Dear Denny,
Wow! The Framework 1 framework looks very useful, and really impressive. I don’t have Commandbox on my server, and at this point I am afraid I will not have time to install and configure a framework. I’m a full-time dad these days. =) Mostly I am trying to get an old login form that works well on Adobe ColdFusion 11, to work in Lucee 5.1. I’ve been staring at this code for a while now, and reviewing Lucee documentation, and doing a lot of searching for clues. I don’t get an error when I process the login form; the login form, instead, simply refreshes itself on the page.
It seems like pretty simple code; it’s based on the CF 9 WACK.
If you have a minute to consider this problem: Do you see anything here that will not work in Lucee?
LoginForm.cfm:
<form name="LoginForm" method="post" class="ebwebworkForm">
<ul>
<li>
<label for="UserEmail">Username:</label>
<input autofocus required
type="text"
name="UserEmail"
id="UserEmail"
size="30"
value=""
maxlength="256"
tabindex="1" />
<span class="form_hint">Enter your username.</span>
</li>
<li>
<label for="UserPassword">Password:</label>
<input required
type="password"
name="UserPassword"
id="UserPassword"
size="30"
value=""
maxlength="256"
tabindex="2" />
<span class="form_hint">Enter your password.</span>
</li>
<li>
<button name="doLogin" type="submit" class="green" tabindex="3">Click to log in.</button>
</li>
</ul>
</form>
application.cfc:
<!--- Filename: Application.cfc --->
<cfcomponent output="false">
<!--- Name the application. --->
<cfset this.name="OSM/VISTA Rural Volunteers">
<cfset this.scriptProtect = "No">
<cfset this.applicationTimeout = CreateTimeSpan(0,0,360,0)>
<!--- Turn on session management. --->
<cfset this.sessionManagement="true">
<!--- Set session timeout period --->
<cfset this.sessionTimeout = CreateTimeSpan(0,0,360,0)>
<cfset this.clientManagement = "false">
<!--- function: onApplicationStart --->
<cffunction name="onApplicationStart" output="false" returnType="void">
<!--- set datasource in Lucee --->
<cfset this.datasources["ruralvolunteer"] = {
class: 'com.microsoft.sqlserver.jdbc.SQLServerDriver'
, bundleName: 'mssqljdbc4'
, bundleVersion: '6.0.7728.100'
, connectionString: '[redacted]:1433;DATABASENAME=rural-volunteers;sendStringParametersAsUnicode=true;SelectMethod=direct'
, username: [redacted]
, password: "encrypted:4a42baff878f3a385ec931754af63edc772fe636023553b73e7780c5610b3dd000d4b1efb0c088fb141dd5759b1f78c2bf34cec3f12f3b89"
// optional settings
, blob:true // default: false
, clob:true // default: false
, connectionLimit:10 // default:-1
, timezone:'US/Eastern'
};>
<!--- Set up Application variables. Locking the Application scope is not necessary in this method. --->
<cfset Application.configured = 1>
<cfset Application.datetimeConfigured = TimeFormat(Now(), "hh:mm tt") & " " & DateFormat(Now(), "mm.dd.yyyy")>
<cfset Application.currentSessions = 0>
</cffunction>
<cffunction name="clearSessionVariables" returntype="void">
<!--- defined all session variables, so they will always exist ---->
<cfset session.auth = structNew()>
<cfset session.auth.isLoggedIn = false>
<cfset session.auth.UserID = "">
<cfset session.auth.Title = "">
<cfset session.auth.FirstName = "">
<cfset session.auth.MiddleInitial = "">
<cfset session.auth.LastName = "">
<cfset session.auth.Address = "">
<cfset session.auth.City = "">
<cfset session.auth.State = "">
<cfset session.auth.ZIP = "">
<cfset session.auth.Telephone = "">
<cfset session.auth.UserEmail = "">
<cfset session.auth.UserPassword = "">
<cfset session.auth.UserRoleID = "">
<cfset session.auth.lastError = "">
</cffunction>
<cffunction name="onSessionStart" returntype="void">
<!--- define all session variables, so they will always exist ---->
<cfset clearSessionVariables()>
</cffunction>
<!--- function: onRequestStart --->
<cffunction name="onRequestStart">
<cfargument type="String" name="targetPage" required="true" />
<!--- All of these folders/top level files require a login, specific roles are addressed below ---->
<cfset var securefolders = "admin">
<cfset var currentFolder = listFirst(cgi.script_name,"/")>
<cfif currentFolder contains ".">
<cfset currentFolder = "root">
</cfif> <!--- the user's current location ---->
<!--- process login credentials --->
<!--- begin cfif isDefined("form.UserEmail") and isDefined("form.UserPassword") --->
<cfif isDefined("form.UserEmail") and isDefined("form.UserPassword") and isDefined("form.doLogin")>
<!--- if the check box to remember UserEmail was checked, then make a cookie for it --->
<cfif isDefined("form.SaveUserEmail") and form.SaveUserEmail is "Yes">
<cfcookie name="SaveUserEmail" value="#form.UserEmail#" expires="7">
</cfif>
<!--- user is attempting to log in, so process the login request ---->
<cfif NOT checkLogin(form.UserEmail, form.UserPassword)>
<cfinclude template="LoginError.cfm"> <!--- login failed, so show login error form ---->
<cfreturn false>
<!--- close cfif NOT checkLogin(form.UserEmail, form.UserPassword) --->
</cfif>
<!--- close cfif isDefined("form.UserEmail") and isDefined("form.UserPassword") and isDefined("form.doLogin") --->
</cfif>
<!--- /process login credentials --->
<cftry>
<!--- test for access to secureFolders --->
<cfif listFindNoCase(secureFolders, currentFolder)> <!---- are we in a secure area? --->
<cfif session.auth.isLoggedIn is False> <!--- This is a secure area, if the user is not logged in, go to login page ---->
<cfinclude template="LoginForm.cfm">
<cfthrow message="Please log in with proper credentials to access this area.">
<cfabort>
<cfelse> <!--- the user is logged in, then check roles ---->
<cfswitch expression="#currentFolder#">
<cfcase value="root">
<cfif listFind("1",session.auth.UserRoleID) eq 0> <!---- role 1 has access to root --->
<cfinclude template="LoginError.cfm">
<cfabort>
</cfif>
</cfcase>
<cfcase value="admin">
<cfif listFind("1,3",session.auth.UserRoleID) eq 0> <!---- roles 1, 3 have access to admin --->
<cfinclude template="LoginError.cfm">
<cfabort>
</cfif>
</cfcase>
<cfdefaultcase> <!---- all other secure folders ---->
</cfdefaultcase>
</cfswitch>
</cfif> <!---- end if user is logged in or not ---->
</cfif> <!---- end if user is in a secure area or not ---->
<!--- /test for access to secureFolders --->
<cfcatch>
<cfset clearSessionVariables()>
<cfset SESSION.auth.lastError = cfcatch.message>
<cfreturn false>
</cfcatch>
</cftry>
<!--- a couple of database protections --->
<!--- if query_string contains cast(, then abort! --->
<cfif cgi.query_string contains "cast(">
<cfabort>
</cfif>
<!--- if query_string contains replace(, then abort! --->
<cfif cgi.query_string contains "replace(">
<cfabort>
</cfif>
</cffunction>
<!--- close function: onRequestStart --->
<!--- begin cfif isDefined("form.doLogin") --->
<cfif isDefined("form.doLogin")>
<!--- begin function checkLogin --->
<cffunction name="checkLogin">
<cfargument name="p_UserEmail" required=false default="" />
<cfargument name="p_password" required=false default="" />
<cfset var UserPassword = trim(arguments.p_password)>
<cfset var UserEmail = trim(arguments.p_UserEmail)>
<cfset var getUser = "">
<cftry>
<cfif len(UserPassword) eq 0 or len(UserEmail) eq 0>
<cfthrow message="Please enter Email and Password">
</cfif>
<cfquery name="getUser" datasource="ruralvolunteer">
SELECT UserID, FirstName, UserRoleID, UserEmail, UserPassword
FROM ruralUsers
WHERE UserEmail = <cfqueryparam cfsqltype="cf_sql_varchar" value="#UserEmail#" maxlength="255">
</cfquery>
<cfif getuser.recordCount eq 0>
<cfthrow message="Incorrect email address and/or password. Be sure to enter the correct, original email address with which you registered. Please type your password carefully.">
<cfelseif getUser.UserPassword is not UserPassword>
<cfthrow message="Invalid Password.">
</cfif>
<cfset clearSessionVariables()>
<cfset SESSION.auth.isLoggedIn = "Yes">
<cfset SESSION.auth.UserID = getUser.UserID>
<cfset SESSION.auth.FirstName = getUser.firstName>
<cfset SESSION.auth.UserRoleID = getUser.UserRoleID>
<cfset SESSION.auth.UserEmail = getUser.UserEmail>
<cfset SESSION.auth.lastError = "">
<!--- Now that user is logged in, send her to web root --->
<cflocation url="/admin/managePages.cfm">
<cfreturn true>
<cfcatch>
<cfset clearSessionVariables()>
<cfset SESSION.auth.lastError = cfcatch.message>
<cfreturn false>
</cfcatch>
</cftry>
</cffunction>
<!--- close function checkLogin --->
<!--- close cfif isDefined("form.doLogin") --->
</cfif>
</cfcomponent>
Thank you again for any ideas or insight. I really appreciate your time. All best,
Eric