Solved

login system

Posted on 2011-02-23
9
336 Views
Last Modified: 2013-12-24
I'm setting up a little members area on a site with sql server 2005 in the background and need a login system. I have bits and peices of old code but could anyone point me either to a link of a good example or show a sample?
0
Comment
Question by:Shawn
9 Comments
 
LVL 1

Expert Comment

by:Instipod
Comment Utility
0
 
LVL 1

Author Comment

by:Shawn
Comment Utility
I posted this in the Coldfusion zone because I need this in Coldfusion with sql server. php/mysql is not an option here. thx anyway
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 500 total points
Comment Utility
Have a login form where you enter the username and password, then submit it

In your application.cfm /.cfc file, check for the form.username and form.password variables to exist.. check it against the database and if it matches, assign the userID to a session scoped variable.  That's the variable you will test to see if you're logged in or not.

<cfif isDefined("form.username") and isDefined("form.password")>
   <cfset session.userID = "">
   <cfquery name="getUser"....>
      select userID from users where username='#form.username#'
      and password = '#form.password#'
   </cfif>
   <cfif getUser.recordCount eq 1>
      <cfset session.userID = getUser.userID> <!--- you are now logged in ---->
   </cfif>
</cfif>


Now in any page you need to be logged in, check for the session.userID value to be set.

<!---- stop processing if you're not logged in, show login form instead ---->
<cfif NOT isDefined("session.userID") or val(session.userID) eq 0>
   <cfinclude template="/login.cfm">
   <cfexit> (or <cfabort>)
</cfif>

0
 
LVL 1

Author Comment

by:Shawn
Comment Utility
i've used cfabort before and had issues with it...it cut off the bottom part of the page (no footer.) what is the difference between cfabort and cfexit?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 3

Expert Comment

by:dagaz_de
Comment Utility
why don't you use cflogin, ithink this is the easiest way if you use it in your application.cfm

Look at this:

<!-- Variables which need to be defined -->
<cfparam name="URL.logout" default="0">
<cfparam name="invalid_login" default="0">
<!-- Define the datasource (DSN) name -->
<cfset dsource = "login">

<!-- Code will not be executed unless #FORM.username# IS NOT "" -->
<cfif structKeyExists(form,"username")>

    <!-- Check Username, Password, and Level of Administration -->
    <cfquery name="check_user" datasource="#dsource#">
            SELECT user, pass, admin
            FROM table_name
            WHERE user = '#FORM.username#' and pass = '#FORM.password#'
    </cfquery>

    <!-- If there is a valid User then Login user -->
    <cfif check_user.recordcount is not 0>
        <!-- Log them in with a timeout of 30 minutes (1800 sec) and set level of Admin-->
        <cflogin idletimeout="1800">
            <cfloginuser
                    name = "#FORM.username#"
                    password ="#FORM.password#"
                    roles = "#check_user.admin#">
        </cflogin>
    <cfelse>
        <!-- If an invalid Login Attemp, Set invalid to 1 for invalid login script -->
        <cfset invalid_login = 1>
    </cfif>

</cfif>

<!-- If index.cfm?logout=1 is clicked then Log The User Out -->
<cfif URL.logout is 1>
    <cflogout>
    <cflocation url="index.cfm">
</cfif>

<!--- Simple index.cfm file that logs you in --->
<cfif GetAuthUser() is "">
    <form name="form1" method="post" action="index.cfm">
        User: <input name="username" type="text" id="username"><br>
        Pass: <input name="password" type="text" id="password"><br>
        <input type="submit" name="Submit" value="Submit">
    </form>
<cfelse>
    <p>User: <cfoutput>#GetAuthUser()#</cfoutput></p>
    <a href="index.cfm?logout=1">Logout</a>
</cfif>

Read more: http://tutorial355.easycfm.com/#ixzz1EsWQDI7D
0
 
LVL 39

Expert Comment

by:gdemaria
Comment Utility
> i've used cfabort before and had issues with it...it cut off the bottom part of the page (no footer.) what is the difference between cfabort and cfexit?

CFABORT stops all processing, CFEXIT stops processing in THAT template but allows others to continue.

This particular line isn't specific to the style of login you use, in dagaz's example, he uses <CFLOCATION...>

Anyway you want to get to your login file whether CFLOCATION or CFINCLUDE, whatever will work.

I have used cflogin, I wanted more control, but it's a valid option.  I like building up my own session variables including those things that I need, username, user's full name, department ID, etc.   cflogin got particularly annoying when I started trying to implement role management.  I wanted each user to have 0 to X roles, I really needed to implement that seperately, so stopped using it.   But if you're a newbie, nothing wrong with starting there.

0
 
LVL 15

Expert Comment

by:myselfrandhawa
Comment Utility
If you want not the cflogin code then you can try the following, but as per suggestion use cflogin that is much better:

in Application.cfm if you have, if Application.cfc, inside the OnRequestStart Method()

the following Code!

<cfif isDefined("FORM.Username") AND isDefined("FORM.Pass")>
      <cfinclude template="checking.cfm">
      <!--- if there are any problems with the username and/or password the request.User structure will not be created --->
      <cfif NOT isDefined("request.User.LoggedIn")>
            <!--- redirect the user to the login page again to give them another login attempt; show the error in the login form --->
            <cfinclude template="index.cfm">
            <cfabort>
      <cfelse>
            <!--- if the login procedure is passed duplicate the request structure into the session scope and load the main page --->
            <cflock scope="SESSION" throwontimeout="Yes" timeout="5" type="EXCLUSIVE">
                  <cfset session.User = Duplicate(request.User)>
            </cflock>
                  <cflocation url="welcome.cfm">
            </cfif>
</cfif>

Now the login.cfm file


<table width="100%" border="0">
          <tr>
            <td height="125" valign="top">
                  <cfif Not IsDefined("session.user.LoggedIn")>
                  <cfform method="post" action="checking.cfm">
            <table width="100%" border="0">
               
                <tr>
                  <td width="34%"><img src="images/user.gif" alt="User" width="45" height="15" class="bord"></td>
                  <td width="66%"><cfinput name="username" type="text" class="sidebar" id="username" size="18" required="yes" message="Please Input your User name" value="#username#"></td>
                </tr>
                <tr>
                  <td><img src="images/pass.gif" alt="Pass" width="45" height="15" class="bord"></td>
                  <td><cfinput name="pass" type="password" class="sidebar" id="pass" size="18" required="yes" message="Your Password Field is Empty"></td>
                </tr>
                <tr>
                  <td height="20" colspan="2" valign="top"><table width="100%"  border="0" cellspacing="0" cellpadding="0">
                    <tr>
                      <td width="14%"><input name="remember" type="checkbox"
                                id="remember" value="Yes"<cfif IsDefined("cookie.username")>
                                CHECKED</cfif>></td>
                      <td width="86%" class="sidebar">  Remember Me </td>
                    </tr>
                  </table></td>
                  </tr>
                               <cfinput type="submit" class="legal" value="Log In" validate="submitonce" name="submit">                          </td>
                </tr>
              </table>
             </cfform>
                    <cfelse>

Logout Code
</cfif>

Now Checking.cfm file



<cfquery datasource="#request.datasource#" username="#request.username#" password="#request.password#" name="checking">
      select * from login where
      username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.username#">
      and Valid = 1
      </cfquery>
      <cfif checking.recordcount eq 0>
            <cfset variables.errorMessage = "The Information you provided, <b>" & FORM.Username & "</b>, is Invalid.">
      <cfelse>
            <cfset variables.hashedpassword = form.pass>
                  <cfif variables.hashedpassword neq checking.password>
            <cfset variables.errorMessage = "The Password you supplied for user <b>" & FORM.Username & "</b> was incorrect.">
            <cfelse>
            <cfif IsDefined("form.remember")>
            <cfcookie name="username" value="#form.username#" expires="10">
        <cfset request.User = StructNew()>
            <cfset request.User.LoggedIn = "1">
            <cfset request.User.Username = FORM.Username>
            <cfset request.user.userID = checking.id>
            <cfelse>
            <cfset request.User = StructNew()>
            <cfset request.User.LoggedIn = "1">
            <cfset request.User.Username = FORM.Username>
            <cfset request.user.userID = checking.id>
            </cfif>
      </cfif>


All Done
      </cfif>            
0
 
LVL 1

Author Comment

by:Shawn
Comment Utility
I'm going to opt out for cflogin as I like to set my own parameters. will have a try with the suggestions and get back asap. thanks all
0
 
LVL 1

Author Closing Comment

by:Shawn
Comment Utility
exactly what I was looking for. thank you.

I'll post more specific questions later if I come across any bumps
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

PROBLEM:  How to open a cfwindow or run a function on double click of a cfgrid row. One of my clients wanted to be able to double click on a row item to get more detailed information about a transaction and to be able to modify the line items i…
Hi, Even though I have created this Tutorial on My personal Blog, Some people might not able to find my website, So here i am posting it again Today, from the topic it is very clear that i will be showing you here the very basic usage of how we …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now