Solved

My login does not work.

Posted on 2004-08-12
5
193 Views
Last Modified: 2013-12-24
hi

i created this login using sessions just like what was written in Ben Forta's 5th Edition book and this is what happened.

I was in dreamweaver and hit F12 to view my "startuppage.cfm".  The first time i logged in I was able to type the name and password and was able to get it.  Then, I closed the browser, and tried to get in as another user.  I was still successful.  Again I closed the browser.

This time, i tried to open my application from the shortcut in my desktop.  Walla, it did not even asks for a username and password.  I was able to go to the page I want to go to without requiring a username and password.  

Why is that?  My login is not working properly.  What should i do?

Please help.  Thank you in advance

PS.  All users of my application will have to login.  But only Administratrs have the access to the Admin pages.

By the way, i use the basic session method in Ben forta's book.  So, those CFlogout, CFlogin is a bit different from what i am doing
0
Comment
Question by:mdbbound
5 Comments
 
LVL 11

Accepted Solution

by:
hart earned 250 total points
ID: 11791166
what i can understand is that...

you have a file that asks for the username and password...
and when the form is submitted it is taken to a page where u check the username and password with values in the database...

if the user is present then u create session variables and send this user to the next page...

now i hope on the next page you are checking wether the session variables are defined or not...
If they are not then you redirect them to the login page again...

if this is the logic u r following then it should work fine...

Another thing is that...
how do u access ur site... The site should be accessed using a url like this http://localhost/your root dir/startuppage.cfm...
this is how you can check your site..

You do not check ur site by clicking F12 in dreamweaver bcos then the file will be openend with a physical path
i.e "c:\blah...blah

let me know

Regards
Hart
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 250 total points
ID: 11792259
here is a login i wrote a while ago, my first login routine, see if it can help you out, uses swessions variables, userlevels and usertypes as access restrictions, its an include file on one of the sites main pages, opens the secirepages in a new window

<cfset TITLE="Human Resources - Login">    
<cfset errName = "Invalid User ID">
<cfset errPass = "Invalid Password">
<cfset bNameErr = 0>
<cfset bPassErr = 0>
<cfif isdefined("form.userName") and isDefined("form.userPass")>
            <cfquery name="validName" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                  SELECT USERID
                  FROM HR_TOOLBOX_USER_PROFILE
                  WHERE USERLOG = '#form.userName#'
            </cfquery>
            <cfif (#validName.recordcount#)>
                  <cfquery name="validPass" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                        SELECT USERID , USERPASS
                        FROM HR_TOOLBOX_USER_PROFILE
                        WHERE USERPASS = '#form.userPass#' and USERLOG = '#form.userName#'
                  </cfquery>
                  <cfif (#validPass.recordcount#) AND not Compare(form.userPass, validPass.userpass)>
                              <cfquery name="getUser" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                                    SELECT HR_TOOLBOX_USER_PROFILE.USERID, HR_TOOLBOX_USER_PROFILE.USERLOG, HR_TOOLBOX_USER_PROFILE.USERPASS, HR_TOOLBOX_USER_PROFILE.USERFNAME, HR_TOOLBOX_USER_PROFILE.USERLNAME, HR_TOOLBOX_USER_PROFILE.USEREMAIL, Employee.GRADE AS USERGRD, HR_TOOLBOX_USER_PROFILE.USERTYPE, HR_TOOLBOX_USER_PROFILE.USERLEVEL, HR_TOOLBOX_USER_PROFILE.WARNPASS, HR_TOOLBOX_USER_PROFILE.PASSWORDUPDT, HR_TOOLBOX_USER_PROFILE.PROFILEUPDT
                                    FROM HR_TOOLBOX_USER_PROFILE LEFT JOIN Employee ON HR_TOOLBOX_USER_PROFILE.EMPID = Employee.EMPID
                                    WHERE USERPASS = '#form.userPass#' and USERLOG = '#form.userName#'
                              </cfquery>
                              <cfset SESSION.Auth = StructNew()>
                              <cfset SESSION.Auth.IsLoggedIn=1>
                              <cfset SESSION.Auth.UserID=#getUser.USERID#>
                              <cfset SESSION.Auth.UserLog=#getUser.USERlOG#>
                              <cfset SESSION.Auth.PassWd=#getUser.USERPASS#>
                        <cfset SESSION.Auth.FirstName=#getUser.USERFNAME#>
                              <cfset SESSION.Auth.LastName=#getUser.USERLNAME#>
                              <cfset SESSION.Auth.Email=#getUser.USEREMAIL#>
                              <cfset SESSION.Auth.Grade=#getUser.USERGRD#>
                              <cfset SESSION.Auth.AccessType=#getUser.USERTYPE#>
                              <cfset SESSION.Auth.AccessLevel=#getUser.USERLEVEL#>
                              <cfset SESSION.Auth.ShowPassWarn=#getUser.WARNPASS#>
                              <cfset SESSION.Auth.PassDate=#getUser.PASSWORDUPDT#>
                              <cfset SESSION.Auth.ProfileDate=#getUser.PROFILEUPDT#>
                              <cfset SESSION.Auth.showtopten = 0>
                              <cfif SESSION.Auth.ShowPassWarn NEQ 0>
                                    <cfset SESSION.Auth.Warnings=true>
                              <cfelse>
                                    <cfset SESSION.Auth.Warnings=false>
                              </cfif>
                              <cfoutput>
                                    <script>
                                    <cfif #getUser.USERLEVEL# GE 100>
                                    window.open('#SRVPATH#HRtoolbox/start.cfm');
                                    <cfelse>
                                    window.open('#SRVPATH#HRtoolbox/start.cfm','','scrollbars=yes,location=no,status=no,directories=no,toolbar=no,menubar=no,resizable=no,channelmode=yes, fullscreen=yes');
                                    </cfif>
                                    window.location.replace('index.cfm');
                                    </script>
                              </cfoutput>
                  <cfelse>
                        <cfset bPassErr = 1 >
                  </cfif>
            <cfelse>
                  <cfset bNameErr = 1>
            </cfif>            
</cfif>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<CFHEADER name="Expires" value="#Now()#">
<CFHEADER name="Pragma" value="no-cache">
<CFHEADER name="cache-control" value="no-cache, no-store, must-revalidate">

<script type="text/javascript" language="JavaScript">
uName = /^\w*$/
uPass = /^[a-zA-Z]\w*....[^_]$/
uPassDig = /.*\d.*/
function validateData(){
err="";
var txtBox=document.tbLogin;
            if (txtBox.userName.value){
                  if (!uName.test(txtBox.userName.value)){
                        if(!err){
                              txtBox.userName.focus();
                              txtBox.userName.select();
                        }
                        err = err + "User ID may contain letters, numbers \nand/or the underscore(_) and at least 6 characters.\n";
                        err = err + "User ID may not begin with underscore or a number and may not end with underscore.\n";
                  }
            }
            else{
                  if(!err){
                        txtBox.userName.focus();
                        txtBox.userName.select();
                  }
                  err = err + "User ID is a required field.\n";
            }
            
            
            
            if(txtBox.userPass.value){
                  if (!uPassDig.test(txtBox.userPass.value)){
                        err = err + "Password must conatin at least 1 digit.\n";
                  }
                  else{
                        if (!uPass.test(txtBox.userPass.value)){
                              if(!err){
                                    txtBox.userPass.focus();
                                    txtBox.userPass.select();
                              }
                              err = err + "Password may contain letters, numbers \nand/or the underscore(_) and be at least 6 characters.\n";
                              err = err + "Password may not begin with underscore or a number and may not end with underscore.\n";
                        }
                      
                 }
            }
            else{
                  if(!err){
                              txtBox.userPass.focus();
                              txtBox.userPass.select();
                        }
                  err = err + "Password is a required field.\n";
            }
            

            if(txtBox.userPass.value && txtBox.userName.value && txtBox.userPass.value == txtBox.userName.value){
                  err = err + "User ID and Password cannot be the same.\n";
            }
            
            if (err){
                  alert(err);
            }      

return (err ? false : true);      
}
</script>


<table width="150" border="0" cellspacing="0" cellpadding="0" align="right">
  <tr>
    <td width="150" height="15" colspan="2" align="center" bgcolor="#9DA2C8"><font face="Arial, Helvetica, sans-serif" size="2">H.R. Toolbox</font> </td>
  </tr>
  <tr height="30">
    <form action="index.cfm" method="post" name="tbLogin" onsubmit="return validateData();">
      <tr>
        <td width="150" height="10" colspan="2" align="left" bgColor="#fcf1f2">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">
            <a href="##" onClick="window.open('eis/hr_toolbox/toolboxRegistration.cfm','News','scrollbars=no,width=400,height=400,resizable=no')" class="bottomnav">New User? Click to Register</A></font></td>
      </tr>
        <cfif (#bNameErr#) eq 1>
        <tr>                  
            <td width="150" height="10" colspan="2" style="font: small-caps bold 10pt; color:red;" align="center" bgColor="#fcf1f2">Invalid User ID</td>
        </tr>            
        <cfelseif (#bPassErr#) eq 1>
        <tr>                  
            <td width="150" height="10" colspan="2" style="font: small-caps bold 10pt; color:red;" align="center" bgColor="#fcf1f2">Invalid Password. Password is case SENSITIVE</td>
        </tr>
      <cfelse>
      
      </cfif>            
            
      <tr>
        <td height="10" width="72" bgColor="#fcf1f2" align="left">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">User ID:</font></td>
        <td width="73" bgColor="#fcf1f2" align="left"><font size="3"><input name="userName"  type="text" size="8" maxlength="20" <cfif isDefined("form.userName") and not bNameErr and not isDefined("SESSION.Auth.IsLoggedIn")><cfoutput> value="#form.userName#"</cfoutput></cfif>></font></td>
      </tr>
      <tr>
        <td width="72" height="10" align="left" bgColor="#fcf1f2">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">Password:</font></td>
        <td width="73" height="10" align="left" bgColor="#fcf1f2"><font size="3"><input name="userPass" type="password" size="8" maxlength="20"></font></td>
      </tr>
      <tr>
        <td width="150" height="10" colspan="2" align="right" bgColor="#fcf1f2">      
        <font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2"><input align="right" name="submit" type="submit" value="Log In">&nbsp;&nbsp;</font></td>
      </tr>
    </form>
  <tr>
    <td width="150" height="10" colspan="2" bgColor="#fcf1f2"><font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">
      &nbsp;<a href="##" onClick="window.open('eis/hr_toolbox/password_request.cfm','News','scrollbars=no,width=400,height=400,resizable=no')" class="bottomnav">Lost or Forgot Password?</A></font></td>
  </tr>
  <tr>
    <td width="150" height="15" colspan="2"  valign="middle" bgcolor="#9DA2C8">&nbsp;</td>
  </tr>

  <tr><td width="150" height="15" colspan="2"  align="center">

        </td>
  </tr>
</table>
 
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11794703
You may want to look at what type of session you are using.  If you are not using J2EE sessions then this can happen if you close and open the browser soon enough.

If you use J2EE sessions ( a setting in CF Admin) then the session ends when the browser is closed.
0
 

Author Comment

by:mdbbound
ID: 11797329
Hello,

Now i can relax a bit.  The Login now works.  I added sessiontimeout and did my logout as well as my AdminOnly pages access.

All are working fine at this point.  I'll be presenting in about 30 min from now.

Thank you all.

0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11809348
glad i could help

thanks for the points
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question