Solved

Login Page/Process/Application: Creating multi-level permissions or access. 500

Posted on 2006-11-30
3
417 Views
Last Modified: 2013-12-24
I am trying to figure out how to create two user groups whom have different priveleges and essentially different menus.

1. Administrator
2. Registered Users

I have been testing the cfswitch and cfcase tags; however, have a problem implementing them. Any suggestions or any formats that you can share will be greatly appreciated!
Experienced insight please.

-----------------------------------------------------------------
<cfswitch expression="#usergroup#">

<cfcase value="1">
 <cfinclude template="protectedgrouppages/page1.cfm">
</cfcase>
<cfcase value="2">
  <cfinclude template="protectedgrouppages/page2.cfm">
</cfcase>
... more cfcase as neccesary ..
<cfdefaultcase>
place an error like "there is no such user group"
</cfdefaultcase>
</cfswitch>
---------------------------------------------------------------

logprocess.cfm
------------------

<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
<CFLOCATION url="badlogin.cfm">
</CFIF>

Application.cfm
-------------
<CFAPPLICATION NAME="x" sessionmanagement="YES" clientmanagement="NO" setclientcookies="YES" SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0
Comment
Question by:sjha81
3 Comments
 
LVL 25

Accepted Solution

by:
James Rodgers earned 400 total points
Comment Utility
how do you define these users, at account creation, by a site admin, some other method?


log on
i do this as
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
</cfquery>

<CFIF x.RecordCount GT 0>
registered user - check pass
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
bad password message
<cfelse>
bad user message
</CFIF>
allows for greater control of the types of mesasges passed to the user, 'we could not find you in our database- please register.' or 'invalid password', your method only allows for one message

now to set users
there are two methods i have used - a user type/userlevel combination and a defined access method
in teh user type/user level method the menu items were set so that if a user was of a specified level or higher then they would see enu options based on their level combined with a user type so i could have users and admins (type) but could also control the options by giving different levels of access within each type

but i prefered and would recommend the defined access method
in this case we used a user table and a menu table with a user_menu bridge, it allowed for more flexibilitty in detemining access as we could set any user to access any option or not
when teh user registered a default was set and tehn through request the admin could cutomize the user menu

these methods worked for ous as we had more than two types of users and this level of customization was required to accomodate different access
0
 
LVL 20

Assisted Solution

by:trailblazzyr55
trailblazzyr55 earned 100 total points
Comment Utility
here's a couple different tutorials which are good for building an authentication system, few different approaches here to give you some options...

http://tutorial67.easycfm.com/      (uses cflogin)

http://tutorial452.easycfm.com/   (so users can only be logged in on one machine at a time)

http://tutorial424.easycfm.com/   (login using a CFC, no roles though, but can be added fairly easily)
0
 

Author Comment

by:sjha81
Comment Utility
Im back... Sorry for the late reply, I had to sleep

I tried my page today but it doesnt seem to work.  Firefox keeps giving me the messsage:
The page isn't redirecting properly  

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
     
    *   This problem can sometimes be caused by disabling or refusing to accept
          cookies.

Why is this happening?

I think it might have something to do with the directory structure?
These three files are in /secure
--- login.cfm
 <cfform
            name="x"
            method="post"
            action="logprocess.cfm">       
        <tr>
          <td height="0" width="225" class="text" align="center">Username</td>

            <td height="0" width="224" >
            
                  <cfinput name="username" type="text" maxlength="10" maxchars="10" /></td>
        </tr>
        <tr>
          <td height="0" class="text" align="center" >Password</td>
        <td height="0" width="224" ><cfinput name="password" type="password" maxlength="10" maxchars="7"/></td>

logprocess.cfm---
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
Bad Login<br>
Click <a href="login.cfm">Here</a> to try again.  New users please <a href="register.cfm">register</a>!
</CFIF>

Application.cfm----

<CFAPPLICATION NAME="x" sessionmanagement="YES" setclientcookies="yes" clientmanagement="NO"  SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now