Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
I need to creat a login/password page in coldFuion
- Thread starter lminmei
- Start date
Just create a form like:<br><br><FONT FACE=monospace><form action="login.cfm" method="post"><br> UserID<input type="text" name="UserID"><br><br> Password<input type="password" name="password"><br><br> <input type="submit" value="Submit"><br></form></font><br><br>On the action page, do something like:<br><br><FONT FACE=monospace><cfquery name="CheckUser" db="mydb"><br> select * from Users<br> where UserID='#form.UserID#' <br> and Password='#form.Password#'<br></cfquery><br><br><cfif CheckUser.RecordCount><br> <cfset session.authenticated=1><br> <cflocation url="userstart.cfm" addtoken="yes"><br><cfelse><br> <cfoutput>You have input your user information incorrectly, please hit the back button and try again</cfoutput><br></cfif></font><br><br>On all of your password protected pages, just check for the existence of the variable session.authenticated:<br><br><FONT FACE=monospace><cfif not isdefined("session.authenticated"
><br> <cfoutput><br> You are not authenticated, or your session has timed out<br> </cfoutput><br> <cfabort><br></cfif></font><br><br>You could also redirect the user to your home page, or whatever.<br><br>The most important thing to remember, though, is you have got to put <b>?cfid=#cfid#&cftoken=#cftoken#</b> (and that has to be in <cfoutput></cfoutput> tags) at the end of ALL of the links in your password protected area that go to other pages in that area, or you will lose the session.authenticated variable......<br><br>Hope this helps....
><br> <cfoutput><br> You are not authenticated, or your session has timed out<br> </cfoutput><br> <cfabort><br></cfif></font><br><br>You could also redirect the user to your home page, or whatever.<br><br>The most important thing to remember, though, is you have got to put <b>?cfid=#cfid#&cftoken=#cftoken#</b> (and that has to be in <cfoutput></cfoutput> tags) at the end of ALL of the links in your password protected area that go to other pages in that area, or you will lose the session.authenticated variable......<br><br>Hope this helps.... i tried to write register.cfm and login.cfm file according to what you wrote above.<br>login.cfm shows erro :<br>"Attempt to access a Session variable when session management is not enabled. Use the CFAPPLICATION tag to enable session management.<br><br>Note: This feature may have been disabled by the site administrator.<br><br>The error occurred while evaluating the expression: session.authenticated=1"<br>
Create a file named Application.cfm and put this tag in it:<br><br><FONT FACE=monospace><CFAPPLICATION NAME="MyApp" CLIENTMANAGEMENT="Yes" SESSIONMANAGEMENT="Yes" SETCLIENTCOOKIES="No"></font><br><br>This will turn on client and session management and make the other pages work properly....<br><br>Let me know if you have any further problems with this...<br><br>DM
It'll work there, but you should really put in in your Application.cfm file. You can also create other application and session specific variables in this file. The reason you need to do this is the Application.cfm file will be run before the other templates and you'll be able to track your application and session variables more efficiently....
I'm also having problems with this.<br><br>I've got everything set up as you (DarkMan) suggested in your posts on April 27 and May 31 (including "?cfid=#cfid#&cftoken=#cftoken# with all links), but I still get the "An error occurred while evaluating the expression: session.authenticated=1<br><br>I have the Application.cfm file showing what you suggested and I also have the tags at the beginning of each protected page.<br><br>My CF server has Session variables enabled. <br><br>What have I done wrong?? <p>Peter Toby<br><a href=mailto:webmaster@petertoby.com.au>webmaster@petertoby.com.au</a><br><a href= site is under construction but getting better!
dbarnhart
Programmer
The <CFAPPLICATION> tage needs to be in a seperate file named Application.cfm<br><br>As an aside, I generally do not like to use session variables for this. What I do is that after autheticating the user for the first time, I put the user's login and password into a cookie:<br><br><CFCookie NAME="MyUser" VALUE="#UserID#,#Password#"><br><br>This cookie will expire (and be purged) the next time the user exits his browser.<br><br>Then at the top of each page I do a CFINCLUDE to something like:<br><br><CFIF ParameterExists(cookie.myuser)><br> <cfquery name="CheckUser" db="mydb"><br> SELECT * from Users<br> WHERE UserID='#ListFirst(cookie.myuser)#' <br> and Password='#ListLast(cookie.myuser)#'<br></cfquery> <br><CFIF CheckUSer.RecordCount IS 0><br> <CFLOCATION URL="LoginFailed.cfm"><br></cfif><br><br><br>
dbarnhart,
The line:
<CFCookie NAME="MyUser" VALUE="#UserID#,#Password#">
where abouts should that be put? in a separate file called cookie.cfm?
Could you also explain the advantage the way you do it over the other way?
Cheers,
Stuart.
The line:
<CFCookie NAME="MyUser" VALUE="#UserID#,#Password#">
where abouts should that be put? in a separate file called cookie.cfm?
Could you also explain the advantage the way you do it over the other way?
Cheers,
Stuart.
dbarnhart,
yeah, cookies can be used..
session variables by default, times out in 20min.
But they can be adjusted to other values.
Having the cookies for user ID may not be a good idea,
bcoz if a user logs in and leaves the site for a long period of time, other people can 'take the chance' to navigate the site thru his ID..
So the session times out after 20min should prevent this cause..
Whereas cookies will only expire when u define it,
or when the browser is closed.
Saturday(Stuart),
nope, <cfcookie> can be declared anywhere..
there's no such cookie.cfm but
there's a manatory application.cfm file
and what u mean by 'all my title tags disappear..'?
Hope i answer ur question aboved
[sig][/sig]
yeah, cookies can be used..
session variables by default, times out in 20min.
But they can be adjusted to other values.
Having the cookies for user ID may not be a good idea,
bcoz if a user logs in and leaves the site for a long period of time, other people can 'take the chance' to navigate the site thru his ID..
So the session times out after 20min should prevent this cause..
Whereas cookies will only expire when u define it,
or when the browser is closed.
Saturday(Stuart),
nope, <cfcookie> can be declared anywhere..
there's no such cookie.cfm but
there's a manatory application.cfm file
and what u mean by 'all my title tags disappear..'?
Hope i answer ur question aboved
[sig][/sig]
Guest_imported
New member
- Jan 1, 1970
- 0
- 0
- 0
Isn't there a problem using cookies for authentication because there may be a caching proxy between you and the client which will cache the resource and then serve it up to the next user with the set-cookie header already in the response?
Can and should this be solved by adding cache-control http headers to the response?
Can and should this be solved by adding cache-control http headers to the response?
A small point which applies to any user input form - it's best to design it so it can handle both initial input (so the form starts empty) and correction of errors (so the form displays the previous inputs). So:
* the display page looks for values returned for reinput
* the action page checks the input and, if errors found re-invokes the display page and passes it the inout values plus error message(s).
N.B. To do this you must use <cfoutput> to build the form.
For example in Iminmei's log-in page:
<!--- LOGIN DISPLAY PAGE --->
<!--- Defaults in case this is the first time --->
<cfparam name="URL.ErrorMsg" default="">
<cfparam name="URL.UserId" default="">
<cfparam name="URL.Password" default="">
<!--- Check for error message --->
<cfif URL.ErrorMsg NEQ "">
<cfoutput>
#URL.ErrorMsg #
</cfoutput>
</cfif>
<!--- Initialise form from arguments received --->
<cfoutput>
<form action="login_action.cfm" method="post">
UserId<input type="text" name="UserId" value="#URL.UserId#"><br>
Password<input type="password" name="Password" value="#URL.Password#"><br>
<input type="submit" value="Submit">
</form>
</cfoutput>
<!--- LOGIN ACTION PAGE --->
<cfquery name="CheckUser" db="mydb">
select * from Users
where UserID='#form.UserId#'
and Password='#form.Password#'
</cfquery>
<cfif CheckUser.RecordCount>
<cfset session.authenticated=1>
<cflocation url="userstart.cfm" addtoken="yes">
<cfelse>
<!--- Return the inputs as URL parameters. --->
<cfset RedisplayLogin = "login_display.cfm?ErrorMsg=You have input your user information incorrectly, please hit the back button and try again&UserId=#form.UserId#&Password=#form.Password#">
<cflocation url="#RedisplayLogin#">
</cfif>
There are other ways to manage the communication between the dispay page and the action page. Fusebox is becoming very popular - see [sig][/sig]
* the display page looks for values returned for reinput
* the action page checks the input and, if errors found re-invokes the display page and passes it the inout values plus error message(s).
N.B. To do this you must use <cfoutput> to build the form.
For example in Iminmei's log-in page:
<!--- LOGIN DISPLAY PAGE --->
<!--- Defaults in case this is the first time --->
<cfparam name="URL.ErrorMsg" default="">
<cfparam name="URL.UserId" default="">
<cfparam name="URL.Password" default="">
<!--- Check for error message --->
<cfif URL.ErrorMsg NEQ "">
<cfoutput>
#URL.ErrorMsg #
</cfoutput>
</cfif>
<!--- Initialise form from arguments received --->
<cfoutput>
<form action="login_action.cfm" method="post">
UserId<input type="text" name="UserId" value="#URL.UserId#"><br>
Password<input type="password" name="Password" value="#URL.Password#"><br>
<input type="submit" value="Submit">
</form>
</cfoutput>
<!--- LOGIN ACTION PAGE --->
<cfquery name="CheckUser" db="mydb">
select * from Users
where UserID='#form.UserId#'
and Password='#form.Password#'
</cfquery>
<cfif CheckUser.RecordCount>
<cfset session.authenticated=1>
<cflocation url="userstart.cfm" addtoken="yes">
<cfelse>
<!--- Return the inputs as URL parameters. --->
<cfset RedisplayLogin = "login_display.cfm?ErrorMsg=You have input your user information incorrectly, please hit the back button and try again&UserId=#form.UserId#&Password=#form.Password#">
<cflocation url="#RedisplayLogin#">
</cfif>
There are other ways to manage the communication between the dispay page and the action page. Fusebox is becoming very popular - see [sig][/sig]
hi ! my question is, if i don't want to use the cfauthenticate tags (well, and even if i wanted to), why do i have to put ?cfid=#cfid#&cftoken=#cftoken# at the end of ALL of the links ?? i mean, cfid and cftoken (and urltoken) are session variable, right ? so why can't i access them from any page of my application ??
i've tried to set a session variable in the Application.cfm (say, Session.my_id) ... once set, if i move to an another page, then i can't access that session variable any more ... just like if it had never been defined ... is this that you can't set session variables in the Application.cfm ??? or what ?? [sig][/sig]
i've tried to set a session variable in the Application.cfm (say, Session.my_id) ... once set, if i move to an another page, then i can't access that session variable any more ... just like if it had never been defined ... is this that you can't set session variables in the Application.cfm ??? or what ?? [sig][/sig]
- Status
Similar threads
