Solved

My login does not work.

Posted on 2004-08-12
5
196 Views
Last Modified: 2013-12-24
hi

i created this login using sessions just like what was written in Ben Forta's 5th Edition book and this is what happened.

I was in dreamweaver and hit F12 to view my "startuppage.cfm".  The first time i logged in I was able to type the name and password and was able to get it.  Then, I closed the browser, and tried to get in as another user.  I was still successful.  Again I closed the browser.

This time, i tried to open my application from the shortcut in my desktop.  Walla, it did not even asks for a username and password.  I was able to go to the page I want to go to without requiring a username and password.  

Why is that?  My login is not working properly.  What should i do?

Please help.  Thank you in advance

PS.  All users of my application will have to login.  But only Administratrs have the access to the Admin pages.

By the way, i use the basic session method in Ben forta's book.  So, those CFlogout, CFlogin is a bit different from what i am doing
0
Comment
Question by:mdbbound
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
hart earned 250 total points
ID: 11791166
what i can understand is that...

you have a file that asks for the username and password...
and when the form is submitted it is taken to a page where u check the username and password with values in the database...

if the user is present then u create session variables and send this user to the next page...

now i hope on the next page you are checking wether the session variables are defined or not...
If they are not then you redirect them to the login page again...

if this is the logic u r following then it should work fine...

Another thing is that...
how do u access ur site... The site should be accessed using a url like this http://localhost/your root dir/startuppage.cfm...
this is how you can check your site..

You do not check ur site by clicking F12 in dreamweaver bcos then the file will be openend with a physical path
i.e "c:\blah...blah

let me know

Regards
Hart
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 250 total points
ID: 11792259
here is a login i wrote a while ago, my first login routine, see if it can help you out, uses swessions variables, userlevels and usertypes as access restrictions, its an include file on one of the sites main pages, opens the secirepages in a new window

<cfset TITLE="Human Resources - Login">    
<cfset errName = "Invalid User ID">
<cfset errPass = "Invalid Password">
<cfset bNameErr = 0>
<cfset bPassErr = 0>
<cfif isdefined("form.userName") and isDefined("form.userPass")>
            <cfquery name="validName" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                  SELECT USERID
                  FROM HR_TOOLBOX_USER_PROFILE
                  WHERE USERLOG = '#form.userName#'
            </cfquery>
            <cfif (#validName.recordcount#)>
                  <cfquery name="validPass" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                        SELECT USERID , USERPASS
                        FROM HR_TOOLBOX_USER_PROFILE
                        WHERE USERPASS = '#form.userPass#' and USERLOG = '#form.userName#'
                  </cfquery>
                  <cfif (#validPass.recordcount#) AND not Compare(form.userPass, validPass.userpass)>
                              <cfquery name="getUser" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                                    SELECT HR_TOOLBOX_USER_PROFILE.USERID, HR_TOOLBOX_USER_PROFILE.USERLOG, HR_TOOLBOX_USER_PROFILE.USERPASS, HR_TOOLBOX_USER_PROFILE.USERFNAME, HR_TOOLBOX_USER_PROFILE.USERLNAME, HR_TOOLBOX_USER_PROFILE.USEREMAIL, Employee.GRADE AS USERGRD, HR_TOOLBOX_USER_PROFILE.USERTYPE, HR_TOOLBOX_USER_PROFILE.USERLEVEL, HR_TOOLBOX_USER_PROFILE.WARNPASS, HR_TOOLBOX_USER_PROFILE.PASSWORDUPDT, HR_TOOLBOX_USER_PROFILE.PROFILEUPDT
                                    FROM HR_TOOLBOX_USER_PROFILE LEFT JOIN Employee ON HR_TOOLBOX_USER_PROFILE.EMPID = Employee.EMPID
                                    WHERE USERPASS = '#form.userPass#' and USERLOG = '#form.userName#'
                              </cfquery>
                              <cfset SESSION.Auth = StructNew()>
                              <cfset SESSION.Auth.IsLoggedIn=1>
                              <cfset SESSION.Auth.UserID=#getUser.USERID#>
                              <cfset SESSION.Auth.UserLog=#getUser.USERlOG#>
                              <cfset SESSION.Auth.PassWd=#getUser.USERPASS#>
                        <cfset SESSION.Auth.FirstName=#getUser.USERFNAME#>
                              <cfset SESSION.Auth.LastName=#getUser.USERLNAME#>
                              <cfset SESSION.Auth.Email=#getUser.USEREMAIL#>
                              <cfset SESSION.Auth.Grade=#getUser.USERGRD#>
                              <cfset SESSION.Auth.AccessType=#getUser.USERTYPE#>
                              <cfset SESSION.Auth.AccessLevel=#getUser.USERLEVEL#>
                              <cfset SESSION.Auth.ShowPassWarn=#getUser.WARNPASS#>
                              <cfset SESSION.Auth.PassDate=#getUser.PASSWORDUPDT#>
                              <cfset SESSION.Auth.ProfileDate=#getUser.PROFILEUPDT#>
                              <cfset SESSION.Auth.showtopten = 0>
                              <cfif SESSION.Auth.ShowPassWarn NEQ 0>
                                    <cfset SESSION.Auth.Warnings=true>
                              <cfelse>
                                    <cfset SESSION.Auth.Warnings=false>
                              </cfif>
                              <cfoutput>
                                    <script>
                                    <cfif #getUser.USERLEVEL# GE 100>
                                    window.open('#SRVPATH#HRtoolbox/start.cfm');
                                    <cfelse>
                                    window.open('#SRVPATH#HRtoolbox/start.cfm','','scrollbars=yes,location=no,status=no,directories=no,toolbar=no,menubar=no,resizable=no,channelmode=yes, fullscreen=yes');
                                    </cfif>
                                    window.location.replace('index.cfm');
                                    </script>
                              </cfoutput>
                  <cfelse>
                        <cfset bPassErr = 1 >
                  </cfif>
            <cfelse>
                  <cfset bNameErr = 1>
            </cfif>            
</cfif>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<CFHEADER name="Expires" value="#Now()#">
<CFHEADER name="Pragma" value="no-cache">
<CFHEADER name="cache-control" value="no-cache, no-store, must-revalidate">

<script type="text/javascript" language="JavaScript">
uName = /^\w*$/
uPass = /^[a-zA-Z]\w*....[^_]$/
uPassDig = /.*\d.*/
function validateData(){
err="";
var txtBox=document.tbLogin;
            if (txtBox.userName.value){
                  if (!uName.test(txtBox.userName.value)){
                        if(!err){
                              txtBox.userName.focus();
                              txtBox.userName.select();
                        }
                        err = err + "User ID may contain letters, numbers \nand/or the underscore(_) and at least 6 characters.\n";
                        err = err + "User ID may not begin with underscore or a number and may not end with underscore.\n";
                  }
            }
            else{
                  if(!err){
                        txtBox.userName.focus();
                        txtBox.userName.select();
                  }
                  err = err + "User ID is a required field.\n";
            }
            
            
            
            if(txtBox.userPass.value){
                  if (!uPassDig.test(txtBox.userPass.value)){
                        err = err + "Password must conatin at least 1 digit.\n";
                  }
                  else{
                        if (!uPass.test(txtBox.userPass.value)){
                              if(!err){
                                    txtBox.userPass.focus();
                                    txtBox.userPass.select();
                              }
                              err = err + "Password may contain letters, numbers \nand/or the underscore(_) and be at least 6 characters.\n";
                              err = err + "Password may not begin with underscore or a number and may not end with underscore.\n";
                        }
                      
                 }
            }
            else{
                  if(!err){
                              txtBox.userPass.focus();
                              txtBox.userPass.select();
                        }
                  err = err + "Password is a required field.\n";
            }
            

            if(txtBox.userPass.value && txtBox.userName.value && txtBox.userPass.value == txtBox.userName.value){
                  err = err + "User ID and Password cannot be the same.\n";
            }
            
            if (err){
                  alert(err);
            }      

return (err ? false : true);      
}
</script>


<table width="150" border="0" cellspacing="0" cellpadding="0" align="right">
  <tr>
    <td width="150" height="15" colspan="2" align="center" bgcolor="#9DA2C8"><font face="Arial, Helvetica, sans-serif" size="2">H.R. Toolbox</font> </td>
  </tr>
  <tr height="30">
    <form action="index.cfm" method="post" name="tbLogin" onsubmit="return validateData();">
      <tr>
        <td width="150" height="10" colspan="2" align="left" bgColor="#fcf1f2">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">
            <a href="##" onClick="window.open('eis/hr_toolbox/toolboxRegistration.cfm','News','scrollbars=no,width=400,height=400,resizable=no')" class="bottomnav">New User? Click to Register</A></font></td>
      </tr>
        <cfif (#bNameErr#) eq 1>
        <tr>                  
            <td width="150" height="10" colspan="2" style="font: small-caps bold 10pt; color:red;" align="center" bgColor="#fcf1f2">Invalid User ID</td>
        </tr>            
        <cfelseif (#bPassErr#) eq 1>
        <tr>                  
            <td width="150" height="10" colspan="2" style="font: small-caps bold 10pt; color:red;" align="center" bgColor="#fcf1f2">Invalid Password. Password is case SENSITIVE</td>
        </tr>
      <cfelse>
      
      </cfif>            
            
      <tr>
        <td height="10" width="72" bgColor="#fcf1f2" align="left">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">User ID:</font></td>
        <td width="73" bgColor="#fcf1f2" align="left"><font size="3"><input name="userName"  type="text" size="8" maxlength="20" <cfif isDefined("form.userName") and not bNameErr and not isDefined("SESSION.Auth.IsLoggedIn")><cfoutput> value="#form.userName#"</cfoutput></cfif>></font></td>
      </tr>
      <tr>
        <td width="72" height="10" align="left" bgColor="#fcf1f2">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">Password:</font></td>
        <td width="73" height="10" align="left" bgColor="#fcf1f2"><font size="3"><input name="userPass" type="password" size="8" maxlength="20"></font></td>
      </tr>
      <tr>
        <td width="150" height="10" colspan="2" align="right" bgColor="#fcf1f2">      
        <font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2"><input align="right" name="submit" type="submit" value="Log In">&nbsp;&nbsp;</font></td>
      </tr>
    </form>
  <tr>
    <td width="150" height="10" colspan="2" bgColor="#fcf1f2"><font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">
      &nbsp;<a href="##" onClick="window.open('eis/hr_toolbox/password_request.cfm','News','scrollbars=no,width=400,height=400,resizable=no')" class="bottomnav">Lost or Forgot Password?</A></font></td>
  </tr>
  <tr>
    <td width="150" height="15" colspan="2"  valign="middle" bgcolor="#9DA2C8">&nbsp;</td>
  </tr>

  <tr><td width="150" height="15" colspan="2"  align="center">

        </td>
  </tr>
</table>
 
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11794703
You may want to look at what type of session you are using.  If you are not using J2EE sessions then this can happen if you close and open the browser soon enough.

If you use J2EE sessions ( a setting in CF Admin) then the session ends when the browser is closed.
0
 

Author Comment

by:mdbbound
ID: 11797329
Hello,

Now i can relax a bit.  The Login now works.  I added sessiontimeout and did my logout as well as my AdminOnly pages access.

All are working fine at this point.  I'll be presenting in about 30 min from now.

Thank you all.

0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11809348
glad i could help

thanks for the points
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question