Eric Bourland
asked on
Application login problem
ColdFusion 9
Windows server 2008
Problem in brief: Can't log in.
Details:
This is the same code the gdemaria and _agx_ have helped me with, some years ago. I use this code to set up basic session authentication. There are three files:
application.cfc
loginform.cfm
loginerror.cfm
On other web sites, the code seems to work fine. In this case:
http://www.osm-vista.org/loginform.cfm
The login credentials do not work, and the login error message does not display. When I submit credentials, the login form simply refreshes and I am not allowed to see the protected directory: http://www.osm-vista.org/data/
I've looked at this for a long time ... what am I missing?
I attach the three files, below. Thank you as always.
Eric
application.cfc:
loginform.cfm:
loginerror.cfm:
Windows server 2008
Problem in brief: Can't log in.
Details:
This is the same code the gdemaria and _agx_ have helped me with, some years ago. I use this code to set up basic session authentication. There are three files:
application.cfc
loginform.cfm
loginerror.cfm
On other web sites, the code seems to work fine. In this case:
http://www.osm-vista.org/loginform.cfm
The login credentials do not work, and the login error message does not display. When I submit credentials, the login form simply refreshes and I am not allowed to see the protected directory: http://www.osm-vista.org/data/
I've looked at this for a long time ... what am I missing?
I attach the three files, below. Thank you as always.
Eric
application.cfc:
<!--- Filename: Application.cfc
Created by: Raymond Camden (ray@camdenfamily.com)
Modified by: Eric B, gdemaria, _agx_ July 2010 --->
<cfcomponent output="false">
<!--- Name the application. --->
<cfset this.name="OSM / VISTA Teams">
<cfset this.applicationTimeout = CreateTimeSpan(0,0,360,0)>
<!--- Turn on session management. --->
<cfset this.sessionManagement="true">
<!--- Set session timeout period --->
<cfset this.sessionTimeout = CreateTimeSpan(0,0,360,0)>
<cfset this.clientManagement = "false">
<!--- function: onApplicationStart --->
<cffunction name="onApplicationStart" output="false" returnType="void">
<!--- Any variables set here can be used by all of the application's pages --->
<cfset APPLICATION.dataSource = "osmVISTA">
<!--- Set up Application variables. Locking the Application scope is not necessary in this method. --->
<cfset Application.configured = 1>
<cfset Application.datetimeConfigured = TimeFormat(Now(), "hh:mm tt") & " " & DateFormat(Now(), "mm.dd.yyyy")>
<cfset Application.currentSessions = 0>
</cffunction>
<cffunction name="clearSessionVariables" returntype="void">
<!--- defined all session variables, so they will always exist ---->
<cfset session.auth = structNew()>
<cfset session.auth.isLoggedIn = false>
<cfset session.auth.UserID = "">
<cfset session.auth.Title = "">
<cfset session.auth.FirstName = "">
<cfset session.auth.MiddleInitial = "">
<cfset session.auth.LastName = "">
<cfset session.auth.Address = "">
<cfset session.auth.City = "">
<cfset session.auth.State = "">
<cfset session.auth.ZIP = "">
<cfset session.auth.Telephone = "">
<cfset session.auth.UserEmail = "">
<cfset session.auth.UserPassword = "">
<cfset session.auth.UserRoleID = "">
<cfset session.auth.lastError = "">
</cffunction>
<cffunction name="onSessionStart" returntype="void">
<!--- defined all session variables, so they will always exist ---->
<cfset clearSessionVariables()>
</cffunction>
<!--- function: onRequestStart --->
<cffunction name="onRequestStart">
<cfargument type="String" name="targetPage" required="true" />
<!--- All these folders/top level files require a login, specific roles are addressed below ---->
<cfset var securefolders = "admin,data">
<cfset var currentFolder = listFirst(cgi.script_name,"/")>
<cfset REQUEST.companyName = "Office of Surface Mining and Reclamation Enforcement and AmeriCorps / VISTA Document Library">
<cfset REQUEST.userTable = "OSMVISTAUsers">
<!--- process login credentials --->
<!--- begin cfif isDefined("form.UserEmail") and isDefined("form.userPassword") --->
<cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin")>
<!--- check box to remember UserEmail was checked, so make a cookie for it --->
<cfif isDefined("form.SaveUserEmail") and form.SaveUserEmail is "Yes">
<cfcookie name="SaveUserEmail" value="#form.UserEmail#" expires="7">
</cfif>
<!--- user is attempting to log in, so process the login request ---->
<cfif NOT checkLogin(form.UserEmail, form.userPassword)>
<cfinclude template="/LoginError.cfm"> <!--- login failed, so show login error form ---->
<cfreturn false>
<!--- close cfif NOT checkLogin(form.UserEmail, form.userPassword) --->
</cfif>
<!--- close cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin") --->
</cfif>
<!--- /process login credentials --->
<cftry>
<!--- test for access to secureFolders --->
<cfif listFindNoCase(secureFolders, currentFolder)> <!---- are we in a secure area? --->
<cfif session.auth.isLoggedIn is False> <!--- This is a secure area, if the user is not logged in, go to login page ---->
<cfinclude template="/LoginForm.cfm">
<cfthrow message="Please log in with proper credentials to access this area.">
<cfabort>
<cfelse> <!--- the user is logged in, then check roles ---->
<cfswitch expression="#currentFolder#">
<cfcase value="admin">
<cfif listFind("1",session.auth.UserRoleID) eq 0> <!---- UserIDRole 1 has access to folder admin --->
<cfinclude template="/LoginError.cfm">
<cfabort>
</cfif>
</cfcase>
<cfcase value="data">
<cfif listFind("1,3",session.auth.UserRoleID) eq 0> <!---- UserIDRoles 1, 3 have access to folder data --->
<cfinclude template="/LoginError.cfm">
<cfabort>
</cfif>
</cfcase>
<cfdefaultcase> <!---- all other secure folders ---->
</cfdefaultcase>
</cfswitch>
</cfif> <!---- end if user is logged in or not ---->
</cfif> <!---- end if user is in a secure area or not ---->
<!--- /test for access to secureFolders --->
<cfcatch>
<cfset clearSessionVariables()>
<cfset SESSION.auth.lastError = cfcatch.message>
<cfreturn false>
</cfcatch>
</cftry>
<!--- if query_string contains cast(, then abort! --->
<cfif cgi.query_string contains "cast(">
<cfabort>
</cfif>
<!--- if query_string contains replace(, then abort! --->
<cfif cgi.query_string contains "replace(">
<cfabort>
</cfif>
</cffunction>
<!--- close function: onRequestStart --->
<!--- begin cfif isDefined("form.doLogin") --->
<cfif isDefined("form.doLogin")>
<!--- begin function checkLogin --->
<cffunction name="checkLogin">
<cfargument name="p_UserEmail" required=false default="" />
<cfargument name="p_password" required=false default="" />
<cfset var UserPassword = trim(arguments.p_password)>
<cfset var UserEmail = trim(arguments.p_UserEmail)>
<cfset var getUser = "">
<cftry>
<cfif len(UserPassword) eq 0 or len(UserEmail) eq 0>
<cfthrow message="Please enter UserEmail and password">
</cfif>
<cfquery name="getUser" datasource="#APPLICATION.dataSource#">
SELECT UserID, FirstName, UserRoleID, UserEmail, UserPassword
FROM #REQUEST.userTable#
WHERE UserEmail = <cfqueryparam cfsqltype="cf_sql_varchar" value="#UserEmail#" maxlength="255">
</cfquery>
<cfif getuser.recordCount eq 0>
<cfthrow message="Incorrect email address and/or password. Be sure to enter the correct, original email address with which you registered. Please type your password carefully.">
<cfelseif getUser.UserPassword is not UserPassword>
<cfthrow message="Invalid Password.">
</cfif>
<cfset clearSessionVariables()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.UserID = getUser.UserID>
<cfset SESSION.auth.FirstName = getUser.firstName>
<cfset SESSION.auth.UserRoleID = getUser.UserRoleID>
<cfset SESSION.auth.UserEmail = getUser.UserEmail>
<cfset SESSION.auth.lastError = "">
<!--- Now that user is logged in, send user to folder /data/ --->
<cflocation url="/data/" addtoken="no">
<cfreturn true>
<cfcatch>
<cfset clearSessionVariables()>
<cfset SESSION.auth.lastError = cfcatch.message>
<cfreturn false>
</cfcatch>
</cftry>
</cffunction>
<!--- close function checkLogin --->
<!--- close cfif isDefined("form.doLogin") --->
</cfif>
</cfcomponent>
loginform.cfm:
<!---
Filename: LoginForm.cfm
Created by: Nate Weiss (NMW)
Modified by: Eric B, gdemaria, July 2010
Purpose: Presented whenever a user has not logged in
Please Note Included by Application.cfc
--->
<!DOCTYPE html>
<html lang="en">
<head>
<title><cfoutput>#REQUEST.companyName#</cfoutput></title>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="Description" content="<cfoutput>#REQUEST.companyName#</cfoutput>" />
<cfinclude template="/kickstart.cfm">
<link rel="stylesheet" type="text/css" href="/style.css" media="all" /> <!-- CUSTOM STYLES -->
<link rel="stylesheet" type="text/css" href="http://manage.ebwebwork.com/adminStyle.css" media="all" />
</head>
<body class="center">
<div id="wrap" class="clearfix">
<!-- ===================================== END HEADER ===================================== -->
<div class="col_12">
<h1><cfoutput>#REQUEST.companyName#</cfoutput></h1>
<hr />
<h3 style="color:#ccc;">Hi, <cfoutput>#REQUEST.companyName#</cfoutput>. Please log in.</h3>
<form name="LoginForm" method="post" class="ebwebworkForm">
<p class="italic blue">Username:<br />
<input autofocus required
type="text"
name="x_email"
size="50"
value=""
maxlength="50" /></p>
<p class="italic blue">Password:<br />
<input required
type="password"
name="UserPassword"
size="50"
value=""
maxlength="50" /></p>
<input type="submit" value="Click To Log In" name="doLogin" />
</form>
<p style="margin-top:40px;">Kindly use Firefox or Chrome. Occasionally, please fully clear browser history, including cookies and cache. <a href="http://manage.ebwebwork.com/pages/How-do-I-clear-my-web-browser-history.cfm">More »</a></p>
</div><!--- /col_12 --->
</div><!--- /wrap--->
<div id="ebwebwork"><a href="http://ebwebwork.com/"><i class="icon-leaf" style="color:#6b9900;"></i> management system by ebwebwork</a></div>
</body></html>
loginerror.cfm:
<!---
Filename: LoginForm.cfm
Created by: Nate Weiss (NMW)
Modified by: Eric B, gdemaria, July 2010
Purpose: Presented whenever a user has not logged in
Please Note Included by Application.cfc
--->
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title><cfoutput>#REQUEST.companyName#</cfoutput></title>
<meta name="Description" content="<cfoutput>#REQUEST.companyName#</cfoutput>" />
<cfinclude template="/kickstart.cfm">
<link rel="stylesheet" type="text/css" href="/style.css" media="all" /> <!-- CUSTOM STYLES -->
<link rel="stylesheet" type="text/css" href="http://manage.ebwebwork.com/adminStyle.css" media="all" />
</head>
<body class="center">
<div id="wrap" class="clearfix">
<!-- ===================================== END HEADER ===================================== -->
<div class="col_12" style="min-height:800px;"><!---col12--->
<h1>You have tried to view a page to which you do not have rights.</h1>
<h1><a href="javascript:history.go(-1)">Please go back.</a></h1>
<p> </p>
<p> </p>
<p> </p>
</div><!---/col_12--->
</div><!---/wrap--->
</body></html>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That worked. I forgot to update the INPUT with the correct form field name.
I wonder why loginerror.cfm did not display?
I wonder why loginerror.cfm did not display?
>> How do I miss this one simple thing?
The brain sees what it expects to see ;-) Happened to me yesterday.
>> I wonder why loginerror.cfm did not display?
Due to the difference in field name, it fails this condition:
<cfif isDefined("form.UserEmail" ) ....
So the login code never even executes.
The brain sees what it expects to see ;-) Happened to me yesterday.
>> I wonder why loginerror.cfm did not display?
Due to the difference in field name, it fails this condition:
<cfif isDefined("form.UserEmail"
So the login code never even executes.
ASKER
That's it. =) Got it.
ASKER
It is indeed brilliant code!
Tomorrow my ISP is upgrading ColdFusion on my server from version 9 to version 11. I don't think I use any deprecated tags on any of my sites. But, this should be interesting. ;-)
gdemaria and _agx_, thank you as always. Have a great evening.
Eric
Tomorrow my ISP is upgrading ColdFusion on my server from version 9 to version 11. I don't think I use any deprecated tags on any of my sites. But, this should be interesting. ;-)
gdemaria and _agx_, thank you as always. Have a great evening.
Eric
ASKER
I've only been staring at this for four hours. How do I miss this one simple thing?
Fixing it now =)
Thank you both! E