... *** Normal login stuff here *** [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => MikerRoo [ip] => webforumsuser@m [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 2 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> How do I bypass an Application.cfm file? - Coldfusion - Advanced Techniques

How do I bypass an Application.cfm file? - Coldfusion - Advanced Techniques

I have an application that uses the CF Security Framework (Application.cfm, cflogin, cfloginuser), Apache, and MySQL to handle the log in process. It works fine. But, that assumes the username/password exists in the database. I want to implement a link from the login page that allows a person to go to a new_user.cfm form, put in their personal information, and insert the data into the database. The action page then calls a logout page which does a cflogout and the login page is redisplayed. The new user now has a valid record and can log in to the application. The ...

  1. #1

    Default How do I bypass an Application.cfm file?

    I have an application that uses the CF Security Framework (Application.cfm,
    cflogin, cfloginuser), Apache, and MySQL to handle the log in process. It
    works fine.

    But, that assumes the username/password exists in the database. I want to
    implement a link from the login page that allows a person to go to a
    new_user.cfm form, put in their personal information, and insert the data into
    the database. The action page then calls a logout page which does a cflogout
    and the login page is redisplayed. The new user now has a valid record and can
    log in to the application. The application uses "roles" and the new user is
    preassigned at the lowest level of access.

    Right now, because Application.cfm is called for every page, the new user
    selects the link, but (because there isn't yet a valid login) the login page is
    redisplayed instead of the new_user.cfm page. If someone with a valid
    username/password logs in, the application does jump straight to the
    new_user.cfm page and the database insert (and subsequest cflogout) happens
    correctly.

    I've tried putting various traps in various places in the login page and
    Application.cfm code, but nothing seems to work.

    If I have to, I will write my own login page, but I have a lot of session,
    cookie, and client variables that are set in Application.cfm and would rather
    continue to use that process.

    Thanks in advance

    Richard Mossman Guest

  2. #2

    Default Re: How do I bypass an Application.cfm file?

    There are lot's of ways to do this. However, you do NOT want to add a URL
    parameter for this kind of thing.

    A quick and dirty way is to add the following kind of logic to your
    Application.cfm or Application.cfc:

    <CFSET sInsecureFileOrDirectory = "new_user.cfm">
    <CFIF 0 NEQ FindNoCase (CGI.SCRIPT_NAME, sInsecureFileOrDirectory)>
    <!--- Free pass file or directory. If no further processing needed you
    can just use the <CFEXIT> tag --->
    ...
    <CFELSE>
    *** Normal login stuff here ***
    </CFIF>


    MikerRoo Guest

  3. #3

    Default Re: How do I bypass an Application.cfm file?

    Above comment should read "If no further processing, inside Application.cfm, is needed....".
    MikerRoo Guest

Similar Threads

  1. #25149 [Opn->Bgs]: safe_mode bypass
    By iliaa@php.net in forum PHP Development
    Replies: 0
    Last Post: August 19th, 04:18 PM
  2. #25149 [NEW]: safe_mode bypass
    By marrtins at hackers dot lv in forum PHP Development
    Replies: 0
    Last Post: August 19th, 04:15 PM
  3. Workstation Bypass
    By Jeremy in forum Windows Setup, Administration & Security
    Replies: 1
    Last Post: July 22nd, 01:18 AM
  4. Password Bypass
    By William in forum Windows Setup, Administration & Security
    Replies: 1
    Last Post: July 9th, 08:44 PM
  5. Bypass Startup Script
    By Scott Davis in forum FileMaker
    Replies: 4
    Last Post: June 27th, 03:38 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •