I have set up on my intranet a form where the user logs in using a user name and password stored in my access database. Managers in the same database have an office code they must input (this part works well). The problem I'm having is that when you type anything into the form fields of username and password without the office code set-up for the Managers it will allow anyone to enter the site.<br><br>I thought it was supposed to verify against the database. The code for the form looks like below:<br><br><form action="index.cfm" method="POST"><br><table width="70%" align="center"><br><tr><br><td width="70%" align="left" valign="top" style="padding-left: 15px;"><br><font size="-1"><b>Please Type in Your User Name:</b></font><br><input type="text" name="UserID" id="UserID" size="35" maxlength="50" tabindex="1"><br><br><br><font size="-1"><b>Please Type in Your Password:</b></font><br><input type="password" name="Password" size="15" maxlength="25" tabindex="2"><br><br><br><font size="-1"><b>If you are a manager, Please enter your office code here:</b></font><input type="text" name="OfficeCode" size="6" maxlength="10" tabindex="2"><br><br><br><input type="submit" name="Submit" id="Submit" value="Enter our Secured Site"><br></form><br></td><br></tr><br></table><br><br>the code on the page that it is supposed to pass the data to (index.cfm) looks like below:<br><br><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><br><cfquery name="CheckRequired" datasource="user" dbtype="ODBC"><br>SELECT * <br>FROM Users<br>WHERE User='#form.UserID#' <br>AND Pass='#form.Password#'<br>AND Officecode='#Officecode#'<br> </cfquery><br><html><br><head><br><br> <title>Local Intranet</title><br></head><br><br><body style="FONT-FAMILY: Arial, Helvetica, sans-serif; FONT-SIZE: small; FONT-VARIANT: small-caps" background="Background.gif"><br><cfif CheckRequired.RecordCount><br><cfset session.authenticated=1><br><cflocation url="manager.cfm" addtoken="yes"><br> <cfelse><br>you are not authenticated please use your back button to go back and reenter your username and password.<br></cfif><br><br>Why wont it verify against the database which is identify in the datasource from the query?<br><br>Any help you could give would be appreciated - I'm new at all of this and am supposed to have the site up and running next week.<br>
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Problem passwords not going to the right place
- Thread starter WebGodiva
- Start date
It looks like anyone who is authenticated whether or not there is an office code goes to the manager.cfm page...<br><br>Try:<br><FONT FACE=monospace><b><br><cfif CheckRequired.RecordCount><br> <cfset session.authenticated=1><br> <cfif len(CheckRequired.Officecode)><br> <cfset session.manager=1><br> <cflocation url="manager.cfm" addtoken="yes"><br> <cfelse><br> <cfset session.manager=0> <br> <cflocation url="non-manager.cfm" addtoken="yes"><br> </cfif><br><cfelse><br> you are not authenticated please use your back button to go back and reenter your username and password.<br></cfif><br></b></font><br>You can use the session.manager variable to verify that someone is logged in as a manager or not and act accordingly...<br><br>Hope this helps...<br><br>DM
- Status
Similar threads
