These pages is for Administrators only (My Application)


Please help restrict my Administrator pages (about 20 pages) from the rest of the other users.

I have my Access database with a table of users that includes a field for UserLevels.

if the UserLevel is 3 and above, that user should be able to access the 20 cfm pages available only for administrators.

Please I would like to request some code and where to put it.  Please be clear as possible.  It's the end of the week again and I have to come up with the login module by tommorow afternoon.  Please, I hope you understand.

Thanks in advance.

PS.  All users of my application will have to login.  But only Administratrs have the access to the Admin pages.

By the way, i use the basic session method in Ben forta's book.  So, those CFlogout, CFlogin is a bit different from what i am doing.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

hartConnect With a Mentor Commented:
ok how about this when the user logs in ..
and after u authenticate him with the database values...

create a session variable session.userlevel with the appropriate value

just put a if condition on top of the 20 files...

<cfif IsDefined(Session.UserLevel) And Session.UserLevel LT 3 ><!--- Not Admin user --->
   Show him some data saying no access to this page

now put this code in a common file that is UserAccess.cfm
and include this file in the top of the 20 files

James RodgersWeb Applications DeveloperCommented:
i have a similar setup but access levels are different, i put my admin only pages in a separate forlder and have in my Application.cfm in the folder
<cfset localAccesLevel=100> <!--- administrative level --->
<cfset RELLOCPATH = "./">
<cfset PARENTPATH = "../">

<cfinclude template="#RELLOCPATH#noHeaderPages/validateUser.cfm">

and in validateUser.cfm
<!--- validate user login --->
<!--- check for existance of Auth structure created during valid login --->
<cfif not isDefined("SESSION.Auth.UserID") OR not isDefined("SESSION.Auth.AccessLevel")>
      <!--- invalid login --->
      <cflocation url="#PARENTPATH#_errorPages/loginError.cfm" addtoken="No">

<!--- validate user level --->
<!--- compare the access level defined on the page to the user's access level --->
<cfif SESSION.Auth.AccessLevel LT localAccessLevel>
      <!--- invalid user access level error --->      
      <cflocation url="#PARENTPATH#_errorPages/levelError.cfm" addtoken="No">
Or you can use a role based method and then if you are using a homegrown approach

<cfif Find("Admin", Session.UserAccess)>
  User allowed
  User not an admin - cflocation them away
Sorry I am new to ASP and would like to know how to create a session variable
Tony-28, please do not post new questions at the end of other questions.  If you have a question, then create your own in the appropriate Topic Area (in your case use the ASP topic area NOT the cold fusion topic area)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.