Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jan 2004
    Location
    Boston, MA
    Posts
    23
    Thanks
    0
    Thanked 0 Times in 0 Posts

    ColdFusion Login Question

    I have a form that has ColdFusion pull info from a database and compare it to a submitted form to log users into a site. The problem is it's a three part If/Else statement. First, it checks to see if the user exists. If not, it throws an error saying username not found. Then it checks the password for that acount. If the password is wrong, then it throws that error. If both the name exist and the password is correct, then it logs you in.

    I'm looking for something similar that only has two conditions. Either the username and password are correct and you get logged in, or they're not, and you get pitched a "Invalid Username or Password" error.

    Here are the code segments:
    Code:
    <!-- Username/password correct. Login successful. Display this table. -->
     <table width="620" border="0" cellpadding="0" cellspacing="0">
        <tr>
           <td><div align="center"><font face="Arial, Helvetica, sans-serif" size="5" color="#0099ff"><b>Administrator Options</b></font></div></td>
         </tr>
         <tr>
            <td><img src="../IMAGES/sectiondivider.gif" width="620" height="37"></td>
          </tr>
          <tr>
            <td><p><font face="Arial, Helvetica, sans-serif" size="2">Welcome, #fname#.</font></p>
                <ul>
                   <li><font face="Arial, Helvetica, sans-serif" size="2"><a href="../testlink.cfm">Products</a>: Allows you to add new products to the database, update product information, or delete discontinued products from the database.</font></li>
                   <li><font face="Arial, Helvetica, sans-serif" size="2"><a href="../testlink.cfm">Process Orders</a>: View and process new customer orders.</font></li>
                   <li><font face="Arial, Helvetica, sans-serif" size="2"><a href="../testlink.cfm">View Completed Orders</a>: Allows you to search for, and view, completed orders.</font></li>
                  </ul></td>
                </tr>
            </table>
                <!-- Username/password incorrect. Login unsuccessful. Display this table. --> 
    <table width="620" border="0" cellpadding="0" cellspacing="0">
      <tr>
         <td><div align="center"><font face="Arial, Helvetica, sans-serif" size="5" color="#ff0000"><b>Restricted Area: Access Denied!</b></font></div></td>
       </tr>
        <tr>
           <td><img src="../IMAGES/sectiondivider.gif" width="620" height="37"></td>
         </tr>
          <tr>
            <td><p><font face="Arial, Helvetica, sans-serif" size="2">We're sorry. The username or password you supplied is incorrect. Please press the back button to try again.</font></p>
                        						<p><font face="Arial, Helvetica, sans-serif" size="2">If you feel you have received this message in error, please contact the website administrator by clicking here.</font></p></td>
                				</tr>
                		</table>

  • #2
    New to the CF scene
    Join Date
    Dec 2003
    Location
    New Mexico
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Umm- you're only showing us the html, we would need to see the coldfusion code

  • #3
    New Coder
    Join Date
    Dec 2003
    Location
    Bahamas
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Good programming practice recommends that an unauthorized user should not be 'assisted' by being told whether the username or the password is incorrect.
    I suggest you combine the two and give a single error message
    "userid/password incorrect"
    in psuedo sql code its something like:


    Select userid, userclass from userinfo
    where userid eq inuserid and password eq in password

    if numreturnedrecords eq 0 then
    message ("Invalid userid/password")
    reload(loginform)
    else
    showwelcomeform()

    endif


    That the basic logic I use in app

    Hope it helps


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •