Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 917
  • Last Modified:

Using CFLOGIN and CFLOGINUSER getAuthUser is still blank

I am setting up our new login process.  I originally set this up to test it on our Intranet development server and it worked perfectly.  I am attempting to utilize the CFLOGIN and CFLOGINUSER functions as well as a SECURITY.CFC file to authenticate my user logins.

My folder structure is this:

Root/Secure/
Includes:
application.cfm
default.cfm
loginform.cfm
request_login.cfm

Root/Secure/Authenticated/
Includes:
default.cfm
test1.cfm
test2.cfm

Root/Assets/CFC/
Includes:
security.cfc

The Default.cfm includes the loginform.cfm as well as a couple of buttons to request a login or request an email for a forgotten password.  The form fields in the loginform file are j_username and j_password for the sake of the CFLOGIN.  Once the user has been authenticated, they should be directed to the Authenticated sub folder and be able to view all files within that directory as well as any sub directories.  The Security.cfc file is working properly, I'm sure, because of the fact that it does get down to the CFLOGINUSER and thus the user has at that time been authenticated but it just hasn't been stored into memory.

Here are the contents of the application.cfm:

<cfapplication name="ClientLogin" clientmanagement="no" sessionmanagement="yes" setclientcookies="no" setdomaincookies="no" sessiontimeout="#createtimespan(0, 0, 20, 0)#" loginstorage="session">

<cfif IsDefined("form.logout")>
      <cflogout>
</cfif>
<cflogin idletimeout="1200">
      <cfif NOT IsDefined("cflogin")>
            <cfif IsDefined("form.request")>
                  <cfinvoke component="assets.cfc.security" method="requestnew" cfcFNAME="#form.fname#" cfcLNAME="#form.lname#" cfcPHONE="#form.phone#" cfcEMAIL="#form.email#" cfcUSERNAME="#form.username#">
                  <cfabort>
            <cfelseif IsDefined("form.forgot")>
                  <cfinvoke component="assets.cfc.security" method="useremail" returnvariable="AuthenticatedEmail" cfcEmail="#form.email#">
                  <cfinvoke component="assets.cfc.security" method="forgotpassword" cfcAuthenticatedEmail="#variables.AuthenticatedEmail#">
                  <cfabort>
            <cfelseif IsDefined("form.requestlogin") OR IsDefined("form.forgotpassword")>
                  <cfinclude template="/secure/request_login.cfm">
            <cfelse>
                  <cfinclude template="/secure/default.cfm">
                  <cfabort>
            </cfif>
      <cfelse>
            <cfif cflogin.name EQ "" AND cflogin.password EQ "">
                  <table>
                        <tr>
                              <td><font color="#FF0000">No username or password was provided.  Please try again.</font><br><br></td>
                        </tr>
                  </table>
                  <cfinclude template="/secure/default.cfm">
                  <cfabort>
            <cfelse>
                  <cfinvoke component="assets.cfc.security" method="authenticate" returnVariable="authenticated" cfcUsername="#cflogin.name#" cfcPassword="#cflogin.password#">
                  <cfif NOT IsDefined("authenticated.userid")>
                        <table>
                              <tr>
                                    <td><font color="#FF0000">The username or password is not correct.  Please try again.</font><br><br></td>
                              </tr>
                        </table>
                        <cfinclude template="/secure/default.cfm">
                        <cfabort>
                  <cfelse>
                        <cfif #authenticated.active# eq 0>
                              <table>
                                    <tr>
                                          <td><font color="#FF0000">The username, <cfoutput><b>#cflogin.name#</b></cfoutput>,  has been deactivated at this time.  To reactivate this account please contact a financial consoltant.</font><br><br></td>
                                    </tr>
                              </table>
                              <cfinclude template="/secure/default.cfm">
                              <cfabort>
                        <cfelse>
                              <cfloginuser name = "#cflogin.name#" password = "#cflogin.password#" roles = "">
                              <cfinclude template="/secure/authenticated/default.cfm">
                              <cfabort>
                        </cfif>
                  </cfif>
            </cfif>
      </cfif>
</cflogin>

Everything works exactly as expected except the CFLOGINUSER.  GetAuthUser() is still empty.  I can do a cfoutput of the #cflogin.name# and #cflogin.password# and they both show correct at that point but it is not storing them properly.

I have compared all settings in the coldfusion administrator and they match exactly.   I have also compared the IIS settings and the only difference is that on our Intranet server we have unchecked the Anonymouse access option and turned on the Basic authentication option.

If there is any other information you need, please ask.  BTW, Thanks in advance!!!
0
dlineberry
Asked:
dlineberry
  • 2
1 Solution
 
pinaldaveCommented:
Hi inverted_2000,

something like this...

 DELETE *
 FROM freight
 WHERE ID in ('#deletefreight#')

Well, this may not be your answer... where is your line 1 which is creating the error. you have to post the code of that page. It is little confusing here.


Regards,
---Pinal
0
 
pinaldaveCommented:
sorry wrong place... for my comment... apologize.
0
 
dlineberryAuthor Commented:
Thanks anyway but I found the answer to my own question.  It was simply that I was referencing the getauthuser() while still inside of the cflogin which is actually not created until the cflogin is completed.
0
 
Computer101Commented:
PAQed, with points refunded (500)

Computer101
E-E Admin
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now