Submit form once before viewing section 1

[Tobie29]

A client wants to have users submit a simple form with their name, phone, email address before they can view a section of their web site. This will only happen once per visit, so I am thinking a session structure will work. I have set up a lot of session, client and cookie secured areas previously where they have to enter login information. This is a little different since it will be captured into a DB table and emailed to the client.

Do I set this up the same way as I would a login structure? Anyone else ever come across this before?

 

[TruthInSatire]

How have you done a secure area with out a database in the past?

Its pretty simple

user enters info into the form. form is processed setting session variables and inserting data into the database. send email to client using either form or session variables, send the user on his/her merry way into the secure area.

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true.

 

[Tobie29]

Thanks TruthInSatire! I have not done a secure area without a database in the past. Before they have always been preassiged a username and password to access the secure area. This time, it is just a form submission instead.

Do I have to put the protected pages into a separate directory or can I keep them where they are now? They were not protected before, but this client now wants to protect this information, and capture who is viewing it before they can view it. Can I add the onRequestStart or something like that to the top of the protected pages?

 

[TruthInSatire]

you can move them into a seperate folder and add another application.cfm, add some slippery code to check for sessions, but unless you're very certian of how cfapplication works and WHEN application.cfm works i wouldn't do this. Not to mention you have to update all incoming and outgoing links. nobody likes that.

To protect the pages you want protected where they are now, add something like this on the very biginning of each template.

<cfif not isdefined("session.yourLoggedInSessionVaribleHere")>
<cflocation url = "sorry.cfm">
</cfif>

that will send them to a "sorry" page of your design when the session isn't present. Or you can just send them to the home page or something. A sorry page is better though so they know they're not permitted.

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true.

 

[Tobie29]

Thanks again! Yea, I have a pop-up login page that can appear instead. I have worked with application.cfm since 2000, so I am familiar with it, and just recently started with sessions and application.cfc, which you helped with a few weeks ago.

Thanks for all your help! I'll let you know how it goes.

 

[TruthInSatire]

I did? who were you a few weeks ago? this is your first post according to your profile.

another thing you could do is create a list of file names.

:: Psudocode ::
<cfset securePages = "bob.cfm,me.cfm,you.cfm,monkeysuncle.cfm,whateveryoudodontgohere.cfm">
<cfloop list = "#securePages#" index = "thispage">
<cfif findNoCase(thisPage, cgi.script_name) and not isDefined("session.yourSessionVariableHere")>
<cflocation url = "sorry.cfm">
</cfif>
</cfloop>

This advangate is you don't have to put that little snipit in EVERY protected page, just add the page to this list.

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true.

 

[TruthInSatire]

oh, that's supposed to go into your application file...

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true.

 

[Tobie29]

Nope, same name. I responded to thread232-1114449 before, making a decision between application.cfc and application.cfm.

I will try that too! Thanks again for your help!

 

[Tobie29]

This worked great! Thanks again!

 

[Tobie29]

Ok, now I am having another issue. It works great to restrict access to the pages that he wanted to restrict access to. However now, after submitting the form once, it will not allow me to view the other pages in the securePages loop without filling out the form again. My timeout on sessions & application is set to 30. Any help?

 

[TruthInSatire]

you're using the list method? what session variable are you setting once they fill out the form? code would help.

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true.

 

[Tobie29]

Here is my code so far:

Application form:

<cfapplication name="FCG" sessionmanagement="Yes" sessiontimeout="3000" applicationtimeout="3000">

Code at top of secure page - it is a dynamic page for a number of records in a database so it should only process it once:


<cfif not isdefined("session.FCG")>
<cflocation url = "login.cfm?refpg=#CGI.SCRIPT_NAME#&autoid=#URL.autoid#">
</cfif>

I found out this morning that the client only wants this one page that pops-up with the data in it for a number of records to be secure - only submitting form information once before they are allowed to see all data for all properties during this session/visit.

 

[TruthInSatire]

when do you set the session? and what value does FCG get? in the code you posted above FCG is the name of your application, not variable name.

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true.

 

[Tobie29]

Geez! Thanks! I messed that up...

I added more script and it is now working correctly. Thanks!

Here is the code at the top of the dynamic pop-up page in case anyone would like it...


<cfif isdefined('session.loginstatus') is false>
<cfset session.loginstatus=0>
</cfif>
<cfif session.loginstatus neq 1>
<cflocation url = "login.cfm?refpg=#CGI.SCRIPT_NAME#&autoid=#URL.autoid#">
</cfif>

Once the form is submitted, the loginstatus = 1.