Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

Cold Fusion Experts: I need a login authentication to protect /folder

Okay, i want to require users to login/authenticate when any .cfm resources are requested from a folder named /protected -- once authenticated using "user" as the username and "password" as the password, the user will be redirected to /protected/somepage.cfm

I will need a Application.cfm file, a Login.cfm file and a Login-Action.cfm file.

What folder does the Application.cfm file go into, and what code should I put in it?

What CF code goes in the Login.cfm file?

What code goes in the Login-Action.cfm file?
0
gmahler5th
Asked:
gmahler5th
  • 5
  • 3
  • 2
  • +2
1 Solution
 
gmahler5thAuthor Commented:
thanks.  I didn't know there was a Cold Fusion topic area.
0
 
Westside2004Commented:
Hi,

Usually the Application.cfm goes in the root of your site.  It can also be placed in subdirectories as well.  The way Application.cfm works is it gets called before every page request.  So if you have a coldfusion page like login.cfm, any code in Application.cfm will get executed before login.cfm.  Basically the code in Application.cfm gets executed with every page request.  You can have multiple Application.cfm files, but it sounds like at this point, one would be enough.  Each time a page in ColdFusion is executed, it first will run Application.cfm so any code in there, will get executed.  You also can set the Application's name and enable session and/or client management as shown below.  Usually in Application.cfm the tag below is written first basiclly the <cfapplication> tag

<CFAPPLICATION
        NAME="AppName"
        APPLICATIONTIMEOUT="#CreateTimeSpan(0,0,30,0)#"
        SESSIONMANAGEMENT="yes"
        SESSIONTIMEOUT="#CreateTimeSpan(0,0,30,0)#"
        CLIENTMANAGEMENT="yes"
        CLIENTSTORAGE="MyDSN"      
                  SETCLIENTCOOKIES="yes">  

A lot of people define site-wide variables in Application.cfm.  Things like a datasource.  Another common thing which you might be interested in is a way to check if a user is currently logged in, if not you can redirect them to your login page.  These are things that could go in Application.cfm.  Basically anything you want executed before anything else.  You can also have error handling in Application.cfm amongst other things.

The code that goes in Login.cfm would basically be a form with username/password fields. So after they enter username/password, they click Login.  When they click Login, code would execute in a file called Login-Action.cfm as you have specified.  This code would basically be a query to a datasource/database to first check if the user exists, and if so, then it could check to make sure the password is correct.  If so, then you can send the user to whatever page you want.

If your looking for specific code, let me know, and perhaps I can help..

-West

0
 
adonis1976Commented:
This is what I use:

Application.cfm

<cfset DataSource = "exec">

<!--- Declaration of the Application name that will be used for the entire appln --->
<cfapplication name="Acct" sessionmanagement="yes" clientmanagement="yes"
setclientcookies="yes" clientstorage="cookie"
sessiontimeout="#CreateTimeSpan( 0,0,90,0)#"
applicationtimeout="#CreateTimeSpan(0,5,30,0)#"
>

<!--- Login check --->
<cfif not IsDefined("SESSION.Auth.IsLoggedIn")>
<cfinclude template="index.cfm">
<cfabort>
</cfif>

This is my Login.cfm

<cfif IsDefined ("Form.user_name")>
<cfinclude template="logincheck.cfm">
</cfif>
<html>
<head>
<title>Login Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="css/common.css" rel="stylesheet" type="text/css">
</head>

<body bgcolor="#FFFFFF" topmargin="70px" onLoad="document.forms.loginform.user_name.focus();">
<!--- using CGI variables helps to increase performance instead of loading another action page --->
<cfform name="loginform" action="#CGI.SCRIPT_NAME#" method="post">
      <input type="hidden" name="user_name_Required">
      <input type="hidden" name="user_pass_Required">
  <table class="thickborder" width="400" border="0" align="center" cellpadding="4" cellspacing="0">
    <tr>
      <td class="logintitle">Login Page</td>
  </tr>
  <tr>
      <td bgcolor="#D6EBFF">
<table width="400" border="0" cellspacing="0" cellpadding="4">
          <tr>
            <td width="108">Username:</td>
            <td colspan="2"><cfinput name="user_name" type="text" value="" maxlength="25" required="yes"
                        message="Please enter your user name"></td>
          </tr>
          <tr>
            <td>Password:</td>
            <td colspan="2"><cfinput name="user_pass" type="password" value="" maxlength="25" required="yes"
                        message="Please enter your password"></td>
          </tr>
          <tr>
            <td><img src="images/logo.jpg" width="103" height="30"></td>
            <td width="196" align="center">&nbsp;</td>
            <td width="72" align="right"><input name="submit" type="submit" class="btnstyle" value="submit" border="1px"></td>
          </tr>
        </table></td>
  </tr>
</table>
</cfform>
</body>
</html>

and here is logincheck.cfm

<cfparam name="Form.user_name" type="string">
<cfparam name="Form.user_pass" type="string">
<!--- check if the info is right --->
<!--- if no rows returned, then the user sucked, display login failure msg --->
<cfquery name="GetUser" datasource="#DataSource#">
select * from users
where user_name = '#form.user_name#'
         and user_pass = '#form.user_pass#'
</cfquery>
<!--- If the user info is good, create a struct and remember the user thru the session --->
<cfif GetUser.RecordCount EQ 1>
      
            <cfset SESSION.Auth = StructNew()>
            <cfset SESSION.Auth.IsLoggedIn = "Yes">
            <cfset SESSION.Auth.user_id = GetUser.user_id>
            <cfset SESSION.Auth.user_name = GetUser.user_name>
            
<!--- Send the user to the appropriate Start page depending on the credentials --->
      <cflocation url="select_page.cfm" addtoken="yes">

<cfelseif GetUser.RecordCount EQ 0>
<script>
   alert("You didn't enter your information properly or you do not have access to this information");
   self.location="index.cfm";
</script>
</cfif>

hope this will help u...
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
cheekycjCommented:
what kind of webserver are you running?  apache or iis?

It maybe better to institude server level protection rather than code level.

CJ
0
 
gmahler5thAuthor Commented:
IIS 5.0
0
 
adonis1976Commented:
gmahler5th -

i was just wondering if the code I provided worked for u?
0
 
gmahler5thAuthor Commented:
I need some code to use a cfif twice to make sure username and password are equal to something.  I'm not using a database for this application.  It's intended to be used by a smaller audience, with no user registration or profiling required.  So the code to query the database is NOT what I'm looking for.

I don't have control over the server to use server level protection.  It has to be code level protection.

Thanks.
0
 
adonis1976Commented:
in the logincheck.cfm, have

<cfset username = something>
<cfset userpass = something>

then  have the logic -

<cfif '#form.user_name#' EQ #username#>
<cfif '#form.user_pass#' EQ #userpass#>
 <cfset SESSION.Auth = StructNew()>
  <cfset SESSION.Auth.IsLoggedIn = "Yes">
<cflocation url="protected.cfm">
<cfelse>
<script>
   alert("You didn't enter your information properly or you do not have access to this information");
   self.location="index.cfm";
</script>
</cfif>
</cfif>

delete all the database part in the logincheck.cfm


0
 
adonis1976Commented:
new logincheck.cfm will look like this -

<cfparam name="Form.user_name" type="string">
<cfparam name="Form.user_pass" type="string">
<cfset username = something>
<cfset userpass = something>
<!--- check if the info is right --->
<cfif '#form.user_name#' EQ #username#>
<cfif '#form.user_pass#' EQ #userpass#>
 <cfset SESSION.Auth = StructNew()>
  <cfset SESSION.Auth.IsLoggedIn = "Yes">
<cflocation url="protected.cfm">
<cfelse>
<script>
   alert("You didn't enter your information properly or you do not have access to this information");
   self.location="index.cfm";
</script>
</cfif>
</cfif>
         
 
0
 
cheekycjCommented:
With IIS you have two options.  If you have control over the server you can add the users and set the properties on the folder.  The other option is NTCR but that limits you to IE browsers

http://support.microsoft.com/?kbid=299970
http://support.microsoft.com/default.aspx?scid=kb;EN-US;324066#2a

A nice alternative to coding the login system is this free tool that brings .htpassword/.htaccess, the powerful and widely used apache/unix auth system, to windows:
http://www.troxo.com/products/iispassword/

Its free and you can just install it on the server.

If the above two are not options then coding is your best bet.

CJ
0
 
pauld5395Commented:
I am getting the following error when sending email to outside client.  
rror","scheduler-3","09/09/04","15:50:17",,"Sending failed;   nested exception is:        javax.mail.SendFailedException: Invalid Addresses;   nested exception is:        javax.mail.SendFailedException: 550 5.7.1 Unable to relay for eskaplan23@aol.com "
However email is working fine both inbound and outbound.  Any help is much appreciated.  Thanks
0
 
adonis1976Commented:
that means ur SMTP server is not relaying the mail messages. Ask your mail administrator to enable relaying for the mail messages.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now