Solved

session authentication problem

Posted on 2015-01-09
37
116 Views
Last Modified: 2015-01-20
ColdFusion 11
MS SQL Server 2005

Short version: I am having trouble with authentication. Some web pages that I do not want to protect with session authentication are getting protected anyway!

Long version: I've been staring at application.cfc for a while. Currently, folders /admin/ and /data/ are protected by session authentication. UserRoleID 1 can access folder /admin/; UserRoleID 3, /data/. This works great.

But I have other web pages in a folder called /pages/. Those pages, in folder /pages/, should not be protected by session authentication.

Example: http://www.vistateamlibrary.org/pages/Become-an-OSMRE-VISTA-Team-Volunteer.cfm .... Anybody should be able to visit this page.

I've copied application.cfc -- where I assume the problem exists -- below. What do you think is going on?

Thank you as alway for your help. =)

Eric

<!--- Filename: Application.cfc
 Created by: Raymond Camden (ray@camdenfamily.com)
 Modified by: Eric B, gdemaria, _agx_ July 2010 --->

<cfcomponent output="false">

  <!--- Name the application. --->
  <cfset this.name="VISTA and AmeriCorps Document Library">
  
  <cfset this.applicationTimeout = CreateTimeSpan(0,0,360,0)>
  
  <!--- Turn on session management. --->
  <cfset this.sessionManagement="true">
  
  <!--- Set session timeout period --->
  <cfset this.sessionTimeout = CreateTimeSpan(0,0,360,0)>

  <cfset this.clientManagement = "false">

  
<!--- function: onApplicationStart --->
  <cffunction name="onApplicationStart" output="false" returnType="void">

    <!--- Any variables set here can be used by all of the application's pages --->
    <cfset APPLICATION.dataSource = "osmVISTA">
   
    
<!--- Set up Application variables. Locking the Application scope is not necessary in this method. --->
		<cfset Application.configured = 1>
		<cfset Application.datetimeConfigured = TimeFormat(Now(), "hh:mm tt") & "  " & DateFormat(Now(), "mm.dd.yyyy")>
		<cfset Application.currentSessions = 0>
  
  </cffunction> 
  
   
    <cffunction name="clearSessionVariables" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset session.auth = structNew()>
      <cfset session.auth.isLoggedIn  = false>
      <cfset session.auth.UserID  = "">
      <cfset session.auth.Title   = "">
      <cfset session.auth.FirstName   = "">
      <cfset session.auth.MiddleInitial   = "">
      <cfset session.auth.LastName    = "">
      <cfset session.auth.Address    = "">
      <cfset session.auth.City    = "">
      <cfset session.auth.State    = "">
      <cfset session.auth.ZIP    = "">
      <cfset session.auth.Telephone   = "">
      <cfset session.auth.UserEmail    = "">
      <cfset session.auth.UserPassword    = "">
      <cfset session.auth.UserRoleID  = "">
      <cfset session.auth.lastError  = "">
  </cffunction>
  
  <cffunction name="onSessionStart" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset clearSessionVariables()>
  </cffunction>
  

<!--- function: onRequestStart ---> 

<cffunction name="onRequestStart">
<cfargument type="String" name="targetPage" required="true" /> 

<!--- All these folders/top level files require a login, specific roles are addressed below ---->  
<cfset var securefolders = "admin,data">  
<cfset var currentFolder = listFirst(cgi.script_name,"/")>  
<cfset REQUEST.companyName = "VISTA and AmeriCorps Document Library">
<cfset REQUEST.userTable = "OSMVISTAUsers">
<cfset REQUEST.companyURL = "www.vistateamlibrary.org">
<cfset REQUEST.companyDomain = "vistateamlibrary.org">
<cfset REQUEST.TopicsTable = "OSMDocumentTopic">
<cfset REQUEST.SubTopicsTable = "OSMDocumentSubTopic">
<cfset REQUEST.SubSubTopicsTable = "OSMDocumentSubSubTopic">
<cfset REQUEST.LocationLookupTable = "OSMVISTALocationLookup">
<cfset REQUEST.DocumentsTable = "OSMVistaDocs">
<cfset REQUEST.FilesTable = "OSMVISTAFiles">
<cfset REQUEST.contentTable = "osmvistaNavigation">

<!--- process login credentials --->

 <!--- begin cfif isDefined("form.UserEmail") and isDefined("form.userPassword") ---> 
    <cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin")>
     
   
         <!--- check box to remember UserEmail was checked, so make a cookie for it ---> 
                <cfif isDefined("form.SaveUserEmail") and form.SaveUserEmail is "Yes"> 
          <cfcookie name="SaveUserEmail" value="#form.UserEmail#" expires="7"> 
        </cfif> 
         
        <!--- user is attempting to log in, so process the login request ----> 
        <cfif NOT checkLogin(form.UserEmail, form.userPassword)> 
           <cfinclude template="/LoginError.cfm"> <!--- login failed, so show login error form ----> 
           <cfreturn false>  
           <!--- close cfif NOT checkLogin(form.UserEmail, form.userPassword) ---> 
        </cfif> 
    <!--- close cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin") ---> 
    </cfif> 
 
<!--- /process login credentials --->


<cftry>

<!--- test for access to secureFolders --->
     <cfif listFindNoCase(secureFolders, currentFolder)>  <!---- are we in a secure area? --->  
       <cfif session.auth.isLoggedIn is False> <!--- This is a secure area, if the user is not logged in, go to login page ---->  
           <cfinclude template="/LoginForm.cfm">
            <cfthrow message="Please log in to access this area.">
           <cfabort>  
       <cfelse> <!--- the user is logged in, then check roles ---->  
           <cfswitch expression="#currentFolder#">  
              <cfcase value="admin">  
                  <cfif listFind("1",session.auth.UserRoleID) eq 0> <!---- UserIDRole 1 has access to folder admin --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfcase value="data">  
                  <cfif listFind("1,3",session.auth.UserRoleID) eq 0>  <!---- UserIDRoles 1, 3 have access to folder data --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfcase value="pages">  
                  <cfif listFind("1,3",session.auth.UserRoleID) eq 0>  <!---- UserIDRoles 1, 3 have access to folder pages --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>
              <cfdefaultcase> <!---- all other secure folders ---->  
              </cfdefaultcase>  
           </cfswitch>  
       </cfif> <!---- end if user is logged in or not ---->  
    </cfif>  <!---- end if user is in a secure area or not ---->  
    
    <!--- /test for access to secureFolders --->
         
      <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>


             <!--- if query_string contains cast(, then abort! --->                                              
    <cfif cgi.query_string contains "cast(">
      <cfabort>
    </cfif>
    
              <!--- if query_string contains replace(, then abort! --->                                              
    <cfif cgi.query_string contains "replace(">
      <cfabort>
    </cfif>
    
    <cfinclude template="/blockFunctions.cfm">   

   </cffunction>
  <!--- close function: onRequestStart --->
 
 
 <!--- begin cfif isDefined("form.doLogin") --->
    <cfif isDefined("form.doLogin")>
    
     
<!--- begin function checkLogin --->
<cffunction name="checkLogin">

  <cfargument name="p_UserEmail" required=false default="" />
  <cfargument name="p_password" required=false default="" />

  <cfset var UserPassword = trim(arguments.p_password)>
  <cfset var UserEmail     = trim(arguments.p_UserEmail)>
  <cfset var getUser = "">

  <cftry>
      <cfif len(UserPassword) eq 0 or len(UserEmail) eq 0>
         <cfthrow message="Please enter UserEmail and password">
      </cfif> 
    
      <cfquery name="getUser" datasource="#APPLICATION.dataSource#">
       SELECT UserID, FirstName, UserRoleID, UserEmail, UserPassword
        FROM #REQUEST.userTable#
       WHERE UserEmail = <cfqueryparam cfsqltype="cf_sql_varchar" value="#UserEmail#" maxlength="255"> 
      </cfquery>
      <cfif getuser.recordCount eq 0>
        <cfthrow message="Incorrect email address and/or password. Be sure to enter the correct, original email address with which you registered. Please type your password carefully.">
      <cfelseif getUser.UserPassword is not UserPassword>
        <cfthrow message="Invalid Password.">
       </cfif>
    
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.isLoggedIn = "Yes">
      <cfset SESSION.auth.UserID     = getUser.UserID>
      <cfset SESSION.auth.FirstName  = getUser.firstName>
      <cfset SESSION.auth.UserRoleID = getUser.UserRoleID>
      <cfset SESSION.auth.UserEmail  = getUser.UserEmail>
      <cfset SESSION.auth.lastError  = "">
      
 
 <!--- Now that user is logged in, send user to folder /data/ --->

 <cflocation url="/data/" addtoken="no">
      
      <cfreturn true>
      
      
  <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>
    
</cffunction>
<!--- close function checkLogin --->

      <!--- close cfif isDefined("form.doLogin") --->
    </cfif>


</cfcomponent>

Open in new window



p.s. Related notes not directly pertinent to immediate question, but which I have been contemplating.

I've been doing some reading on updated authentication methods in ColdFusion 10 and 11. gdemaria and _agx_ helped me build this current application.cfc .... quite a long time ago! It still works like a charm. My clients use this every single day. And I feel I have learned how it works, just by dint of staring at it for so long and doing tess and experiments.

Stuff I have been looking at:

http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7c35.html

http://www.adobe.com/devnet/coldfusion/articles/security-improvements-cf11.html

I think what I will do is build, on my own, a new application.cfc and see what happens. I might run it by you after I get it working. =)
0
Comment
Question by:Eric Bourland
  • 20
  • 9
  • 8
37 Comments
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 200 total points
Comment Utility
you need to put some cfoutputs in there to  determine which code blocks are being executed, the code looks good but the variables might not be you will need to out[ut them to see what is actually being processed.


try this

<cfoutput> before try<br/> </cfoutput>
<cftry>
<cfoutput>secureFolders #secureFolders# | currentFolder #currentFolder#<br/></cfoutput>
<!--- test for access to secureFolders --->
     <cfif listFindNoCase(secureFolders, currentFolder)>  <!---- are we in a secure area? --->  
       <cfoutput>session.auth.isLoggedIn #session.auth.isLoggedIn#<br/></cfoutput>
			 <cfif session.auth.isLoggedIn is False> <!--- This is a secure area, if the user is not logged in, go to login page ---->  
           <cfoutput> in if<br/></cfoutput>
           <cfinclude template="/LoginForm.cfm">
            <cfthrow message="Please log in to access this area.">
           <cfabort>  
       <cfelse> <!--- the user is logged in, then check roles ---->  
       	<cfoutput> in else<br/></cfoutput>
           <cfswitch expression="#currentFolder#">  
              <cfcase value="admin">  
                  <cfif listFind("1",session.auth.UserRoleID) eq 0> <!---- UserIDRole 1 has access to folder admin --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfcase value="data">  
                  <cfif listFind("1,3",session.auth.UserRoleID) eq 0>  <!---- UserIDRoles 1, 3 have access to folder data --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfcase value="pages">  
                  <cfif listFind("1,3",session.auth.UserRoleID) eq 0>  <!---- UserIDRoles 1, 3 have access to folder pages --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>
              <cfdefaultcase> <!---- all other secure folders ---->  
              </cfdefaultcase>  
           </cfswitch>  
       </cfif> <!---- end if user is logged in or not ---->  
    </cfif>  <!---- end if user is in a secure area or not ---->  
    
    <!--- /test for access to secureFolders --->
         
      <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>

Open in new window

0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Dear Jester_48,

Thanks for your note! Here's what I did:

I added those three <cfoutputs>s where you indicated.

I logged in to the http://www.vistateamlibrary.org/ web site, and I see:

before try
in else

in the upper left corner of the web page

* next, I click on one of the links in /pages/ -- http://www.vistateamlibrary.org/pages/Become-a-sponsor-for-an-OSMRE-VISTA.cfm

and  I am sent to the loginform.cfm template. In the upper left corner I see: before cftry

So ... I am not sure exactly how to tell what is being processed. =) What is my next step?

Thank you again for your help.

Eric
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 200 total points
Comment Utility
comment out the try/catch, i think an error is being generated but the try/catch prevents it from showing
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Comment out:

      <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>

or comment out the entire CFTRY?
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 200 total points
Comment Utility
the <try> and everything between <catch> and </try> inclusive
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 300 total points
Comment Utility
>> Example: http://www.vistateamlibrary.org/pages/Become-an-OSMRE-VISTA-Team-Volunteer.cfm ....
>> Anybody should be able to visit this page.

That's not what the code says ;-) It's only accessible to users with a role of 1 or 3.  Remove that cfcase and you should be good to go:

           
<cfcase value="pages">  
    <cfif listFind("1,3",session.auth.UserRoleID) eq 0>  <!---- UserIDRoles 1, 3 have access to folder pages --->  
         <cfinclude template="/LoginError.cfm">
          <cfabort>  
    </cfif>  
</cfcase>

Open in new window

0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Dear _agx_,

Hmm, yes. I hear you and I agree. But there is more to the story. =) I added that cfcase code last night -- just to see if I could visit any of the pages in the /pages/ folder while I was logged in as admin with userRoleID = 1. I found I still could not visit any of those pages!

I should have removed that extraneous cfcase code before I posted my application.cfc. I have added some confusion to this question.

... I just took away the cfcase code -- and logged in as admin with UserRoleID 1 -- and cannot access any of the pages in the /pages/ folder.

I am going to comment out the CFTRY and see if any particular errors display. brb
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Hmmm. OK. I commented out the entire CFTRY. I logged out and logged in again. Still cannot access anything in /pages/ -- I get sent to the login page again and again.

No error displayed. I made sure that robust debugging is enabled in CF Admin.

This is weird. I am probably missing something very simple. =)
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Current application.cfc -- with CFOUTPUTs, and CFTRY commented out:

<!--- Filename: Application.cfc
 Created by: Raymond Camden (ray@camdenfamily.com)
 Modified by: Eric B, gdemaria, _agx_ July 2010 --->

<cfcomponent output="false">

  <!--- Name the application. --->
  <cfset this.name="VISTA and AmeriCorps Document Library">
  
  <cfset this.applicationTimeout = CreateTimeSpan(0,0,360,0)>
  
  <!--- Turn on session management. --->
  <cfset this.sessionManagement="true">
  
  <!--- Set session timeout period --->
  <cfset this.sessionTimeout = CreateTimeSpan(0,0,360,0)>

  <cfset this.clientManagement = "false">

  
<!--- function: onApplicationStart --->
  <cffunction name="onApplicationStart" output="false" returnType="void">

    <!--- Any variables set here can be used by all of the application's pages --->
    <cfset APPLICATION.dataSource = "osmVISTA">
   
    
<!--- Set up Application variables. Locking the Application scope is not necessary in this method. --->
		<cfset Application.configured = 1>
		<cfset Application.datetimeConfigured = TimeFormat(Now(), "hh:mm tt") & "  " & DateFormat(Now(), "mm.dd.yyyy")>
		<cfset Application.currentSessions = 0>
  
  </cffunction> 
  
   
    <cffunction name="clearSessionVariables" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset session.auth = structNew()>
      <cfset session.auth.isLoggedIn  = false>
      <cfset session.auth.UserID  = "">
      <cfset session.auth.Title   = "">
      <cfset session.auth.FirstName   = "">
      <cfset session.auth.MiddleInitial   = "">
      <cfset session.auth.LastName    = "">
      <cfset session.auth.Address    = "">
      <cfset session.auth.City    = "">
      <cfset session.auth.State    = "">
      <cfset session.auth.ZIP    = "">
      <cfset session.auth.Telephone   = "">
      <cfset session.auth.UserEmail    = "">
      <cfset session.auth.UserPassword    = "">
      <cfset session.auth.UserRoleID  = "">
      <cfset session.auth.lastError  = "">
  </cffunction>
  
  <cffunction name="onSessionStart" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset clearSessionVariables()>
  </cffunction>
  

<!--- function: onRequestStart ---> 

<cffunction name="onRequestStart">
<cfargument type="String" name="targetPage" required="true" /> 

<!--- All these folders/top level files require a login, specific roles are addressed below ---->  
<cfset var securefolders = "admin,data">  
<cfset var currentFolder = listFirst(cgi.script_name,"/")>  
<cfset REQUEST.companyName = "VISTA and AmeriCorps Document Library">
<cfset REQUEST.userTable = "OSMVISTAUsers">
<cfset REQUEST.companyURL = "www.vistateamlibrary.org">
<cfset REQUEST.companyDomain = "vistateamlibrary.org">
<cfset REQUEST.TopicsTable = "OSMDocumentTopic">
<cfset REQUEST.SubTopicsTable = "OSMDocumentSubTopic">
<cfset REQUEST.SubSubTopicsTable = "OSMDocumentSubSubTopic">
<cfset REQUEST.LocationLookupTable = "OSMVISTALocationLookup">
<cfset REQUEST.DocumentsTable = "OSMVistaDocs">
<cfset REQUEST.FilesTable = "OSMVISTAFiles">
<cfset REQUEST.contentTable = "osmvistaNavigation">

<!--- process login credentials --->

 <!--- begin cfif isDefined("form.UserEmail") and isDefined("form.userPassword") ---> 
    <cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin")>
     
   
         <!--- check box to remember UserEmail was checked, so make a cookie for it ---> 
                <cfif isDefined("form.SaveUserEmail") and form.SaveUserEmail is "Yes"> 
          <cfcookie name="SaveUserEmail" value="#form.UserEmail#" expires="7"> 
        </cfif> 
         
        <!--- user is attempting to log in, so process the login request ----> 
        <cfif NOT checkLogin(form.UserEmail, form.userPassword)> 
           <cfinclude template="/LoginError.cfm"> <!--- login failed, so show login error form ----> 
           <cfreturn false>  
           <!--- close cfif NOT checkLogin(form.UserEmail, form.userPassword) ---> 
        </cfif> 
    <!--- close cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin") ---> 
    </cfif> 
 
<!--- /process login credentials --->

<cfoutput> before try<br/> </cfoutput>
<!---
<cftry>

<!--- test for access to secureFolders --->
     <cfif listFindNoCase(secureFolders, currentFolder)>  <!---- are we in a secure area? --->  
       <cfif session.auth.isLoggedIn is False> <!--- This is a secure area, if the user is not logged in, go to login page ---->
       
       <cfoutput> in if<br/></cfoutput>
         
           <cfinclude template="/LoginForm.cfm">
            <cfthrow message="Please log in to access this area.">
           <cfabort>  
       <cfelse> <!--- the user is logged in, then check roles ---->  
       
        	<cfoutput> in else<br/></cfoutput>
       
           <cfswitch expression="#currentFolder#">  
              <cfcase value="admin">  
                  <cfif listFind("1",session.auth.UserRoleID) eq 0> <!---- UserIDRole 1 has access to folder admin --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfcase value="data">  
                  <cfif listFind("1,3",session.auth.UserRoleID) eq 0>  <!---- UserIDRoles 1, 3 have access to folder data --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfdefaultcase> <!---- all other secure folders ---->  
              </cfdefaultcase>  
           </cfswitch>  
       </cfif> <!---- end if user is logged in or not ---->  
    </cfif>  <!---- end if user is in a secure area or not ---->  
    
    <!--- /test for access to secureFolders --->
         
      <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>--->


             <!--- if query_string contains cast(, then abort! --->                                              
    <cfif cgi.query_string contains "cast(">
      <cfabort>
    </cfif>
    
              <!--- if query_string contains replace(, then abort! --->                                              
    <cfif cgi.query_string contains "replace(">
      <cfabort>
    </cfif>
    
    <cfinclude template="/blockFunctions.cfm">   

   </cffunction>
  <!--- close function: onRequestStart --->
 
 
 <!--- begin cfif isDefined("form.doLogin") --->
    <cfif isDefined("form.doLogin")>
    
     
<!--- begin function checkLogin --->
<cffunction name="checkLogin">

  <cfargument name="p_UserEmail" required=false default="" />
  <cfargument name="p_password" required=false default="" />

  <cfset var UserPassword = trim(arguments.p_password)>
  <cfset var UserEmail     = trim(arguments.p_UserEmail)>
  <cfset var getUser = "">

  <cftry>
      <cfif len(UserPassword) eq 0 or len(UserEmail) eq 0>
         <cfthrow message="Please enter UserEmail and password">
      </cfif> 
    
      <cfquery name="getUser" datasource="#APPLICATION.dataSource#">
       SELECT UserID, FirstName, UserRoleID, UserEmail, UserPassword
        FROM #REQUEST.userTable#
       WHERE UserEmail = <cfqueryparam cfsqltype="cf_sql_varchar" value="#UserEmail#" maxlength="255"> 
      </cfquery>
      <cfif getuser.recordCount eq 0>
        <cfthrow message="Incorrect email address and/or password. Be sure to enter the correct, original email address with which you registered. Please type your password carefully.">
      <cfelseif getUser.UserPassword is not UserPassword>
        <cfthrow message="Invalid Password.">
       </cfif>
    
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.isLoggedIn = "Yes">
      <cfset SESSION.auth.UserID     = getUser.UserID>
      <cfset SESSION.auth.FirstName  = getUser.firstName>
      <cfset SESSION.auth.UserRoleID = getUser.UserRoleID>
      <cfset SESSION.auth.UserEmail  = getUser.UserEmail>
      <cfset SESSION.auth.lastError  = "">
      
 
 <!--- Now that user is logged in, send user to folder /data/ --->

 <cflocation url="/data/" addtoken="no">
      
      <cfreturn true>
      
      
  <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>
    
</cffunction>
<!--- close function checkLogin --->

      <!--- close cfif isDefined("form.doLogin") --->
    </cfif>


</cfcomponent>

Open in new window

0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 300 total points
Comment Utility
Ah, okay.

Well then you need to do what Jester suggested. Add some debugging code, before the case statements, that dump the values. Then you can see what's happening. At the very least dump these:

secureFolders
currentFolder
session.auth.isLoggedIn
session.auth.UserRoleID
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Dear Jester and _agx_,

Got it! Working on this now. I think if I comment out the entire CFTRY section, then I do not need to add in:

<cfoutput> before try<br/> </cfoutput>

and so on. Correct?

I went ahead and commented out the CFTRY, and added the CFDUMP inside the OnRequestStart function.

Here's the application.cfc:

<!--- Filename: Application.cfc
 Created by: Raymond Camden (ray@camdenfamily.com)
 Modified by: Eric B, gdemaria, _agx_ July 2010 --->

<cfcomponent output="false">

  <!--- Name the application. --->
  <cfset this.name="VISTA and AmeriCorps Document Library">
  
  <cfset this.applicationTimeout = CreateTimeSpan(0,0,360,0)>
  
  <!--- Turn on session management. --->
  <cfset this.sessionManagement="true">
  
  <!--- Set session timeout period --->
  <cfset this.sessionTimeout = CreateTimeSpan(0,0,360,0)>

  <cfset this.clientManagement = "false">

  
<!--- function: onApplicationStart --->
  <cffunction name="onApplicationStart" output="false" returnType="void">

    <!--- Any variables set here can be used by all of the application's pages --->
    <cfset APPLICATION.dataSource = "osmVISTA">
   
    
<!--- Set up Application variables. Locking the Application scope is not necessary in this method. --->
		<cfset Application.configured = 1>
		<cfset Application.datetimeConfigured = TimeFormat(Now(), "hh:mm tt") & "  " & DateFormat(Now(), "mm.dd.yyyy")>
		<cfset Application.currentSessions = 0>
  
  </cffunction> 
  
   
    <cffunction name="clearSessionVariables" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset session.auth = structNew()>
      <cfset session.auth.isLoggedIn  = false>
      <cfset session.auth.UserID  = "">
      <cfset session.auth.Title   = "">
      <cfset session.auth.FirstName   = "">
      <cfset session.auth.MiddleInitial   = "">
      <cfset session.auth.LastName    = "">
      <cfset session.auth.Address    = "">
      <cfset session.auth.City    = "">
      <cfset session.auth.State    = "">
      <cfset session.auth.ZIP    = "">
      <cfset session.auth.Telephone   = "">
      <cfset session.auth.UserEmail    = "">
      <cfset session.auth.UserPassword    = "">
      <cfset session.auth.UserRoleID  = "">
      <cfset session.auth.lastError  = "">
  </cffunction>
  
  <cffunction name="onSessionStart" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset clearSessionVariables()>
  </cffunction>
  

<!--- function: onRequestStart ---> 

<cffunction name="onRequestStart">
<cfargument type="String" name="targetPage" required="true" /> 

<!--- All these folders/top level files require a login, specific roles are addressed below ---->  
<cfset var securefolders = "admin,data">  
<cfset var currentFolder = listFirst(cgi.script_name,"/")>  
<cfset REQUEST.companyName = "VISTA and AmeriCorps Document Library">
<cfset REQUEST.userTable = "OSMVISTAUsers">
<cfset REQUEST.companyURL = "www.vistateamlibrary.org">
<cfset REQUEST.companyDomain = "vistateamlibrary.org">
<cfset REQUEST.TopicsTable = "OSMDocumentTopic">
<cfset REQUEST.SubTopicsTable = "OSMDocumentSubTopic">
<cfset REQUEST.SubSubTopicsTable = "OSMDocumentSubSubTopic">
<cfset REQUEST.LocationLookupTable = "OSMVISTALocationLookup">
<cfset REQUEST.DocumentsTable = "OSMVistaDocs">
<cfset REQUEST.FilesTable = "OSMVISTAFiles">
<cfset REQUEST.contentTable = "osmvistaNavigation">

<!--- process login credentials --->

 <!--- begin cfif isDefined("form.UserEmail") and isDefined("form.userPassword") ---> 
    <cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin")>
     
   
         <!--- check box to remember UserEmail was checked, so make a cookie for it ---> 
                <cfif isDefined("form.SaveUserEmail") and form.SaveUserEmail is "Yes"> 
          <cfcookie name="SaveUserEmail" value="#form.UserEmail#" expires="7"> 
        </cfif> 
         
        <!--- user is attempting to log in, so process the login request ----> 
        <cfif NOT checkLogin(form.UserEmail, form.userPassword)> 
           <cfinclude template="/LoginError.cfm"> <!--- login failed, so show login error form ----> 
           <cfreturn false>  
           <!--- close cfif NOT checkLogin(form.UserEmail, form.userPassword) ---> 
        </cfif> 
    <!--- close cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin") ---> 
    </cfif> 
 
<!--- /process login credentials --->

<!--- comment out CFTRY


<cftry>

<!--- test for access to secureFolders --->
     <cfif listFindNoCase(secureFolders, currentFolder)>  <!---- are we in a secure area? --->  
       <cfif session.auth.isLoggedIn is False> <!--- This is a secure area, if the user is not logged in, go to login page ---->
       
           <cfinclude template="/LoginForm.cfm">
            <cfthrow message="Please log in to access this area.">
           <cfabort>  
       <cfelse> <!--- the user is logged in, then check roles ---->  
       
           <cfswitch expression="#currentFolder#">  
              <cfcase value="admin">  
                  <cfif listFind("1",session.auth.UserRoleID) eq 0> <!---- UserIDRole 1 has access to folder admin --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfcase value="data">  
                  <cfif listFind("1,3",session.auth.UserRoleID) eq 0>  <!---- UserIDRoles 1, 3 have access to folder data --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfdefaultcase> <!---- all other secure folders ---->  
              </cfdefaultcase>  
           </cfswitch>  
       </cfif> <!---- end if user is logged in or not ---->  
    </cfif>  <!---- end if user is in a secure area or not ---->  
    
    <!--- /test for access to secureFolders --->
         
      <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>


/ comment out CFTRY --->

<cfinclude template="/blockFunctions.cfm">   

<!--- while OnRequestStart is still running, CFDUMP authentication variables --->

<cfdump var="#secureFolders#" expand="yes">
<cfdump var="#currentFolder#" expand="yes">
<cfdump var="#session.auth.isLoggedIn#" expand="yes">
<cfdump var="#session.auth.UserRoleID#" expand="yes">


   </cffunction>
  <!--- close function: onRequestStart --->
 
 
 <!--- begin cfif isDefined("form.doLogin") --->
    <cfif isDefined("form.doLogin")>
    
     
<!--- begin function checkLogin --->
<cffunction name="checkLogin">

  <cfargument name="p_UserEmail" required=false default="" />
  <cfargument name="p_password" required=false default="" />

  <cfset var UserPassword = trim(arguments.p_password)>
  <cfset var UserEmail     = trim(arguments.p_UserEmail)>
  <cfset var getUser = "">

  <cftry>
      <cfif len(UserPassword) eq 0 or len(UserEmail) eq 0>
         <cfthrow message="Please enter UserEmail and password">
      </cfif> 
    
      <cfquery name="getUser" datasource="#APPLICATION.dataSource#">
       SELECT UserID, FirstName, UserRoleID, UserEmail, UserPassword
        FROM #REQUEST.userTable#
       WHERE UserEmail = <cfqueryparam cfsqltype="cf_sql_varchar" value="#UserEmail#" maxlength="255"> 
      </cfquery>
      <cfif getuser.recordCount eq 0>
        <cfthrow message="Incorrect email address and/or password. Be sure to enter the correct, original email address with which you registered. Please type your password carefully.">
      <cfelseif getUser.UserPassword is not UserPassword>
        <cfthrow message="Invalid Password.">
       </cfif>
    
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.isLoggedIn = "Yes">
      <cfset SESSION.auth.UserID     = getUser.UserID>
      <cfset SESSION.auth.FirstName  = getUser.firstName>
      <cfset SESSION.auth.UserRoleID = getUser.UserRoleID>
      <cfset SESSION.auth.UserEmail  = getUser.UserEmail>
      <cfset SESSION.auth.lastError  = "">
      
 
 <!--- Now that user is logged in, send user to folder /data/ --->

 <cflocation url="/data/" addtoken="no">
      
      <cfreturn true>
      
      
  <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>
    
</cffunction>
<!--- close function checkLogin --->

      <!--- close cfif isDefined("form.doLogin") --->
    </cfif>


</cfcomponent>

Open in new window


I'll summarize the results:

* After successful login, I am sent to http://www.vistateamlibrary.org/data/, because the CFLOCATION tag says to do that. That's all good!

* When I log in as admin (UserRoleID 1) I get this output from the CFDUMP:

admin,data data Yes 1

Open in new window


* When I try to view any pages with the /pages/ folder, I am sent not to /pages/, but back to http://www.vistateamlibrary.org/data/ ... the /data/ folder, when I am presented with the login screen.

Eg.: http://www.vistateamlibrary.org/pages/Meet-our-sister-VISTA-Team-with-DOI.cfm

If you point a browser there, you will be presented with a login prompt.

* And then I see this output from CFDUMP: admin,data pages Yes 1

So, I am not sure what to make of this! My goal is to see http://www.vistateamlibrary.org/pages/Meet-our-sister-VISTA-Team-with-DOI.cfm ... without seeing a login prompt.

What else can I do to diagnose this odd problem?

Thank you again for your help. Hope your weekend was great. =)

Eric
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 200 total points
Comment Utility
try it with  just

<cftry>

and

     
     <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>


commented out
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Got it.

Done.

Then I logged out and logged in again.

Hmmm.... same result.

We are getting a result, which is good; I am just not sure what to make of it.

I formatted the CFDUMP output to make it more readable, which you can see here:

http://www.vistateamlibrary.org/pages/Meet-our-sister-VISTA-Team-with-DOI.cfm

I wonder if I should start over .... remove all folder protection and session authentication, and then add protection for folders /admin/ and /data/.

Though I am not sure how I would do that except to do what I already have done, below?

Thank you again for your help and ideas.

Eric

<!--- Filename: Application.cfc
 Created by: Raymond Camden (ray@camdenfamily.com)
 Modified by: Eric B, gdemaria, _agx_ July 2010 --->

<cfcomponent output="false">

  <!--- Name the application. --->
  <cfset this.name="VISTA and AmeriCorps Document Library">
  
  <cfset this.applicationTimeout = CreateTimeSpan(0,0,360,0)>
  
  <!--- Turn on session management. --->
  <cfset this.sessionManagement="true">
  
  <!--- Set session timeout period --->
  <cfset this.sessionTimeout = CreateTimeSpan(0,0,360,0)>

  <cfset this.clientManagement = "false">

  
<!--- function: onApplicationStart --->
  <cffunction name="onApplicationStart" output="false" returnType="void">

    <!--- Any variables set here can be used by all of the application's pages --->
    <cfset APPLICATION.dataSource = "osmVISTA">
   
    
<!--- Set up Application variables. Locking the Application scope is not necessary in this method. --->
		<cfset Application.configured = 1>
		<cfset Application.datetimeConfigured = TimeFormat(Now(), "hh:mm tt") & "  " & DateFormat(Now(), "mm.dd.yyyy")>
		<cfset Application.currentSessions = 0>
  
  </cffunction> 
  
   
    <cffunction name="clearSessionVariables" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset session.auth = structNew()>
      <cfset session.auth.isLoggedIn  = false>
      <cfset session.auth.UserID  = "">
      <cfset session.auth.Title   = "">
      <cfset session.auth.FirstName   = "">
      <cfset session.auth.MiddleInitial   = "">
      <cfset session.auth.LastName    = "">
      <cfset session.auth.Address    = "">
      <cfset session.auth.City    = "">
      <cfset session.auth.State    = "">
      <cfset session.auth.ZIP    = "">
      <cfset session.auth.Telephone   = "">
      <cfset session.auth.UserEmail    = "">
      <cfset session.auth.UserPassword    = "">
      <cfset session.auth.UserRoleID  = "">
      <cfset session.auth.lastError  = "">
  </cffunction>
  
  <cffunction name="onSessionStart" returntype="void">
      <!--- defined all session variables, so they will always exist ---->
      <cfset clearSessionVariables()>
  </cffunction>
  

<!--- function: onRequestStart ---> 

<cffunction name="onRequestStart">
<cfargument type="String" name="targetPage" required="true" /> 

<!--- All these folders/top level files require a login, specific roles are addressed below ---->  
<cfset var securefolders = "admin,data">  
<cfset var currentFolder = listFirst(cgi.script_name,"/")>  
<cfset REQUEST.companyName = "VISTA and AmeriCorps Document Library">
<cfset REQUEST.userTable = "OSMVISTAUsers">
<cfset REQUEST.companyURL = "www.vistateamlibrary.org">
<cfset REQUEST.companyDomain = "vistateamlibrary.org">
<cfset REQUEST.TopicsTable = "OSMDocumentTopic">
<cfset REQUEST.SubTopicsTable = "OSMDocumentSubTopic">
<cfset REQUEST.SubSubTopicsTable = "OSMDocumentSubSubTopic">
<cfset REQUEST.LocationLookupTable = "OSMVISTALocationLookup">
<cfset REQUEST.DocumentsTable = "OSMVistaDocs">
<cfset REQUEST.FilesTable = "OSMVISTAFiles">
<cfset REQUEST.contentTable = "osmvistaNavigation">

<!--- process login credentials --->

 <!--- begin cfif isDefined("form.UserEmail") and isDefined("form.userPassword") ---> 
    <cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin")>
     
   
         <!--- check box to remember UserEmail was checked, so make a cookie for it ---> 
                <cfif isDefined("form.SaveUserEmail") and form.SaveUserEmail is "Yes"> 
          <cfcookie name="SaveUserEmail" value="#form.UserEmail#" expires="7"> 
        </cfif> 
         
        <!--- user is attempting to log in, so process the login request ----> 
        <cfif NOT checkLogin(form.UserEmail, form.userPassword)> 
           <cfinclude template="/LoginError.cfm"> <!--- login failed, so show login error form ----> 
           <cfreturn false>  
           <!--- close cfif NOT checkLogin(form.UserEmail, form.userPassword) ---> 
        </cfif> 
    <!--- close cfif isDefined("form.UserEmail") and isDefined("form.userPassword") and isDefined("form.doLogin") ---> 
    </cfif> 
 
<!--- /process login credentials --->

<!--- comment out CFTRY

<cftry>

/ comment out CFTRY --->

<!--- test for access to secureFolders --->
     <cfif listFindNoCase(secureFolders, currentFolder)>  <!---- are we in a secure area? --->  
       <cfif session.auth.isLoggedIn is False> <!--- This is a secure area, if the user is not logged in, go to login page ---->
       
           <cfinclude template="/LoginForm.cfm">
            <cfthrow message="Please log in to access this area.">
           <cfabort>  
       <cfelse> <!--- the user is logged in, then check roles ---->  
       
           <cfswitch expression="#currentFolder#">  
              <cfcase value="admin">  
                  <cfif listFind("1",session.auth.UserRoleID) eq 0> <!---- UserIDRole 1 has access to folder admin --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfcase value="data">  
                  <cfif listFind("1,3",session.auth.UserRoleID) eq 0>  <!---- UserIDRoles 1, 3 have access to folder data --->  
                      <cfinclude template="/LoginError.cfm">
                      <cfabort>  
                  </cfif>  
              </cfcase>  
              <cfdefaultcase> <!---- all other secure folders ---->  
              </cfdefaultcase>  
           </cfswitch>  
       </cfif> <!---- end if user is logged in or not ---->  
    </cfif>  <!---- end if user is in a secure area or not ---->  
    
    <!--- /test for access to secureFolders --->
         
<!---      <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>
--->



<cfinclude template="/blockFunctions.cfm">   

<!--- while OnRequestStart is still running, CFDUMP authentication variables --->

<p>Secure Folders: <cfdump var="#secureFolders#" expand="yes"><br />

Current Folder: <cfdump var="#currentFolder#" expand="yes"><br />

isLoggedIn: <cfdump var="#session.auth.isLoggedIn#" expand="yes"><br />

UserRoleID: <cfdump var="#session.auth.UserRoleID#" expand="yes"></p>


   </cffunction>
  <!--- close function: onRequestStart --->
 
 
 <!--- begin cfif isDefined("form.doLogin") --->
    <cfif isDefined("form.doLogin")>
    
     
<!--- begin function checkLogin --->
<cffunction name="checkLogin">

  <cfargument name="p_UserEmail" required=false default="" />
  <cfargument name="p_password" required=false default="" />

  <cfset var UserPassword = trim(arguments.p_password)>
  <cfset var UserEmail     = trim(arguments.p_UserEmail)>
  <cfset var getUser = "">

  <cftry>
      <cfif len(UserPassword) eq 0 or len(UserEmail) eq 0>
         <cfthrow message="Please enter UserEmail and password">
      </cfif> 
    
      <cfquery name="getUser" datasource="#APPLICATION.dataSource#">
       SELECT UserID, FirstName, UserRoleID, UserEmail, UserPassword
        FROM #REQUEST.userTable#
       WHERE UserEmail = <cfqueryparam cfsqltype="cf_sql_varchar" value="#UserEmail#" maxlength="255"> 
      </cfquery>
      <cfif getuser.recordCount eq 0>
        <cfthrow message="Incorrect email address and/or password. Be sure to enter the correct, original email address with which you registered. Please type your password carefully.">
      <cfelseif getUser.UserPassword is not UserPassword>
        <cfthrow message="Invalid Password.">
       </cfif>
    
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.isLoggedIn = "Yes">
      <cfset SESSION.auth.UserID     = getUser.UserID>
      <cfset SESSION.auth.FirstName  = getUser.firstName>
      <cfset SESSION.auth.UserRoleID = getUser.UserRoleID>
      <cfset SESSION.auth.UserEmail  = getUser.UserEmail>
      <cfset SESSION.auth.lastError  = "">
      
 
 <!--- Now that user is logged in, send user to folder /data/ --->

 <cflocation url="/data/" addtoken="no">
      
      <cfreturn true>
      
      
  <cfcatch>
      <cfset clearSessionVariables()>
      <cfset SESSION.auth.lastError  = cfcatch.message>
      <cfreturn false>
  </cfcatch>
  </cftry>
    
</cffunction>
<!--- close function checkLogin --->

      <!--- close cfif isDefined("form.doLogin") --->
    </cfif>


</cfcomponent>

Open in new window

0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 300 total points
Comment Utility
The variables look correct to me.  I also tried your Application.cfc file with some test pages and it worked, so ... I'm wondering if it's some other code that's causing the redirect to the login.

/Application.cfc
/data/test.cfm      <!=== I'm redirected to Login page
/pages/test.cfm    <=== I reach this page
   
Can you create a simple test page in the "/pages" directory. No code, just add some debugging text like "You reached Pages!". Then try and browse to /pages/testPage.cfm What's the result?
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 300 total points
Comment Utility
>> We are getting a result, which is good; I am just not sure what to make of it.

The fact that we can even see the debug code at the bottom suggests the authentication in the switch/case is not what's triggering the login screen to display. If it were, we wouldn't see the debug messages at the bottom of the function, because you're aborting processing long before that:


     <cfinclude template="/LoginError.cfm">
     <cfabort>  <!=== exit here

The fact that it doesn't abort, and continues to the end of the function, suggests something else is what's triggering the the login screen.
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
I think you are right. I will create the tests you suggest; I am also going to begin with a new application.cfc and add components until things start going awry.

I'm working on a couple of other things right now but will do this task later this afternoon. Thank you again, _agx_ and Jester. I'll have more in a little while. Hope your day is going great.

Eric
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Dear _agx_ and Jester,

Whew, busy day. I'm back at my desk. Thank you for your patience! Back to this task:

I set up a test page:

http://www.vistateamlibrary.org/pages/test.html

and I can view it. It is a simple HTML file.

>>>>The fact that it doesn't abort, and continues to the end of the function, suggests something else is what's triggering the the login screen.

I think you are right!

I wonder what else could be triggering the login screen?

I am looking at this again. Though I feel like I am making progress. =)
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 200 total points
Comment Utility
try it with the same page as cfm
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 300 total points
Comment Utility
>> try it with the same page as cfm

... because html pages should always work. By default html pages aren't processed by the CF server. Meaning they won't trigger the onRequestStart function. You need to use a .cfm page to test this.
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Got it!

Try this: http://www.vistateamlibrary.org/pages/test.cfm

It seems like I can see this page too, without being sent to the login page.
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 300 total points
Comment Utility
Ok good. Just to be sure it's hitting the right code. Do the same thing with the /data directory. Since we won't be logged in, that test page *should* kick us back to the login page.

If that works too, then it must be some other code - after - onRequest start that's triggering the login. Since you don't have an OnRequest method maybe something the Meet-our-sister-VISTA-Team-with-DOI.cfm page?
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 300 total points
Comment Utility
Also - you don't have another Application.cfc in any of the subdirectories.. right?
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Aha!

http://www.vistateamlibrary.org/data/test.cfm

I call up that in a browser, and I am indeed sent to the login form.

You know ... I remembered something. There are two login forms.

1. index.cfm
2. loginform.cfm

This is by the client's request. The client wanted a login form on the front page of the web site, so that the first action that people do is ... log in.

When I point a browser at: http://www.vistateamlibrary.org/data/test.cfm

... I am sent to loginform.cfm.

When I am logged in, and point a browser at any page in /pages/, I am sent back to index.cfm ...

But

I notice, also, that I am still logged in as user admin with UserIDRole = 1.

So the problem might not be an authentication problem but a redirection problem.

I am looking at this more closely ... sorry this is so convoluted. More in a little while.... E
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
>>>Also - you don't have another Application.cfc in any of the subdirectories.. right?

Nope!

>>>Since you don't have an OnRequest method maybe something the Meet-our-sister-VISTA-Team-with-DOI.cfm page?

That page looks like this:

<cfset url.pageID = 49><cfinclude template="/index.cfm">

Open in new window


Just a page ID and a reference to index.cfm .... which is probably the clue that I needed.

I know what is going on I think. I need to include sesConverter.cfm.
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 300 total points
Comment Utility
>> I need to include sesConverter.cfm

Ahh... the results you're seeing make total sense now :)
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Working on this! More in the morning. Have a great evening. =)
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Update: I'm working on editing the index.cfm page to properly display pages from sesconverter.cfm. =) I have the correct queries in place. Working on if/then output .... if this page is meant to display a document, then show this code; else, if this page is meant to display web page content, then show this other code.

More soon. Thanks for your patience and help. Hope you all are great.

E
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Dear _agx_ and Jester,

I wanted to return here with a report of success, but I am baffled.

In brief:

* I am not able to get content to display from the /pages/ folder: eg., http://www.vistateamlibrary.org/pages/Quarterly-Report-Instructions.cfm

* I am challenged for credentials when I try to view this page -- even if I am, indeed, logged in as admin / UserRoleID 1.

* We saw that this page has content:

<cfset url.pageID = 49><cfinclude template="/index.cfm">

Open in new window


* I remembered I had not uploaded sesConverter.cfm .... so I did so.

But I am still not able to view the page: http://www.vistateamlibrary.org/pages/Quarterly-Report-Instructions.cfm

I still get challenged for credentials.

I've been staring at this and trying different things.

In the SiteHeader.cfm file I use the usual query to request page content:

<!--- this is the default pageID; load this page if no url.PageID value is specified --->
<cfparam name="url.PageID" default="1">

<!--- query getContent gets records to display content of pages --->  
<cfquery datasource="#application.datasource#" name="getContent">
SELECT PageID
,PageTitle
,PageContentLeft
,PageContentRight
,DateCreated
,DateModified
,ParentID
,SortOrder
,keywords
,description
,owner
,author
,titletag
,isHome
,isProtected
FROM #REQUEST.contentTable#
WHERE PageID = <cfqueryparam value="#val(url.pageID)#" cfsqltype="cf_sql_integer">
</cfquery> 

Open in new window


And in /index.cfm I use this CFOUTPUT:

<cfoutput>

<div style="padding-right:2.0em;">
<h1>#getContent.PageTitle#</h1>

#getContent.PageContentRight#
</div>

</cfoutput>

Open in new window


And that all seems OK to me. I don't think there is anything going wrong in application.cfc.

The template sesconverter.cfm is in place in the root directory as per usual.

Scratching my head about this one. What do you think I am missing?

Thank you as always for your help.

Eric
0
 
LVL 25

Assisted Solution

by:James Rodgers
James Rodgers earned 200 total points
Comment Utility
what are you using to test for logged in? cookie or session? if cookies where are they set?
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
Jester -- session. I don't use cookies, usually.
0
 
LVL 25

Expert Comment

by:James Rodgers
Comment Utility
try dumping the session and see whats in there,  might be an invalid reference
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 300 total points
Comment Utility
>> And in /index.cfm I use this CFOUTPUT:

I'm not sure the request even makes it to the index page. It seems like the header displays, but the content is replaced by the login screen.  

* Is that the only code within index.cfm?
* Can you post the code for the sesConverter.cfm (or a link to download/view it)?
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
>>>I'm not sure the request even makes it to the index page. It seems like the header displays, but the content is replaced by the login screen.  

I am wondering this too.

I am going to post index.cfm and sesconverter.cfm.

Jester -- I will also dump the session and let you know what I see.

Here is what I am working with in index.cfm and ses:

index.cfm:

(note ... there is a lot of stuff in here. A lot. It includes code to display documents from a folder. the code to display web pages begins around line 217.)

<cfscript>
/**
* Pass in a value in bytes, and this function converts it to a human-readable format of bytes, KB, MB, or GB.
* Updated from Nat Papovich's version.
* 01/2002 - Optional Units added by Sierra Bufe (sierra@brighterfusion.com)
* 
* @param size      Size to convert. 
* @param unit      Unit to return results in. Valid options are bytes,KB,MB,GB. 
* @return Returns a string. 
* @author Paul Mone (sierra@brighterfusion.compaul@ninthlink.com) 
* @version 2.1, January 7, 2002 
*/
function byteConvert(num) {
    var result = 0;
    var unit = "";
    
    // Set unit variables for convenience
    var bytes = 1;
    var kb = 1024;
    var mb = 1048576;
    var gb = 1073741824;

    // Check for non-numeric or negative num argument
    if (not isNumeric(num) OR num LT 0)
        return "Invalid size argument";
    
    // Check to see if unit was passed in, and if it is valid
    if ((ArrayLen(Arguments) GT 1)
        AND ("bytes,KB,MB,GB" contains Arguments[2]))
    {
        unit = Arguments[2];
    // If not, set unit depending on the size of num
    } else {
         if (num lt kb) {    unit ="bytes";
        } else if (num lt mb) {    unit ="KB";
        } else if (num lt gb) {    unit ="MB";
        } else {    unit ="GB";
        }        
    }
    
    // Find the result by dividing num by the number represented by the unit
    result = num / Evaluate(unit);
    
    // Format the result
    if (result lt 10)
    {
        result = NumberFormat(Round(result * 100) / 100,"0.00");
    } else if (result lt 100) {
        result = NumberFormat(Round(result * 10) / 10,"90.0");
    } else {
        result = Round(result);
    }
    // Concatenate result and unit together for the return value
    return (result & " " & unit);
}
</cfscript>


<!--- Set default DocumentTopicID = 24; this is the front page! --->
<!--- a default DocumentTopicID should always be defined --->
<cfparam name="url.DocumentTopicID" default="24" />
 
<cfset bgcolor="##ffffff">

<!--- query Get_CEP_Topics_List_for_Navigation: this query selects columns from table #REQUEST.TopicsTable# to create a list of CEP topics for the lefthand navigation menu; tp.DocumentTopicID 24 is omitted by design --->

<cfquery datasource="#application.datasource#" name="Get_CEP_Topics_List_for_Navigation">
           SELECT tp.DocumentTopicID
                  , tp.DocumentTopic
                  , tp.SortOrder
                  , sub.DocumentSubTopicID
                  , sub.DocumentSubTopicTitle
                  , sub.SortOrder
                  , subsub.DocumentSubSubTopicID
                  , subsub.DocumentSubSubTopicTitle
                  , subsub.SortOrder
           FROM #REQUEST.TopicsTable# tp
           LEFT JOIN #REQUEST.SubTopicsTable# sub
           ON sub.DocumentTopicID = tp.DocumentTopicID
           LEFT JOIN #REQUEST.SubSubTopicsTable# subsub
           ON subsub.DocumentSubTopicID = sub.DocumentSubTopicID
           ORDER BY tp.SortOrder, sub.SortOrder, subsub.SortOrder
</cfquery>



<!--- query getTitles_for_TopicsPages; list DocumentTopic, or DocumentSubTopicTitle, at top of each topic or subtopic page --->


<cfparam name="url.DocumentSubTopicID" default=""> 
<cfparam name="url.DocumentSubSubTopicID" default=""> 
 

<cfquery name="getTitles_for_TopicsPages" datasource="#application.datasource#"> 
   SELECT   tp.DocumentTopicID 
          , tp.DocumentTopic 
          , tp.DocumentTopicDescription 
          , sub.DocumentSubTopicID 
          , sub.DocumentSubTopicTitle 
          , sub.DocumentSubTopicDescription
          , subsub.DocumentSubSubTopicID 
          , subsub.DocumentSubSubTopicTitle 
          , subsub.DocumentSubSubTopicDescription 
           FROM #REQUEST.TopicsTable# tp
           LEFT JOIN #REQUEST.SubTopicsTable# sub
           ON sub.DocumentTopicID = tp.DocumentTopicID
           LEFT JOIN #REQUEST.SubSubTopicsTable# subsub
           ON subsub.DocumentSubTopicID = sub.DocumentSubTopicID
           
   <cfif val(url.DocumentSubSubTopicID)> 
     WHERE subsub.DocumentSubSubTopicID = <cfqueryparam value="#url.DocumentSubSubTopicID#" cfsqltype="cf_sql_integer"> 
     
   <cfelseif val(url.DocumentSubTopicID)> 
     WHERE sub.DocumentSubTopicID = <cfqueryparam value="#url.DocumentSubTopicID#" cfsqltype="cf_sql_integer"> 
     
   <cfelseif val(url.DocumentTopicID)> 
     WHERE tp.DocumentTopicID = <cfqueryparam value="#url.DocumentTopicID#" cfsqltype="cf_sql_integer"> 
     
   <cfelse> 
     WHERE 1=2 <!---- nothing passed, return no records ----> 
   </cfif> 
   
   ORDER BY tp.DocumentTopic, sub.DocumentSubTopicTitle, subsub.DocumentSubSubTopicTitle       
          

</cfquery> 

<!--- query getDocumentsandFiles: this query selects columns from tables #REQUEST.DocumentsTable# D, OSMDocHasTopic H, #REQUEST.FilesTable# F --->
<!--- the purpose is to display a list of CEP DocumentTitles plus Author, Abstract, Publication Date; and CEP Files associated with those DocumentTitles --->

<cfparam name="url.sortBy" default="DocumentPublicationDate">
<cfparam name="url.sortDir" default="desc">

<cfquery name="getDocumentsandFiles" datasource="#application.datasource#">
SELECT DISTINCT D.DocumentID
  	 , D.DocumentTitle
     , D.DocumentType
     , D.DocumentAuthor
     , D.DocumentAbstract
     , D.DocumentKeyword
     , D.DocumentImage
     , D.DocumentPublicationDate
     , F.DocumentID 
     , F.FileID
     , F.FileName
     , F.FileExtension
     , F.FileType
     , F.FileSize
     , F.FileLinkTextSortOrder
     , T.DocumentTopicID
	 , T.DocumentTopic
	 , ST.DocumentSubTopicID
	 , ST.DocumentSubTopicTitle
	 , SST.DocumentSubSubTopicID
	 , SST.DocumentSubSubTopicTitle
     , LocationList = substring((SELECT ( ', ' + dlocation.LocationName )
                           FROM OSMDocHasLocation dhlocation
                            inner join #REQUEST.LocationLookupTable# dlocation on dhlocation.LocationID = dlocation.LocationID
                           WHERE dhlocation.DocumentID = D.DocumentID
                           ORDER BY dlocation.LocationName
                           FOR XML PATH( '' )
                          ), 3, 1000 ) 
     
FROM #REQUEST.DocumentsTable# D

INNER JOIN OSMDocHasTopic H
ON D.DocumentID = H.DocumentID

<cfif val(url.DocumentSubSubTopicID)>
AND H.DocumentSubSubTopicID = <cfqueryparam value="#url.DocumentSubSubTopicID#" cfsqltype="cf_sql_integer">

<cfelseif val(url.DocumentSubTopicID)>
AND H.DocumentSubTopicID = <cfqueryparam value="#url.DocumentSubTopicID#" cfsqltype="cf_sql_integer">

<cfelseif val(url.DocumentTopicID)>
AND H.DocumentTopicID = <cfqueryparam value="#url.DocumentTopicID#" cfsqltype="cf_sql_integer">
</cfif>

LEFT OUTER JOIN #REQUEST.FilesTable# F
ON D.DocumentID = F.DocumentID

LEFT OUTER JOIN #REQUEST.TopicsTable# T
ON T.DocumentTopicID = H.DocumentTopicID

LEFT OUTER JOIN #REQUEST.SubTopicsTable# ST
ON ST.DocumentSubTopicID = H.DocumentSubTopicID

LEFT OUTER JOIN #REQUEST.SubSubTopicsTable# SST
ON SST.DocumentSubSubTopicID = H.DocumentSubSubTopicID

ORDER BY
<cfswitch expression="#url.sortBy#">
        <cfcase value="DocumentPublicationDate">D.DocumentPublicationDate</cfcase>
        <cfcase value="DocumentTitle">D.DocumentTitle</cfcase>
        <cfcase value="DocumentAuthor">D.DocumentAuthor</cfcase>
        <cfdefaultcase>D.DocumentPublicationDate</cfdefaultcase>
       </cfswitch>
       <cfif url.sortDir eq "DESC">
             DESC
       <cfelse>
             ASC
       </cfif>
        , D.DocumentID, F.FileLinkTextSortOrder ASC
</cfquery>
<cfinclude template="/SiteHeader.cfm">


<cfinclude template="/navigationInclude.cfm">




 <!--- col_9 --->
	<div class="col_9" style="min-height:40em; margin-left:4%;">
    
    
<!--- this is where we include the content for web pages in folder /pages/ --->
    
<cfoutput>

<div style="padding-right:2.0em;">
<h1>#getContent.PageTitle#</h1>

#getContent.PageContentRight#
</div>

</cfoutput>


    

<!--- query getTitles_for_TopicsPages; list DocumentTopic, or DocumentSubTopicTitle, at top of each topic or subtopic page --->

<!--- if DocumentTopicID IS 24 (home page), then omit DocumentTopic (title)! --->
<!--- why? it's complicated ... page formatting, per client's request --->

<cfoutput> 
 
  <cfif val(url.DocumentSubSubTopicID)> 
    <h1>#getTitles_for_TopicsPages.DocumentTopic# &raquo; #getTitles_for_TopicsPages.DocumentSubTopicTitle# &raquo; #getTitles_for_TopicsPages.DocumentSubSubTopicTitle#</h1> 
    <div> 
     #getTitles_for_TopicsPages.DocumentSubSubTopicDescription# 
    </div> 
 
 
 
  <cfelseif val(url.DocumentSubTopicID)> 
    <h1>#getTitles_for_TopicsPages.DocumentTopic# &raquo; #getTitles_for_TopicsPages.DocumentSubTopicTitle#</h1> 
    <div> 
     #getTitles_for_TopicsPages.DocumentSubTopicDescription# 
    </div> 
    
    
  <cfelse> 
    <cfif DocumentTopicID neq 24> 
    <h1>#getTitles_for_TopicsPages.DocumentTopic#</h1> 
    </cfif> 
    <div> 
     #getTitles_for_TopicsPages.DocumentTopicDescription#
    </div> 
  </cfif> 
</cfoutput>


<!---- IF COLUMN NAME IS INVALID, USE DEFAULT --->
<cfif NOT listFindNoCase(getDocumentsandFiles.columnList, url.sortBy)>
      <cfset url.sortBy = "url.DocumentPublicationDate">
</cfif>


<!--- allow visitors to sort documents --->
<cfoutput>



<span class="bold">Sort Documents By:</span>

Date
<cfif val(url.DocumentSubSubTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentSubSubTopicID=#url.DocumentSubSubTopicID#&sortBy=url.DocumentPublicationDate&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a> 

<a href="#CGI.SCRIPT_NAME#?DocumentSubSubTopicID=#url.DocumentSubSubTopicID#&sortBy=url.DocumentPublicationDate&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>


<cfelseif val(url.DocumentSubTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentSubTopicID=#url.DocumentSubTopicID#&sortBy=url.DocumentPublicationDate&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a> 

<a href="#CGI.SCRIPT_NAME#?DocumentSubTopicID=#url.DocumentSubTopicID#&sortBy=url.DocumentPublicationDate&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>


<cfelseif val(url.DocumentTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentTopicID=#url.DocumentTopicID#&sortBy=url.DocumentPublicationDate&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a> 

<a href="#CGI.SCRIPT_NAME#?DocumentTopicID=#url.DocumentTopicID#&sortBy=url.DocumentPublicationDate&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>
</cfif>



Title
<cfif val(url.DocumentSubSubTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentSubSubTopicID=#url.DocumentSubSubTopicID#&sortBy=DocumentTitle&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a>

<a href="#CGI.SCRIPT_NAME#?DocumentSubSubTopicID=#url.DocumentSubSubTopicID#&sortBy=DocumentTitle&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>


<cfelseif val(url.DocumentSubTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentSubTopicID=#url.DocumentSubTopicID#&sortBy=DocumentTitle&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a>

<a href="#CGI.SCRIPT_NAME#?DocumentSubTopicID=#url.DocumentSubTopicID#&sortBy=DocumentTitle&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>


<cfelseif val(url.DocumentTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentTopicID=#url.DocumentTopicID#&sortBy=DocumentTitle&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a>

<a href="#CGI.SCRIPT_NAME#?DocumentTopicID=#url.DocumentTopicID#&sortBy=DocumentTitle&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>

</cfif>


Author
<cfif val(url.DocumentSubSubTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentSubSubTopicID=#url.DocumentSubSubTopicID#&sortBy=DocumentAuthor&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a>

<a href="#CGI.SCRIPT_NAME#?DocumentSubSubTopicID=#url.DocumentSubSubTopicID#&sortBy=DocumentAuthor&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>


<cfelseif val(url.DocumentSubTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentSubTopicID=#url.DocumentSubTopicID#&sortBy=DocumentAuthor&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a>

<a href="#CGI.SCRIPT_NAME#?DocumentSubTopicID=#url.DocumentSubTopicID#&sortBy=DocumentAuthor&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>


<cfelseif val(url.DocumentTopicID)>
<a href="#CGI.SCRIPT_NAME#?DocumentTopicID=#url.DocumentTopicID#&sortBy=DocumentAuthor&sortDir=DESC"><span class="green"><i class="icon-circle-arrow-down icon-large"></i></span></a>

<a href="#CGI.SCRIPT_NAME#?DocumentTopicID=#url.DocumentTopicID#&sortBy=DocumentAuthor&sortDir=ASC"><span class="green"><i class="icon-circle-arrow-up icon-large"></i></span></a>

</cfif>
<br>
<br>



<!--- / allow visitors to sort documents --->
</cfoutput>




<!--- begin output from query getDocumentsandFiles; list Document Title, Author, Abstract, Publication Date; and CEP Files associated with those documents; and download links to those files --->
<cfoutput query="getDocumentsandFiles" group="DocumentTitle">

<cfif bgColor neq "##ffffff">
    <cfset bgcolor="##ffffff">
  <cfelse>
    <cfset bgcolor="##f7f5f5">
  </cfif>


<!--- set bgcolor --->
<div style="background-color:#bgcolor#;">

<!--- set padding --->
<div style="padding:5px;">



<!--- output group on DocumentID --->
<cfoutput group="DocumentID">


<!--- output Document Thumbnail Image on DocumentID --->
<cfif DocumentImage NEQ "">
<div class="float-left-img"><img src="/document_image.cfm?Attachment=#URLEncodedFormat(DocumentImage)#" class="border1" /></div>
</cfif>

<!--- output Document metadata on DocumentID --->
<h3>#DocumentTitle#</h3>
<div class="documentText">
<em>Author(s):</em> <span class="black">#DocumentAuthor#</span><br />
<em>Published:</em> <span class="black">#DateFormat(DocumentPublicationDate, "mmmm d, yyyy")#</span><br />
<em>Location(s):</em> <span class="black">#listChangeDelims(getDocumentsandFiles.LocationList,", ")#</span><br />

<cfif val(DocumentTopicID)><em>Topic:</em> #DocumentTopic#<br /></cfif>
<cfif val(DocumentSubTopicID)><em>Sub-Topic:</em> #DocumentSubTopicTitle#<br /></cfif>
<cfif val(DocumentSubSubTopicID)><em>Sub-Sub-Topic:</em> #DocumentSubSubTopicTitle#<br /></cfif>

<em>Abstract:</em> #DocumentAbstract#


<cfif getDocumentsandFiles.FileName NEQ "">
<!--- output of query filename --->
 <cfoutput group="FileName">
 
<strong>Download:</strong> <a href="/cfcontent_file.cfm?Attachment=#URLEncodedFormat(FileName)#">#DocumentTitle#</a>
(#ucase(FileExtension)# format, #byteConvert(FileSize, "KB")#)

 <span class="hideme" class="nounderline"><a href="javascript:void(0)"><span class="blue icon-large"><i class="icon-asterisk"></i></span></a></span>
 
              <span class="showme"><br /><strong>Direct link:</strong>
              <a href="/cfcontent_file.cfm?Attachment=#URLEncodedFormat(FileName)#">http://www.osm-vista.org/cfcontent_file.cfm?Attachment=#URLEncodedFormat(FileName)#</a>
              </span>

<br />






<!--- /output of query filename --->
</cfoutput>
</cfif>

</div>



</div>
<!--- /set padding --->



</div>
<!--- /set bgcolor --->

<!--- /output group on DocumentID --->
    </cfoutput>
    
<!--- /output from query getDocumentsandFiles --->
</cfoutput>
    
	</div><!-- END col_9 -->

	

<cfinclude template="/SiteFooter.cfm">

Open in new window



sesConverter.cfm:

<!--- -->
<fusedoc language="ColdFusion" specification="2.0">
	<responsibilities> 
		I take a search engine safe URL and copy the variables
		it contains into the URL structure, based on the SES 
		functionality of formurl2attributessearch.cfm by 
		Steve Nelson.
		
		Instead of using index.cfm?variable=value you would use:
		index.cfm/variables/value.cfm
		If you are using formURL2attributes, you will call this tag first
		If you use this tag you won't use formurl2attributesSearch
	</responsibilities>
	<properties>
		<property name="version" value="1.72" />
		<property name="lastUpdated" value="20-Apr-2004" />
		<history author="Bert Dawson" email="bert@redbanner.com" role="Architect" type="Create"/>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Create">
			Made a ton of changes to Bert's code to make it
			more vanilla, and suited as a fbx file.  BETA!
		</history>
		<history author="Bert Dawson" email="bert@redbanner.com" role="Architect" type="Update">
			ping
		</history>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Update">
			pong
		</history>
		<history author="Bert Dawson" email="bert@redbanner.com" role="Architect" type="Update">
			ping
		</history>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Update">
			pong
		</history>
		<history author="Bert Dawson" email="bert@redbanner.com" role="Architect" type="Update">
			ping
		</history>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Update">
			pong!
			Added the "super friendly" option of making this file
			called as a tag or not.  You can pass the variables in
			via request, variables, or attributes scope.  The variable
			containing the basehref is set to caller.* when called
			as a custom tag.
		</history>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Update">
			(ping pong ping)
			Bert submitted code to add a user defined variable for the
			string we use to denote NULL values (sesEmptyString).
			
			Removed check for Len(SESdummyExtension) in the initialization code
			since it's redundant (Bert).
			
			1.3 didn't work right with some Apache web servers.  Apache/cgi.request_uri
			seems to be the equiv to IIS/cgi.path_info.  path_info can still exist
			with Apache, but without the template information.  Added code to 
			check for request_uri, then path_info, then just set it blank if
			neither has a value (Erik).
		</history>
		<history author="Bert Dawson" email="bert@redbanner.com" role="Architect" type="Update">
			pang!
			removed IsDefined() checks on cgi vars since this will always return true
			the line that adds null values between adjacent slashes was using the 
			string "null" - now uses the variable #emptyString# (NB the // trick
			doesn't work on win2k/CF5/IIS - the cgi.path_info never has double slashes in it...)
		</history>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Update">
			Some versions of Apache will choke when a template name is not sent in
			the URL (e.g. http://www.foo.com -vs- http://www.foo.com/index.cfm)
			
			Fusedocs had a minor bug - default value of SESrBaseName is baseHref, not base.
			
			a double slash to denote a null variable value does not work in IIS.  Just use
			the keyword NULL for the value instead (can be changed below if needed)
			
			Variables with spaces in their names didn't carry over right in Apache.  Fixed.
		</history>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Update">
			Changed code to parse URLs differently.  Should now work on all version of 
			Apache, IIS, Netscape and iPlanet web servers.
			
			Also changed visual formating of this code a little bit to make Bert happy.
		</history>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Update">
			Minor change to prevent error thrown when template is omitted from URL using Apache
		</history>
		<history author="Erik Voldengen" email="erikv@fusium.com" role="Architect" type="Update">
			Previous change caused problems with CF5/IIS.  Corrected the code.
		</history>
	</properties>
	<io>
		<in>
			<string name="SESrBaseName" scope="variables" default="baseHref" optional="Yes" comments="the variable name to return the base ref in" oncondition="set in variables scope before this file is run"/>
			<string name="SESrBaseName" scope="attributes" default="baseHref" optional="Yes" comments="the variable name to return the base ref in" oncondition="called as custom tag and passed as a parameter"/>
			<string name="SESrBaseName" scope="request" default="baseHref" optional="Yes" comments="the variable name to return the base ref in" oncondition="set in request scope before this file is run"/>
			
			<string name="SESdummyExtension" scope="variables" optional="Yes" comments="the dummy extension (including the '.') to remove from the end if the cgi.path_info before it is converted to URL scope variables" oncondition="called as a custom tag"/>
			<string name="SESdummyExtension" scope="attributes" optional="Yes" comments="the dummy extension (including the '.') to remove from the end if the cgi.path_info before it is converted to URL scope variables" oncondition="called as a custom tag"/>
			<string name="SESdummyExtension" scope="request" optional="Yes" comments="the dummy extension (including the '.') to remove from the end if the cgi.path_info before it is converted to URL scope variables" oncondition="called as a custom tag"/>

			<string name="SESemptyString" scope="variables" optional="Yes" default="#request.SESemptyString#" comments="url values which equal this will be changed to be empty string"/>
			<string name="SESemptyString" scope="attributes" optional="Yes" default="#request.SESemptyString#" comments="url values which equal this will be changed to be empty string"/>
			<string name="SESemptyString" scope="request" optional="Yes" default="null" comments="url values which equal this will be changed to be empty string"/>
		</in>
		<out>
			<string scope="variables" name="#rBaseName#" optional="No"  comments="the variable containing the <base href>, name passed in above" />
		</out>
	</io>
</fusedoc> --->

<cfscript>

//First off - get the variable names defined

/* Depending on how this tag was called, set the baseHREF
      variable name, and dummy Extension value */
if (listlast(getbasetaglist()) IS "CF_SESCONVERTER") {
	baseVarName="caller.baseHREF";
	
	if (isDefined("attributes.SESrBaseName") AND Len(attributes.SESrBaseName)) {
		baseVarName="caller." & attributes.SESrBaseName;
	}
	else if (isDefined("request.SESrBaseName") and Len(request.SESrBaseName)) {
		baseVarName="caller." & request.SESrBaseName;
	}
	
	// Now Check for the dummy extension variable 
	dummyExtension=".htm";
	if (isDefined("attributes.SESdummyExtension")) {
		dummyExtension=attributes.SESdummyExtension;
	}
	else if (isDefined("request.SESdummyExtension")) {
		dummyExtension=request.SESdummyExtension;
	}
	
	// We use 'null' to denote null values by default.  You can can change it.
	emptyString = "null";
	if (isDefined("attributes.SESemptyString") AND Len(attributes.SESemptyString)) {
		emptyString=attributes.SESemptyString;
	}
	else if (isDefined("request.SESemptyString") AND Len(request.SESemptyString)) {
		emptyString=request.SESemptyString;
	}
}
//Otherwise, it's not a custom tag	
else { 
	baseVarName="baseHREF";
	if (isDefined("variables.SESrBaseName") and Len(variables.SESrBaseName)) {
		baseVarName = variables.SESrBaseName;
	}
	else if (isDefined("request.SESrBaseName") and Len(request.SESrBaseName)) {
		baseVarName = request.SESrBaseName;
	}
	
	// Now Check for the dummy extension variable
	dummyExtension=".htm";
	if (isDefined("variables.SESdummyExtension")) {
		dummyExtension=variables.SESdummyExtension;
	}
	else if (isDefined("request.SESdummyExtension")) {
		dummyExtension=request.SESdummyExtension;
	}
	
	// We use 'null' to denote null values by default.  You can can change it.
	emptyString = "null";
	if (isDefined("variables.SESemptyString") AND Len(variables.SESemptyString)) {
		emptyString=variables.SESemptyString;
	}
	else if (isDefined("request.SESemptyString") AND Len(request.SESemptyString)) {
		emptyString=request.SESemptyString;
	}
}

// Now, on with the SES conversion.

// depending on the web server, get the info from different cgi vars.

currentPath = '';

if (Len(cgi.request_uri)) {
 currentPath = cgi.request_uri;
}
else if (Len(cgi.path_info)) {
 currentPath = cgi.path_info;
}
if ((Len(currentPath)) AND ((Len(cgi.script_name) GT Len(currentPath)) OR (NOT find(".",currentPath)))) {
 currentPath = cgi.script_name;  
} 

/* only do stuff if currentPath has len, otherwise it breaks the RemoveChars() function */
if (Len(currentPath)) {

	/* replace any ?,&,= characters that are in the url for some reason */
	cleanpathinfo=REReplace(currentPath, "\&|\=", "/" ,"ALL");

	/* get everything after the first occurence of ".XXX/",
	   where XXX is .cfm, or whatever you use for your templates 
	   In other words, get the query string */	
	cleanpathinfo=RemoveChars(cleanpathinfo,1,Find("/",cleanpathinfo,Find(".",cleanpathinfo,1)));

	/* If it's a SES url, do all the crunching.  If not, skip it */
	if (Len(cleanpathinfo) AND cleanpathinfo NEQ CGI.Script_Name) {
		
		// Remove fake file extension, pass empty value to skip this  
		if (Len(dummyextension)) {
			if (Right(cleanpathinfo,Len(dummyextension)) IS dummyextension) {
				cleanpathinfo = Left(cleanpathinfo,Len(cleanpathinfo)-Len(dummyextension));
			}
		}

		// add a null value if there is a trailing slash
		if (Right(cleanpathinfo,1) IS '/') {
			cleanpathinfo = cleanpathinfo & emptyString;
		}
		
		//add null values between adjacent slashes
		cleanpathinfo = Replace(cleanpathinfo,"//","/" & emptyString & "/","all");

		// get a copy of anything in the url scope
		originalURL = Duplicate(url);

	 	SlashLen = ListLen(cleanpathinfo,"/");
		for (i=1; i LTE SlashLen; i=i+2) {
			/* get this item from the list into the local var i */
			urlname = ListGetAt(cleanpathinfo, i, '/');
			if (i LT SlashLen) {
				urlvalue = ListGetAt(cleanpathinfo, i+1, '/');
				urlvalue = replacenocase(urlvalue,"slash_","/","all");
				if (urlvalue IS emptyString) { 
					urlvalue = "";
				}
				StructInsert(url, urlname, urlvalue, true); 
			}
		}

		// return stuff that was in the url scope originally
		StructAppend(url,originalURL,true);
	}
}

// now sort out the base href 
s_Prefix = "http";
if (CGI.HTTPS EQ "ON") {
	s_Prefix = "https";
}
s_Port = "";
if (CGI.SERVER_PORT NEQ "80") {
	s_Port = ":" & CGI.SERVER_PORT;
}

s_Base = REReplace(CGI.SCRIPT_NAME, "[^/]+\.cfm.*", "");
s_Base= s_Prefix & "://" & CGI.SERVER_NAME & s_Port & s_Base;

"#baseVarName#" = s_Base;
</cfscript>

Open in new window

0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
I believe I have solved the problem -- I was missing something very obvious.

I put the CFOUTPUT to display the /pages/ in index.cfm .... in the /data/ folder.

Not in the root folder where, I am finding, it does work just fine.

I am really sorry for all of this trouble. The solution was simple.

In /index.cfm, I would like to show the login form to people who are not logged in; but show the /pages/ page when people are logged in.

I think something like:

 <!--- if logged in, show page output --->
<cfif session.auth.isLoggedIn IS True>

<cfoutput>

<div style="padding-right:2.0em;">
<h1>#getContent.PageTitle#</h1>

#getContent.PageContentRight#
</div>

</cfoutput>

<!--- if not logged in, show login form --->

<cfelse>


....

Thank you again for your patient help.

Eric
0
 
LVL 3

Author Comment

by:Eric Bourland
Comment Utility
I did this:

<!--- secure for UserRoleID 1 or 3 --->
<cfif session.auth.UserRoleID IS '1' OR session.auth.UserRoleID IS '3'>

.... and it works great. I have a few more things to rearrange, but I understand the solution now.

I will come back tomorrow and close this question.

Jester and _agx_, thank you very much. I hope your weekend is going well.

Eric
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
Comment Utility
Dear Jester and _agx_,

It's working as it should, and I should have paid more careful attention to exactly what my application was doing. ColdFusion was doing only what I asked it to do, as usual. After I uploaded sesconverter.cfm, and put the correct CFOUTPUTs in the correct index.cfm file, the web site works just as expected.

Thank you as always. Hope you both are great. Take care.

Eric
0
 
LVL 25

Expert Comment

by:James Rodgers
Comment Utility
thanks.

glad i could help
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This article  is about submitting  form through  ColdFusion.Ajax.submitForm to the action page and send a response back in JSON format which later can be decoded using ColdFusion.JSON.decode. By this way you can avoid the usual page refresh for subm…
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now