Ask a Question related to Coldfusion - Advanced Techniques, Design and Development.
-
davellaman #1
user and admin login on same login page
Hello,
I have a user login page which also doubles as my administrator login.
Currently, my method of logging in doesnt seem to be working because it directs
me to the members page first, then i must click logout and do it again to be
able to get to admin.cfm. What is the best way of doing this? Also, what
kind of security concerns are there regarding using the same login page that I
should be aware of? Any code changes that will protect me from unauthorized
access?
Thanks!!
Mark
<cfif IsDefined("FORM.id")>
<cfset MM_redirectLoginSuccess="members.cfm">
<cfset MM_redirectLoginFailed="login.cfm?loginfailed=1">
<cfquery name="MM_rsUser" username="---------" password="--------"
datasource="---------">
SELECT * FROM users WHERE username='#FORM.id#' AND password='#FORM.pw#'
</cfquery>
<cfif MM_rsUser.RecordCount NEQ 0>
<cftry>
<cflock scope="Session" timeout="30" type="Exclusive">
<cfset Session.MM_Permissions=#MM_rsUser.Permissions#>
<cfset Session.MM_Username=FORM.id>
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfif Session.MM_Permissions NEQ "user">
<cfset MM_redirectLoginSuccess="admin.cfm">
</cfif>
<cfif IsDefined("URL.accessdenied") AND true>
<cfset MM_redirectLoginSuccess=URL.accessdenied>
</cfif>
<cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
<cfcatch type="Lock">
<!--- code for handling timeout of cflock --->
</cfcatch>
</cftry>
</cfif>
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
<cfelse>
<cfset MM_LoginAction=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_LoginAction=MM_LoginAction & "?" & CGI.QUERY_STRING>
</cfif>
</cfif>
davellaman Guest
-
Strange problem with Forms authentication: After successfull login, login page is still displayed
Hi there I have a quite strange problem with my ASP.NET-Application. The application has being deployed one year ago and worked fine till last... -
Can't Login to Admin Page
I have recently re-installed CF to work with WAMP 5 and its Apache server. but now i can't login to the Configuration and Settings Migration Wizard.... -
Login to Admin page = No Navigation links
Using CFMX 6.1 w/ IIS 5. Last week I was messing w/ the default WWW security settings SSL etc and now when I login into the admin page... -
Login to admin system through login screen only
Hi there, I have an issue relating to login to my asp.net application. Basically i have built the standard login page which compares against the... -
Admin login lost user name pw HELP!!
I created user accounts and myself as admin. I disabled fast access so that no one could see the userlist since user accounts did not need... -
jmj #2 Re: user and admin login on same login page
I would suggest that you start with a <cfparam ="MM_redirectLoginSuccess"
default=""> instead of setting it to members.
After the query use the <CFIF> to check the specific permission
cfif Session.MM_Permissions Is "user">
<cfset MM_redirectLoginSuccess="members.cfm">
and whatever else you need to add for members
<CFELSEIF Session.MM_Permissions Is "admin">
<cfset MM_redirectLoginSuccess="admin.cfm">
This little piece of code worries me:
<cfif Session.MM_Permissions NEQ "user">
What if the you decide to add a new permission type (ie: someone needs read
only to reports) or the permission type is left blank by accident- according to
your code they will default to the administrator level!
I have a login page that sends them to their respective page and have never
had a problem with the security of it. I run them through the cfif/cfelseif to
define all the different permissions.
(If you are using the cfquery, remember to use the cfqueryparam tag. <cfquery
name="MM_rsUser" username="---------" password="--------"
datasource="---------">
SELECT * FROM users WHERE username= <CFQUERYPARAM Value="#FORM.id#">AND
password=<CFQUERYPARAM Value="#FORM.pw#">
</cfquery>
Hope this helps.
J
jmj Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
