[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Set up Explanation

Posted on 2000-01-07
9
Medium Priority
?
135 Views
Last Modified: 2013-12-24
I need to set up a site with cold fusion, that allows clients to login, and depending on their name and password, they can receive information about the current status of their project.

Could someone please tell me a simple way of going about setting this up. Specifically how to set up the access database and cold fusion form.  
0
Comment
Question by:IDS1
9 Comments
 
LVL 1

Expert Comment

by:bigbadb
ID: 2332716
First you create the access database with what tables you need.  THen you register that database in the coldfusion administrator under odbc.  At this point you should be able to access the database from coldfusion pages.  

For the login page you would have to create a form entry with something like

<form method="post" action="loginvalid.cfm"

<input type="Text" name="username" size="10">
<input type="password" name="password" size="10">

<input type="submit">

THis will submit the form


On the loginvalid.cfm page
you will need to vaidate the username and password supplied in the previous page so you would do something like the following

<cfquery datasource="#application.source#" name="usernameq">
      select       *
      from       cm_users
      where      usr_name       =       '#username#'
      and       usr_passwd      =      '#password#'
      </cfquery>
      

if usernameeq.recordcount eq 1 then you know that you have a vaild user if not then the password is wrong or username does not exist and you will need to direct the user back to the previous page.

You should be able to piece this stuff together and add a few location redirections and be set

Good Luck
0
 
LVL 1

Expert Comment

by:bigbadb
ID: 2332741
btw #application.source# is the name of the datasource specified in the CF Server
0
 
LVL 5

Expert Comment

by:nathans
ID: 2332841
One other thing bigbadb left out if you want to keep people from several pages...


example:
C:\inetpub\wwwroot\MyApp

The thing I would do as well is.

in wwwroot\myapp\ create application.cfm with
<cfapplicaiton sessionimanagement ="yes" name="myapp">

Here is where I would check to see if they are logged in.

<cfif isdefined(Session.username)>


Then when you validate that they are a real user Set the Session.username to their name so you will know they are logged in.




<cfelse>
<!--- This sends them out to the login page if they are not logged in. --->
<cflocation url="/login.cfm">
</cfif>


0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 

Author Comment

by:IDS1
ID: 2332965
Thanks everyone, but I think bigbadb deserves the points.  It was more of what I was looking for. Bigbadb please tell me if this a secure method in a proposed answer.  Ill give you the points.  Any extra info greatly appreciated.
0
 
LVL 1

Expert Comment

by:bigbadb
ID: 2333249
This is fairly secure as is but you do need to set some sort of flag to verify that the user has indeed logged in.  I usually set a session var as the user  name. So you do have to turn on session management in an application.cfm file.  To do this just create an application file in the root of your application.  Name it applcation.cfm with the following:
<cfapplication
      name="yourapp"
      sessionmanagement="Yes"
      sessiontimeout="#createtimespan(0,1,0,0)#">

Name is the name of your application
sessionmanagement tells the server to allow session var
sessiontimeout forces the user to expire after a set time

with this you will be able to set a variable after you validate the user so in loginvalid.cfm

you would do the following:

<cfset session.username = #usernameq.usr_name#>

Then on each page you just check to see if session.username exsist if so display relevant info
if not kick them out


This is very secure.  If you need it to be more secure you will have to do some NT directory validation outside of CF

Let me know if you need anything else

bigbadb
0
 
LVL 1

Expert Comment

by:rod_nolan
ID: 2333686
Everything sounds very good so far but I just wanted to add some important points to this discussion...

The application.cfm file is automatically processed by ColdFusion Server at the the beginning of each cfm template that resides in the same directory as application.cfm or any subdirectory that doesn't have a seperate application.cfm file. What this means in practical terms is that application.cfm is a perfect place to put the code to check for the existence of that LoggedIn session variable.

But! and this is important to explicitly state, especially for someone who may not be aware of this: You must be careful of how your directory structure is set up to ensure that the application.cfm file (which checks for the existence of the session variable and redirects to the login page if it doesn't find it) does not get included in the login page itself! This will create an infinite loop. The way around this is to put your login.cfm (form) and checklogin.cfm (action) pages in a seperate directory with their own application.cfm file - identical to the other one with the exception of the session variable check/redirect.

So here's a basic run down of the files/locations and their contents:

ROOT_Folder
  - application.cfm (the main one)
  Login
          - application.cfm (the login specific one)
          - login.cfm
          - checkLogin.cfm
  Home
          - index.cfm
  Others
          - file1.cfm
          - file2.cfm
          - file3.cfm
          - etc.cfm

login.cfm is just a simple form that provides text controls for username and password.

checklogin.cfm does a query to see if the user has provided a valid username and password. If he has, the loggedIN session variable is set and then he's redirected to the home page of the site. If not, no session variable is set and he's redirected back to the login page to try again.

<CFQUERY NAME="Login" DATASOURCE="DSN">
SELECT Count(*) AS Valid_Login
FROM Users
WHERE Username = '#FORM.Username#'
AND Password = '#FORM.Password#'
</CFQUERY>

<!--- invalid login? to login.cfm --->
<CFIF Login.Valid_Login IS "0">
  <CFLOCATION URL="Login.cfm">
      
<!--- valid login? to the home page --->
<CFELSE>
  <CFSET Session.LoggedIn = "1">
  <CFLOCATION URL="../Home/Index.cfm">
</cfif>

With this code alone, you can keep people out of the application IF they use the login page but nothing stops them from bookmarking a page and going directly to it. So you use application.cfm to check for the existence of the session variable which can only be set by using login.cfm to enter the site.

application.cfm
<!--- in the root of the folder --->

<cfapplication
  name="CoffeeValley"
  applicationtimeout="#CreateTimeSpan("0", "2", "0", "0")#"
  SESSIONMANAGEMENT="YES"
  sessiontimeout="#CreateTimeSpan("0", "0", "20", "0")#"
  SETCLIENTCOOKIES="YES">
      
<!---Test for session variable that would have been set in checklogin.cfm. If it doesn't exist, they haven't logged in so send them to the login page --->
<CFIF NOT IsDefined("Session.LoggedIn")>
<CFLOCATION URL="../Login/Login.cfm">
</CFIF>

<cfparam name="Application.DSN" default="yourDatasource">


application.cfm
<!--- in the login folder --->

This file is used to override the automatic include of the main application.cfm file. It contains all the code that the main one contains EXCEPT the check for the loggedIN session variable. Obviously, the session variable won't exist until AFTER they've submitted the form on the login page. Basically, this avoids the infinite loop I referred to earlier.

<cfapplication
  name="CoffeeValley"
  applicationtimeout="#CreateTimeSpan("0", "2", "0", "0")#"
  SESSIONMANAGEMENT="YES"
  sessiontimeout="#CreateTimeSpan("0", "0", "20", "0")#"
  SETCLIENTCOOKIES="YES">

<cfparam name="Application.DSN" default="yourDatasource">


I've tried to be as clear as possible with this explanation but certain points may need clarification depending on your experience so ask whatever questions you need to get this straight. When you get the idea, you've got the framework for implementing a basic security scheme in all your applications.

Good Luck,
Rod
0
 
LVL 4

Accepted Solution

by:
FRehman earned 450 total points
ID: 2355145
first of you build your system dsn e.g your dsn name is "a2" and then place this code in page1
<html>
<head>
</head>
<body>
<form name=form1 action="page2.cfm" method=post>
<input type="text" name=Login>
<input type=password name="Pwd">
<input type=submit value="submit">
</form>
</body>
</html>

then you put this code in page2 first of suppose your datasource name is a2 and table name is table1 and it have field Name,pd ets.
now
<CFQUERY DATASOURCE="a2" Name="hello">
select * from table1 where
Name=#Login#
and pd=#Pwd#
</CFQUERY>
<html>
<cfoutput query="Hello">
<head>
</head>
<body>
<cfif #hello.recordcount is 0 >
the user name is not exist in database please press back button to put correct login
<cfelse>
now you are login
</cfif>

</body>
</html>
if you face any problem then contact me at leo_faisal@yahoo.com
0
 

Author Comment

by:IDS1
ID: 2364336
Thanks everyone, this pretty much answers it. From this page I should be able to let logged in customers reach member only info? am I right?  Whate if I type page2.cfm in the browser?  
0
 
LVL 1

Expert Comment

by:bigbadb
ID: 2368019
you said you were giving me the points

doesnt seem fair???
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you have a site with just static html pages or a dynamic database-driven one, this step-by-step migration guide will help you get started with your new DV server. This guide is by no means comprehensive but it should cover the basics to get …
The Super Bowl is just days away. Millions of advertising dollars will be spent in just a few hours to drive people to websites around the globe. Optimizing your site in anticipation of a big event like this (and the traffic surges that follow) will…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question