0

I am working in a Login.cfm file and using the followign approach for login

<cfif IsDefined("FORM.inpUserName") AND ((LCASE(TRIM(inpUserName)) IS "myusername" AND inpPassword IS "mypassword") )> <cfset session.username = FORM.inpUserName /> <cfset SESSION.LoggedIn = 1> <cflocation url="index.cfm" addtoken="no"> <cfelse> <cfset SESSION.LoggedIn = 0> </cfif> <cfparam default="" name="inpUserName" /> <cfparam default="" name="inpPassword" />

The form is defined as follows:

<cfform action="Login.cfm" method="post" and so on ...

Inside cfform, I have defined two cfinput tags capturing the information from user with name attribute as name="inpUserName" and value="#inpUserName#"

and similarly for password field.

When I click on Login button nothings is happening, shoudln't it be going to index.cfm as I have mentioned at the top in cflocation tag?

Please clarify

Improve this question
2
  • 1
    Put a dump and an abort at the top of your login page and output the values you're checking. Commented Nov 14, 2013 at 1:01
  • 1
    In application.cfc or application.cfm , did you enable sessions? Commented Nov 14, 2013 at 1:21

2 Answers 2

Reset to default
1

Let's look at this conditional:

<cfif IsDefined("FORM.inpUserName") AND ((LCASE(TRIM(inpUserName)) IS "myusername" AND inpPassword IS "mypassword") )>

That's looking for 3 things to be true.

  1. form.username has to be defined
  2. the variable inpUserName, without white space and in lower case has to be "myusername"
  3. the variable inpPassword, without white space and in lower case has to be "mypassword"

This means the only way your cfif conditional can be satisfied is if you enter values of "myusername" and "mypassword" when you submit the form. That's probably not what you had in mind when you wrote that code.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Try cleaning it up a bit and clarifying the scope of your form variables uniformly throughout:

<cfparam name="form.inpUserName" default="" /> <cfparam name="form.inpPassword" default="" /> <cfif TRIM(form.inpUserName) IS "myusername" AND form.inpPassword IS "mypassword"> <cflock type="exclusive" scope="session" timeout="10" > <cfset session.username = form.inpUserName /> <cfset session.LoggedIn = 1 /> </cflock> <cflocation url="index.cfm" addtoken="no" /> <cfelse> <cflock type="exclusive" scope="session" timeout="10" > <cfset session.LoggedIn = false /> </cflock> </cfif> <cfinput type="text" name="inpUserName" value="#form.inpUserName#" /> <cfinput type="password" name="inpPassword" value="#form.inpPassword#" />

You don't need the isDefined function if you are setting cfparam vars.

It should now go to the index.cfm page if you enter "myusername" in the username field and "mypassword" in the password field on submit provided it posts back to itself.

For more information on locking session variables:

Should I always need to use cflock with SESSION scope variables?

Configuring and using session variables

Improve this answer

7 Comments

"The bottom line is that there's no intrinsic need to lock the session scope (since CFMX 6.0), however - as with any code - one should ensure not to create race conditions in one's code, and sensible use of locking mitigates this." Hence why cflock isn't needed. It's extra overhead for no reason.
Unfortunately, the Adobe docs are often terrible and not updated when new versions are released. I wouldn't rely on them for best practices.
@MattBusche Point taken. However, I find that most folks don't know enough about race conditions to avoid them or even know a race condition when they see them. And, really, there isn't that much overhead.
@jk When I used above code, I got the following error : Context validation error for tag cflock.The end tag </cflock> encountered on line 8 at column 7 requires a matching start tag. Where line 8 in my code is where </cflock> is defined. Isn't it a weird error as starting tag is already defined?
@Jack - It is a small typo. There is an extra / at the end of the line which closes the tag prematurely: <cflock ... />. ie It is the same as if you wrote </cflock>. Just remove it. (Side note, as others mentioned locking probably is not needed here - only needed to prevent race conditions. If you are not familiar with it, I recommend reading up on locking to understand why and what it means).
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.