Authentication system (encryption and Update profile capabilities)
By: Dan St-Amour

Thanks to Peter Tillbrook’s tutorial. (http://tutorial113.easycfm.com/).

User.mdb.
Access database with 4 types of users included.
Only user entered is an admin user
Userid: admin
Password: admin
======================
>> index.cfm
This page includes the header and footer file.

======================
>> Footer.cfm
Nothing much in this page. I just added some code to display the webmaster and on wich date the page was changed.

======================
>> header.cfm
I inserted the code to check if user is logged in.

<cfif Session.Logged  EQ "false">
    <cflocation url="#Request.LoginPage#">
</cfif>

======================
>> Application.cfm
Just defining a couple of variables for user across the site.

 

<!--- Session variables will be enabled for 20 minutes --->
<cfapplication name="AuthenticationApp" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0,0,20,0)#">

<!--- Specify you Data Sourve Name --->
<cfset Request.DSN = 'Users'>

<!--- Define you password key, as complexed as possible --->
<cfset Request.PasswordKey = 'L2OIhfkjsyIJHK23jhfkuIYU'>

<!--- Define your Root login page --->
<cfset Request.LoginPage = 'login.cfm'>

<!--- Define the webmasters email  --->
<cfset Request.Webmaster = '<a href="mailto:YouEmail@yourserver.com">Yourself</a>'>

<!--- Puts the Logged variable to default value false --->
<cfif not isdefined("Session.Logged")>
            <cfparam name="Session.Logged" default="false">
</cfif>

======================
>> login.cfm

In this page, I give the user the option to login or register.

<!--- Register Form --->
<p>You're not logged in. Please enter your credentials.<br>
If you're not a member, please <strong><a href="register.cfm">register</a></strong>.</p>
<cfform action="login.cfm" method="post" name="form">
<table>
    <tr>
            <td><strong>Userid:</strong></td>
            <td><cfinput name="Username" type="text" value="" tabindex="1" required="yes" message="Choose a username"></td>
</tr>
<tr>
            <td><strong>Password:</strong></td>
            <td><cfinput name="Password" type="password" maxlength="20" tabindex="2"></td>
</tr>
<tr>
            <td colspan="2" align="right">
            <!--- Inputs basic type of user --->
            <input name="GroupID" type="hidden" value="2">
            <input name="Submit" type="submit" tabindex="3" value="Register">
</td>
</tr>
</table>
</cfform>

 

<!--- Checks to see if the password as been submitted, if so check to see if form password compares to DB --->
<cfif isdefined("form.Password")>
<cflock timeout="5">
            <cfset Encrypted = encrypt(Form.Password, Request.PasswordKey)>
            <cfquery name="qLogin" datasource="#Request.DSN#">
            SELECT Userid, Username, Password, GroupID, FirstName, LastName, Email, GroupID
            FROM Users
            WHERE Password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#Encrypted#">
            </cfquery>

            <cfif qLogin.recordcount>
                        <!--- If username and password match, user is logged and session is set to logged. --->
                        <cfset Session.Logged = "true">
                        <cfset Session.Userid = "#qLogin.Userid#">
                        <cfset Session.Username = "#qLogin.Username#">
                        <cfset Session.FirstName = "#qLogin.FirstName#">
                        <cfset Session.LastName = "#qLogin.LastName#">
                        <cfset Session.Email = "#qLogin.Email#">
                        <cfset Session.GroupID = "#qLogin.GroupID#">
                        <cflocation url="index.cfm">
            <cfelse>
                        <!--- if username and password dont match, user needs to re-submit threw login form --->
                        <p>Login failed!</p>
            </cfif>
</cflock>
</cfif>

======================
>> logout_process.cfm

<!--- Variable session.Logged is set to false and user is redirected --->
<cfset Session.Logged = "false">
<cflocation url="#Request.LoginPage#">

======================
>> register.cfm

<h3>Registration Information</h3>
<!--- Register Form --->
<cfform action="register.cfm" method="post" name="form">
<table>
     <tr>
            <td><strong>Userid:</strong></td>
            <td><cfinput name="Username" type="text" tabindex="1" required="yes" message="Choose a username"></td>
</tr>
<tr>
            <td><strong>Password:</strong></td>
            <td><cfinput name="Password" type="text" maxlength="20" tabindex="2" required="yes" message="Enter a password!"></td>
</tr>
<tr>
            <td><strong>First Name:</strong></td>
            <td><cfinput name="FirstName" type="text" maxlength="50" tabindex="3" required="no"></td>
</tr>
<tr>
            <td><strong>Last Name:</strong></td>
            <td><cfinput name="LastName" type="text" maxlength="50" tabindex="4" required="no"></td>
</tr>
<tr>
            <td><strong>Email:</strong></td>
            <td><cfinput name="Email" type="text" maxlength="75" tabindex="5" required="yes" message="Enter your email"></td>
</tr>
<tr>
            <td colspan="2" align="right">
            <!--- Inputs basic type of user --->
            <input name="GroupID" type="hidden" value="2">
            <input name="Submit" type="submit" tabindex="6" value="Register">
</td>
</tr>
</table>
</cfform>

 

<!--- Checks to see if form as been submitted, if so data is inserted in the table with password encrypted --->

<cfif isdefined("form.Password")>
    <cflock timeout="5">
        <cfset Encrypted = Encrypt(Form.Password, Request.PasswordKey)>
        <cfset Form.Password = #Encrypted#>
        <cfinsert datasource="#Request.DSN#" tablename="Users" formfields="Username,Password,GroupID, FirstName, LastName, Email">
        <p>Registration completed successfully!</p>
        <cflocation url="#Request.LoginPage#">
    </cflock>
</cfif>

======================
>> update.cfm

This page is used to update the users profile.

<h3>Registration Information</h3>

 

<!--- Update Form --->
<cfif not isdefined("Form.Submit")>
<cfform action="update.cfm" method="post" name="Form">

<table>
    <tr>
            <td><strong>First Name:</strong></td>
            <td><cfinput name="FirstName" type="text" maxlength="50" value="#Session.FirstName#" tabindex="1"></td>
</tr>
<tr>
            <td><strong>Last Name:</strong></td>
            <td><cfinput name="LastName" type="text" maxlength="50" value="#Session.LastName#" tabindex="2"></td>
</tr>
<tr>
            <td><strong>Email:</strong></td>
            <td><cfinput name="Email" type="text" value="#Session.Email#" maxlength="75" tabindex="3" required="yes" message="Enter your email adress."></td>
</tr>
<tr>
            <td colspan="2" align="right">
            <!--- Inputs basic type of user --->
            <cfoutput>
                <input name="Userid" type="hidden" value="#Session.Userid#">
                <input name="GroupID" type="hidden" value="#Session.GroupID#">
                <input name="Submit" type="submit" tabindex="4" value="Update">
            </cfoutput>
            </td>
      </tr>    
</table>
</cfform>
</cfif>

 

<!--- Process if Update form is submitted --->
<cfif isdefined("Form.Submit")>
            <cflock timeout="5">
            <cfupdate datasource="#Request.DSN#" tablename="Users" formfields="Userid,Username,FirstName,LastName,Email,GroupID">
            <!--- Re-Introduce the values to my Session variables. --->
                        <cfset Session.Userid = "#form.Userid#">
                        <cfset Session.FirstName = "#form.FirstName#">
                        <cfset Session.LastName = "#form.LastName#">
                        <cfset Session.Email = "#form.Email#">
                        <cfset Session.GroupID = "#form.GroupID#">
            <p>Profile updated successfully!</p>
            </cflock>

<cfform action="update.cfm" method="post" name="Form">
<table>
    <tr>
            <td><strong>First Name:</strong></td>
            <td><cfinput name="FirstName" type="text" maxlength="50" value="#Session.FirstName#" tabindex="5"></td>
    </tr>
    <tr>
            <td><strong>Last Name:</strong></td>
            <td><cfinput name="LastName" type="text" maxlength="50" value="#Session.LastName#" tabindex="6"></td>
    </tr>
    <tr>
            <td><strong>Email:</strong></td>
            <td><cfinput name="Email" type="text" value="#Session.Email#" maxlength="75" tabindex="7" required="yes" message="Enter your email adress.&qu

About This Tutorial
Author: Dan St-Amour
Skill Level: Intermediate 
 
 
 
Platforms Tested: CFMX
Total Views: 41,934
Submission Date: November 14, 2005
Last Update Date: June 05, 2009
All Tutorials By This Autor: 2
Discuss This Tutorial

  • Thanks for a useful article! Spotted a quick catch, I think: Isn't it possible that this query could return multiple users if by chance more than one user has used the same password? SELECT Userid, Username, Password, GroupID, FirstName, LastName, Email, GroupID FROM Users WHERE Password = Perhaps it should be changed to select users WHERE password AND username are as provided in the form?

  • If you are developing locally and connection to a remove storage (such as a hosting site), this can happen. Keep refreshing the page and it will eventually "connect." I get this on my larger forms when submitting data to the action page.

  • When I click on the update button in the update.cfm file I get an http 500 error.....any suggestions?

  • Hi, I was wondering if you could give me any information on a user profile system that is just like myspace.com. I'm looking for a system that gives the user there own page and they can edit certain fields (like myspace.com). I would assume that it'd be pretty advanced, but I'm up for it. Thanx, Ryan Griffin

  • hey, There is some error in the login.cfm code ..please rectify it ASAP

  • thats a long way round it

Advertisement

About
Resources
Social
Sponsored By...
Powered By...

© 2002-2012 EasyCFM, LLC. All rights reserved.
You are 1 of 852 active visitors.