Quantcast
Channel: Adobe Community: Message List
Viewing all articles
Browse latest Browse all 93817

Re: Password Protect all .cfm files in a directory?

$
0
0

You apparently misunderstood my suggestion to place the last cfinclude code outside the cflogin tag. In any case, it doesn't matter now, given the current information. Since index.cfm is the action page of the login form, it should not be cf-included. If login is successful, the form will post to index.cfm anyway, which is effectively a new request.

 

<cflogin>

     <cfif getAuthUser() is "" and NOT isDefined("form.subscriber_email")>

          <!--- User unauthenticated and not coming from login.cfm --->

          <!--- send user back to login page --->

          <cfinclude template="login.cfm">

          <cfabort>    

     <cfelseif isDefined("form.subscriber_email")>

 

          <CFQUERY name="auth_admin" datasource="#Request.BaseDSN#">

                 SELECT     subscriber_ID, subscriber_fname, subscriber_email, subscriber_password

                 FROM     main

                 WHERE     subscriber_email = <cfqueryparam value='#Trim(form.subscriber_email)#' CFSQLTYPE='CF_SQL_VARCHAR'>

                 AND       subscriber_password = <cfqueryparam value='#Trim(form.subscriber_password)#' CFSQLTYPE='CF_SQL_VARCHAR'>

         </CFQUERY>

 

          <cfif auth_admin.recordcount gt 0>

               <!--- User authenticated   --->

               <cfloginuser name = "#auth_admin.subscriber_email#" password = "#auth_admin.subscriber_password#" roles = "admin,poweruser">

          </cfif>

     </cfif>   

</cflogin>

 

Now, ensure that there is a text field named subscriber_email in the form. Verify spelling! Also verify that the values of the (subscriber_email, subscriber_password) pair that you use in testing actually exist in the database table.


Viewing all articles
Browse latest Browse all 93817

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>