Solved

Login Page/Process/Application: Creating multi-level permissions or access. 500

Posted on 2006-11-30
3
424 Views
Last Modified: 2013-12-24
I am trying to figure out how to create two user groups whom have different priveleges and essentially different menus.

1. Administrator
2. Registered Users

I have been testing the cfswitch and cfcase tags; however, have a problem implementing them. Any suggestions or any formats that you can share will be greatly appreciated!
Experienced insight please.

-----------------------------------------------------------------
<cfswitch expression="#usergroup#">

<cfcase value="1">
 <cfinclude template="protectedgrouppages/page1.cfm">
</cfcase>
<cfcase value="2">
  <cfinclude template="protectedgrouppages/page2.cfm">
</cfcase>
... more cfcase as neccesary ..
<cfdefaultcase>
place an error like "there is no such user group"
</cfdefaultcase>
</cfswitch>
---------------------------------------------------------------

logprocess.cfm
------------------

<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
<CFLOCATION url="badlogin.cfm">
</CFIF>

Application.cfm
-------------
<CFAPPLICATION NAME="x" sessionmanagement="YES" clientmanagement="NO" setclientcookies="YES" SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0
Comment
Question by:sjha81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 25

Accepted Solution

by:
James Rodgers earned 400 total points
ID: 18044932
how do you define these users, at account creation, by a site admin, some other method?


log on
i do this as
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
</cfquery>

<CFIF x.RecordCount GT 0>
registered user - check pass
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
bad password message
<cfelse>
bad user message
</CFIF>
allows for greater control of the types of mesasges passed to the user, 'we could not find you in our database- please register.' or 'invalid password', your method only allows for one message

now to set users
there are two methods i have used - a user type/userlevel combination and a defined access method
in teh user type/user level method the menu items were set so that if a user was of a specified level or higher then they would see enu options based on their level combined with a user type so i could have users and admins (type) but could also control the options by giving different levels of access within each type

but i prefered and would recommend the defined access method
in this case we used a user table and a menu table with a user_menu bridge, it allowed for more flexibilitty in detemining access as we could set any user to access any option or not
when teh user registered a default was set and tehn through request the admin could cutomize the user menu

these methods worked for ous as we had more than two types of users and this level of customization was required to accomodate different access
0
 
LVL 20

Assisted Solution

by:trailblazzyr55
trailblazzyr55 earned 100 total points
ID: 18045480
here's a couple different tutorials which are good for building an authentication system, few different approaches here to give you some options...

http://tutorial67.easycfm.com/      (uses cflogin)

http://tutorial452.easycfm.com/   (so users can only be logged in on one machine at a time)

http://tutorial424.easycfm.com/   (login using a CFC, no roles though, but can be added fairly easily)
0
 

Author Comment

by:sjha81
ID: 18049581
Im back... Sorry for the late reply, I had to sleep

I tried my page today but it doesnt seem to work.  Firefox keeps giving me the messsage:
The page isn't redirecting properly  

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
     
    *   This problem can sometimes be caused by disabling or refusing to accept
          cookies.

Why is this happening?

I think it might have something to do with the directory structure?
These three files are in /secure
--- login.cfm
 <cfform
            name="x"
            method="post"
            action="logprocess.cfm">       
        <tr>
          <td height="0" width="225" class="text" align="center">Username</td>

            <td height="0" width="224" >
            
                  <cfinput name="username" type="text" maxlength="10" maxchars="10" /></td>
        </tr>
        <tr>
          <td height="0" class="text" align="center" >Password</td>
        <td height="0" width="224" ><cfinput name="password" type="password" maxlength="10" maxchars="7"/></td>

logprocess.cfm---
<cfquery datasource="real" name="x">
    SELECT *
    FROM users
    WHERE (trim(users.username)='#trim(FORM.username)#')
    AND (trim(users.password)='#trim(FORM.password)#')
</cfquery>

<CFIF x.RecordCount GT 0>
<CFSET Session.loggedIn=True>
<CFLOCATION url="../secure2/index.cfm" addtoken="No">
<CFELSE>
Bad Login<br>
Click <a href="login.cfm">Here</a> to try again.  New users please <a href="register.cfm">register</a>!
</CFIF>

Application.cfm----

<CFAPPLICATION NAME="x" sessionmanagement="YES" setclientcookies="yes" clientmanagement="NO"  SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 15, 0)#">

<CFPARAM NAME="Session.loggedIn" DEFAULT="False">
<CFIF ((Session.loggedIn IS "False") AND (NOT (FindNoCase("logprocess", "#CGI.SCRIPT_NAME#"))))>
<CFLOCATION url="login.cfm" addtoken="no">
</cfif>

0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question