user id and password check 1

[Guest_imported]

I need to create a CF application that prompts for
ID and password on my Access 2000 database that would
display a welcome message or returen me back to the
login page if password is invalid.

My attempt below doesnt work. It does pull up the ID and passwrd if I put in the correct ones but if I put in incorrect Id or password I get CF error messages. I need it to return back to me a message saying invalid login if user id or password is incorrect.


[tt]
<cfquery name=&quot;queryDoc&quot; datasource=&quot;hom3&quot; dbtype=&quot;ODBC&quot;>
<CFIF #FORM.passwrd# EQ &quot;&quot; and #FORM.cust_id# EQ &quot;&quot;>
select *
from
customer
<CFELSEIF #FORM.passwrd# GT &quot;&quot; and #FORM.cust_id# EQ &quot;&quot;>
select *
from customer
where passwrd = #FORM.passwrd#
<CFELSEIF #FORM.passwrd# EQ &quot;&quot; and #FORM.cust_id# GT &quot;&quot;>
select *
from customer
where cust_id = #FORM.cust_id#
<CFELSE>
select *
from
customer where passwrd = #form.passwrd#
and cust_id = #form.cust_id#
</CFIF>
</cfquery>
<cfif #queryDoc.RecordCount# EQ 0>
<H1 ALIGN=&quot;center&quot;>No Record Found</H1>
<CFELSE>
<cfoutput query=&quot;queryDoc&quot;>[/tt]

 

[CFDude]

What kind of errors are you getting?

A couple of things I noticed:
If the custId or passwrd is some type of character value in the db (not a number) then you probably need to put single quotes around the variable e.g.

where passwrd = '#FORM.passwrd#'

Also, I am not sure what you are trying to attempt on the first if:

<CFIF #FORM.passwrd# EQ &quot;&quot; and #FORM.cust_id# EQ &quot;&quot;>
select *
from
customer

If not custid or password is passed, it will select everything from the db.

Maybe it would help if you would explain the login process -- does your user have to enter a customer ID and/ or a password to login?

Tim P.

 

[pcorreia]

I'm not sure what you're trying to get at with all those <cfif> statements, but let me tell you what will happen here:[ol][li]If the user provides no user name or password, the query will return all the records from the customer database.[/li][li]If the user provides a password but no user name, the query will return all the records from the customer database that have that password.[/li][li]If the user provides a user name but no password, the query will return the record for that user.[/li][li]If the user provides a user name and password, the query will return a record for that user name only if the password is correct.[/li][/ol]I doubt this is what you intend for a login page to do. Here's a generic template for checking a login against a database:

<cfquery name=&quot;qryLogin&quot; datasource=&quot;myDSN&quot;>
   SELECT *
   FROM   customer
   WHERE  
      cust_id = <cfqueryparam value=&quot;#FORM.cust_id#&quot; cfsqltype=&quot;CF_SQL_VARCHAR&quot; maxlength=&quot;30&quot;> AND
      passwrd = <cfqueryparam value=&quot;#FORM.passwrd#&quot; cfsqltype=&quot;CF_SQL_VARCHAR&quot; maxlength=&quot;30&quot;> 
</cfquery>
<cfif qryLogin.recordcount EQ 0>
   <!--- Login was unsuccessful, you probably want to show an error message and return the user to the login form --->
<cfelse>
   <!--- Login was successful, qryLogin is now populated with information on authenticated user --->
</cfif>