Solved

Cold Fusion Experts:  I need a login authentication to protect /folder

Posted on 2004-08-01
14
491 Views
Last Modified: 2013-12-24
Okay, i want to require users to login/authenticate when any .cfm resources are requested from a folder named /protected -- once authenticated using "user" as the username and "password" as the password, the user will be redirected to /protected/somepage.cfm

I will need a Application.cfm file, a Login.cfm file and a Login-Action.cfm file.

What folder does the Application.cfm file go into, and what code should I put in it?

What CF code goes in the Login.cfm file?

What code goes in the Login-Action.cfm file?
0
Comment
Question by:gmahler5th
  • 5
  • 3
  • 2
  • +2
14 Comments
 

Author Comment

by:gmahler5th
ID: 11690206
thanks.  I didn't know there was a Cold Fusion topic area.
0
 
LVL 1

Expert Comment

by:Westside2004
ID: 11691391
Hi,

Usually the Application.cfm goes in the root of your site.  It can also be placed in subdirectories as well.  The way Application.cfm works is it gets called before every page request.  So if you have a coldfusion page like login.cfm, any code in Application.cfm will get executed before login.cfm.  Basically the code in Application.cfm gets executed with every page request.  You can have multiple Application.cfm files, but it sounds like at this point, one would be enough.  Each time a page in ColdFusion is executed, it first will run Application.cfm so any code in there, will get executed.  You also can set the Application's name and enable session and/or client management as shown below.  Usually in Application.cfm the tag below is written first basiclly the <cfapplication> tag

<CFAPPLICATION
        NAME="AppName"
        APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,30,0)#"
        SESSIONMANAGEMENT="yes"
        SESSIONTIMEOUT="#CreateTimeSpan(0,0,30,0)#"
        CLIENTMANAGEMENT="yes"
        CLIENTSTORAGE="MyDSN"      
                  SETCLIENTCOOKIES="yes">  

A lot of people define site-wide variables in Application.cfm.  Things like a datasource.  Another common thing which you might be interested in is a way to check if a user is currently logged in, if not you can redirect them to your login page.  These are things that could go in Application.cfm.  Basically anything you want executed before anything else.  You can also have error handling in Application.cfm amongst other things.

The code that goes in Login.cfm would basically be a form with username/password fields. So after they enter username/password, they click Login.  When they click Login, code would execute in a file called Login-Action.cfm as you have specified.  This code would basically be a query to a datasource/database to first check if the user exists, and if so, then it could check to make sure the password is correct.  If so, then you can send the user to whatever page you want.

If your looking for specific code, let me know, and perhaps I can help..

-West

0
 
LVL 11

Accepted Solution

by:
adonis1976 earned 500 total points
ID: 11693213
This is what I use:

Application.cfm

<cfset DataSource = "exec">

<!--- Declaration of the Application name that will be used for the entire appln --->
<cfapplication name="Acct" sessionmanagement="yes" clientmanagement="yes"
setclientcookies="yes" clientstorage="cookie"
sessiontimeout="#CreateTimeSpan( 0,0,90,0)#"
applicationtimeout="#CreateTimeSpan(0,5,30,0)#"
>

<!--- Login check --->
<cfif not IsDefined("SESSION.Auth.IsLoggedIn")>
<cfinclude template="index.cfm">
<cfabort>
</cfif>

This is my Login.cfm

<cfif IsDefined ("Form.user_name")>
<cfinclude template="logincheck.cfm">
</cfif>
<html>
<head>
<title>Login Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="css/common.css" rel="stylesheet" type="text/css">
</head>

<body bgcolor="#FFFFFF" topmargin="70px" onLoad="document.forms.loginform.user_name.focus();">
<!--- using CGI variables helps to increase performance instead of loading another action page --->
<cfform name="loginform" action="#CGI.SCRIPT_NAME#" method="post">
      <input type="hidden" name="user_name_Required">
      <input type="hidden" name="user_pass_Required">
  <table class="thickborder" width="400" border="0" align="center" cellpadding="4" cellspacing="0">
    <tr>
      <td class="logintitle">Login Page</td>
  </tr>
  <tr>
      <td bgcolor="#D6EBFF">
<table width="400" border="0" cellspacing="0" cellpadding="4">
          <tr>
            <td width="108">Username:</td>
            <td colspan="2"><cfinput name="user_name" type="text" value="" maxlength="25" required="yes"
                        message="Please enter your user name"></td>
          </tr>
          <tr>
            <td>Password:</td>
            <td colspan="2"><cfinput name="user_pass" type="password" value="" maxlength="25" required="yes"
                        message="Please enter your password"></td>
          </tr>
          <tr>
            <td><img src="images/logo.jpg" width="103" height="30"></td>
            <td width="196" align="center">&nbsp;</td>
            <td width="72" align="right"><input name="submit" type="submit" class="btnstyle" value="submit" border="1px"></td>
          </tr>
        </table></td>
  </tr>
</table>
</cfform>
</body>
</html>

and here is logincheck.cfm

<cfparam name="Form.user_name" type="string">
<cfparam name="Form.user_pass" type="string">
<!--- check if the info is right --->
<!--- if no rows returned, then the user sucked, display login failure msg --->
<cfquery name="GetUser" datasource="#DataSource#">
select * from users
where user_name = '#form.user_name#'
         and user_pass = '#form.user_pass#'
</cfquery>
<!--- If the user info is good, create a struct and remember the user thru the session --->
<cfif GetUser.RecordCount EQ 1>
      
            <cfset SESSION.Auth = StructNew()>
            <cfset SESSION.Auth.IsLoggedIn = "Yes">
            <cfset SESSION.Auth.user_id = GetUser.user_id>
            <cfset SESSION.Auth.user_name = GetUser.user_name>
            
<!--- Send the user to the appropriate Start page depending on the credentials --->
      <cflocation url="select_page.cfm" addtoken="yes">

<cfelseif GetUser.RecordCount EQ 0>
<script>
   alert("You didn't enter your information properly or you do not have access to this information");
   self.location="index.cfm";
</script>
</cfif>

hope this will help u...
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 11698030
what kind of webserver are you running?  apache or iis?

It maybe better to institude server level protection rather than code level.

CJ
0
 

Author Comment

by:gmahler5th
ID: 11698105
IIS 5.0
0
 
LVL 11

Expert Comment

by:adonis1976
ID: 11698139
gmahler5th -

i was just wondering if the code I provided worked for u?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:gmahler5th
ID: 11698163
I need some code to use a cfif twice to make sure username and password are equal to something.  I'm not using a database for this application.  It's intended to be used by a smaller audience, with no user registration or profiling required.  So the code to query the database is NOT what I'm looking for.

I don't have control over the server to use server level protection.  It has to be code level protection.

Thanks.
0
 
LVL 11

Expert Comment

by:adonis1976
ID: 11698285
in the logincheck.cfm, have

<cfset username = something>
<cfset userpass = something>

then  have the logic -

<cfif '#form.user_name#' EQ #username#>
<cfif '#form.user_pass#' EQ #userpass#>
 <cfset SESSION.Auth = StructNew()>
  <cfset SESSION.Auth.IsLoggedIn = "Yes">
<cflocation url="protected.cfm">
<cfelse>
<script>
   alert("You didn't enter your information properly or you do not have access to this information");
   self.location="index.cfm";
</script>
</cfif>
</cfif>

delete all the database part in the logincheck.cfm


0
 
LVL 11

Expert Comment

by:adonis1976
ID: 11698310
new logincheck.cfm will look like this -

<cfparam name="Form.user_name" type="string">
<cfparam name="Form.user_pass" type="string">
<cfset username = something>
<cfset userpass = something>
<!--- check if the info is right --->
<cfif '#form.user_name#' EQ #username#>
<cfif '#form.user_pass#' EQ #userpass#>
 <cfset SESSION.Auth = StructNew()>
  <cfset SESSION.Auth.IsLoggedIn = "Yes">
<cflocation url="protected.cfm">
<cfelse>
<script>
   alert("You didn't enter your information properly or you do not have access to this information");
   self.location="index.cfm";
</script>
</cfif>
</cfif>
         
 
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 11698722
With IIS you have two options.  If you have control over the server you can add the users and set the properties on the folder.  The other option is NTCR but that limits you to IE browsers

http://support.microsoft.com/?kbid=299970
http://support.microsoft.com/default.aspx?scid=kb;EN-US;324066#2a

A nice alternative to coding the login system is this free tool that brings .htpassword/.htaccess, the powerful and widely used apache/unix auth system, to windows:
http://www.troxo.com/products/iispassword/

Its free and you can just install it on the server.

If the above two are not options then coding is your best bet.

CJ
0
 

Expert Comment

by:pauld5395
ID: 12031156
I am getting the following error when sending email to outside client.  
rror","scheduler-3","09/09/04","15:50:17",,"Sending failed;   nested exception is:        javax.mail.SendFailedException: Invalid Addresses;   nested exception is:        javax.mail.SendFailedException: 550 5.7.1 Unable to relay for eskaplan23@aol.com "
However email is working fine both inbound and outbound.  Any help is much appreciated.  Thanks
0
 
LVL 11

Expert Comment

by:adonis1976
ID: 12043345
that means ur SMTP server is not relaying the mail messages. Ask your mail administrator to enable relaying for the mail messages.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now