Ask a Question related to Coldfusion Security, Design and Development.
-
micb #1
Session Login ID
Hello,
I was wondering if anyone could help me.
I have designed a site with a log in and password page.
How would call the user name in queries on other pages?
I am able to log in using the user name and password from my database but I
can not get the queries to work when I call the user name, I have tried
#session.MM_Username# and #Session.StaffID# (Staff ID being the field I have
named the user id).
Any help would be much appriciated.
Thanks
Michelle
My code for LogIn
<td><cfinput type="text" name="StaffID" required="yes" message="Please enter
your Staff ID">
<input type="hidden" name="StaffID_required" value="Please enter your Staff
ID."></td>
</tr>
<tr>
<td><h4><font face="Geneva, Arial, Helvetica,
sans-serif">Password</font></h4></td>
<td><cfinput type="password" name="Password" required="yes" message="Please
enter your password.">
<input type="hidden" name="Password_required" value="Please enter a
password."></td>
</tr>
<tr align="center">
<td colspan="2"> <input type="submit" value="Login"></td>
</tr>
</table>
</cfform>
and here is my query on another page within the site
<cfquery name="Shifts" datasource="BookingSystemDSN">
SELECT Job.Event, Job."Date", Location.LocationName
FROM Job, Location, Employee,
EmpShifts WHERE Location.LocationID = Job.LocationID
AND EmpShifts.EmpID = Employee.EmpID
AND EmpShifts.JobID = Job.JobID
</cfquery>
just need the Employee.EmployeeID to equal the StaffID input in the LogIn page
Thanks again
Michelle
micb Guest
-
Login/Applicationtoken/Session Variable Problem
I am having a problem with Logging in and Session variables. I am new to ColdFusion, but program in other languages including PHP and Java. Recently... -
encapsulation of session/secure login: looking for perl mod
Hi, I am learning a little about how to use Apache::Session::MySQL by playing around with the most simple examples I can come up with. I was... -
ASP SQL Server Database Login - Session Variable
Hello, I have a tough one for you guys. (Atleast I've been pulling my hair out trying to figure this one out.) Thanks for taking a look at this... -
session problem - login screen continually reloads after pressing the login button
I am trying to get sessions to work on a log in screen to give certain users access to certain pages/directories. The problem is that when the... -
Is it possible to disable telnet login session temporary in AIX?
Hello All, I am a new to AIX and wondering if there is a way/command to disable telnet user to the system temporary. In the real world, even... -
iangoethert #2 Re: Session Login ID
Hi Michelle,
I don't see where you are setting the session variable or referencing the form
variables. (Perhaps I'm missing something.) Do you have a login action page
that captures the form inputs and stores them in session variables?
Something like:
<cflock type="exclusive" scope="session" timeout="30">
<cfset Session.StaffID = #Form.StaffID#>
</cflock>
Then, in the query page, you could read back out the session variable, store
it in a local variable, then use it in your query:
<cflock type="readonly" scope="session" timeout="30">
<cfset myStaffID = #Session.StaffID#>
</cflock>
<cfquery name="Shifts" datasource="BookingSystemDSN">
SELECT Job.Event, Job."Date", Location.LocationName
FROM Job, Location, Employee,
EmpShifts WHERE Location.LocationID = Job.LocationID
AND EmpShifts.EmpID = #myStaffID#
AND EmpShifts.JobID = Job.JobID
</cfquery>
Hope this helps.
Ian
iangoethert Guest
-
micb #3 Re: Session Login ID
Sorry to throw all this at you but I am doin this as my final yr project in my
Degree, and if somehow you could help me with this section I will be eternally
greatful! Here is my code for the LogIn page
<cfif IsDefined("URL.MM_logout") AND URL.MM_logout EQ "1">
<cflock scope="Session" type="Exclusive" timeout="30" throwontimeout="no">
<cfset Session.MM_Username="">
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfset MM_logoutRedirectPage="LogOut.cfm">
<cfif MM_logoutRedirectPage EQ "">
<cfset MM_logoutRedirectPage=CGI.SCRIPT_NAME>
</cfif>
<cfset
MM_logoutQuery=ListDeleteAt(CGI.QUERY_STRING,ListC ontainsNoCase(CGI.QUERY_STRING
,"MM_logout=","&"),"&")>
<cfif MM_logoutQuery NEQ "">
<cfif Find("?",MM_logoutRedirectPage) EQ 0>
<cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "?" &
MM_logoutQuery>
<cfelse>
<cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "&" &
MM_logoutQuery>
</cfif>
</cfif>
<cflocation url="#MM_logoutRedirectPage#" addtoken="no">
</cfif>
<cfset CurrentPage=GetFileFromPath(GetTemplatePath())>
<cfif IsDefined("FORM.StaffID")>
<cfset MM_redirectLoginSuccess="BookingIn.cfm">
<cfset MM_redirectLoginFailed="Main_FailedLogIn.cfm">
<cfset session.empID = form.staffID />
<cfquery name="MM_rsUser" datasource="BookingSystemDSN">
SELECT EmpID,Password FROM Employee WHERE EmpID='#FORM.StaffID#' AND
Password='#FORM.Password#'
</cfquery>
<cfif MM_rsUser.RecordCount NEQ 0>
<cftry>
<cflock scope="Session" timeout="30" type="Exclusive">
<cfset Session.MM_Username=FORM.StaffID>
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfif IsDefined("URL.accessdenied") AND false>
<cfset MM_redirectLoginSuccess=URL.accessdenied>
</cfif>
<cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
<cfcatch type="Lock">
<!--- code for handling timeout of cflock --->
</cfcatch>
</cftry>
</cfif>
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
<cfelse>
<cfset MM_LoginAction=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_LoginAction=MM_LoginAction & "?" & CGI.QUERY_STRING>
</cfif>
</cfif>
---------------------------------------------------------------
And here is my code for the other page
<cfif IsDefined("URL.MM_logout") AND URL.MM_logout EQ "1">
<cflock scope="Session" type="Exclusive" timeout="30" throwontimeout="no">
<cfset Session.MM_Username="">
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfset MM_logoutRedirectPage="LogOut.cfm">
<cfif MM_logoutRedirectPage EQ "">
<cfset MM_logoutRedirectPage=CGI.SCRIPT_NAME>
</cfif>
<cfset
MM_logoutQuery=ListDeleteAt(CGI.QUERY_STRING,ListC ontainsNoCase(CGI.QUERY_STRING
,"MM_logout=","&"),"&")>
<cfif MM_logoutQuery NEQ "">
<cfif Find("?",MM_logoutRedirectPage) EQ 0>
<cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "?" &
MM_logoutQuery>
<cfelse>
<cfset MM_logoutRedirectPage=MM_logoutRedirectPage & "&" &
MM_logoutQuery>
</cfif>
</cfif>
<cflocation url="#MM_logoutRedirectPage#" addtoken="no">
</cfif>
<cflock scope="Session" type="ReadOnly" timeout="30" throwontimeout="no">
<cfset
MM_Username=Iif(IsDefined("Session.MM_Username")," Session.MM_Username",DE(""))>
<cfset
MM_UserAuthorization=Iif(IsDefined("Session.MM_Use rAuthorization"),"Session.MM_U
serAuthorization",DE(""))>
</cflock>
<cfif MM_Username EQ "">
<cfset MM_referer=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
</cfif>
<cfset MM_failureURL="LogIn.cfm?accessdenied=" &
URLEncodedFormat(MM_referer)>
<cflocation url="#MM_failureURL#" addtoken="no">
</cfif>
<cfset CurrentPage=GetFileFromPath(GetTemplatePath())>
<cfquery name="Shifts" datasource="BookingSystemDSN">
SELECT Job.Event, Job."Date", Location.LocationName
FROM Job, Location, Employee,
EmpShifts WHERE Location.LocationID = Job.LocationID
AND EmpShifts.EmpID = Employee.EmpID
AND EmpShifts.JobID = Job.JobID
</cfquery>
micb Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
