Solved

login system

Posted on 2011-02-23
9
341 Views
Last Modified: 2013-12-24
I'm setting up a little members area on a site with sql server 2005 in the background and need a login system. I have bits and peices of old code but could anyone point me either to a link of a good example or show a sample?
0
Comment
Question by:Shawn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 1

Expert Comment

by:Instipod
ID: 34966607
0
 
LVL 1

Author Comment

by:Shawn
ID: 34966966
I posted this in the Coldfusion zone because I need this in Coldfusion with sql server. php/mysql is not an option here. thx anyway
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
ID: 34967086
Have a login form where you enter the username and password, then submit it

In your application.cfm /.cfc file, check for the form.username and form.password variables to exist.. check it against the database and if it matches, assign the userID to a session scoped variable.  That's the variable you will test to see if you're logged in or not.

<cfif isDefined("form.username") and isDefined("form.password")>
   <cfset session.userID = "">
   <cfquery name="getUser"....>
      select userID from users where username='#form.username#'
      and password = '#form.password#'
   </cfif>
   <cfif getUser.recordCount eq 1>
      <cfset session.userID = getUser.userID> <!--- you are now logged in ---->
   </cfif>
</cfif>


Now in any page you need to be logged in, check for the session.userID value to be set.

<!---- stop processing if you're not logged in, show login form instead ---->
<cfif NOT isDefined("session.userID") or val(session.userID) eq 0>
   <cfinclude template="/login.cfm">
   <cfexit> (or <cfabort>)
</cfif>

0
More Than Just A Video Library

Train for your certification. Learn the latest DevOps tools. Grow your skillset to do better work.

At Linux Academy, we release new training modules every week so you'll always be up to date on the latest tech.

 
LVL 1

Author Comment

by:Shawn
ID: 34967779
i've used cfabort before and had issues with it...it cut off the bottom part of the page (no footer.) what is the difference between cfabort and cfexit?
0
 
LVL 3

Expert Comment

by:dagaz_de
ID: 34969231
why don't you use cflogin, ithink this is the easiest way if you use it in your application.cfm

Look at this:

<!-- Variables which need to be defined -->
<cfparam name="URL.logout" default="0">
<cfparam name="invalid_login" default="0">
<!-- Define the datasource (DSN) name -->
<cfset dsource = "login">

<!-- Code will not be executed unless #FORM.username# IS NOT "" -->
<cfif structKeyExists(form,"username")>

    <!-- Check Username, Password, and Level of Administration -->
    <cfquery name="check_user" datasource="#dsource#">
            SELECT user, pass, admin
            FROM table_name
            WHERE user = '#FORM.username#' and pass = '#FORM.password#'
    </cfquery>

    <!-- If there is a valid User then Login user -->
    <cfif check_user.recordcount is not 0>
        <!-- Log them in with a timeout of 30 minutes (1800 sec) and set level of Admin-->
        <cflogin idletimeout="1800">
            <cfloginuser
                    name = "#FORM.username#"
                    password ="#FORM.password#"
                    roles = "#check_user.admin#">
        </cflogin>
    <cfelse>
        <!-- If an invalid Login Attemp, Set invalid to 1 for invalid login script -->
        <cfset invalid_login = 1>
    </cfif>

</cfif>

<!-- If index.cfm?logout=1 is clicked then Log The User Out -->
<cfif URL.logout is 1>
    <cflogout>
    <cflocation url="index.cfm">
</cfif>

<!--- Simple index.cfm file that logs you in --->
<cfif GetAuthUser() is "">
    <form name="form1" method="post" action="index.cfm">
        User: <input name="username" type="text" id="username"><br>
        Pass: <input name="password" type="text" id="password"><br>
        <input type="submit" name="Submit" value="Submit">
    </form>
<cfelse>
    <p>User: <cfoutput>#GetAuthUser()#</cfoutput></p>
    <a href="index.cfm?logout=1">Logout</a>
</cfif>

Read more: http://tutorial355.easycfm.com/#ixzz1EsWQDI7D
0
 
LVL 39

Expert Comment

by:gdemaria
ID: 34969287
> i've used cfabort before and had issues with it...it cut off the bottom part of the page (no footer.) what is the difference between cfabort and cfexit?

CFABORT stops all processing, CFEXIT stops processing in THAT template but allows others to continue.

This particular line isn't specific to the style of login you use, in dagaz's example, he uses <CFLOCATION...>

Anyway you want to get to your login file whether CFLOCATION or CFINCLUDE, whatever will work.

I have used cflogin, I wanted more control, but it's a valid option.  I like building up my own session variables including those things that I need, username, user's full name, department ID, etc.   cflogin got particularly annoying when I started trying to implement role management.  I wanted each user to have 0 to X roles, I really needed to implement that seperately, so stopped using it.   But if you're a newbie, nothing wrong with starting there.

0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 34972706
If you want not the cflogin code then you can try the following, but as per suggestion use cflogin that is much better:

in Application.cfm if you have, if Application.cfc, inside the OnRequestStart Method()

the following Code!

<cfif isDefined("FORM.Username") AND isDefined("FORM.Pass")>
      <cfinclude template="checking.cfm">
      <!--- if there are any problems with the username and/or password the request.User structure will not be created --->
      <cfif NOT isDefined("request.User.LoggedIn")>
            <!--- redirect the user to the login page again to give them another login attempt; show the error in the login form --->
            <cfinclude template="index.cfm">
            <cfabort>
      <cfelse>
            <!--- if the login procedure is passed duplicate the request structure into the session scope and load the main page --->
            <cflock scope="SESSION" throwontimeout="Yes" timeout="5" type="EXCLUSIVE">
                  <cfset session.User = Duplicate(request.User)>
            </cflock>
                  <cflocation url="welcome.cfm">
            </cfif>
</cfif>

Now the login.cfm file


<table width="100%" border="0">
          <tr>
            <td height="125" valign="top">
                  <cfif Not IsDefined("session.user.LoggedIn")>
                  <cfform method="post" action="checking.cfm">
            <table width="100%" border="0">
               
                <tr>
                  <td width="34%"><img src="images/user.gif" alt="User" width="45" height="15" class="bord"></td>
                  <td width="66%"><cfinput name="username" type="text" class="sidebar" id="username" size="18" required="yes" message="Please Input your User name" value="#username#"></td>
                </tr>
                <tr>
                  <td><img src="images/pass.gif" alt="Pass" width="45" height="15" class="bord"></td>
                  <td><cfinput name="pass" type="password" class="sidebar" id="pass" size="18" required="yes" message="Your Password Field is Empty"></td>
                </tr>
                <tr>
                  <td height="20" colspan="2" valign="top"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
                    <tr>
                      <td width="14%"><input name="remember" type="checkbox"
                                id="remember" value="Yes"<cfif IsDefined("cookie.username")>
                                CHECKED</cfif>></td>
                      <td width="86%" class="sidebar">  Remember Me </td>
                    </tr>
                  </table></td>
                  </tr>
                               <cfinput type="submit" class="legal" value="Log In" validate="submitonce" name="submit">                          </td>
                </tr>
              </table>
             </cfform>
                    <cfelse>

Logout Code
</cfif>

Now Checking.cfm file



<cfquery datasource="#request.datasource#" username="#request.username#" password="#request.password#" name="checking">
      select * from login where
      username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.username#">
      and Valid = 1
      </cfquery>
      <cfif checking.recordcount eq 0>
            <cfset variables.errorMessage = "The Information you provided, <b>" & FORM.Username & "</b>, is Invalid.">
      <cfelse>
            <cfset variables.hashedpassword = form.pass>
                  <cfif variables.hashedpassword neq checking.password>
            <cfset variables.errorMessage = "The Password you supplied for user <b>" & FORM.Username & "</b> was incorrect.">
            <cfelse>
            <cfif IsDefined("form.remember")>
            <cfcookie name="username" value="#form.username#" expires="10">
        <cfset request.User = StructNew()>
            <cfset request.User.LoggedIn = "1">
            <cfset request.User.Username = FORM.Username>
            <cfset request.user.userID = checking.id>
            <cfelse>
            <cfset request.User = StructNew()>
            <cfset request.User.LoggedIn = "1">
            <cfset request.User.Username = FORM.Username>
            <cfset request.user.userID = checking.id>
            </cfif>
      </cfif>


All Done
      </cfif>            
0
 
LVL 1

Author Comment

by:Shawn
ID: 34973203
I'm going to opt out for cflogin as I like to set my own parameters. will have a try with the suggestions and get back asap. thanks all
0
 
LVL 1

Author Closing Comment

by:Shawn
ID: 34974763
exactly what I was looking for. thank you.

I'll post more specific questions later if I come across any bumps
0

Featured Post

Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi. There are several upload tutorials using jquery and coldfusion. I found a very interesting one here Upload Your Files using Jquery & ColdFusion and Preview them (http://www.randhawaworld.com/) . I did keep the main js functions but made sever…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question