• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 430
  • Last Modified:

Login Page/Process/Application: Creating multi-level permissions or access. 500

I am trying to figure out how to create two user groups whom have different priveleges and essentially different menus.

1. Administrator
2. Registered Users

I have been testing the cfswitch and cfcase tags; however, have a problem implementing them. Any suggestions or any formats that you can share will be greatly appreciated!
Experienced insight please.

-----------------------------------------------------------------
<cfswitch expression="#usergroup#">

<cfcase value="1">
 <cfinclude template="protectedgrouppages/page1.cfm">
</cfcase>
<cfcase value="2">
  <cfinclude template="protectedgrouppages/page2.cfm">
</cfcase>
... more cfcase as neccesary ..
<cfdefaultcase>
place an error like "there is no such user group"
</cfdefaultcase>
</cfswitch>
---------------------------------------------------------------

logprocess.cfm
------------------

<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
<CFLOCATION url="badlogin.cfm">
</CFIF>

Application.cfm
-------------
<CFAPPLICATION NAME="x" sessionmanagement="YES" clientmanagement="NO" setclientcookies="YES" SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0
sjha81
Asked:
sjha81
2 Solutions
 
James RodgersWeb Applications DeveloperCommented:
how do you define these users, at account creation, by a site admin, some other method?


log on
i do this as
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
</cfquery>

<CFIF x.RecordCount GT 0>
registered user - check pass
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
bad password message
<cfelse>
bad user message
</CFIF>
allows for greater control of the types of mesasges passed to the user, 'we could not find you in our database- please register.' or 'invalid password', your method only allows for one message

now to set users
there are two methods i have used - a user type/userlevel combination and a defined access method
in teh user type/user level method the menu items were set so that if a user was of a specified level or higher then they would see enu options based on their level combined with a user type so i could have users and admins (type) but could also control the options by giving different levels of access within each type

but i prefered and would recommend the defined access method
in this case we used a user table and a menu table with a user_menu bridge, it allowed for more flexibilitty in detemining access as we could set any user to access any option or not
when teh user registered a default was set and tehn through request the admin could cutomize the user menu

these methods worked for ous as we had more than two types of users and this level of customization was required to accomodate different access
0
 
trailblazzyr55Commented:
here's a couple different tutorials which are good for building an authentication system, few different approaches here to give you some options...

http://tutorial67.easycfm.com/      (uses cflogin)

http://tutorial452.easycfm.com/   (so users can only be logged in on one machine at a time)

http://tutorial424.easycfm.com/   (login using a CFC, no roles though, but can be added fairly easily)
0
 
sjha81Author Commented:
Im back... Sorry for the late reply, I had to sleep

I tried my page today but it doesnt seem to work.  Firefox keeps giving me the messsage:
The page isn't redirecting properly  

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
     
    *   This problem can sometimes be caused by disabling or refusing to accept
          cookies.

Why is this happening?

I think it might have something to do with the directory structure?
These three files are in /secure
--- login.cfm
 <cfform
            name="x"
            method="post"
            action="logprocess.cfm">       
        <tr>
          <td height="0" width="225" class="text" align="center">Username</td>

            <td height="0" width="224" >
            
                  <cfinput name="username" type="text" maxlength="10" maxchars="10" /></td>
        </tr>
        <tr>
          <td height="0" class="text" align="center" >Password</td>
        <td height="0" width="224" ><cfinput name="password" type="password" maxlength="10" maxchars="7"/></td>

logprocess.cfm---
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
Bad Login<br>
Click <a href="login.cfm">Here</a> to try again.  New users please <a href="register.cfm">register</a>!
</CFIF>

Application.cfm----

<CFAPPLICATION NAME="x" sessionmanagement="YES" setclientcookies="yes" clientmanagement="NO"  SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now