Solved

My login does not work.

Posted on 2004-08-12
5
192 Views
Last Modified: 2013-12-24
hi

i created this login using sessions just like what was written in Ben Forta's 5th Edition book and this is what happened.

I was in dreamweaver and hit F12 to view my "startuppage.cfm".  The first time i logged in I was able to type the name and password and was able to get it.  Then, I closed the browser, and tried to get in as another user.  I was still successful.  Again I closed the browser.

This time, i tried to open my application from the shortcut in my desktop.  Walla, it did not even asks for a username and password.  I was able to go to the page I want to go to without requiring a username and password.  

Why is that?  My login is not working properly.  What should i do?

Please help.  Thank you in advance

PS.  All users of my application will have to login.  But only Administratrs have the access to the Admin pages.

By the way, i use the basic session method in Ben forta's book.  So, those CFlogout, CFlogin is a bit different from what i am doing
0
Comment
Question by:mdbbound
5 Comments
 
LVL 11

Accepted Solution

by:
hart earned 250 total points
Comment Utility
what i can understand is that...

you have a file that asks for the username and password...
and when the form is submitted it is taken to a page where u check the username and password with values in the database...

if the user is present then u create session variables and send this user to the next page...

now i hope on the next page you are checking wether the session variables are defined or not...
If they are not then you redirect them to the login page again...

if this is the logic u r following then it should work fine...

Another thing is that...
how do u access ur site... The site should be accessed using a url like this http://localhost/your root dir/startuppage.cfm...
this is how you can check your site..

You do not check ur site by clicking F12 in dreamweaver bcos then the file will be openend with a physical path
i.e "c:\blah...blah

let me know

Regards
Hart
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 250 total points
Comment Utility
here is a login i wrote a while ago, my first login routine, see if it can help you out, uses swessions variables, userlevels and usertypes as access restrictions, its an include file on one of the sites main pages, opens the secirepages in a new window

<cfset TITLE="Human Resources - Login">    
<cfset errName = "Invalid User ID">
<cfset errPass = "Invalid Password">
<cfset bNameErr = 0>
<cfset bPassErr = 0>
<cfif isdefined("form.userName") and isDefined("form.userPass")>
            <cfquery name="validName" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                  SELECT USERID
                  FROM HR_TOOLBOX_USER_PROFILE
                  WHERE USERLOG = '#form.userName#'
            </cfquery>
            <cfif (#validName.recordcount#)>
                  <cfquery name="validPass" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                        SELECT USERID , USERPASS
                        FROM HR_TOOLBOX_USER_PROFILE
                        WHERE USERPASS = '#form.userPass#' and USERLOG = '#form.userName#'
                  </cfquery>
                  <cfif (#validPass.recordcount#) AND not Compare(form.userPass, validPass.userpass)>
                              <cfquery name="getUser" datasource="#SQLSERVER#" password="#SQLSERVERPASS#" username="#SQLSERVERUSER#">
                                    SELECT HR_TOOLBOX_USER_PROFILE.USERID, HR_TOOLBOX_USER_PROFILE.USERLOG, HR_TOOLBOX_USER_PROFILE.USERPASS, HR_TOOLBOX_USER_PROFILE.USERFNAME, HR_TOOLBOX_USER_PROFILE.USERLNAME, HR_TOOLBOX_USER_PROFILE.USEREMAIL, Employee.GRADE AS USERGRD, HR_TOOLBOX_USER_PROFILE.USERTYPE, HR_TOOLBOX_USER_PROFILE.USERLEVEL, HR_TOOLBOX_USER_PROFILE.WARNPASS, HR_TOOLBOX_USER_PROFILE.PASSWORDUPDT, HR_TOOLBOX_USER_PROFILE.PROFILEUPDT
                                    FROM HR_TOOLBOX_USER_PROFILE LEFT JOIN Employee ON HR_TOOLBOX_USER_PROFILE.EMPID = Employee.EMPID
                                    WHERE USERPASS = '#form.userPass#' and USERLOG = '#form.userName#'
                              </cfquery>
                              <cfset SESSION.Auth = StructNew()>
                              <cfset SESSION.Auth.IsLoggedIn=1>
                              <cfset SESSION.Auth.UserID=#getUser.USERID#>
                              <cfset SESSION.Auth.UserLog=#getUser.USERlOG#>
                              <cfset SESSION.Auth.PassWd=#getUser.USERPASS#>
                        <cfset SESSION.Auth.FirstName=#getUser.USERFNAME#>
                              <cfset SESSION.Auth.LastName=#getUser.USERLNAME#>
                              <cfset SESSION.Auth.Email=#getUser.USEREMAIL#>
                              <cfset SESSION.Auth.Grade=#getUser.USERGRD#>
                              <cfset SESSION.Auth.AccessType=#getUser.USERTYPE#>
                              <cfset SESSION.Auth.AccessLevel=#getUser.USERLEVEL#>
                              <cfset SESSION.Auth.ShowPassWarn=#getUser.WARNPASS#>
                              <cfset SESSION.Auth.PassDate=#getUser.PASSWORDUPDT#>
                              <cfset SESSION.Auth.ProfileDate=#getUser.PROFILEUPDT#>
                              <cfset SESSION.Auth.showtopten = 0>
                              <cfif SESSION.Auth.ShowPassWarn NEQ 0>
                                    <cfset SESSION.Auth.Warnings=true>
                              <cfelse>
                                    <cfset SESSION.Auth.Warnings=false>
                              </cfif>
                              <cfoutput>
                                    <script>
                                    <cfif #getUser.USERLEVEL# GE 100>
                                    window.open('#SRVPATH#HRtoolbox/start.cfm');
                                    <cfelse>
                                    window.open('#SRVPATH#HRtoolbox/start.cfm','','scrollbars=yes,location=no,status=no,directories=no,toolbar=no,menubar=no,resizable=no,channelmode=yes, fullscreen=yes');
                                    </cfif>
                                    window.location.replace('index.cfm');
                                    </script>
                              </cfoutput>
                  <cfelse>
                        <cfset bPassErr = 1 >
                  </cfif>
            <cfelse>
                  <cfset bNameErr = 1>
            </cfif>            
</cfif>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<CFHEADER name="Expires" value="#Now()#">
<CFHEADER name="Pragma" value="no-cache">
<CFHEADER name="cache-control" value="no-cache, no-store, must-revalidate">

<script type="text/javascript" language="JavaScript">
uName = /^\w*$/
uPass = /^[a-zA-Z]\w*....[^_]$/
uPassDig = /.*\d.*/
function validateData(){
err="";
var txtBox=document.tbLogin;
            if (txtBox.userName.value){
                  if (!uName.test(txtBox.userName.value)){
                        if(!err){
                              txtBox.userName.focus();
                              txtBox.userName.select();
                        }
                        err = err + "User ID may contain letters, numbers \nand/or the underscore(_) and at least 6 characters.\n";
                        err = err + "User ID may not begin with underscore or a number and may not end with underscore.\n";
                  }
            }
            else{
                  if(!err){
                        txtBox.userName.focus();
                        txtBox.userName.select();
                  }
                  err = err + "User ID is a required field.\n";
            }
            
            
            
            if(txtBox.userPass.value){
                  if (!uPassDig.test(txtBox.userPass.value)){
                        err = err + "Password must conatin at least 1 digit.\n";
                  }
                  else{
                        if (!uPass.test(txtBox.userPass.value)){
                              if(!err){
                                    txtBox.userPass.focus();
                                    txtBox.userPass.select();
                              }
                              err = err + "Password may contain letters, numbers \nand/or the underscore(_) and be at least 6 characters.\n";
                              err = err + "Password may not begin with underscore or a number and may not end with underscore.\n";
                        }
                      
                 }
            }
            else{
                  if(!err){
                              txtBox.userPass.focus();
                              txtBox.userPass.select();
                        }
                  err = err + "Password is a required field.\n";
            }
            

            if(txtBox.userPass.value && txtBox.userName.value && txtBox.userPass.value == txtBox.userName.value){
                  err = err + "User ID and Password cannot be the same.\n";
            }
            
            if (err){
                  alert(err);
            }      

return (err ? false : true);      
}
</script>


<table width="150" border="0" cellspacing="0" cellpadding="0" align="right">
  <tr>
    <td width="150" height="15" colspan="2" align="center" bgcolor="#9DA2C8"><font face="Arial, Helvetica, sans-serif" size="2">H.R. Toolbox</font> </td>
  </tr>
  <tr height="30">
    <form action="index.cfm" method="post" name="tbLogin" onsubmit="return validateData();">
      <tr>
        <td width="150" height="10" colspan="2" align="left" bgColor="#fcf1f2">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">
            <a href="##" onClick="window.open('eis/hr_toolbox/toolboxRegistration.cfm','News','scrollbars=no,width=400,height=400,resizable=no')" class="bottomnav">New User? Click to Register</A></font></td>
      </tr>
        <cfif (#bNameErr#) eq 1>
        <tr>                  
            <td width="150" height="10" colspan="2" style="font: small-caps bold 10pt; color:red;" align="center" bgColor="#fcf1f2">Invalid User ID</td>
        </tr>            
        <cfelseif (#bPassErr#) eq 1>
        <tr>                  
            <td width="150" height="10" colspan="2" style="font: small-caps bold 10pt; color:red;" align="center" bgColor="#fcf1f2">Invalid Password. Password is case SENSITIVE</td>
        </tr>
      <cfelse>
      
      </cfif>            
            
      <tr>
        <td height="10" width="72" bgColor="#fcf1f2" align="left">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">User ID:</font></td>
        <td width="73" bgColor="#fcf1f2" align="left"><font size="3"><input name="userName"  type="text" size="8" maxlength="20" <cfif isDefined("form.userName") and not bNameErr and not isDefined("SESSION.Auth.IsLoggedIn")><cfoutput> value="#form.userName#"</cfoutput></cfif>></font></td>
      </tr>
      <tr>
        <td width="72" height="10" align="left" bgColor="#fcf1f2">&nbsp;<font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">Password:</font></td>
        <td width="73" height="10" align="left" bgColor="#fcf1f2"><font size="3"><input name="userPass" type="password" size="8" maxlength="20"></font></td>
      </tr>
      <tr>
        <td width="150" height="10" colspan="2" align="right" bgColor="#fcf1f2">      
        <font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2"><input align="right" name="submit" type="submit" value="Log In">&nbsp;&nbsp;</font></td>
      </tr>
    </form>
  <tr>
    <td width="150" height="10" colspan="2" bgColor="#fcf1f2"><font color="#8b0000" face="Arial, Helvetica, sans-serif" size="2">
      &nbsp;<a href="##" onClick="window.open('eis/hr_toolbox/password_request.cfm','News','scrollbars=no,width=400,height=400,resizable=no')" class="bottomnav">Lost or Forgot Password?</A></font></td>
  </tr>
  <tr>
    <td width="150" height="15" colspan="2"  valign="middle" bgcolor="#9DA2C8">&nbsp;</td>
  </tr>

  <tr><td width="150" height="15" colspan="2"  align="center">

        </td>
  </tr>
</table>
 
0
 
LVL 35

Expert Comment

by:mrichmon
Comment Utility
You may want to look at what type of session you are using.  If you are not using J2EE sessions then this can happen if you close and open the browser soon enough.

If you use J2EE sessions ( a setting in CF Admin) then the session ends when the browser is closed.
0
 

Author Comment

by:mdbbound
Comment Utility
Hello,

Now i can relax a bit.  The Login now works.  I added sessiontimeout and did my logout as well as my AdminOnly pages access.

All are working fine at this point.  I'll be presenting in about 30 min from now.

Thank you all.

0
 
LVL 25

Expert Comment

by:James Rodgers
Comment Utility
glad i could help

thanks for the points
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now