Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

My login does not work.

Posted on 2004-08-12
5
Medium Priority
?
206 Views
Last Modified: 2013-12-24
hi

i created this login using sessions just like what was written in Ben Forta's 5th Edition book and this is what happened.

I was in dreamweaver and hit F12 to view my "startuppage.cfm".  The first time i logged in I was able to type the name and password and was able to get it.  Then, I closed the browser, and tried to get in as another user.  I was still successful.  Again I closed the browser.

This time, i tried to open my application from the shortcut in my desktop.  Walla, it did not even asks for a username and password.  I was able to go to the page I want to go to without requiring a username and password.  

Why is that?  My login is not working properly.  What should i do?

Please help.  Thank you in advance

PS.  All users of my application will have to login.  But only Administratrs have the access to the Admin pages.

By the way, i use the basic session method in Ben forta's book.  So, those CFlogout, CFlogin is a bit different from what i am doing
0
Comment
Question by:mdbbound
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
hart earned 1000 total points
ID: 11791166
what i can understand is that...

you have a file that asks for the username and password...
and when the form is submitted it is taken to a page where u check the username and password with values in the database...

if the user is present then u create session variables and send this user to the next page...

now i hope on the next page you are checking wether the session variables are defined or not...
If they are not then you redirect them to the login page again...

if this is the logic u r following then it should work fine...

Another thing is that...
how do u access ur site... The site should be accessed using a url like this http://localhost/your root dir/startuppage.cfm...
this is how you can check your site..

You do not check ur site by clicking F12 in dreamweaver bcos then the file will be openend with a physical path
i.e "c:\blah...blah

let me know

Regards
Hart
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 1000 total points
ID: 11792259
here is a login i wrote a while ago, my first login routine, see if it can help you out, uses swessions variables, userlevels and usertypes as access restrictions, its an include file on one of the sites main pages, opens the secirepages in a new window

<cfset TITLE="Human Resources - Login">    
<cfset errName = "Invalid User ID">
<cfset errPass = "Invalid Password">
<cfset bNameErr = 0>
<cfset bPassErr = 0>
<cfif isdefined("form.userName") and isDefined("form.userPass")>
            <cfquery name="validName" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                  SELECT USERID
                  FROM HR_TOOLBOX_USER_PROFILE
                  WHERE USERLOG = '#form.userName#'
            </cfquery>
            <cfif (#validName.recordcount#)>
                  <cfquery name="validPass" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                        SELECT USERID , USERPASS
                        FROM HR_TOOLBOX_USER_PROFILE
                        WHERE USERPASS = '#form.userPass#' and USERLOG = '#form.userName#'
                  </cfquery>
                  <cfif (#validPass.recordcount#) AND not Compare(form.userPass, validPass.userpass)>
                              <cfquery name="getUser" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                                    SELECT HR_TOOLBOX_USER_PROFILE.USERID, HR_TOOLBOX_USER_PROFILE.USERLOG, HR_TOOLBOX_USER_PROFILE.USERPASS, HR_TOOLBOX_USER_PROFILE.USERFNAME, HR_TOOLBOX_USER_PROFILE.USERLNAME, HR_TOOLBOX_USER_PROFILE.USEREMAIL, Employee.GRADE AS USERGRD, HR_TOOLBOX_USER_PROFILE.USERTYPE, HR_TOOLBOX_USER_PROFILE.USERLEVEL, HR_TOOLBOX_USER_PROFILE.WARNPASS, HR_TOOLBOX_USER_PROFILE.PASSWORDUPDT, HR_TOOLBOX_USER_PROFILE.PROFILEUPDT
                                    FROM HR_TOOLBOX_USER_PROFILE LEFT JOIN Employee ON HR_TOOLBOX_USER_PROFILE.EMPID = Employee.EMPID
                                    WHERE USERPASS = '#form.userPass#' and USERLOG = '#form.userName#'
                              </cfquery>
                              <cfset SESSION.Auth = StructNew()>
                              <cfset SESSION.Auth.IsLoggedIn=1>
                              <cfset SESSION.Auth.UserID=#getUser.USERID#>
                              <cfset SESSION.Auth.UserLog=#getUser.USERlOG#>
                              <cfset SESSION.Auth.PassWd=#getUser.USERPASS#>
                        <cfset SESSION.Auth.FirstName=#getUser.USERFNAME#>
                              <cfset SESSION.Auth.LastName=#getUser.USERLNAME#>
                              <cfset SESSION.Auth.Email=#getUser.USEREMAIL#>
                              <cfset SESSION.Auth.Grade=#getUser.USERGRD#>
                              <cfset SESSION.Auth.AccessType=#getUser.USERTYPE#>
                              <cfset SESSION.Auth.AccessLevel=#getUser.USERLEVEL#>
                              <cfset SESSION.Auth.ShowPassWarn=#getUser.WARNPASS#>
                              <cfset SESSION.Auth.PassDate=#getUser.PASSWORDUPDT#>
                              <cfset SESSION.Auth.ProfileDate=#getUser.PROFILEUPDT#>
                              <cfset SESSION.Auth.showtopten = 0>
                              <cfif SESSION.Auth.ShowPassWarn NEQ 0>
                                    <cfset SESSION.Auth.Warnings=true>
                              <cfelse>
                                    <cfset SESSION.Auth.Warnings=false>
                              </cfif>
                              <cfoutput>
                                    <script>
                                    <cfif #getUser.USERLEVEL# GE 100>
                                    window.open('#SRVPATH#HRtoolbox/start.cfm');
                                    <cfelse>
                                    window.open('#SRVPATH#HRtoolbox/start.cfm','','scrollbars=yes,location=no,status=no,directories=no,toolbar=no,menubar=no,resizable=no,channelmode=yes, fullscreen=yes');
                                    </cfif>
                                    window.location.replace('index.cfm');
                                    </script>
                              </cfoutput>
                  <cfelse>
                        <cfset bPassErr = 1 >
                  </cfif>
            <cfelse>
                  <cfset bNameErr = 1>
            </cfif>            
</cfif>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<CFHEADER name="Expires" value="#Now()#">
<CFHEADER name="Pragma" value="no-cache">
<CFHEADER name="cache-control" value="no-cache, no-store, must-revalidate">

<script type="text/javascript" language="JavaScript">
uName = /^\w*$/
uPass = /^[a-zA-Z]\w*....[^_]$/
uPassDig = /.*\d.*/
function validateData(){
err="";
var txtBox=document.tbLogin;
            if (txtBox.userName.value){
                  if (!uName.test(txtBox.userName.value)){
                        if(!err){
                              txtBox.userName.focus();
                              txtBox.userName.select();
                        }
                        err = err + "User ID may contain letters, numbers \nand/or the underscore(_) and at least 6 characters.\n";
                        err = err + "User ID may not begin with underscore or a number and may not end with underscore.\n";
                  }
            }
            else{
                  if(!err){
                        txtBox.userName.focus();
                        txtBox.userName.select();
                  }
                  err = err + "User ID is a required field.\n";
            }
            
            
            
            if(txtBox.userPass.value){
                  if (!uPassDig.test(txtBox.userPass.value)){
                        err = err + "Password must conatin at least 1 digit.\n";
                  }
                  else{
                        if (!uPass.test(txtBox.userPass.value)){
                              if(!err){
                                    txtBox.userPass.focus();
                                    txtBox.userPass.select();
                              }
                              err = err + "Password may contain letters, numbers \nand/or the underscore(_) and be at least 6 characters.\n";
                              err = err + "Password may not begin with underscore or a number and may not end with underscore.\n";
                        }
                      
                 }
            }
            else{
                  if(!err){
                              txtBox.userPass.focus();
                              txtBox.userPass.select();
                        }
                  err = err + "Password is a required field.\n";
            }
            

            if(txtBox.userPass.value && txtBox.userName.value && txtBox.userPass.value == txtBox.userName.value){
                  err = err + "User ID and Password cannot be the same.\n";
            }
            
            if (err){
                  alert(err);
            }      

return (err ? false : true);      
}
</script>


<table width="150" border="0" cellspacing="0" cellpadding="0" align="right">
  <tr>
    <td width="150" height="15" colspan="2" align="center" bgcolor="#9DA2C8"><font face="Arial, Helvetica, sans-serif" size="2">H.R. Toolbox</font> </td>
  </tr>
  <tr height="30">
    <form action="index.cfm" method="post" name="tbLogin" onsubmit="return validateData();">
      <tr>
        <td width="150" height="10" colspan="2" align="left" bgColor="#fcf1f2">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">
            <a href="##" onClick="window.open('eis/hr_toolbox/toolboxRegistration.cfm','News','scrollbars=no,width=400,height=400,resizable=no')" class="bottomnav">New User? Click to Register</A></font></td>
      </tr>
        <cfif (#bNameErr#) eq 1>
        <tr>                  
            <td width="150" height="10" colspan="2" style="font: small-caps bold 10pt; color:red;" align="center" bgColor="#fcf1f2">Invalid User ID</td>
        </tr>            
        <cfelseif (#bPassErr#) eq 1>
        <tr>                  
            <td width="150" height="10" colspan="2" style="font: small-caps bold 10pt; color:red;" align="center" bgColor="#fcf1f2">Invalid Password. Password is case SENSITIVE</td>
        </tr>
      <cfelse>
      
      </cfif>            
            
      <tr>
        <td height="10" width="72" bgColor="#fcf1f2" align="left">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">User ID:</font></td>
        <td width="73" bgColor="#fcf1f2" align="left"><font size="3"><input name="userName"  type="text" size="8" maxlength="20" <cfif isDefined("form.userName") and not bNameErr and not isDefined("SESSION.Auth.IsLoggedIn")><cfoutput> value="#form.userName#"</cfoutput></cfif>></font></td>
      </tr>
      <tr>
        <td width="72" height="10" align="left" bgColor="#fcf1f2">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">Password:</font></td>
        <td width="73" height="10" align="left" bgColor="#fcf1f2"><font size="3"><input name="userPass" type="password" size="8" maxlength="20"></font></td>
      </tr>
      <tr>
        <td width="150" height="10" colspan="2" align="right" bgColor="#fcf1f2">      
        <font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2"><input align="right" name="submit" type="submit" value="Log In">&nbsp;&nbsp;</font></td>
      </tr>
    </form>
  <tr>
    <td width="150" height="10" colspan="2" bgColor="#fcf1f2"><font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">
      &nbsp;<a href="##" onClick="window.open('eis/hr_toolbox/password_request.cfm','News','scrollbars=no,width=400,height=400,resizable=no')" class="bottomnav">Lost or Forgot Password?</A></font></td>
  </tr>
  <tr>
    <td width="150" height="15" colspan="2"  valign="middle" bgcolor="#9DA2C8">&nbsp;</td>
  </tr>

  <tr><td width="150" height="15" colspan="2"  align="center">

        </td>
  </tr>
</table>
 
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11794703
You may want to look at what type of session you are using.  If you are not using J2EE sessions then this can happen if you close and open the browser soon enough.

If you use J2EE sessions ( a setting in CF Admin) then the session ends when the browser is closed.
0
 

Author Comment

by:mdbbound
ID: 11797329
Hello,

Now i can relax a bit.  The Login now works.  I added sessiontimeout and did my logout as well as my AdminOnly pages access.

All are working fine at this point.  I'll be presenting in about 30 min from now.

Thank you all.

0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11809348
glad i could help

thanks for the points
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question