Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

login form at http://www.nbptsprincipals.org/LoginForm.cfm that does not begin an authenticated user session.

Avatar of Eric Bourland
Eric BourlandFlag for United States of America asked on
ColdFusion Language
98 Comments1 Solution1642 ViewsLast Modified:
In brief:
I have a login form at http://www.nbptsprincipals.org/LoginForm.cfm that does not begin an authenticated user session.

The form seems to process, but only returns to http://www.nbptsprincipals.org/LoginForm.cfm.

I am building this form based on the other login form that I built several years ago, here: http://www.guardianhelp.org/LoginForm.cfm

I have closely modeled my new login form, ancillary templates, and application.cfc on the templates and files used at http://www.guardianhelp.org/LoginForm.cfm.

I have been staring for a long time at these files:


(Note: all of these files exist in web root.)

The difference is, in the new form, instead of UserName I require UserEmail.

I believe I have done everything necessary to create user authentication and session management.

I wonder if the problem lies with my form action:

<!--- note that the scriptsrc is defined in application.cfc  --->
<cfform scriptsrc="#Request.CFFORM_JS_LIB#" action="#CGI.SCRIPT_NAME#" name="LoginForm" method="post">

In application.cfc I set the correct path to cfform.js, thus:

<!--- set path to cfform.js --->
<cfparam name="Request.CFFORM_JS_Lib" type="string" default="" />

but should I use this instead?

<cfform action="#CGI.script_name#?#CGI.query_string#" name="LoginForm" method="post">

Thanks for any advice.


I attach:

 Filename: Application.cfc
 Created by: Raymond Camden (ray@camdenfamily.com)
 Please Note: Executes for every page request

<cfcomponent output="false">

  <!--- Name the application. --->
  <cfset this.name="NBPTS">
  <!--- Turn on session management. --->
  <cfset this.sessionManagement="true">

<!--- set path to cfform.js --->
<cfparam name="Request.CFFORM_JS_Lib" type="string" default="" />
<!--- function: onApplicationStart --->
  <cffunction name="onApplicationStart" output="false" returnType="void">

    <!--- Any variables set here can be used by all of the application's pages --->
    <cfset APPLICATION.dataSource = "ebwebwork">
    <cfset APPLICATION.companyName = "NBPTS">
  	<!--- function: onSessionStart --->
	 <cffunction name="onSessionStart" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset session.auth.isLoggedIn  = "false">
	  <cfset session.auth.UserID  = "">
      <cfset session.auth.Honorific   = "">
	  <cfset session.auth.FirstName   = "">
      <cfset session.auth.LastName    = "">
      <cfset session.auth.Credential   = "">
      <cfset session.auth.Organization   = "">
      <cfset session.auth.Address    = "">
      <cfset session.auth.City    = "">
      <cfset session.auth.State    = "">
      <cfset session.auth.ZIP    = "">
      <cfset session.auth.Telephone   = "">
      <cfset session.auth.FAX   = "">
      <cfset session.auth.UserEmail    = "">
      <cfset session.auth.UserWebSite   = "">
      <cfset session.auth.UserPassword    = "">
      <cfset session.auth.UserRoleID  = "">
 <!--- close function: onSessionStart --->

 <!--- function: onRequestStart --->
<cffunction name="onRequestStart" output="false" returnType="void">
      <cfset var secureDirectories = "temp">
      <cfif listFindNoCase(secureDirectories,listFirst(cgi.script_name,"/"))
        and session.auth.isLoggedIn is False>
           <cfinclude template="LoginForm.cfm">

 <!--- if query_string contains cast(, then abort! --->						
<cfif cgi.query_string contains "cast(">
<!--- end abort cast --->

<cfset request.encryptionKey = "xxxxx">
 <!--- close function: onRequestStart --->


 Filename: LoginCheck.cfm
 Created by: Nate Weiss (NMW)
 Purpose: Validates a user's UserPassword entries
 Please Note Included by LoginForm.cfm

<cfset APPLICATION.dataSource = "ebwebwork">

<!--- Make sure we have Login name and UserPassword --->
<cfparam name="FORM.UserEmail" type="string" />
<cfparam name="FORM.UserPassword" type="string" />

<!--- Find record with this UserEmail/UserPassword --->
<!--- If no rows returned, UserPassword not valid --->
<cfquery name="getUser" datasource="#APPLICATION.dataSource#">
 SELECT UserID, FirstName, UserRoleID
 FROM tbl_NBPTS_Principals
 WHERE UserEmail = <cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.UserEmail#" maxlength="255">
 AND UserPassword = <cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.UserPassword#" maxlength="255">

<!--- If the UserEmail and UserPassword are correct --->
<cfif getUser.recordCount eq 1>
 <!--- Remember user's logged-in status, plus --->
 <!--- UserID and First Name, in structure --->
 <cfset SESSION.auth = structNew()>
 <cfset SESSION.auth.isLoggedIn = "Yes">
 <cfset SESSION.auth.UserID = getUser.UserID>
 <cfset SESSION.auth.FirstName = getUser.firstName>
 <cfset SESSION.auth.UserRoleID = getUser.UserRoleID>
 <cfset SESSION.auth.UserEmail= FORM.UserEmail>

 <!--- Now that user is logged in, send them --->
 <!--- to whatever page makes sense to start --->
 <cflocation url="/">

 Filename: LoginForm.cfm
 Created by: Nate Weiss (NMW)
 Purpose: Presented whenever a user has not logged in yet
 Please Note Included by Application.cfc

<!--- If the user is now submitting Login form, --->
<!--- Include Login Check code to validate user --->
<cfif isDefined("FORM.UserEmail")> 
 <cfinclude template="LoginCheck.cfm">

<cfinclude template="/SiteHeader.cfm" />

<!-- begin row1 -->
<div id="row1">

<!-- begin row1content_left -->
<div class="row1content_left">

<img src="/img/row1_photo1.jpg" width="582" height="157" alt="NBPTS" class="border0" />

<!-- /row1content_left -->

<!-- begin row1content_right -->
<div class="row1content_right">

<!-- /row1content_right -->

<!-- end row1 -->

<!-- begin row2 -->
<div id="row2">
<!--- Place cursor in "UserEmail" field when page loads--->
<body onLoad="document.LoginForm.UserEmail.focus();">

<!--- Start Login Form --->

<!--- note that the scriptsrc is defined in application.cfc  --->
<cfform scriptsrc="#Request.CFFORM_JS_LIB#" action="#CGI.SCRIPT_NAME#" name="LoginForm" method="post">
 <!--- Make the UserEmail and UserPassword fields required --->
 <input type="hidden" name="UserEmail_required">
 <input type="hidden" name="UserPassword_required">
<p> <strong>Your Email Address:</strong><br />

 <!--- Text field for UserEmail ---> 
 message="Please type your UserEmail first."></p>

<p><strong>Your Password:</strong><br />

 <!--- Text field for UserPassword ---> 
 message="Please type your UserPassword first."></p>

 <input type="submit" value="Enter">


<!-- end row2 -->

<cfinclude template="/SiteFooter.cfm" />
Avatar of gdemaria
gdemariaFlag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 98 Comments.
See Answers