Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 130
  • Last Modified:

Protect a directory??

I am trying to protect my useradmin directory by placing a query in an Application.cfm file to determine if someone has access to that directory or not.  If they do, they can proceed as normal, if not, I want to redirect them and let them know they do not have access.

However, I am not having luck doing this.  I think I have the query right, but not the if statement.  Does anyone have any thoughts on how to fix?  Thanks.

Here is my Application.cfm

<cfinclude template="../Application.cfm">

<cfquery name="usersec" datasource="database">
SELECT
  userid,
  systemaccess,
  systemcode
FROM UserAccess
WHERE (UserId = #session.userid#
 and UserAccess.SystemCode = 3)
</cfquery>

<cfoutput query="usersec">
<cfif not isdefined("userid")>
<cflocation url="../login/mainmenu.cfm">
</cfif>
</cfoutput>
0
swartout
Asked:
swartout
  • 3
  • 2
  • 2
1 Solution
 
JimV_ATLCommented:
Try changing this:

<cfoutput query="usersec">
<cfif not isdefined("userid")>
<cflocation url="../login/mainmenu.cfm">
</cfif>
</cfoutput>

to this:

<cfif usersec.reccordcount eq 0>
<cflocation url="../login/mainmenu.cfm">
</cfif>
0
 
JimV_ATLCommented:
Although you might want to spell recordcount correctly!
0
 
swartoutAuthor Commented:
That still lets me access the files in that directory.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
TallerMikeCommented:
JimV_ATL should be correct. Try doing this to see what the query is selecting:

<cfoutput>#usersec.userid# found #usersec.RecordCount# records</cfoutput>
0
 
swartoutAuthor Commented:
TallerMike your message returned the userid and 1 record found.  The user that I am testing does not have access to this directory, why do I have 1 record?
0
 
swartoutAuthor Commented:
I did not remove the <cfoutput> tags surrounding the <cfif>, I removed the <cfoutput> tag and it works.  Thanks.
0
 
TallerMikeCommented:
Well, looks like you'll need to look into your UserAccess Table to see why that is. Maybe you're looking at the wrong SystemCode or something? Try going into the DB and running this select:

SELECT userid, systemaccess, systemcode
FROM UserAccess
WHERE UserId = ?

And enter the userID that you're testing with. See what systemcodes are being returned. I know it's silly, but I don't know what else to try right yet.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now