coldfusion.cfml_general_discussion
[Top] [All Lists]

Applicatoin.cfc - login / check

Subject: Applicatoin.cfc - login / check
From: "stephenmbell"
Date: Mon, 27 Aug 2007 04:33:25 +0000 UTC
Newsgroups: macromedia.coldfusion.cfml_general_discussion
Question about application.cfc file -- I took this from a book and modified it 
to apply to my project.  A couple things confuse me.

 Attached is my application.cfc, loginform.cfm, and logincheck.cfm.

 I understand the application file gets included at every page request.  I have 
an admin section inthe site that requires login, otherwise it is not secured.

 So I go to www.mysite.com/admin/index.cfm - and I am prompted to login.  I put 
in the proper criteria and submit the form, and I am not logged in.

 What I do not understand is... when i view the page source from my browser on 
the login form, the action is the page that I want to go to 
(mysite.com/admin/index.cfm) not the logincheck.cfm.

 Am I just not thinking about this clearly??

 Also, what is the purose of the hidden inputs on the login form?





 <!--- 
 FILENAME:      Application.cfc
 CREATED:       AUG 25 2007     
 This file is included in every page throughout the entire web application
  --->

 <cfcomponent output="no">
        <!--- name the application --->
        <cfset this.name = "SliverGriffinSite">
        <!--- turn on session management --->
        <cfset this.sessionManagement = true>
        
        <cffunction name="onApplicationStart" output="false" returntype="void">
                <!--- create global variables to be used throughout --->
                <cfset APPLICATION.dsn = "silvergriffin">
        </cffunction>

        <cffunction name="onRequestStart" output="false" returntype="void">
                <!--- if the user is not logged in, force them to do so now --->
                <cfif Find("/admin/", #CGI.SCRIPT_NAME#)>
                        <cfif not isdefined("session.auth.IsLoggedIn")>
                                <!--- if the user is now submitting the login 
form --->
                                <!--- include login check code to validate user 
--->
                          <cfif isDefined("FORM.email")>
                                <cfinclude template="includes/logincheck.cfm">
                          </cfif>
                        </cfif>
                        <cfinclude template="includes/loginForm.cfm">
                        <cfabort>
                </cfif>
        </cffunction>
        
 </cfcomponent>

 <!--- 
 FILENAME:              loginForm.cfm
 PURPOSE:               Presented whenever a user has not logged in yet
 **included by application.cfc
  --->
  
  
  <!--- if the user is now submitting "Login" form,  --->
  <!--- include "Login Check" code to validate user       --->
  <cfif isDefined("FORM.email")>
        <cfinclude template="LoginCheck.cfm">
  </cfif>
  
 <html>
 <head>
        <title>Silver Griffin Inc - Please Login</title>
 </head>

 <!--- place cursor in the user name filed when page loads --->
 <body onLoad="document.LoginForm.email.focus();">
   <cfform action="#CGI.script_name#" name="LoginForm" method="post">
   <input type="hidden" name="email_required" />
   <input type="hidden" name="password_requred" />
   <table width="350" border="0" cellspacing="0" cellpadding="5">
   <tr>
     <td colspan="2" align="center">Login</td>
     </tr>
   <tr>
     <td width="175">Email:</td>
     <td>
         <cfinput 
         type="text" 
         name="email"
         size="20"
         value=""
         maxlength="100"
         required="yes"
         message="Please type your Email first.">
                 
        </td>
   </tr>
   <tr>
     <td>Password:</td>
     <td>
        <cfinput 
         type="password" 
         name="password"
         size="20"
         value=""
         maxlength="100"
         required="yes"
         message="Please type your Password first.">
        </td>
   </tr>
   <tr>
     <td>&nbsp;</td>
     <td><input type="submit" name="Submit" value="Login"></td>
   </tr>
 </table>

   </cfform>
   <!--- for debuggin --->
   <cfif isdefined("SESSION.auth")>
          <cfdump var="#SESSION.auth#" expand="yes">
        </cfif>
 </body>
 </html>

 <!--- 
 FILENAME:      LoginCheck.cfm
 PURPOSE:       Validates a user's password entries
 Included by application.cfc
  --->
  
 <!--- make sure we have login name and password ---> 
 <cfparam name="FORM.email">
 <cfparam name="FORM.password">

 <!--- find record with this username / password --->
 <!--- if no rows returned, password not valid --->
 <cfquery name="qryGetUser" datasource="#APPLICATION.dsn#">
 <!--- query db for info entered in form --->
 select id, firstname, lastname
 from tblUsers
 where email = '#FORM.email#'
 and password = '#FORM.password#'
 </cfquery>

 <!--- if the user name and password are correct --->
 <cfif qryGetUser.recordcount EQ 1>
   <!--- remember user's logged in status plus --->
   <!--- contact id, first and last name in structure --->
   <cfset session.auth = structNew()>
   <cfset SESSION.auth.IsLoggedIn = "Yes">
   <cfset SESSION.auth.id = qryGetUser.id>
   <cfset SESSION.auth.firstname = qryGetUser.firstname>
   <cfset SESSION.auth.lastname = qryGetUser.lastname>
   
   <!--- now that the user is logged in, send them  --->
   <!--- to whatever page they were headed to --->
   <!--- <cflocation url="#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#"> --->
   <cflocation url="#CGI.SCRIPT_NAME#">
 </cfif>


<Prev in Thread] Current Thread [Next in Thread>