Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Coldfusion Login problem

Posted on 2009-02-17
32
Medium Priority
?
228 Views
Last Modified: 2013-12-24
Hello experts.
I have a problem with my login page and it has to do with the session.allowin parameter.
When i delete the code :<cfif session.allowin EQ TRUE>
 
    <!--- Fake a new login --->
    <cfset CheckPerson = StructNew()>
    <cfset CheckPerson.user_id = session.user_id>    
    <cfset VARIABLES.loginPassed = TRUE>..
it is working again.i log in -enable again the deleted code and it is working
Any help??
LogIn page
<cfparam name="VARIABLES.loginPassed" type="boolean" default="FALSE">
<cfset VARIABLES.myTimeVar="#dateformat(now(),'mmm dd yyyy') & '  ' & timeformat(now(),'h:mmtt')#">
<cfif session.allowin EQ TRUE>
 
    <!--- Fake a new login --->
    <cfset CheckPerson = StructNew()>
    <cfset CheckPerson.user_id = session.user_id>    
    <cfset VARIABLES.loginPassed = TRUE>
    
<!--- IF not, lets check for a cookie --->
<cfelseif isDefined("COOKIE.AutoLogIn") AND isDefined("COOKIE.lemail")>
 
    <!--- check cookie against database --->
    <cfquery name="CheckPerson" datasource="#dsn#">
        SELECT User_id,Cookietime
        FROM users
        WHERE Email = <cfqueryparam cfsqltype="cf_sql_varchar" value="#COOKIE.lemail#">
    </cfquery>
    <!--- Make sure cookieTime's are in the same format --->
<cfset VARIABLES.DBCookieTime = DateFormat(CheckPerson.CookieTime,"yyyy mm dd") & TimeFormat(CheckPerson.CookieTime,"HH:mm:ss")>
<cfset VARIABLES.ClientCookieTime = DateFormat(COOKIE.COOKIETIME,"yyyy mm dd") & TimeFormat(COOKIE.COOKIETIME,"HH:mm:ss")>
 
    
    <!--- if 1 record is found, we have a valid login --->
<cfif CheckPerson.recordCount EQ 1 AND VARIABLES.DBCookieTime EQ VARIABLES.ClientCookieTime>
 
        <cfset VARIABLES.loginPassed = TRUE>
        
    <!--- if we didnt find 1 record, our cookie is out of sync... remove the autologin, and proceed to login --->
    <cfelse>
        <cfcookie name="AutoLogIn" expires="now">
  </cfif>
        
<!--- Do the following if the form is submitted. --->
<cfelseif IsDefined("Form.lEmail")>
    <cfset VARIABLES.hashedPass = Hash(Form.luserpassword, "SHA")>
    
    <!--- Create our checkboxs if they do not exist --->
    <cfparam name="form.rememberme" default="">
    <cfparam name="form.AutoLogIn" default="">
    
    <!--- query the data base. ---> 
    <cfquery name="CheckPerson" datasource="#dsn#">
        SELECT Password, email, user_ID
        FROM users
        WHERE email = <cfqueryparam value="#Form.lemail#" cfsqltype="CF_SQL_VARCHAR">
        AND Password = <cfqueryparam value="#VARIABLES.hashedPass#" cfsqltype="cf_sql_varchar">
    </cfquery>
    
    <!--- User is authorized from the form --->
    <cfif CheckPerson.recordCount EQ 1>
        <cfset VARIABLES.loginPassed = TRUE>
       <!---  <cfset myTimeVar="#now()#"> --->
        
        <!--- Handle cookies in all uppercase --->
        
        <!--- Check if rememberme or AutoLogIn hold positive values --->
        <cfif Form.rememberme EQ 1  OR Form.AutoLogIn EQ 1>
            <CFCOOKIE name="LEMAIL" value="#Form.lemail#" expires="never">
            <CFCOOKIE name="REMEMBERME" value="1" expires="never">
            
            <!--- if AutoLogIn, add login cookies --->
            <cfif Form.AutoLogIn EQ 1>
                <CFCOOKIE name="AUTOLOGIN" value="1" expires="never">
                <CFCOOKIE name="COOKIETIME" value="#myTimeVar#" expires="never">
            <cfelse>
                <CFCOOKIE name="AUTOLOGIN" expires="now">
                <CFCOOKIE name="COOKIETIME" expires="now">
            </cfif>
            
        <!--- Otherwise if user wishes to remain anonymous, remove these client cookies --->
        <cfelse>
            <CFCOOKIE name="LEMAIL" expires="now">
            <CFCOOKIE name="REMEMBERME" expires="now">
            <CFCOOKIE name="AUTOLOGIN" expires="now">
            <CFCOOKIE name="COOKIETIME" expires="now">
        </cfif>
        
        <!--- Handle database updates --->
        
        <cfquery name="setCookietime" datasource="#dsn#">
            Update users
            SET <cfif Form.AutoLogIn EQ 1>
            CookieTime = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">,</cfif>
			LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
			WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
        </cfquery>
    
    <!--- User failed authorization from the form --->
    <cfelse>
        <cflocation url = "Login.cfm?Error=30" addtoken="no">
    </cfif>
</cfif>
 
<!--- If the user was authorized from any of the above steps, proceed with login --->
<cfif VARIABLES.loginPassed>
  <cfset session.allowin = "True">
    <cfset session.user_id = CheckPerson.user_id>
    <cfquery name="LastLogIn" datasource="#dsn#">
            Update users
            SET 
			LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
			WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
        </cfquery>
    <cflocation url="user/welcome.cfm" addtoken="no">
</cfif> 
 
The application.cfm
<CFSETTING ENABLECFOUTPUTONLY="Yes">
<cfset REQUEST.sDSN="carfree24">
<cfapplication clientmanagement="Yes" 
               sessiontimeout="#CreateTimeSpan(0,0,15,0)#"
               applicationtimeout="#CreateTimeSpan(0,2,0,0)#"
               sessionmanagement="yes"
               setclientcookies="yes"/>
 <cfif not  isDefined("SESSION.cfoMyPark")>
	<cfset SESSION.cfoMyPark = createObject("component","Mypark")>
</cfif> 
 
<!--- Now define that this user is logged out by default --->
<CFPARAM NAME="session.allowin" DEFAULT="false">
<CFPARAM NAME="session.user_id"  type="numeric" DEFAULT="0">
 
<CFSETTING ENABLECFOUTPUTONLY="no">
 
<!--- check logged in users --->
<cflock timeout="15" scope="APPLICATION" type="EXCLUSIVE">
    <cfif NOT isDefined("Application.UsersInfo")>
          <cfset Application.UsersInfo = StructNew()>
    </cfif>
</cflock>
 
<cflock name="#CreateUUID()#" timeout="15" type="EXCLUSIVE">
      <cfset user_cfid = Evaluate(CFID)>
      <cfset user_time = Now()>
</cflock>

Open in new window

0
Comment
Question by:Panos
  • 16
  • 15
32 Comments
 
LVL 39

Expert Comment

by:gdemaria
ID: 23666589
You can't do a <cflocation..  redirect  after setting a session variable, the session variable won't stick.   Session variables (as with cookies) require the request to complete in order to set the value, by redirecting, the request doesn't end so the variable may not be set.
<cfif VARIABLES.loginPassed>
  <cfset session.allowin = "True">
    <cfset session.user_id = CheckPerson.user_id>
    <cfquery name="LastLogIn" datasource="#dsn#">
            Update users
            SET 
			LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
			WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
        </cfquery>
    <cflocation url="user/welcome.cfm" addtoken="no">
</cfif> 
 

Open in new window

0
 
LVL 2

Author Comment

by:Panos
ID: 23669151
Hi gdemaria.
How can i fix this?
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23670741
You could try removing the cflocation and allowing the page to drop through to whereever the URL is already pointing..  and have the welcome page the default home page

You could try doing a <CFINCLUDE on the welcome page, you may need a CFABORT after it..  I don't love this method unless it's the login.cfm page
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 2

Author Comment

by:Panos
ID: 23671988
Hi gdemaria.
I don't know what the <session.allowin> is doing.
As i said the code is working fine when i'm disabling the first lines:
<cfif session.allowin EQ TRUE>
 
    <!--- Fake a new login --->
    <cfset CheckPerson = StructNew()>
    <cfset CheckPerson.user_id = session.user_id>    
    <cfset VARIABLES.loginPassed = TRUE>
   
<!--- IF not, lets check for a cookie --->
and begin the next line with a <cfif tag.
I want to keep the redirect function (cflocation).
When i want to go to the insertpage for example and i'm not logged in i 'm redirected to the login page.Now when i'have checked the autogin i can be redirected to the insertpage again as a logged user.
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23672169
Could you please say what problem it is you're having?
Does it throw an error?  Is it not keeping a login?
0
 
LVL 2

Author Comment

by:Panos
ID: 23672472
The autogin cookie exists
The cookie.cookietime exists
The rememberme cookie exists.
The lemail cookie exists
Now when i log out and then login i 'm redirected to the welcome page.The problem is that there is not set the session user.id.
So i have the default value 0.
The error i had was because i did not allow someone  to go to the welcome page if he was not logged in and i did redirect to the login.page and so i had an error redirect loop.
Now i have disabled this code and the welcome page is opening but as i sad i have not the user logged in to have his id.
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 23672657
I didn't look at the code closely but if the problem is due to the cflocation issue gd mentioned you can replace cflocation with

<META HTTP-EQUIV=Refresh CONTENT="1; URL=user/welcome.cfm">


0
 
LVL 2

Author Comment

by:Panos
ID: 23672701
It did not solve the problem!
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23672779
You can test to see if your page is login.cfm by using this...

If you place this at the top of the page where you test if the user is logged in, then it can allow the login to be viewed.
<cfif cgi.script_name is "/login.cfm">
   <cfexit>  <!--- do not authenticate this page --->
</cfif>

Speaking of testing if the user is logged in, I don't see this part.   I read at the top of your code the page names, and found that you seem to be testing if a user is logged in WITHIN your login.cfm page.  Shouldn't you test if the user is logged-in in your application.cfm page?

Anyway, I know I am changing the topic.  The reason your session.user_id is not getting set is because of the redirect performed immediately after it.   That's why I bring up where you're doing this processing.  If you did it in yourapplication.cfm file, then you would probably not need a redirect and you could login from any page..
0
 
LVL 2

Author Comment

by:Panos
ID: 23673696
Sorry for the late responde.I had to leave for 1 hour.
Can you make changes to my application.cfm to see that way please?
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23683955
Rather than reinventing the wheel, can you show me where you have the login check?   For example, if I try to navigate to page   xyz.cfm   how do you test that I am logged in for that page?

It may be easier to work from where you are, rather than change your direction completely..
0
 
LVL 2

Author Comment

by:Panos
ID: 23690489
Hi gdemaria
Sorry i make it to difficult for you.
Here the code.

The Application.cfm
<!--- Define that this user is logged out by default --->
<CFPARAM NAME="session.allowin" DEFAULT="false">
 
<!--- Now define this user id to zero by default, this will be used later on to access specific information about this user. --->
<CFPARAM NAME="session.user_id"  type="numeric" DEFAULT="0">
 
<CFSET request.dsn = "myDB">
<CFSETTING ENABLECFOUTPUTONLY="Yes">
<cfset REQUEST.sDSN="myDB">
<cfapplication clientmanagement="Yes" 
               sessiontimeout="#CreateTimeSpan(0,0,15,0)#"
               applicationtimeout="#CreateTimeSpan(0,2,0,0)#"
               sessionmanagement="yes"
               setclientcookies="yes"/>
 <cfif not  isDefined("SESSION.cfoMyPark")>
	<cfset SESSION.cfoMyPark = createObject("component","Mypark")>
</cfif> 
                  
 
 
 
 
 
 
<CFSETTING ENABLECFOUTPUTONLY="no">
 
<!--- check logged in users --->
<cflock timeout="15" scope="APPLICATION" type="EXCLUSIVE">
    <cfif NOT isDefined("Application.UsersInfo")>
          <cfset Application.UsersInfo = StructNew()>
    </cfif>
</cflock>
 
<cflock name="#CreateUUID()#" timeout="15" type="EXCLUSIVE">
      <cfset user_cfid = Evaluate(CFID)>
      <cfset user_time = Now()>
</cflock>
 
 
<cflock scope="APPLICATION" type="EXCLUSIVE" timeout="15">
 <cfif NOT StructKeyExists(Application.UsersInfo, user_cfid)>
  <cfset temp = StructInsert(Application.UsersInfo, user_cfid, user_time)>
 </cfif>
</cflock>
 
 
<cflock scope="APPLICATION" type="EXCLUSIVE" timeout="15">
 <cfloop collection="#Application.UsersInfo#" item="itmUser">
  <cfif
   Evaluate(DateDiff("n", StructFind(Application.UsersInfo, itmUser), Now())) GT 10>
    <cfset StructDelete(Application.UsersInfo, itmUser)>
  </cfif>
 </cfloop>
</cflock>
<!--- end--->
 
The login.cfm:
 
<cfparam name="VARIABLES.loginPassed" type="boolean" default="FALSE">
<cfset VARIABLES.myTimeVar="#dateformat(now(),'mmm dd yyyy') & '  ' & timeformat(now(),'h:mmtt')#">
<cfif session.allowin EQ TRUE>
 
    <!--- Fake a new login --->
    <cfset CheckPerson = StructNew()>
    <cfset CheckPerson.user_id = session.user_id>    
    <cfset VARIABLES.loginPassed = TRUE> --->
    
<!--- IF not, lets check for a cookie --->
<cfelseif isDefined("COOKIE.AutoLogIn") AND isDefined("COOKIE.lemail")>
 
    <!--- check cookie against database --->
    <cfquery name="CheckPerson" datasource="#request.dsn#">
        SELECT User_id,Cookietime
        FROM users
        WHERE Email = <cfqueryparam cfsqltype="cf_sql_varchar" value="#COOKIE.lemail#">
    </cfquery>
    <!--- Make sure cookieTime's are in the same format --->
<cfset VARIABLES.DBCookieTime = DateFormat(CheckPerson.CookieTime,"yyyy mm dd") & TimeFormat(CheckPerson.CookieTime,"HH:mm:ss")>
<cfset VARIABLES.ClientCookieTime = DateFormat(COOKIE.COOKIETIME,"yyyy mm dd") & TimeFormat(COOKIE.COOKIETIME,"HH:mm:ss")>
 
    
    <!--- if 1 record is found, we have a valid login --->
<cfif CheckPerson.recordCount EQ 1 AND VARIABLES.DBCookieTime EQ VARIABLES.ClientCookieTime>
 
        <cfset VARIABLES.loginPassed = TRUE>
        
    <!--- if we didnt find 1 record, our cookie is out of sync... remove the autologin, and proceed to login --->
    <cfelse>
        <cfcookie name="AutoLogIn" expires="now">
  </cfif>
        
<!--- Do the following if the form is submitted. --->
<cfelseif IsDefined("Form.lEmail")>
    <cfset VARIABLES.hashedPass = Hash(Form.luserpassword, "SHA")>
    
    <!--- Create our checkboxs if they do not exist --->
    <cfparam name="form.rememberme" default="">
    <cfparam name="form.AutoLogIn" default="">
    
    <!--- query the data base. ---> 
    <cfquery name="CheckPerson" datasource="#request.dsn#">
        SELECT Password, email, user_ID
        FROM users
        WHERE email = <cfqueryparam value="#Form.lemail#" cfsqltype="CF_SQL_VARCHAR">
        AND Password = <cfqueryparam value="#VARIABLES.hashedPass#" cfsqltype="cf_sql_varchar">
    </cfquery>
    
    <!--- User is authorized from the form --->
    <cfif CheckPerson.recordCount EQ 1>
        <cfset VARIABLES.loginPassed = TRUE>
       <!---  <cfset myTimeVar="#now()#"> --->
        
        <!--- Handle cookies in all uppercase --->
        
        <!--- Check if rememberme or AutoLogIn hold positive values --->
        <cfif Form.rememberme EQ 1  OR Form.AutoLogIn EQ 1>
            <CFCOOKIE name="LEMAIL" value="#Form.lemail#" expires="never">
            <CFCOOKIE name="REMEMBERME" value="1" expires="never">
            
            <!--- if AutoLogIn, add login cookies --->
            <cfif Form.AutoLogIn EQ 1>
                <CFCOOKIE name="AUTOLOGIN" value="1" expires="never">
                <CFCOOKIE name="COOKIETIME" value="#myTimeVar#" expires="never">
            <cfelse>
                <CFCOOKIE name="AUTOLOGIN" expires="now">
                <CFCOOKIE name="COOKIETIME" expires="now">
            </cfif>
            
        <!--- Otherwise if user wishes to remain anonymous, remove these client cookies --->
        <cfelse>
            <CFCOOKIE name="LEMAIL" expires="now">
            <CFCOOKIE name="REMEMBERME" expires="now">
            <CFCOOKIE name="AUTOLOGIN" expires="now">
            <CFCOOKIE name="COOKIETIME" expires="now">
        </cfif>
        
        <!--- Handle database updates --->
        
        <cfquery name="setCookietime" datasource="#request.dsn#">
            Update users
            SET <cfif Form.AutoLogIn EQ 1>
            CookieTime = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">,</cfif>
			LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
			WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
        </cfquery>
    
    <!--- User failed authorization from the form --->
    <cfelse>
        <cflocation url = "Login.cfm?Error=30" addtoken="no">
    </cfif>
</cfif>
 
<!--- If the user was authorized from any of the above steps, proceed with login --->
<cfif VARIABLES.loginPassed EQ TRUE>
<cfset session.allowin = "True">
    <cfset session.user_id = CheckPerson.user_id>
    <cfquery name="LastLogIn" datasource="#request.dsn#">
            Update users
            SET 
			LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
			WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
        </cfquery>
       <cflocation url="user/welcome.cfm" addtoken="no">
    </cfif>
 
 
On the page where i'm testing if user is looged id (f.e welcome page)
<cfif session.user_ID EQ 0 >
  <cflocation url="../LogIn.cfm" >
</cfif> .....
 
I remind you that if begin the login page code with:
<!--- IF not, lets check for a cookie --->
<cfif isDefined("COOKIE.AutoLogIn") AND isDefined("COOKIE.lemail")>....
 
and not include the first :
<!--- Fake a new login --->
    <cfset CheckPerson = StructNew()>
    <cfset CheckPerson.user_id = session.user_id>    
    <cfset VARIABLES.loginPassed = TRUE> 
 
i have no errors. end the redirect is working fine.
 
I don't know if this is the best way for security.
If you have any suggestion please help me.

Open in new window

0
 
LVL 2

Author Comment

by:Panos
ID: 23690502
A little mistace!!!
 I have no errors if i don't include:
<cfif session.allowin EQ TRUE>
 
    <!--- Fake a new login --->
   <cfset CheckPerson = StructNew()>
    <cfset CheckPerson.user_id = session.user_id>    
    <cfset VARIABLES.loginPassed = TRUE>
and begin of course with cfif and not cfelseif the next line
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23691972
panosms, where is it you test to see if a person is logged in?
If they are not logged in, you then send them to the login page...
You're not showing this, as far as I can see.

Or perhaps you don't have that yet?  
If I were to go to a page on your site, such as www.yoursite.com/abc.cfm
would I be sent to the login page if I had not logged in yet?
0
 
LVL 2

Author Comment

by:Panos
ID: 23693275
Hi gdemaria.
I have one area where i don't have to be logged in,like where i can search something and one area where the user has to be logged in such as page where someone can insert data or update data.
So only these pages have the :
<cfif session.user_ID EQ 0 >
  <cflocation url="../LogIn.cfm" >
</cfif> .....
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23693620
Okay!  That's what I wanted to know, thanks!

There are a few ways to do it.  Here is one of them.

You can add code like the below into your application.cfm file.  
The variable  securePages is a list of the .cfm files that need to be secure.
This is practicle if you don't have too many of them.   You could also make a list of the ones that do NOT have to be secure if its a shorter list.
Another way to do it is to put all secure pages inside a particular folder.
Not sure how you are setup, might this work for you?


<!--- make a list of your secure pages ---->
<cfset variables.securePages = "accounts,shopCart,myProfile"> 
 
<cfparam name="session.user_id" default="0">
<cfif listFindNoCase(variables.securePages,listFirst(listLast(cgi.script_name,"/\"),".")  and val(session.user_id) eq 0>
   <cfinclude template="login.cfm">
   <cfabort>
</cfif>

Open in new window

0
 
LVL 2

Author Comment

by:Panos
ID: 23693661
Gdemaria.
I have the secure pages in folders.
0
 
LVL 2

Author Comment

by:Panos
ID: 23693688
What is the difference if i'm writing on top of each of these pages the
<cfif session.user_ID EQ 0 >
  <cflocation url="../LogIn.cfm" >
</cfif> .....?
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23693740
Right, good question.

The problem we are trying to fix is the redirect after login.  That is keeping your session variable from taking hold.

In the sample I posted, the application.cfm file does a cfinclude to login, when the user posts the form in the login, he will no longer need to redirect to the page because we will also move the login validation to the application.cfm file.

If you prefer, we will try to fix it another way before going down this road.
Give me a minute to post something else...



note:
 
you should change this..
<cflocation url="../LogIn.cfm" >
 
to this..
<cflocation url="../LogIn.cfm" addToken="no">
 
You don't want your session information ending up on your URL.

Open in new window

0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23693884
To do it the "other" way ...   after processing their login (and seting the sesion user_id)  display this page.   Do not redirect to this page, just show it in the browser using cfinclude.

This page will show the user a brief "processing" message and then redirect to your welcome page.   The session variable should stick.

If it does not work, please paste in your code with these changes made.

Note: this is Sid's recommendation above.
<html>
<head>
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="-1">
    <META HTTP-EQUIV=Refresh CONTENT="1; URL=/user/welcome.cfm">
</head>
 <body>
 
    Processing login...<br>
    <br>
    This page will reload within 5 seconds.<br>
    If the page does not reload in 10 seconds, <br>
    please <a href="/user/welcome.cfm">click here</a> to continue.
 
 </body>
</html>

Open in new window

0
 
LVL 2

Author Comment

by:Panos
ID: 23693904
By the way i have an error using the code in the application.cfm
ColdFusion was looking at the following text:

>

The CFML compiler was processing:

    * An expression beginning with listFindNoCase, on line 21, column 7.This message is usually caused by a problem in the expressions structure.
    * A cfif tag beginning on line 21, column 2.

<cfparam name="session.user_id" default="0">
21 : <cfif listFindNoCase(variables.securePages,listFirst(listLast(cgi.script_name,"/\"),".")  and val(session.user_id) eq 0>
22 :    <cfinclude template="login.cfm" addToken="no">
23 :    <cfabort>
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23693928
a closing paranthesis )  is missing in the CFIF line

<cfif listFindNoCase(variables.securePages,listFirst(listLast(cgi.script_name,"/\"),".") )  and val(session.user_id) eq 0>



0
 
LVL 2

Author Comment

by:Panos
ID: 23694156
Using the first code <!--- make a list of your secure pages ---->
<cfset variables.securePages = "index,InsertAgra,InsertBus,InsertAuf">
<cfif listFindNoCase(variables.securePages,listFirst(listLast(cgi.script_name,"/\"),".") )  and val(session.user_id) eq 0>
   <cfinclude template="login.cfm" >
   <cfabort>
</cfif>
I tried to go to login page but it did not redirect to the login page.It opens the login page but with nothing on it.
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23694270
where is your login FORM ?   Where you ask the username and password?
I assumed it is in your login.cfm file, but looking back as your initial post, it doesnt' seem to be there?

Both approaches need additional information from me.
Please choose an approach - I think the second approach will allow you to make fewer changes to your code.  
0
 
LVL 2

Author Comment

by:Panos
ID: 23694441
Ok then.
A help with the other way.
If i have understand it i must make a new file the posted html code.
what are the changes here:
<!--- If the user was authorized from any of the above steps, proceed with login --->
<cfif VARIABLES.loginPassed EQ TRUE>
<cfset session.allowin = "True">
    <cfset session.user_id = CheckPerson.user_id>
    <cfquery name="LastLogIn" datasource="#request.dsn#">
            Update users
            SET
                  LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
                  WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
        </cfquery>
       <cflocation url="user/welcome.cfm" addtoken="no">
    </cfif>

And where do i have to put the cfinclude tag?
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23694937
replace this line
<cflocation url="user/welcome.cfm" addtoken="no">

with the include that shows the HTML page...

  <cfinclude template="showProcessing.cfm">
  <cfexit> <!--- stop processing this page ---->
</cfif>


0
 
LVL 2

Author Comment

by:Panos
ID: 23695279
I have again the first first problem
I need to disable again this:
<cfif session.allowin EQ TRUE>

 
    <!--- Fake a new login --->
    <cfset CheckPerson = StructNew()>
    <cfset CheckPerson.user_id = session.user_id>    
    <cfset VARIABLES.loginPassed = TRUE>

Something is wrong with the session.allowin EQ TRUE. or StructNew()
The Browsers sees that session.allowin EQ TRUE.
So it goes then to bottom of the code where:
<cfif VARIABLES.loginPassed EQ TRUE>
<cfset session.allowin = "True">
    <cfset session.user_id = CheckPerson.user_id>
    <cfquery name="LastLogIn" datasource="#request.dsn#">
            Update users
            SET
                  LastLogIn = <cfqueryparam cfsqltype="cf_sql_timestamp" value="#myTimeVar#">
                  WHERE user_Id = <cfqueryparam cfsqltype="cf_sql_integer" value="#CheckPerson.user_Id#">
        </cfquery>
       <cfinclude template="showProcessing.cfm">
  <cfexit>
    </cfif>

But if i understand what is going on the  problem is here: <cfset session.user_id = CheckPerson.user_id>
There is no session.user_id different than 0!
If there was a session.user_id NEQ 0 than it would work.
That's why if i start the code work from
<cfif isDefined("COOKIE.AutoLogIn") AND isDefined("COOKIE.lemail")>.........
and i have no problem.
I don't know if i do need all the stuff with session.allowin.
Is this neccesary?
 
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23695396
It seems that session.allowIn is a flag to say whether or not the user is logged in.   It seems unnecesary to have that extra variable when you could just check for session.user_id being > 0

But the question is... if you take away the session.allowIn part, which part of the code is being run instead?   Are you saying that it uses the cookie.autologin part of the CFIF statement?   If Yes, then that isn't really solving your login problem, it is using the auto-login feature instead of the login.  It means your login is still not working (except for auto login).  

0
 
LVL 39

Expert Comment

by:gdemaria
ID: 23695793
Two things...


First, where is the login form?   The form where the user types in his username and password.   It doesn't seem to be in the login.cfm file?

Second, processing the auto login at the top of the login page, doesn't really seem to make sense to me.  That means whenever the user's session expires, the will end up on the welcome page.   The user comes back after a coffe break clicks a button and goes to "Welcome" - wouldn't that be confusing?  If his login is automatic, shouldn't he be allowed to continue work rater than get redirected to Welcome?

   
0
 
LVL 2

Author Comment

by:Panos
ID: 23695896
The first cfif is about the autologin....
the second cfelseif is about the log in form.on the page (the  rest of the page):
<form  name="LogIn" action="#CGI.SCRIPT_NAME#" method="post">
        Email Adresse:
           
        <input type = "text" name="lemail"  value="<cfif isdefined("cookie.lemail")><cfoutput>#cookie.lemail#</cfoutput></cfif>"/><br>
             
         Password: <input  name="luserpassword" type="password"  value=""/><br>
                             remember me:
             <input name="rememberme" type="checkbox" value="1"
    <cfif isdefined("cookie.rememberme") AND cookie.rememberme EQ 1> checked="checked" </cfif> /><br>
         Auto Log In:
               <input name="AutoLogIn" type="checkbox" value="1"
    <cfif isdefined("cookie.AutoLogIn") AND cookie.AutoLogIn EQ 1> checked="checked" </cfif> /><br>
            <input type = "Submit" value = "&nbsp;&nbsp;Einloggen&nbsp;&nbsp;"  id="LogIn">
             
           
          </form>
The problem i have is when someone islogged in and types in the url login.cfm it does not redirect to the welcome page.
I can use there an cfif session.user_id Neq 0 to show the form cfelse the message you are allready logged in.
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 2000 total points
ID: 23696109
You add this to the top of your login.cfm page.

<cfif isDefined("session.user_id") and val(session.user_id)>
   <cflocation url="/user/welcome.cfm" addToken="No">
</cfif>

Then this part will no longer be needed..


<cfif session.allowin EQ TRUE>
 
    <!--- Fake a new login --->
    <cfset CheckPerson = StructNew()>
    <cfset CheckPerson.user_id = session.user_id>    
    <cfset VARIABLES.loginPassed = TRUE>
   


0
 
LVL 2

Author Closing Comment

by:Panos
ID: 31547795
Thank  you very much for help.
It was very complicated for me and  i made it too difficult for you.
regards
Pamos
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
The purpose of this video is to demonstrate how to exclude a particular blog category from the main blog page. This is can be used when a category already has its own tab, or you simply want certain types of posts not to show up on the main blog. …
The purpose of this video is to demonstrate how to update a WordPress Site’s version. WordPress releases new versions of its software frequently and it is important to update frequently in order to keep your site secure, and to get new WordPress…
Suggested Courses
Course of the Month21 days, 3 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question