Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 352
  • Last Modified:

login system

I'm setting up a little members area on a site with sql server 2005 in the background and need a login system. I have bits and peices of old code but could anyone point me either to a link of a good example or show a sample?
0
Shawn
Asked:
Shawn
1 Solution
 
InstipodCommented:
0
 
ShawnAuthor Commented:
I posted this in the Coldfusion zone because I need this in Coldfusion with sql server. php/mysql is not an option here. thx anyway
0
 
gdemariaCommented:
Have a login form where you enter the username and password, then submit it

In your application.cfm /.cfc file, check for the form.username and form.password variables to exist.. check it against the database and if it matches, assign the userID to a session scoped variable.  That's the variable you will test to see if you're logged in or not.

<cfif isDefined("form.username") and isDefined("form.password")>
   <cfset session.userID = "">
   <cfquery name="getUser"....>
      select userID from users where username='#form.username#'
      and password = '#form.password#'
   </cfif>
   <cfif getUser.recordCount eq 1>
      <cfset session.userID = getUser.userID> <!--- you are now logged in ---->
   </cfif>
</cfif>


Now in any page you need to be logged in, check for the session.userID value to be set.

<!---- stop processing if you're not logged in, show login form instead ---->
<cfif NOT isDefined("session.userID") or val(session.userID) eq 0>
   <cfinclude template="/login.cfm">
   <cfexit> (or <cfabort>)
</cfif>

0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ShawnAuthor Commented:
i've used cfabort before and had issues with it...it cut off the bottom part of the page (no footer.) what is the difference between cfabort and cfexit?
0
 
dagaz_deCommented:
why don't you use cflogin, ithink this is the easiest way if you use it in your application.cfm

Look at this:

<!-- Variables which need to be defined -->
<cfparam name="URL.logout" default="0">
<cfparam name="invalid_login" default="0">
<!-- Define the datasource (DSN) name -->
<cfset dsource = "login">

<!-- Code will not be executed unless #FORM.username# IS NOT "" -->
<cfif structKeyExists(form,"username")>

    <!-- Check Username, Password, and Level of Administration -->
    <cfquery name="check_user" datasource="#dsource#">
            SELECT user, pass, admin
            FROM table_name
            WHERE user = '#FORM.username#' and pass = '#FORM.password#'
    </cfquery>

    <!-- If there is a valid User then Login user -->
    <cfif check_user.recordcount is not 0>
        <!-- Log them in with a timeout of 30 minutes (1800 sec) and set level of Admin-->
        <cflogin idletimeout="1800">
            <cfloginuser
                    name = "#FORM.username#"
                    password ="#FORM.password#"
                    roles = "#check_user.admin#">
        </cflogin>
    <cfelse>
        <!-- If an invalid Login Attemp, Set invalid to 1 for invalid login script -->
        <cfset invalid_login = 1>
    </cfif>

</cfif>

<!-- If index.cfm?logout=1 is clicked then Log The User Out -->
<cfif URL.logout is 1>
    <cflogout>
    <cflocation url="index.cfm">
</cfif>

<!--- Simple index.cfm file that logs you in --->
<cfif GetAuthUser() is "">
    <form name="form1" method="post" action="index.cfm">
        User: <input name="username" type="text" id="username"><br>
        Pass: <input name="password" type="text" id="password"><br>
        <input type="submit" name="Submit" value="Submit">
    </form>
<cfelse>
    <p>User: <cfoutput>#GetAuthUser()#</cfoutput></p>
    <a href="index.cfm?logout=1">Logout</a>
</cfif>

Read more: http://tutorial355.easycfm.com/#ixzz1EsWQDI7D
0
 
gdemariaCommented:
> i've used cfabort before and had issues with it...it cut off the bottom part of the page (no footer.) what is the difference between cfabort and cfexit?

CFABORT stops all processing, CFEXIT stops processing in THAT template but allows others to continue.

This particular line isn't specific to the style of login you use, in dagaz's example, he uses <CFLOCATION...>

Anyway you want to get to your login file whether CFLOCATION or CFINCLUDE, whatever will work.

I have used cflogin, I wanted more control, but it's a valid option.  I like building up my own session variables including those things that I need, username, user's full name, department ID, etc.   cflogin got particularly annoying when I started trying to implement role management.  I wanted each user to have 0 to X roles, I really needed to implement that seperately, so stopped using it.   But if you're a newbie, nothing wrong with starting there.

0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
If you want not the cflogin code then you can try the following, but as per suggestion use cflogin that is much better:

in Application.cfm if you have, if Application.cfc, inside the OnRequestStart Method()

the following Code!

<cfif isDefined("FORM.Username") AND isDefined("FORM.Pass")>
      <cfinclude template="checking.cfm">
      <!--- if there are any problems with the username and/or password the request.User structure will not be created --->
      <cfif NOT isDefined("request.User.LoggedIn")>
            <!--- redirect the user to the login page again to give them another login attempt; show the error in the login form --->
            <cfinclude template="index.cfm">
            <cfabort>
      <cfelse>
            <!--- if the login procedure is passed duplicate the request structure into the session scope and load the main page --->
            <cflock scope="SESSION" throwontimeout="Yes" timeout="5" type="EXCLUSIVE">
                  <cfset session.User = Duplicate(request.User)>
            </cflock>
                  <cflocation url="welcome.cfm">
            </cfif>
</cfif>

Now the login.cfm file


<table width="100%" border="0">
          <tr>
            <td height="125" valign="top">
                  <cfif Not IsDefined("session.user.LoggedIn")>
                  <cfform method="post" action="checking.cfm">
            <table width="100%" border="0">
               
                <tr>
                  <td width="34%"><img src="images/user.gif" alt="User" width="45" height="15" class="bord"></td>
                  <td width="66%"><cfinput name="username" type="text" class="sidebar" id="username" size="18" required="yes" message="Please Input your User name" value="#username#"></td>
                </tr>
                <tr>
                  <td><img src="images/pass.gif" alt="Pass" width="45" height="15" class="bord"></td>
                  <td><cfinput name="pass" type="password" class="sidebar" id="pass" size="18" required="yes" message="Your Password Field is Empty"></td>
                </tr>
                <tr>
                  <td height="20" colspan="2" valign="top"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
                    <tr>
                      <td width="14%"><input name="remember" type="checkbox"
                                id="remember" value="Yes"<cfif IsDefined("cookie.username")>
                                CHECKED</cfif>></td>
                      <td width="86%" class="sidebar">  Remember Me </td>
                    </tr>
                  </table></td>
                  </tr>
                               <cfinput type="submit" class="legal" value="Log In" validate="submitonce" name="submit">                          </td>
                </tr>
              </table>
             </cfform>
                    <cfelse>

Logout Code
</cfif>

Now Checking.cfm file



<cfquery datasource="#request.datasource#" username="#request.username#" password="#request.password#" name="checking">
      select * from login where
      username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.username#">
      and Valid = 1
      </cfquery>
      <cfif checking.recordcount eq 0>
            <cfset variables.errorMessage = "The Information you provided, <b>" & FORM.Username & "</b>, is Invalid.">
      <cfelse>
            <cfset variables.hashedpassword = form.pass>
                  <cfif variables.hashedpassword neq checking.password>
            <cfset variables.errorMessage = "The Password you supplied for user <b>" & FORM.Username & "</b> was incorrect.">
            <cfelse>
            <cfif IsDefined("form.remember")>
            <cfcookie name="username" value="#form.username#" expires="10">
        <cfset request.User = StructNew()>
            <cfset request.User.LoggedIn = "1">
            <cfset request.User.Username = FORM.Username>
            <cfset request.user.userID = checking.id>
            <cfelse>
            <cfset request.User = StructNew()>
            <cfset request.User.LoggedIn = "1">
            <cfset request.User.Username = FORM.Username>
            <cfset request.user.userID = checking.id>
            </cfif>
      </cfif>


All Done
      </cfif>            
0
 
ShawnAuthor Commented:
I'm going to opt out for cflogin as I like to set my own parameters. will have a try with the suggestions and get back asap. thanks all
0
 
ShawnAuthor Commented:
exactly what I was looking for. thank you.

I'll post more specific questions later if I come across any bumps
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now