Solved

Using CFLOGIN and CFLOGINUSER getAuthUser is still blank

Posted on 2004-08-11
6
905 Views
Last Modified: 2013-12-24
I am setting up our new login process.  I originally set this up to test it on our Intranet development server and it worked perfectly.  I am attempting to utilize the CFLOGIN and CFLOGINUSER functions as well as a SECURITY.CFC file to authenticate my user logins.

My folder structure is this:

Root/Secure/
Includes:
application.cfm
default.cfm
loginform.cfm
request_login.cfm

Root/Secure/Authenticated/
Includes:
default.cfm
test1.cfm
test2.cfm

Root/Assets/CFC/
Includes:
security.cfc

The Default.cfm includes the loginform.cfm as well as a couple of buttons to request a login or request an email for a forgotten password.  The form fields in the loginform file are j_username and j_password for the sake of the CFLOGIN.  Once the user has been authenticated, they should be directed to the Authenticated sub folder and be able to view all files within that directory as well as any sub directories.  The Security.cfc file is working properly, I'm sure, because of the fact that it does get down to the CFLOGINUSER and thus the user has at that time been authenticated but it just hasn't been stored into memory.

Here are the contents of the application.cfm:

<cfapplication name="ClientLogin" clientmanagement="no" sessionmanagement="yes" setclientcookies="no" setdomaincookies="no" sessiontimeout="#createtimespan(0, 0, 20, 0)#" loginstorage="session">

<cfif IsDefined("form.logout")>
      <cflogout>
</cfif>
<cflogin idletimeout="1200">
      <cfif NOT IsDefined("cflogin")>
            <cfif IsDefined("form.request")>
                  <cfinvoke component="assets.cfc.security" method="requestnew" cfcFNAME="#form.fname#" cfcLNAME="#form.lname#" cfcPHONE="#form.phone#" cfcEMAIL="#form.email#" cfcUSERNAME="#form.username#">
                  <cfabort>
            <cfelseif IsDefined("form.forgot")>
                  <cfinvoke component="assets.cfc.security" method="useremail" returnvariable="AuthenticatedEmail" cfcEmail="#form.email#">
                  <cfinvoke component="assets.cfc.security" method="forgotpassword" cfcAuthenticatedEmail="#variables.AuthenticatedEmail#">
                  <cfabort>
            <cfelseif IsDefined("form.requestlogin") OR IsDefined("form.forgotpassword")>
                  <cfinclude template="/secure/request_login.cfm">
            <cfelse>
                  <cfinclude template="/secure/default.cfm">
                  <cfabort>
            </cfif>
      <cfelse>
            <cfif cflogin.name EQ "" AND cflogin.password EQ "">
                  <table>
                        <tr>
                              <td><font color="#FF0000">No username or password was provided.  Please try again.</font><br><br></td>
                        </tr>
                  </table>
                  <cfinclude template="/secure/default.cfm">
                  <cfabort>
            <cfelse>
                  <cfinvoke component="assets.cfc.security" method="authenticate" returnVariable="authenticated" cfcUsername="#cflogin.name#" cfcPassword="#cflogin.password#">
                  <cfif NOT IsDefined("authenticated.userid")>
                        <table>
                              <tr>
                                    <td><font color="#FF0000">The username or password is not correct.  Please try again.</font><br><br></td>
                              </tr>
                        </table>
                        <cfinclude template="/secure/default.cfm">
                        <cfabort>
                  <cfelse>
                        <cfif #authenticated.active# eq 0>
                              <table>
                                    <tr>
                                          <td><font color="#FF0000">The username, <cfoutput><b>#cflogin.name#</b></cfoutput>,  has been deactivated at this time.  To reactivate this account please contact a financial consoltant.</font><br><br></td>
                                    </tr>
                              </table>
                              <cfinclude template="/secure/default.cfm">
                              <cfabort>
                        <cfelse>
                              <cfloginuser name = "#cflogin.name#" password = "#cflogin.password#" roles = "">
                              <cfinclude template="/secure/authenticated/default.cfm">
                              <cfabort>
                        </cfif>
                  </cfif>
            </cfif>
      </cfif>
</cflogin>

Everything works exactly as expected except the CFLOGINUSER.  GetAuthUser() is still empty.  I can do a cfoutput of the #cflogin.name# and #cflogin.password# and they both show correct at that point but it is not storing them properly.

I have compared all settings in the coldfusion administrator and they match exactly.   I have also compared the IIS settings and the only difference is that on our Intranet server we have unchecked the Anonymouse access option and turned on the Basic authentication option.

If there is any other information you need, please ask.  BTW, Thanks in advance!!!
0
Comment
Question by:dlineberry
  • 2
6 Comments
 
LVL 21

Expert Comment

by:pinaldave
ID: 11775584
Hi inverted_2000,

something like this...

 DELETE *
 FROM freight
 WHERE ID in ('#deletefreight#')

Well, this may not be your answer... where is your line 1 which is creating the error. you have to post the code of that page. It is little confusing here.


Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 11775589
sorry wrong place... for my comment... apologize.
0
 

Author Comment

by:dlineberry
ID: 11984570
Thanks anyway but I found the answer to my own question.  It was simply that I was referencing the getauthuser() while still inside of the cflogin which is actually not created until the cflogin is completed.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 12003106
PAQed, with points refunded (500)

Computer101
E-E Admin
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website being blocked? 3 129
Unsearchable in Google,Yahoo and Bing. 6 64
spamming  on Hosted svrs? 6 98
Help with a redirect in web.config file 8 56
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question