Set up Explanation

I need to set up a site with cold fusion, that allows clients to login, and depending on their name and password, they can receive information about the current status of their project.

Could someone please tell me a simple way of going about setting this up. Specifically how to set up the access database and cold fusion form.  
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

First you create the access database with what tables you need.  THen you register that database in the coldfusion administrator under odbc.  At this point you should be able to access the database from coldfusion pages.  

For the login page you would have to create a form entry with something like

<form method="post" action="loginvalid.cfm"

<input type="Text" name="username" size="10">
<input type="password" name="password" size="10">

<input type="submit">

THis will submit the form

On the loginvalid.cfm page
you will need to vaidate the username and password supplied in the previous page so you would do something like the following

<cfquery datasource="#application.source#" name="usernameq">
      select       *
      from       cm_users
      where      usr_name       =       '#username#'
      and       usr_passwd      =      '#password#'

if usernameeq.recordcount eq 1 then you know that you have a vaild user if not then the password is wrong or username does not exist and you will need to direct the user back to the previous page.

You should be able to piece this stuff together and add a few location redirections and be set

Good Luck
btw #application.source# is the name of the datasource specified in the CF Server
Nathan Stanford SrSenior ProgrammerCommented:
One other thing bigbadb left out if you want to keep people from several pages...


The thing I would do as well is.

in wwwroot\myapp\ create application.cfm with
<cfapplicaiton sessionimanagement ="yes" name="myapp">

Here is where I would check to see if they are logged in.

<cfif isdefined(Session.username)>

Then when you validate that they are a real user Set the Session.username to their name so you will know they are logged in.

<!--- This sends them out to the login page if they are not logged in. --->
<cflocation url="/login.cfm">

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

IDS1Author Commented:
Thanks everyone, but I think bigbadb deserves the points.  It was more of what I was looking for. Bigbadb please tell me if this a secure method in a proposed answer.  Ill give you the points.  Any extra info greatly appreciated.
This is fairly secure as is but you do need to set some sort of flag to verify that the user has indeed logged in.  I usually set a session var as the user  name. So you do have to turn on session management in an application.cfm file.  To do this just create an application file in the root of your application.  Name it applcation.cfm with the following:

Name is the name of your application
sessionmanagement tells the server to allow session var
sessiontimeout forces the user to expire after a set time

with this you will be able to set a variable after you validate the user so in loginvalid.cfm

you would do the following:

<cfset session.username = #usernameq.usr_name#>

Then on each page you just check to see if session.username exsist if so display relevant info
if not kick them out

This is very secure.  If you need it to be more secure you will have to do some NT directory validation outside of CF

Let me know if you need anything else

Everything sounds very good so far but I just wanted to add some important points to this discussion...

The application.cfm file is automatically processed by ColdFusion Server at the the beginning of each cfm template that resides in the same directory as application.cfm or any subdirectory that doesn't have a seperate application.cfm file. What this means in practical terms is that application.cfm is a perfect place to put the code to check for the existence of that LoggedIn session variable.

But! and this is important to explicitly state, especially for someone who may not be aware of this: You must be careful of how your directory structure is set up to ensure that the application.cfm file (which checks for the existence of the session variable and redirects to the login page if it doesn't find it) does not get included in the login page itself! This will create an infinite loop. The way around this is to put your login.cfm (form) and checklogin.cfm (action) pages in a seperate directory with their own application.cfm file - identical to the other one with the exception of the session variable check/redirect.

So here's a basic run down of the files/locations and their contents:

  - application.cfm (the main one)
          - application.cfm (the login specific one)
          - login.cfm
          - checkLogin.cfm
          - index.cfm
          - file1.cfm
          - file2.cfm
          - file3.cfm
          - etc.cfm

login.cfm is just a simple form that provides text controls for username and password.

checklogin.cfm does a query to see if the user has provided a valid username and password. If he has, the loggedIN session variable is set and then he's redirected to the home page of the site. If not, no session variable is set and he's redirected back to the login page to try again.

SELECT Count(*) AS Valid_Login
FROM Users
WHERE Username = '#FORM.Username#'
AND Password = '#FORM.Password#'

<!--- invalid login? to login.cfm --->
<CFIF Login.Valid_Login IS "0">
  <CFLOCATION URL="Login.cfm">
<!--- valid login? to the home page --->
  <CFSET Session.LoggedIn = "1">
  <CFLOCATION URL="../Home/Index.cfm">

With this code alone, you can keep people out of the application IF they use the login page but nothing stops them from bookmarking a page and going directly to it. So you use application.cfm to check for the existence of the session variable which can only be set by using login.cfm to enter the site.

<!--- in the root of the folder --->

  applicationtimeout="#CreateTimeSpan("0", "2", "0", "0")#"
  sessiontimeout="#CreateTimeSpan("0", "0", "20", "0")#"
<!---Test for session variable that would have been set in checklogin.cfm. If it doesn't exist, they haven't logged in so send them to the login page --->
<CFIF NOT IsDefined("Session.LoggedIn")>
<CFLOCATION URL="../Login/Login.cfm">

<cfparam name="Application.DSN" default="yourDatasource">

<!--- in the login folder --->

This file is used to override the automatic include of the main application.cfm file. It contains all the code that the main one contains EXCEPT the check for the loggedIN session variable. Obviously, the session variable won't exist until AFTER they've submitted the form on the login page. Basically, this avoids the infinite loop I referred to earlier.

  applicationtimeout="#CreateTimeSpan("0", "2", "0", "0")#"
  sessiontimeout="#CreateTimeSpan("0", "0", "20", "0")#"

<cfparam name="Application.DSN" default="yourDatasource">

I've tried to be as clear as possible with this explanation but certain points may need clarification depending on your experience so ask whatever questions you need to get this straight. When you get the idea, you've got the framework for implementing a basic security scheme in all your applications.

Good Luck,
first of you build your system dsn e.g your dsn name is "a2" and then place this code in page1
<form name=form1 action="page2.cfm" method=post>
<input type="text" name=Login>
<input type=password name="Pwd">
<input type=submit value="submit">

then you put this code in page2 first of suppose your datasource name is a2 and table name is table1 and it have field Name,pd ets.
<CFQUERY DATASOURCE="a2" Name="hello">
select * from table1 where
and pd=#Pwd#
<cfoutput query="Hello">
<cfif #hello.recordcount is 0 >
the user name is not exist in database please press back button to put correct login
now you are login

if you face any problem then contact me at

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IDS1Author Commented:
Thanks everyone, this pretty much answers it. From this page I should be able to let logged in customers reach member only info? am I right?  Whate if I type page2.cfm in the browser?  
you said you were giving me the points

doesnt seem fair???
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.