A lot of users have posted how they can have a secure login feature on their site, you can use ASP, CGI, PHP and Coldfusion...
This is the coldfusion way (its very easy):
To make a login feature
1) Create a
Application.cfm page, in there have this:
[color red]
//establishes the SESSION variables here...
<cfapplication name="nameoffile"
applicationtimeout="#CreateTimeSpan(0,0,5,0)#"
sessionmanagement="yes"
setclientcookies="yes">
<cfif not isdefined("session.loggedin")>
<cfset session.loggedin = "false">
</cfif>
<cfset currentpage = getfilefrompath("#CGI.CF_TEMPLATE_PATH#")>
<cfif session.loggedin eq "false">
<cfif "#VARIABLES.currentPage#" is not "index.cfm" or
"#VARIABLES.currentPage#" is not "register.cfm" or
"#VARIABLES.currentPage#" is not "login.cfm">
[color green]<cflocation url="no_login.cfm">[/color]
<cfelseif
"#VARIABLES.currentPage#" is "index.cfm" or
"#VARIABLES.currentPage#" is "login.cfm">
<cfexit method="EXITTAG">
</cfif>
<cfelse>
<cfexit method="EXITTAG">
</cfif>
[/color]
*NOTE: In the <cfif> part (is not) you list the cfm pages that you do
not want the user to access without them logging in, even if they directly enter the cfm file name into the url...if the user has not loged in they get redirected to a
no_login.cfm page (the above part in green)...
In the <cfelseif> part (is) you list the cfm pages that you want to give the access to...
This way your pages are "protected" from anyone that has not logged in...
2) Then create a
login.cfm page, and have this:
[color teal]
<cfquery name="IsValidLogin" datasource="dBName">
SELECT *
FROM Table1
WHERE user_name = '#form.user_name#' AND password = '#form.password#'
</cfquery>
<cfif IsValidLogin.RecordCount EQ 0>
<cflock scope="SESSION" type="EXCLUSIVE" timeout="2">
<cfset SESSION.LOGGEDIN = "false">
<cfset SESSION.USER="">
</cflock>
<cflocation url="no_login.cfm?action=fail">
<cfelseif form.user_name EQ 'someName'>
<cflock scope="SESSION" type="EXCLUSIVE" timeout="2">
<cfset SESSION.LOGGEDIN = "true">
<cfset SESSION.USER="#form.user_name#">
</cflock>
<cfoutput><cflocation url="Admin.cfm"></cfoutput>
<cfelse>
<cflock scope="SESSION" type="EXCLUSIVE" timeout="2">
<cfset SESSION.LOGGEDIN = "true">
<cfset SESSION.USER="#form.user_name#">
</cflock>
<cfoutput><cflocation url="user.cfm?user_name=#IsValidLogin.user_name#"></cfoutput>
</cfif>
[/color]
*NOTE: the code for
<cfelseif form.user_name EQ 'someName'> means that if an admin signs in they get directed to a special page, with options set for Admins. Otherwise direct them to the
user.cfm page (only if they signed in), and if not signed in then direct them to the
no_login.cfm page...
3) Create a
no_login.cfm page, and have this:
[color green]
<cfif IsDefined("URL.action")>
<div align="center">
<p> </p>
<p> </p>
<p><b>Please enter a valid user name and passord combination.</b></p>
<p><b>Please click here to try again: <a href="index.CFM">Login</a></b></p>
</div>
[/color]
4) Lastly, create a
index.cfm page, and create the longin form. Make sure the action is set to login.cfm page (like this:
action="login.cfm")
This is only cause you want the server to check that the user signed in AND/OR the username/password combo. exists.
To make a logout feature
1) to logout, create a
logout.cfm file and have this code there:
[color red]
<CFSCRIPT>structclear(SESSION);</CFSCRIPT>
<cflocation url="index.cfm">
[/color]
Add
logout.cfm as a link to any page that needs it...this will clear the SESSION variable making it seem like the user never logged in...
The reason I add this script in another file is if you have more then one page that needs a logout function then you don't need to add this script to all those pages...plus if the <cflocation> page ever changes then you just change it on the
logout.cfm file (as opposed to changing it on numorous files)...
And that's it!! Try it out, ig you have any questions/comments email me or make a post in the forum...
