Thread: ColdFusion Tips & Tricks
View Single Post
  #56 (permalink)  
Old 02-21-2008, 02:06 AM
prasannavigneshr prasannavigneshr is offline
D-Web Incredible
  
Join Date: Feb 2007
Posts: 1,321
prasannavigneshr is on a distinguished road
Send a message via MSN to prasannavigneshr
Thumbs up ColdFusion Tips & Tricks - Using User ID's and Passwords
Using User ID's and Passwords


If you want to restrict access to your entire website or to certain pages, you can use the code displayed below to enable it. The first part, Application.cfm, shows you the things you need to have in your Application.cfm template. You need to define an CFAPPLICATION tag, define a session variable named "user" if it doesn't exist, and include a 2nd template called Security.cfm. This Security.cfm template checks to see if the user is currently logged in and if not, displays a login screen.

If you wish to only restrict certain pages, move the cfinclude tag for the Security.cfm template from the Application.cfm to the first line of the templates you wish to restrict.

The nice thing about this code is that if a user times out somewhere in the middle of the website, they are not forced back to the front page - they are returned to whatever page they were trying to load. However, this login procedure will fail if you don't have a template defined in the url (ie: http://mysite.com/mydir/ instead of http://mysite.com/mydir/index.cfm). Another drawback is in passing form variables. This example doesn't preserve any form variables passed during the login process but there are tags in the Tag Gallery that can do this for you.



Example HTML/CFML code:

Code:
<!--- Application.cfm --->
<CFAPPLICATION NAME="MySessionName"
               SESSIONMANAGEMENT="Yes"
               SESSIONTIMEOUT="#CreateTimeSpan(0,1,0,0)#">

<CFPARAM NAME="session.user" DEFAULT="unknown">
<CFINCLUDE TEMPLATE="Security.cfm">



<!--- Security.cfm --->
<CFPARAM name="LoginSubmit" default="">
<CFPARAM name="i_userid" default="">
<CFPARAM name="i_password" default="">

<CFIF LoginSubmit EQUAL "Login">
  <CFQUERY name="login" datasource="#db#">
    SELECT UserID, Password
    FROM Users
    WHERE UserID='#i_userid#'
  </CFQUERY>
  <CFIF login.UserID EQUAL i_userid
    AND login.Password EQUAL i_password>
    <CFSET session.user=i_userid>
  </CFIF>
</CFIF>

<CFIF session.user EQUAL "unknown">
  <CFOUTPUT>
  <html>
  <title>Login</title>
  <body bgcolor="##FFFFFF" text="##000000">
  <form name="login" method="post">
  <font face="Arial" size="6">
  <center>
  Please enter your information to log on to the website<br>
  </font>
  <br>
  <table border="0">
    <tr>
      <td align="right"><font face="Arial"><b>User ID: </b></td>
      <td><input type="Text" name="i_userid" size="10"></td>
    </tr>
    <tr>
      <td align="right"><font face="Arial"><b>Password: </b></td>
      <td><input type="Password" name="i_password"></td>
    </tr>
  </table>
  <script language="Javascript">
  <!--
  document.login.i_userid.focus();
  // -->
  </script>
  <br>
  <input type="Submit" name="LoginSubmit" value="Login">
  </form>
  <br>
  <font face="Arial" size="2">
  Note: You will be requested to log back in after 60 minutes of inactivity
  </font>
  </body>
  </html>
  </CFOUTPUT>
  <CFABORT>
</CFIF>
__________________
Prasanna Vignesh
MCPD | Web Developer
Reply With Quote