Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Login Page/Process/Application: Creating multi-level permissions or access. 500

Posted on 2006-11-30
3
Medium Priority
?
428 Views
Last Modified: 2013-12-24
I am trying to figure out how to create two user groups whom have different priveleges and essentially different menus.

1. Administrator
2. Registered Users

I have been testing the cfswitch and cfcase tags; however, have a problem implementing them. Any suggestions or any formats that you can share will be greatly appreciated!
Experienced insight please.

-----------------------------------------------------------------
<cfswitch expression="#usergroup#">

<cfcase value="1">
 <cfinclude template="protectedgrouppages/page1.cfm">
</cfcase>
<cfcase value="2">
  <cfinclude template="protectedgrouppages/page2.cfm">
</cfcase>
... more cfcase as neccesary ..
<cfdefaultcase>
place an error like "there is no such user group"
</cfdefaultcase>
</cfswitch>
---------------------------------------------------------------

logprocess.cfm
------------------

<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
<CFLOCATION url="badlogin.cfm">
</CFIF>

Application.cfm
-------------
<CFAPPLICATION NAME="x" sessionmanagement="YES" clientmanagement="NO" setclientcookies="YES" SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0
Comment
Question by:sjha81
3 Comments
 
LVL 25

Accepted Solution

by:
James Rodgers earned 1200 total points
ID: 18044932
how do you define these users, at account creation, by a site admin, some other method?


log on
i do this as
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
</cfquery>

<CFIF x.RecordCount GT 0>
registered user - check pass
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
bad password message
<cfelse>
bad user message
</CFIF>
allows for greater control of the types of mesasges passed to the user, 'we could not find you in our database- please register.' or 'invalid password', your method only allows for one message

now to set users
there are two methods i have used - a user type/userlevel combination and a defined access method
in teh user type/user level method the menu items were set so that if a user was of a specified level or higher then they would see enu options based on their level combined with a user type so i could have users and admins (type) but could also control the options by giving different levels of access within each type

but i prefered and would recommend the defined access method
in this case we used a user table and a menu table with a user_menu bridge, it allowed for more flexibilitty in detemining access as we could set any user to access any option or not
when teh user registered a default was set and tehn through request the admin could cutomize the user menu

these methods worked for ous as we had more than two types of users and this level of customization was required to accomodate different access
0
 
LVL 20

Assisted Solution

by:trailblazzyr55
trailblazzyr55 earned 300 total points
ID: 18045480
here's a couple different tutorials which are good for building an authentication system, few different approaches here to give you some options...

http://tutorial67.easycfm.com/      (uses cflogin)

http://tutorial452.easycfm.com/   (so users can only be logged in on one machine at a time)

http://tutorial424.easycfm.com/   (login using a CFC, no roles though, but can be added fairly easily)
0
 

Author Comment

by:sjha81
ID: 18049581
Im back... Sorry for the late reply, I had to sleep

I tried my page today but it doesnt seem to work.  Firefox keeps giving me the messsage:
The page isn't redirecting properly  

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
     
    *   This problem can sometimes be caused by disabling or refusing to accept
          cookies.

Why is this happening?

I think it might have something to do with the directory structure?
These three files are in /secure
--- login.cfm
 <cfform
            name="x"
            method="post"
            action="logprocess.cfm">       
        <tr>
          <td height="0" width="225" class="text" align="center">Username</td>

            <td height="0" width="224" >
            
                  <cfinput name="username" type="text" maxlength="10" maxchars="10" /></td>
        </tr>
        <tr>
          <td height="0" class="text" align="center" >Password</td>
        <td height="0" width="224" ><cfinput name="password" type="password" maxlength="10" maxchars="7"/></td>

logprocess.cfm---
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
Bad Login<br>
Click <a href="login.cfm">Here</a> to try again.  New users please <a href="register.cfm">register</a>!
</CFIF>

Application.cfm----

<CFAPPLICATION NAME="x" sessionmanagement="YES" setclientcookies="yes" clientmanagement="NO"  SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Screencast - Getting to Know the Pipeline

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question