As mentioned in the Introduction, the book was written while the ColdFusion MX software was still in Beta release. Some changes in the implementation of the <CFLOGIN> tag between the Beta and Final versions of ColdFusion MX has made it necessary to change some of the example code listed in Step 9. It was necessary to move the entire login routine to within the opening and closing <CFLOGIN> tags in the Application.cfm file.
All the concepts discussed in Step 9 are still valid, but some of the code needs to be rearranged in order to work properly.
Below you will find replacement code for Listing 9.1 and Listing 9.2. The updated code has already been included in the downloadable support files.
Listing 9.1 LoginForm.cfm
<!---
File: LoginForm.cfm
Description: Dual-purpose login form for secured directories
Author: Barry Moore
Created: 16-Apr-2002
--->
<--- This form is a dual purpose template
It displays a form first time around
it then submits to itself and processes the login --->
<--- set url for action attribute of the form
this will submit the form back to the original request page--->
<CFSET ActionURL="http://" & "#CGI.Server_Name#" & "#CGI.Script_Name#">
<CFIF CGI.Query_String IS NOT "">
<CFSET ActionURL= ActionURL&"?#CGI.Query_String#">
</CFIF>
<!--- display the form --->
<!--- outer table for black outline --->>
<TABLE ALIGN="center" BGCOLOR="#000000" CELLPADDING="1" CELLSPACING="1">
<TR>
<TD>
<!--- inner table for form --->
<TABLE ALIGN="Center" BGCOLOR="#CFCFCF">
<CFFORM ACTION="#ActionURL#" METHOD="POST" ENABLECAB="Yes">
<TR>
<TD BGCOLOR="#003399" COLSPAN="2">
<FONT COLOR="#FFFFFF"><B>Login Form</B></FONT>
</TD>
</TR>
<TR>
<TD>Username</TD>
<TD><CFINPUT TYPE="Text" NAME="j_username" MESSAGE="Please enter a username" REQUIRED="Yes"></TD>
</TR>
<TR>
<TD>Password</TD>
<TD><CFINPUT TYPE="Password" NAME="j_password" MESSAGE="Please enter a password" REQUIRED="Yes"></TD>
</TR>
<TR ALIGN="right">
<TD> </TD>
<TD><INPUT TYPE="Submit" NAME="Submit" VALUE="Login"></TD>
</TR>
</CFFORM>
</TABLE>
</TD>
</TR>
</TABLE>
LoginForm.cfm Code Walkthrough
The only really important change here is that we have named the two form fields "j_username" and "j_password". These are special names in ColdFusion and tell ColdFusion that we are initiating a cflogin event.
The rest of the form is pretty much the same as the one shown in the book except the error checking has been removed and added to the Application.cfm template instead. This form will be included in the Application.cfm file if the user has not logged in or has provided invalid login credentials. The only new code in this form is.
<!--- set url for action attribute of the form this will submit the form back to the original request page---> <CFSET ActionURL="http://" & "#CGI.Server_Name#" & "#CGI.Script_Name#"> <CFIF CGI.Query_String IS NOT ""> <CFSET ActionURL= ActionURL&"?#CGI.Query_String#"> </CFIF>
This section of code just uses some CGI variable to figure out which page was actually being requested when the security/login routine kicked in. The form then submits back to that page (and itself via a <CFINCLUDE> in the Application.cfm file). If the user is properly authenticated they are then sent to the actual page they requested in the first place.
Listing 9.2 Application.cfm
This is the Application.cfm file that resides in the Admin directory of our new site.
<!---
File: Application.cfm
Description: Application settings for the Admin subdirectory
Author: Barry Moore
Created: 27-Jul-2002
--->
<!--- include all setting from the root level Application.cfm file --->
<CFINCLUDE TEMPLATE="../Application.cfm">
<!--- additional security code will go here --->
<!--- use cflogin check if there is a logged in user
if there is no logged in user include the login form and stop --->
<CFLOGIN>
<CFIF NOT IsDefined("cflogin")>
<DIV ALIGN="center"><b>Please Login</b></DIV>
<CFINCLUDE TEMPLATE="LoginForm.cfm">
<CFABORT>
<CFELSE>
<!--- run a query to see if the user's credentials match --->
<CFQUERY NAME="qLogin" DATASOURCE="#BBWebAppDSN#">
SELECT *
FROM Users
WHERE UserName ='#cflogin.name#'
AND Password ='#cflogin.password#'
</CFQUERY>
<!--- test the query results --->
<CFIF qLogin.recordCount IS 0>
<!--- if the record count is 0 (no matches)
display an error message and the login form again --->
<DIV ALIGN="center">
<FONT color="#FF0000"><b>Invalid login, please try again</b></FONT>
</DIV>
<CFINCLUDE TEMPLATE="LoginForm.cfm">
<CFABORT>
<CFELSE>
<!--- otherwise log the user in --->
<CFLOGINUSER NAME="#cflogin.name#" PASSWORD="#cflogin.password#" ROLES="#qLogin.Roles#">
</CFIF>
</CFIF>
</CFLOGIN>
Application.cfm Code Walkthrough
Remember that the Application.cfm file in the Admin directory will run first whenever any file within the Admin directory is requested.
First of all notice that all code to perform the login now falls between the opening and closing <CFLOGIN> tags. The first statement within the CFLOGIN block
<CFIF NOT IsDefined("cflogin")>
checks to see if the user is already logged in, if they are a structure called "cflogin" will exist (IsDefined). If they are not logged in, NOT IsDefined("cflogin"), then will use CFINCLUDE to display the LoginForm.cfm.
The user will fill out the form and hit submit. The code at the top of the LoginForm.cfm file will submit the form information back to the page that was originally requested. At this point the Application.cfm file will see that the form has submitted the special j_username and j_password fields and IsDefined("cflogin") will now equal TRUE and the code in the <CFELSE> block will run.
The code in the first <CFELSE> block runs a query using the cflogin username and password from the form. Then we use a nested CFIF statement to see if any records were returned. If not, then we present the user with the form once more so that they can try again. If there was a result from the query we log the user in using the <CFLOGINUSER> tag and continue on with the page request. Since the user is now logged in, the cflogin structure will exist until they logout or the session variables timeout.
For more information about using the <CFLOGIN> tag see Chapter 16 of the Macromedia document "Developing Macromedia ColdFusion MX Applications with ColdFusion Markup Language (CFML)" which is available for download from http://www.macromedia.com/support/coldfusion/documentation.html