...

View Full Version : ColdFusion Login Question



mpicklesimer
01-05-2004, 02:58 PM
I have a form that has ColdFusion pull info from a database and compare it to a submitted form to log users into a site. The problem is it's a three part If/Else statement. First, it checks to see if the user exists. If not, it throws an error saying username not found. Then it checks the password for that acount. If the password is wrong, then it throws that error. If both the name exist and the password is correct, then it logs you in.

I'm looking for something similar that only has two conditions. Either the username and password are correct and you get logged in, or they're not, and you get pitched a "Invalid Username or Password" error.

Here are the code segments:


<!-- Username/password correct. Login successful. Display this table. -->
<table width="620" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><div align="center"><font face="Arial, Helvetica, sans-serif" size="5" color="#0099ff"><b>Administrator Options</b></font></div></td>
</tr>
<tr>
<td><img src="../IMAGES/sectiondivider.gif" width="620" height="37"></td>
</tr>
<tr>
<td><p><font face="Arial, Helvetica, sans-serif" size="2">Welcome, #fname#.</font></p>
<ul>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="../testlink.cfm">Products</a>: Allows you to add new products to the database, update product information, or delete discontinued products from the database.</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="../testlink.cfm">Process Orders</a>: View and process new customer orders.</font></li>
<li><font face="Arial, Helvetica, sans-serif" size="2"><a href="../testlink.cfm">View Completed Orders</a>: Allows you to search for, and view, completed orders.</font></li>
</ul></td>
</tr>
</table>
<!-- Username/password incorrect. Login unsuccessful. Display this table. -->
<table width="620" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><div align="center"><font face="Arial, Helvetica, sans-serif" size="5" color="#ff0000"><b>Restricted Area: Access Denied!</b></font></div></td>
</tr>
<tr>
<td><img src="../IMAGES/sectiondivider.gif" width="620" height="37"></td>
</tr>
<tr>
<td><p><font face="Arial, Helvetica, sans-serif" size="2">We're sorry. The username or password you supplied is incorrect. Please press the back button to try again.</font></p>
<p><font face="Arial, Helvetica, sans-serif" size="2">If you feel you have received this message in error, please contact the website administrator by clicking here.</font></p></td>
</tr>
</table>

megan_c
01-05-2004, 04:13 PM
Umm- you're only showing us the html, we would need to see the coldfusion code

trsands
01-29-2004, 11:09 PM
Good programming practice recommends that an unauthorized user should not be 'assisted' by being told whether the username or the password is incorrect.
I suggest you combine the two and give a single error message
"userid/password incorrect"
in psuedo sql code its something like:


Select userid, userclass from userinfo
where userid eq inuserid and password eq in password

if numreturnedrecords eq 0 then
message ("Invalid userid/password")
reload(loginform)
else
showwelcomeform()

endif


That the basic logic I use in app

Hope it helps



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum