Coldfusion Login problem
Hello experts.
I have a problem with my login page and it has to do with the session.allowin parameter.
When i delete the code :<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>..
it is working again.i log in -enable again the deleted code and it is working
Any help??
I have a problem with my login page and it has to do with the session.allowin parameter.
When i delete the code :<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>..
it is working again.i log in -enable again the deleted code and it is working
Any help??
LogIn page
<cfparam name="VARIABLES.loginPassed" type="boolean" default="FALSE">
<cfset VARIABLES.myTimeVar="#dateformat(now(),'mmm dd yyyy') & ' ' & timeformat(now(),'h:mmtt')#">
<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>
<!--- IF not, lets check for a cookie --->
<cfelseif isDefined("COOKIE.AutoLogIn") AND isDefined("COOKIE.lemail")>
<!--- check cookie against database --->
<cfquery name="CheckPerson" datasource="#dsn#">
SELECT User_id,Cookietime
FROM users
WHERE Email = <cfqueryparam cfsqltype="cf_sql_varchar" value="#COOKIE.lemail#">
</cfquery>
<!--- Make sure cookieTime's are in the same format --->
<cfset VARIABLES.DBCookieTime = DateFormat(CheckPerson.CookieTime,"yyyy mm dd") & TimeFormat(CheckPerson.CookieTime,"HH:mm:ss")>
<cfset VARIABLES.ClientCookieTime = DateFormat(COOKIE.COOKIETIME,"yyyy mm dd") & TimeFormat(COOKIE.COOKIETIME,"HH:mm:ss")>
<!--- if 1 record is found, we have a valid login --->
<cfif CheckPerson.recordCount EQ 1 AND VARIABLES.DBCookieTime EQ VARIABLES.ClientCookieTime>
<cfset VARIABLES.loginPassed = TRUE>
<!--- if we didnt find 1 record, our cookie is out of sync... remove the autologin, and proceed to login --->
<cfelse>
<cfcookie name="AutoLogIn" expires="now">
</cfif>
<!--- Do the following if the form is submitted. --->
<cfelseif IsDefined("Form.lEmail")>
<cfset VARIABLES.hashedPass = Hash(Form.luserpassword, "SHA")>
<!--- Create our checkboxs if they do not exist --->
<cfparam name="form.rememberme" default="">
<cfparam name="form.AutoLogIn" default="">
<!--- query the data base. --->
<cfquery name="CheckPerson" datasource="#dsn#">
SELECT Password, email, user_ID
FROM users
WHERE email = <cfqueryparam value="#Form.lemail#" cfsqltype="CF_SQL_VARCHAR">
AND Password = <cfqueryparam value="#VARIABLES.hashedPass#" cfsqltype="cf_sql_varchar">
</cfquery>
<!--- User is authorized from the form --->
<cfif CheckPerson.recordCount EQ 1>
<cfset VARIABLES.loginPassed = TRUE>
<!--- <cfset myTimeVar="#now()#"> --->
<!--- Handle cookies in all uppercase --->
<!--- Check if rememberme or AutoLogIn hold positive values --->
<cfif Form.rememberme EQ 1 OR Form.AutoLogIn EQ 1>
<CFCOOKIE name="LEMAIL" value="#Form.lemail#" expires="never">
<CFCOOKIE name="REMEMBERME" value="1" expires="never">
<!--- if AutoLogIn, add login cookies --->
<cfif Form.AutoLogIn EQ 1>
<CFCOOKIE name="AUTOLOGIN" value="1" expires="never">
<CFCOOKIE name="COOKIETIME" value="#myTimeVar#" expires="never">
<cfelse>
<CFCOOKIE name="AUTOLOGIN" expires="now">
<CFCOOKIE name="COOKIETIME" expires="now">
</cfif>
<!--- Otherwise if user wishes to remain anonymous, remove these client cookies --->
<cfelse>
<CFCOOKIE name="LEMAIL" expires="now">
<CFCOOKIE name="REMEMBERME" expires="now">
<CFCOOKIE name="AUTOLOGIN" expires="now">
<CFCOOKIE name="COOKIETIME" expires="now">
</cfif>
<!--- Handle database updates --->
<cfquery name="setCookietime" datasource="#dsn#">
Update users
SET <cfif Form.AutoLogIn EQ 1>
CookieTime = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">,</cfif>
LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
</cfquery>
<!--- User failed authorization from the form --->
<cfelse>
<cflocation url = "Login.cfm?Error=30" addtoken="no">
</cfif>
</cfif>
<!--- If the user was authorized from any of the above steps, proceed with login --->
<cfif VARIABLES.loginPassed>
<cfset session.allowin = "True">
<cfset session.user_id = CheckPerson.user_id>
<cfquery name="LastLogIn" datasource="#dsn#">
Update users
SET
LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
</cfquery>
<cflocation url="user/welcome.cfm" addtoken="no">
</cfif>
The application.cfm
<CFSETTING ENABLECFOUTPUTONLY="Yes">
<cfset REQUEST.sDSN="carfree24">
<cfapplication clientmanagement="Yes"
sessiontimeout="#CreateTimeSpan(0,0,15,0)#"
applicationtimeout="#CreateTimeSpan(0,2,0,0)#"
sessionmanagement="yes"
setclientcookies="yes"/>
<cfif not isDefined("SESSION.cfoMyPark")>
<cfset SESSION.cfoMyPark = createObject("component","Mypark")>
</cfif>
<!--- Now define that this user is logged out by default --->
<CFPARAM NAME="session.allowin" DEFAULT="false">
<CFPARAM NAME="session.user_id" type="numeric" DEFAULT="0">
<CFSETTING ENABLECFOUTPUTONLY="no">
<!--- check logged in users --->
<cflock timeout="15" scope="APPLICATION" type="EXCLUSIVE">
<cfif NOT isDefined("Application.UsersInfo")>
<cfset Application.UsersInfo = StructNew()>
</cfif>
</cflock>
<cflock name="#CreateUUID()#" timeout="15" type="EXCLUSIVE">
<cfset user_cfid = Evaluate(CFID)>
<cfset user_time = Now()>
</cflock>
ASKER
Hi gdemaria.
How can i fix this?
How can i fix this?
You could try removing the cflocation and allowing the page to drop through to whereever the URL is already pointing.. and have the welcome page the default home page
You could try doing a <CFINCLUDE on the welcome page, you may need a CFABORT after it.. I don't love this method unless it's the login.cfm page
You could try doing a <CFINCLUDE on the welcome page, you may need a CFABORT after it.. I don't love this method unless it's the login.cfm page
ASKER
Hi gdemaria.
I don't know what the <session.allowin> is doing.
As i said the code is working fine when i'm disabling the first lines:
<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>
<!--- IF not, lets check for a cookie --->
and begin the next line with a <cfif tag.
I want to keep the redirect function (cflocation).
When i want to go to the insertpage for example and i'm not logged in i 'm redirected to the login page.Now when i'have checked the autogin i can be redirected to the insertpage again as a logged user.
I don't know what the <session.allowin> is doing.
As i said the code is working fine when i'm disabling the first lines:
<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>
<!--- IF not, lets check for a cookie --->
and begin the next line with a <cfif tag.
I want to keep the redirect function (cflocation).
When i want to go to the insertpage for example and i'm not logged in i 'm redirected to the login page.Now when i'have checked the autogin i can be redirected to the insertpage again as a logged user.
Could you please say what problem it is you're having?
Does it throw an error? Is it not keeping a login?
Does it throw an error? Is it not keeping a login?
ASKER
The autogin cookie exists
The cookie.cookietime exists
The rememberme cookie exists.
The lemail cookie exists
Now when i log out and then login i 'm redirected to the welcome page.The problem is that there is not set the session user.id.
So i have the default value 0.
The error i had was because i did not allow someone to go to the welcome page if he was not logged in and i did redirect to the login.page and so i had an error redirect loop.
Now i have disabled this code and the welcome page is opening but as i sad i have not the user logged in to have his id.
The cookie.cookietime exists
The rememberme cookie exists.
The lemail cookie exists
Now when i log out and then login i 'm redirected to the welcome page.The problem is that there is not set the session user.id.
So i have the default value 0.
The error i had was because i did not allow someone to go to the welcome page if he was not logged in and i did redirect to the login.page and so i had an error redirect loop.
Now i have disabled this code and the welcome page is opening but as i sad i have not the user logged in to have his id.
I didn't look at the code closely but if the problem is due to the cflocation issue gd mentioned you can replace cflocation with
<META HTTP-EQUIV=Refresh CONTENT="1; URL=user/welcome.cfm">
<META HTTP-EQUIV=Refresh CONTENT="1; URL=user/welcome.cfm">
ASKER
It did not solve the problem!
You can test to see if your page is login.cfm by using this...
If you place this at the top of the page where you test if the user is logged in, then it can allow the login to be viewed.
<cfif cgi.script_name is "/login.cfm">
<cfexit> <!--- do not authenticate this page --->
</cfif>
Speaking of testing if the user is logged in, I don't see this part. I read at the top of your code the page names, and found that you seem to be testing if a user is logged in WITHIN your login.cfm page. Shouldn't you test if the user is logged-in in your application.cfm page?
Anyway, I know I am changing the topic. The reason your session.user_id is not getting set is because of the redirect performed immediately after it. That's why I bring up where you're doing this processing. If you did it in yourapplication.cfm file, then you would probably not need a redirect and you could login from any page..
If you place this at the top of the page where you test if the user is logged in, then it can allow the login to be viewed.
<cfif cgi.script_name is "/login.cfm">
<cfexit> <!--- do not authenticate this page --->
</cfif>
Speaking of testing if the user is logged in, I don't see this part. I read at the top of your code the page names, and found that you seem to be testing if a user is logged in WITHIN your login.cfm page. Shouldn't you test if the user is logged-in in your application.cfm page?
Anyway, I know I am changing the topic. The reason your session.user_id is not getting set is because of the redirect performed immediately after it. That's why I bring up where you're doing this processing. If you did it in yourapplication.cfm file, then you would probably not need a redirect and you could login from any page..
ASKER
Sorry for the late responde.I had to leave for 1 hour.
Can you make changes to my application.cfm to see that way please?
Can you make changes to my application.cfm to see that way please?
Rather than reinventing the wheel, can you show me where you have the login check? For example, if I try to navigate to page xyz.cfm how do you test that I am logged in for that page?
It may be easier to work from where you are, rather than change your direction completely..
It may be easier to work from where you are, rather than change your direction completely..
ASKER
Hi gdemaria
Sorry i make it to difficult for you.
Here the code.
Sorry i make it to difficult for you.
Here the code.
The Application.cfm
<!--- Define that this user is logged out by default --->
<CFPARAM NAME="session.allowin" DEFAULT="false">
<!--- Now define this user id to zero by default, this will be used later on to access specific information about this user. --->
<CFPARAM NAME="session.user_id" type="numeric" DEFAULT="0">
<CFSET request.dsn = "myDB">
<CFSETTING ENABLECFOUTPUTONLY="Yes">
<cfset REQUEST.sDSN="myDB">
<cfapplication clientmanagement="Yes"
sessiontimeout="#CreateTimeSpan(0,0,15,0)#"
applicationtimeout="#CreateTimeSpan(0,2,0,0)#"
sessionmanagement="yes"
setclientcookies="yes"/>
<cfif not isDefined("SESSION.cfoMyPark")>
<cfset SESSION.cfoMyPark = createObject("component","Mypark")>
</cfif>
<CFSETTING ENABLECFOUTPUTONLY="no">
<!--- check logged in users --->
<cflock timeout="15" scope="APPLICATION" type="EXCLUSIVE">
<cfif NOT isDefined("Application.UsersInfo")>
<cfset Application.UsersInfo = StructNew()>
</cfif>
</cflock>
<cflock name="#CreateUUID()#" timeout="15" type="EXCLUSIVE">
<cfset user_cfid = Evaluate(CFID)>
<cfset user_time = Now()>
</cflock>
<cflock scope="APPLICATION" type="EXCLUSIVE" timeout="15">
<cfif NOT StructKeyExists(Application.UsersInfo, user_cfid)>
<cfset temp = StructInsert(Application.UsersInfo, user_cfid, user_time)>
</cfif>
</cflock>
<cflock scope="APPLICATION" type="EXCLUSIVE" timeout="15">
<cfloop collection="#Application.UsersInfo#" item="itmUser">
<cfif
Evaluate(DateDiff("n", StructFind(Application.UsersInfo, itmUser), Now())) GT 10>
<cfset StructDelete(Application.UsersInfo, itmUser)>
</cfif>
</cfloop>
</cflock>
<!--- end--->
The login.cfm:
<cfparam name="VARIABLES.loginPassed" type="boolean" default="FALSE">
<cfset VARIABLES.myTimeVar="#dateformat(now(),'mmm dd yyyy') & ' ' & timeformat(now(),'h:mmtt')#">
<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE> --->
<!--- IF not, lets check for a cookie --->
<cfelseif isDefined("COOKIE.AutoLogIn") AND isDefined("COOKIE.lemail")>
<!--- check cookie against database --->
<cfquery name="CheckPerson" datasource="#request.dsn#">
SELECT User_id,Cookietime
FROM users
WHERE Email = <cfqueryparam cfsqltype="cf_sql_varchar" value="#COOKIE.lemail#">
</cfquery>
<!--- Make sure cookieTime's are in the same format --->
<cfset VARIABLES.DBCookieTime = DateFormat(CheckPerson.CookieTime,"yyyy mm dd") & TimeFormat(CheckPerson.CookieTime,"HH:mm:ss")>
<cfset VARIABLES.ClientCookieTime = DateFormat(COOKIE.COOKIETIME,"yyyy mm dd") & TimeFormat(COOKIE.COOKIETIME,"HH:mm:ss")>
<!--- if 1 record is found, we have a valid login --->
<cfif CheckPerson.recordCount EQ 1 AND VARIABLES.DBCookieTime EQ VARIABLES.ClientCookieTime>
<cfset VARIABLES.loginPassed = TRUE>
<!--- if we didnt find 1 record, our cookie is out of sync... remove the autologin, and proceed to login --->
<cfelse>
<cfcookie name="AutoLogIn" expires="now">
</cfif>
<!--- Do the following if the form is submitted. --->
<cfelseif IsDefined("Form.lEmail")>
<cfset VARIABLES.hashedPass = Hash(Form.luserpassword, "SHA")>
<!--- Create our checkboxs if they do not exist --->
<cfparam name="form.rememberme" default="">
<cfparam name="form.AutoLogIn" default="">
<!--- query the data base. --->
<cfquery name="CheckPerson" datasource="#request.dsn#">
SELECT Password, email, user_ID
FROM users
WHERE email = <cfqueryparam value="#Form.lemail#" cfsqltype="CF_SQL_VARCHAR">
AND Password = <cfqueryparam value="#VARIABLES.hashedPass#" cfsqltype="cf_sql_varchar">
</cfquery>
<!--- User is authorized from the form --->
<cfif CheckPerson.recordCount EQ 1>
<cfset VARIABLES.loginPassed = TRUE>
<!--- <cfset myTimeVar="#now()#"> --->
<!--- Handle cookies in all uppercase --->
<!--- Check if rememberme or AutoLogIn hold positive values --->
<cfif Form.rememberme EQ 1 OR Form.AutoLogIn EQ 1>
<CFCOOKIE name="LEMAIL" value="#Form.lemail#" expires="never">
<CFCOOKIE name="REMEMBERME" value="1" expires="never">
<!--- if AutoLogIn, add login cookies --->
<cfif Form.AutoLogIn EQ 1>
<CFCOOKIE name="AUTOLOGIN" value="1" expires="never">
<CFCOOKIE name="COOKIETIME" value="#myTimeVar#" expires="never">
<cfelse>
<CFCOOKIE name="AUTOLOGIN" expires="now">
<CFCOOKIE name="COOKIETIME" expires="now">
</cfif>
<!--- Otherwise if user wishes to remain anonymous, remove these client cookies --->
<cfelse>
<CFCOOKIE name="LEMAIL" expires="now">
<CFCOOKIE name="REMEMBERME" expires="now">
<CFCOOKIE name="AUTOLOGIN" expires="now">
<CFCOOKIE name="COOKIETIME" expires="now">
</cfif>
<!--- Handle database updates --->
<cfquery name="setCookietime" datasource="#request.dsn#">
Update users
SET <cfif Form.AutoLogIn EQ 1>
CookieTime = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">,</cfif>
LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
</cfquery>
<!--- User failed authorization from the form --->
<cfelse>
<cflocation url = "Login.cfm?Error=30" addtoken="no">
</cfif>
</cfif>
<!--- If the user was authorized from any of the above steps, proceed with login --->
<cfif VARIABLES.loginPassed EQ TRUE>
<cfset session.allowin = "True">
<cfset session.user_id = CheckPerson.user_id>
<cfquery name="LastLogIn" datasource="#request.dsn#">
Update users
SET
LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
</cfquery>
<cflocation url="user/welcome.cfm" addtoken="no">
</cfif>
On the page where i'm testing if user is looged id (f.e welcome page)
<cfif session.user_ID EQ 0 >
<cflocation url="../LogIn.cfm" >
</cfif> .....
I remind you that if begin the login page code with:
<!--- IF not, lets check for a cookie --->
<cfif isDefined("COOKIE.AutoLogIn") AND isDefined("COOKIE.lemail")>....
and not include the first :
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>
i have no errors. end the redirect is working fine.
I don't know if this is the best way for security.
If you have any suggestion please help me.
ASKER
A little mistace!!!
I have no errors if i don't include:
<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>
and begin of course with cfif and not cfelseif the next line
I have no errors if i don't include:
<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>
and begin of course with cfif and not cfelseif the next line
panosms, where is it you test to see if a person is logged in?
If they are not logged in, you then send them to the login page...
You're not showing this, as far as I can see.
Or perhaps you don't have that yet?
If I were to go to a page on your site, such as www.yoursite.com/abc.cfm
would I be sent to the login page if I had not logged in yet?
If they are not logged in, you then send them to the login page...
You're not showing this, as far as I can see.
Or perhaps you don't have that yet?
If I were to go to a page on your site, such as www.yoursite.com/abc.cfm
would I be sent to the login page if I had not logged in yet?
ASKER
Hi gdemaria.
I have one area where i don't have to be logged in,like where i can search something and one area where the user has to be logged in such as page where someone can insert data or update data.
So only these pages have the :
<cfif session.user_ID EQ 0 >
<cflocation url="../LogIn.cfm" >
</cfif> .....
I have one area where i don't have to be logged in,like where i can search something and one area where the user has to be logged in such as page where someone can insert data or update data.
So only these pages have the :
<cfif session.user_ID EQ 0 >
<cflocation url="../LogIn.cfm" >
</cfif> .....
Okay! That's what I wanted to know, thanks!
There are a few ways to do it. Here is one of them.
You can add code like the below into your application.cfm file.
The variable securePages is a list of the .cfm files that need to be secure.
This is practicle if you don't have too many of them. You could also make a list of the ones that do NOT have to be secure if its a shorter list.
Another way to do it is to put all secure pages inside a particular folder.
Not sure how you are setup, might this work for you?
There are a few ways to do it. Here is one of them.
You can add code like the below into your application.cfm file.
The variable securePages is a list of the .cfm files that need to be secure.
This is practicle if you don't have too many of them. You could also make a list of the ones that do NOT have to be secure if its a shorter list.
Another way to do it is to put all secure pages inside a particular folder.
Not sure how you are setup, might this work for you?
<!--- make a list of your secure pages ---->
<cfset variables.securePages = "accounts,shopCart,myProfile">
<cfparam name="session.user_id" default="0">
<cfif listFindNoCase(variables.securePages,listFirst(listLast(cgi.script_name,"/\"),".") and val(session.user_id) eq 0>
<cfinclude template="login.cfm">
<cfabort>
</cfif>
ASKER
Gdemaria.
I have the secure pages in folders.
I have the secure pages in folders.
ASKER
What is the difference if i'm writing on top of each of these pages the
<cfif session.user_ID EQ 0 >
<cflocation url="../LogIn.cfm" >
</cfif> .....?
<cfif session.user_ID EQ 0 >
<cflocation url="../LogIn.cfm" >
</cfif> .....?
Right, good question.
The problem we are trying to fix is the redirect after login. That is keeping your session variable from taking hold.
In the sample I posted, the application.cfm file does a cfinclude to login, when the user posts the form in the login, he will no longer need to redirect to the page because we will also move the login validation to the application.cfm file.
If you prefer, we will try to fix it another way before going down this road.
Give me a minute to post something else...
The problem we are trying to fix is the redirect after login. That is keeping your session variable from taking hold.
In the sample I posted, the application.cfm file does a cfinclude to login, when the user posts the form in the login, he will no longer need to redirect to the page because we will also move the login validation to the application.cfm file.
If you prefer, we will try to fix it another way before going down this road.
Give me a minute to post something else...
note:
you should change this..
<cflocation url="../LogIn.cfm" >
to this..
<cflocation url="../LogIn.cfm" addToken="no">
You don't want your session information ending up on your URL.
To do it the "other" way ... after processing their login (and seting the sesion user_id) display this page. Do not redirect to this page, just show it in the browser using cfinclude.
This page will show the user a brief "processing" message and then redirect to your welcome page. The session variable should stick.
If it does not work, please paste in your code with these changes made.
Note: this is Sid's recommendation above.
This page will show the user a brief "processing" message and then redirect to your welcome page. The session variable should stick.
If it does not work, please paste in your code with these changes made.
Note: this is Sid's recommendation above.
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<META HTTP-EQUIV=Refresh CONTENT="1; URL=/user/welcome.cfm">
</head>
<body>
Processing login...<br>
<br>
This page will reload within 5 seconds.<br>
If the page does not reload in 10 seconds, <br>
please <a href="/user/welcome.cfm">click here</a> to continue.
</body>
</html>ASKER
By the way i have an error using the code in the application.cfm
ColdFusion was looking at the following text:
>
The CFML compiler was processing:
* An expression beginning with listFindNoCase, on line 21, column 7.This message is usually caused by a problem in the expressions structure.
* A cfif tag beginning on line 21, column 2.
<cfparam name="session.user_id" default="0">
21 : <cfif listFindNoCase(variables.s
22 : <cfinclude template="login.cfm" addToken="no">
23 : <cfabort>
ColdFusion was looking at the following text:
>
The CFML compiler was processing:
* An expression beginning with listFindNoCase, on line 21, column 7.This message is usually caused by a problem in the expressions structure.
* A cfif tag beginning on line 21, column 2.
<cfparam name="session.user_id" default="0">
21 : <cfif listFindNoCase(variables.s
22 : <cfinclude template="login.cfm" addToken="no">
23 : <cfabort>
a closing paranthesis ) is missing in the CFIF line
<cfif listFindNoCase(variables.s
<cfif listFindNoCase(variables.s
ASKER
Using the first code <!--- make a list of your secure pages ---->
<cfset variables.securePages = "index,InsertAgra,InsertBu
<cfif listFindNoCase(variables.s
<cfinclude template="login.cfm" >
<cfabort>
</cfif>
I tried to go to login page but it did not redirect to the login page.It opens the login page but with nothing on it.
<cfset variables.securePages = "index,InsertAgra,InsertBu
<cfif listFindNoCase(variables.s
<cfinclude template="login.cfm" >
<cfabort>
</cfif>
I tried to go to login page but it did not redirect to the login page.It opens the login page but with nothing on it.
where is your login FORM ? Where you ask the username and password?
I assumed it is in your login.cfm file, but looking back as your initial post, it doesnt' seem to be there?
Both approaches need additional information from me.
Please choose an approach - I think the second approach will allow you to make fewer changes to your code.
I assumed it is in your login.cfm file, but looking back as your initial post, it doesnt' seem to be there?
Both approaches need additional information from me.
Please choose an approach - I think the second approach will allow you to make fewer changes to your code.
ASKER
Ok then.
A help with the other way.
If i have understand it i must make a new file the posted html code.
what are the changes here:
<!--- If the user was authorized from any of the above steps, proceed with login --->
<cfif VARIABLES.loginPassed EQ TRUE>
<cfset session.allowin = "True">
<cfset session.user_id = CheckPerson.user_id>
<cfquery name="LastLogIn" datasource="#request.dsn#"
Update users
SET
LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestam
WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer"
</cfquery>
<cflocation url="user/welcome.cfm" addtoken="no">
</cfif>
And where do i have to put the cfinclude tag?
A help with the other way.
If i have understand it i must make a new file the posted html code.
what are the changes here:
<!--- If the user was authorized from any of the above steps, proceed with login --->
<cfif VARIABLES.loginPassed EQ TRUE>
<cfset session.allowin = "True">
<cfset session.user_id = CheckPerson.user_id>
<cfquery name="LastLogIn" datasource="#request.dsn#"
Update users
SET
LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestam
WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer"
</cfquery>
<cflocation url="user/welcome.cfm" addtoken="no">
</cfif>
And where do i have to put the cfinclude tag?
replace this line
<cflocation url="user/welcome.cfm" addtoken="no">
with the include that shows the HTML page...
<cfinclude template="showProcessing.c
<cfexit> <!--- stop processing this page ---->
</cfif>
<cflocation url="user/welcome.cfm" addtoken="no">
with the include that shows the HTML page...
<cfinclude template="showProcessing.c
<cfexit> <!--- stop processing this page ---->
</cfif>
ASKER
I have again the first first problem
I need to disable again this:
<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>
Something is wrong with the session.allowin EQ TRUE. or StructNew()
The Browsers sees that session.allowin EQ TRUE.
So it goes then to bottom of the code where:
<cfif VARIABLES.loginPassed EQ TRUE>
<cfset session.allowin = "True">
<cfset session.user_id = CheckPerson.user_id>
<cfquery name="LastLogIn" datasource="#request.dsn#"
Update users
SET
LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestam
WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer"
</cfquery>
<cfinclude template="showProcessing.c
<cfexit>
</cfif>
But if i understand what is going on the problem is here: <cfset session.user_id = CheckPerson.user_id>
There is no session.user_id different than 0!
If there was a session.user_id NEQ 0 than it would work.
That's why if i start the code work from
<cfif isDefined("COOKIE.AutoLogI
and i have no problem.
I don't know if i do need all the stuff with session.allowin.
Is this neccesary?
I need to disable again this:
<cfif session.allowin EQ TRUE>
<!--- Fake a new login --->
<cfset CheckPerson = StructNew()>
<cfset CheckPerson.user_id = session.user_id>
<cfset VARIABLES.loginPassed = TRUE>
Something is wrong with the session.allowin EQ TRUE. or StructNew()
The Browsers sees that session.allowin EQ TRUE.
So it goes then to bottom of the code where:
<cfif VARIABLES.loginPassed EQ TRUE>
<cfset session.allowin = "True">
<cfset session.user_id = CheckPerson.user_id>
<cfquery name="LastLogIn" datasource="#request.dsn#"
Update users
SET
LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestam
WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer"
</cfquery>
<cfinclude template="showProcessing.c
<cfexit>
</cfif>
But if i understand what is going on the problem is here: <cfset session.user_id = CheckPerson.user_id>
There is no session.user_id different than 0!
If there was a session.user_id NEQ 0 than it would work.
That's why if i start the code work from
<cfif isDefined("COOKIE.AutoLogI
and i have no problem.
I don't know if i do need all the stuff with session.allowin.
Is this neccesary?
It seems that session.allowIn is a flag to say whether or not the user is logged in. It seems unnecesary to have that extra variable when you could just check for session.user_id being > 0
But the question is... if you take away the session.allowIn part, which part of the code is being run instead? Are you saying that it uses the cookie.autologin part of the CFIF statement? If Yes, then that isn't really solving your login problem, it is using the auto-login feature instead of the login. It means your login is still not working (except for auto login).
But the question is... if you take away the session.allowIn part, which part of the code is being run instead? Are you saying that it uses the cookie.autologin part of the CFIF statement? If Yes, then that isn't really solving your login problem, it is using the auto-login feature instead of the login. It means your login is still not working (except for auto login).
Two things...
First, where is the login form? The form where the user types in his username and password. It doesn't seem to be in the login.cfm file?
Second, processing the auto login at the top of the login page, doesn't really seem to make sense to me. That means whenever the user's session expires, the will end up on the welcome page. The user comes back after a coffe break clicks a button and goes to "Welcome" - wouldn't that be confusing? If his login is automatic, shouldn't he be allowed to continue work rater than get redirected to Welcome?
First, where is the login form? The form where the user types in his username and password. It doesn't seem to be in the login.cfm file?
Second, processing the auto login at the top of the login page, doesn't really seem to make sense to me. That means whenever the user's session expires, the will end up on the welcome page. The user comes back after a coffe break clicks a button and goes to "Welcome" - wouldn't that be confusing? If his login is automatic, shouldn't he be allowed to continue work rater than get redirected to Welcome?
ASKER
The first cfif is about the autologin....
the second cfelseif is about the log in form.on the page (the rest of the page):
<form name="LogIn" action="#CGI.SCRIPT_NAME#"
Email Adresse:
<input type = "text" name="lemail" value="<cfif isdefined("cookie.lemail")
Password: <input name="luserpassword" type="password" value=""/><br>
remember me:
<input name="rememberme" type="checkbox" value="1"
<cfif isdefined("cookie.remember
Auto Log In:
<input name="AutoLogIn" type="checkbox" value="1"
<cfif isdefined("cookie.AutoLogI
<input type = "Submit" value = " Einloggen&nbs
</form>
The problem i have is when someone islogged in and types in the url login.cfm it does not redirect to the welcome page.
I can use there an cfif session.user_id Neq 0 to show the form cfelse the message you are allready logged in.
the second cfelseif is about the log in form.on the page (the rest of the page):
<form name="LogIn" action="#CGI.SCRIPT_NAME#"
Email Adresse:
<input type = "text" name="lemail" value="<cfif isdefined("cookie.lemail")
Password: <input name="luserpassword" type="password" value=""/><br>
remember me:
<input name="rememberme" type="checkbox" value="1"
<cfif isdefined("cookie.remember
Auto Log In:
<input name="AutoLogIn" type="checkbox" value="1"
<cfif isdefined("cookie.AutoLogI
<input type = "Submit" value = " Einloggen&nbs
</form>
The problem i have is when someone islogged in and types in the url login.cfm it does not redirect to the welcome page.
I can use there an cfif session.user_id Neq 0 to show the form cfelse the message you are allready logged in.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much for help.
It was very complicated for me and i made it too difficult for you.
regards
Pamos
It was very complicated for me and i made it too difficult for you.
regards
Pamos
Open in new window