Solved

These pages is for Administrators only (My Application)

Posted on 2004-08-12
5
144 Views
Last Modified: 2013-12-24
Hello,

Please help restrict my Administrator pages (about 20 pages) from the rest of the other users.

I have my Access database with a table of users that includes a field for UserLevels.

if the UserLevel is 3 and above, that user should be able to access the 20 cfm pages available only for administrators.

Please I would like to request some code and where to put it.  Please be clear as possible.  It's the end of the week again and I have to come up with the login module by tommorow afternoon.  Please, I hope you understand.

Thanks in advance.

PS.  All users of my application will have to login.  But only Administratrs have the access to the Admin pages.

By the way, i use the basic session method in Ben forta's book.  So, those CFlogout, CFlogin is a bit different from what i am doing.
0
Comment
Question by:mdbbound
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
hart earned 500 total points
ID: 11791358
ok how about this when the user logs in ..
and after u authenticate him with the database values...

create a session variable session.userlevel with the appropriate value

just put a if condition on top of the 20 files...

<cfif IsDefined(Session.UserLevel) And Session.UserLevel LT 3 ><!--- Not Admin user --->
   Show him some data saying no access to this page
   </cfabort>
</cfif>

now put this code in a common file that is UserAccess.cfm
and include this file in the top of the 20 files

Regards
Hart
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11792010
i have a similar setup but access levels are different, i put my admin only pages in a separate forlder and have in my Application.cfm in the folder
<cfset localAccesLevel=100> <!--- administrative level --->
<cfset RELLOCPATH = "./">
<cfset PARENTPATH = "../">

<cfinclude template="#RELLOCPATH#noHeaderPages/validateUser.cfm">

and in validateUser.cfm
<!--- validate user login --->
<!--- check for existance of Auth structure created during valid login --->
<cfif not isDefined("SESSION.Auth.UserID") OR not isDefined("SESSION.Auth.AccessLevel")>
      <!--- invalid login --->
      <cflocation url="#PARENTPATH#_errorPages/loginError.cfm" addtoken="No">
</cfif>

<!--- validate user level --->
<!--- compare the access level defined on the page to the user's access level --->
<cfif SESSION.Auth.AccessLevel LT localAccessLevel>
      <!--- invalid user access level error --->      
      <cflocation url="#PARENTPATH#_errorPages/levelError.cfm" addtoken="No">
</cfif>
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 11794673
Or you can use a role based method and then if you are using a homegrown approach

<cfif Find("Admin", Session.UserAccess)>
  User allowed
<cfelse>
  User not an admin - cflocation them away
</cfif>
0
 

Expert Comment

by:Tony-28
ID: 13767595
Sorry I am new to ASP and would like to know how to create a session variable
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 13767665
Tony-28, please do not post new questions at the end of other questions.  If you have a question, then create your own in the appropriate Topic Area (in your case use the ASP topic area NOT the cold fusion topic area)
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
json_decode return null? 8 99
Forbidden errors 5 156
retrieving files from old server once DNS has changed 10 72
.htaccess rewrite url with querystring problem 13 116
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question