Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Protection 1

Status
Not open for further replies.
varnix

varnix

Programmer
Joined
Jan 7, 2002
Messages
94
Location
US
We're trying to implement some very simple security for one of our applications.

We have the security working via an included header.cfm file. But we'd like to incorporate it into the application.cfm file so that we don't have to remember to include the header for each new file we create.

Here is what we would like to do:

Application.CFM

<cfapplication name=&quot;phonelog_app&quot; sessionmanagement=&quot;Yes&quot; setclientcookies=&quot;No&quot;>
<!--- Set the application datasource, and logic to only set it once so runtime is minimized --->
<cfset Cookie.CFID = session.CFID>
<cfset Cookie.CFTOKEN = session.CFTOKEN>
<cfif not IsDefined(&quot;application.Initialized&quot;)>
<cfset application.DS=&quot;phonelog&quot;>
<cfset application.Initialized=&quot;Yes&quot;>
</cfif>
<cfif isdefined(&quot;session.loggedin&quot;)>
<cfif session.loggedin eq &quot;no&quot;>
<cfinclude template=&quot;login.cfm&quot;>
<cfelse> <!--- session.loggedin defined and is not &quot;no&quot; --->
<!--- output common file header information --->
</cfif>
<cfelse>
<cfinclude template=&quot;login.cfm&quot;>
</cfif>


The login.cfm file displays the actual username/password entry and calls a sub-page called password.cfm that performs the query and authenticates.

Now this does SEEM to work up to a point, it displays the login page, BUT - it continues on to display whatever other page you may have entered. IE index.cfm loads both the login.cfm and the contents of the index.cfm file.

If anyone can suggest a better scheme that doesn't require us having to have the login check in an included header.cfm file - it would be greatly appreciated.

Thanks!
 
Sort by date Sort by votes
ADD cfabort to your template

Code: 
--->
<!--- output common file header information --->
  </cfif>
  <cfelse>
     <cfinclude template=&quot;login.cfm&quot;>
     <cfabort>
</cfif>
 
Upvote 0 Downvote
Hey Varnix,

Abemeister's suggestion is a good way to solve your problem the way your app is coded.

I typically don't include a login page though from the application.cfm but use <cflocation url=&quot;login/index.cfm&quot;> to redirect to a separate login directory with a special application.cfm that doesn't check for logged in status. This way my login page, password check page, and any other pages such as password recovery will work. Otherwise, your action pages will not work because the application.cfm executes the login section before getting to the part where you check the password and change their status to logged in.

Good luck,
GJ
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mochalova
  • Locked
  • Question Question
Password protect a pdf
Replies
2
Views
278
TruthInSatire
TruthInSatire
nsanto17
  • Locked
  • Question Question
pass username and password to another site
Replies
1
Views
260
vacunita
vacunita
Albion
  • Locked
  • Question Question
Hiding username and password in CFQUERY
Replies
3
Views
261
cfSearching
cfSearching
barb123
  • Locked
  • Question Question
Is is possible to password Protect site while Working on it?
Replies
2
Views
229
barb123
barb123
BadChough
  • Locked
  • Question Question
Needs a Password Reminder function
Replies
1
Views
277
lebisol
lebisol

Part and Inventory Search

Sponsor

Back
Top