Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Login Page/Process/Application: Creating multi-level permissions or access. 500

Posted on 2006-11-30
3
Medium Priority
?
425 Views
Last Modified: 2013-12-24
I am trying to figure out how to create two user groups whom have different priveleges and essentially different menus.

1. Administrator
2. Registered Users

I have been testing the cfswitch and cfcase tags; however, have a problem implementing them. Any suggestions or any formats that you can share will be greatly appreciated!
Experienced insight please.

-----------------------------------------------------------------
<cfswitch expression="#usergroup#">

<cfcase value="1">
 <cfinclude template="protectedgrouppages/page1.cfm">
</cfcase>
<cfcase value="2">
  <cfinclude template="protectedgrouppages/page2.cfm">
</cfcase>
... more cfcase as neccesary ..
<cfdefaultcase>
place an error like "there is no such user group"
</cfdefaultcase>
</cfswitch>
---------------------------------------------------------------

logprocess.cfm
------------------

<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
<CFLOCATION url="badlogin.cfm">
</CFIF>

Application.cfm
-------------
<CFAPPLICATION NAME="x" sessionmanagement="YES" clientmanagement="NO" setclientcookies="YES" SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0
Comment
Question by:sjha81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Accepted Solution

by:
James Rodgers earned 1200 total points
ID: 18044932
how do you define these users, at account creation, by a site admin, some other method?


log on
i do this as
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
</cfquery>

<CFIF x.RecordCount GT 0>
registered user - check pass
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
bad password message
<cfelse>
bad user message
</CFIF>
allows for greater control of the types of mesasges passed to the user, 'we could not find you in our database- please register.' or 'invalid password', your method only allows for one message

now to set users
there are two methods i have used - a user type/userlevel combination and a defined access method
in teh user type/user level method the menu items were set so that if a user was of a specified level or higher then they would see enu options based on their level combined with a user type so i could have users and admins (type) but could also control the options by giving different levels of access within each type

but i prefered and would recommend the defined access method
in this case we used a user table and a menu table with a user_menu bridge, it allowed for more flexibilitty in detemining access as we could set any user to access any option or not
when teh user registered a default was set and tehn through request the admin could cutomize the user menu

these methods worked for ous as we had more than two types of users and this level of customization was required to accomodate different access
0
 
LVL 20

Assisted Solution

by:trailblazzyr55
trailblazzyr55 earned 300 total points
ID: 18045480
here's a couple different tutorials which are good for building an authentication system, few different approaches here to give you some options...

http://tutorial67.easycfm.com/      (uses cflogin)

http://tutorial452.easycfm.com/   (so users can only be logged in on one machine at a time)

http://tutorial424.easycfm.com/   (login using a CFC, no roles though, but can be added fairly easily)
0
 

Author Comment

by:sjha81
ID: 18049581
Im back... Sorry for the late reply, I had to sleep

I tried my page today but it doesnt seem to work.  Firefox keeps giving me the messsage:
The page isn't redirecting properly  

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
     
    *   This problem can sometimes be caused by disabling or refusing to accept
          cookies.

Why is this happening?

I think it might have something to do with the directory structure?
These three files are in /secure
--- login.cfm
 <cfform
            name="x"
            method="post"
            action="logprocess.cfm">       
        <tr>
          <td height="0" width="225" class="text" align="center">Username</td>

            <td height="0" width="224" >
            
                  <cfinput name="username" type="text" maxlength="10" maxchars="10" /></td>
        </tr>
        <tr>
          <td height="0" class="text" align="center" >Password</td>
        <td height="0" width="224" ><cfinput name="password" type="password" maxlength="10" maxchars="7"/></td>

logprocess.cfm---
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
Bad Login<br>
Click <a href="login.cfm">Here</a> to try again.  New users please <a href="register.cfm">register</a>!
</CFIF>

Application.cfm----

<CFAPPLICATION NAME="x" sessionmanagement="YES" setclientcookies="yes" clientmanagement="NO"  SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question