?
Solved

Protect a directory??

Posted on 2003-03-20
7
Medium Priority
?
129 Views
Last Modified: 2013-12-24
I am trying to protect my useradmin directory by placing a query in an Application.cfm file to determine if someone has access to that directory or not.  If they do, they can proceed as normal, if not, I want to redirect them and let them know they do not have access.

However, I am not having luck doing this.  I think I have the query right, but not the if statement.  Does anyone have any thoughts on how to fix?  Thanks.

Here is my Application.cfm

<cfinclude template="../Application.cfm">

<cfquery name="usersec" datasource="database">
SELECT
  userid,
  systemaccess,
  systemcode
FROM UserAccess
WHERE (UserId = #session.userid#
 and UserAccess.SystemCode = 3)
</cfquery>

<cfoutput query="usersec">
<cfif not isdefined("userid")>
<cflocation url="../login/mainmenu.cfm">
</cfif>
</cfoutput>
0
Comment
Question by:swartout
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 5

Accepted Solution

by:
JimV_ATL earned 1000 total points
ID: 8175032
Try changing this:

<cfoutput query="usersec">
<cfif not isdefined("userid")>
<cflocation url="../login/mainmenu.cfm">
</cfif>
</cfoutput>

to this:

<cfif usersec.reccordcount eq 0>
<cflocation url="../login/mainmenu.cfm">
</cfif>
0
 
LVL 5

Expert Comment

by:JimV_ATL
ID: 8175035
Although you might want to spell recordcount correctly!
0
 

Author Comment

by:swartout
ID: 8175093
That still lets me access the files in that directory.
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 8

Expert Comment

by:TallerMike
ID: 8175127
JimV_ATL should be correct. Try doing this to see what the query is selecting:

<cfoutput>#usersec.userid# found #usersec.RecordCount# records</cfoutput>
0
 

Author Comment

by:swartout
ID: 8175194
TallerMike your message returned the userid and 1 record found.  The user that I am testing does not have access to this directory, why do I have 1 record?
0
 

Author Comment

by:swartout
ID: 8175257
I did not remove the <cfoutput> tags surrounding the <cfif>, I removed the <cfoutput> tag and it works.  Thanks.
0
 
LVL 8

Expert Comment

by:TallerMike
ID: 8175259
Well, looks like you'll need to look into your UserAccess Table to see why that is. Maybe you're looking at the wrong SystemCode or something? Try going into the DB and running this select:

SELECT userid, systemaccess, systemcode
FROM UserAccess
WHERE UserId = ?

And enter the userID that you're testing with. See what systemcodes are being returned. I know it's silly, but I don't know what else to try right yet.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
What You Need to Know when Searching for a Webhost Provider
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question