Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLFUSION MX 7-CFML REFERENCE
271272273274275276277278279280
cflogin 279
Usage
The body of this tag executes only if there is no logged-in user. When using application-based
security, you put code in the body of the
cflogin tag to check the user-provided ID and
password against a data source, LDAP directory, or other repository of login identification. The
body must include a
cfloginuser tag to establish the authenticated user's identity in
ColdFusion.
You control the data source and are responsible for coding the SQL within the
cflogin tag, and
you must make sure that the associated database has user, password, and role information.
The
cflogin tag has a built-in cflogin structure that contains two variables, cflogin.name and
cflogin.password, if the page is executing in response to any of the following:
Submission of a form that contains input fields with the names j_username and j_password.
A request that uses CFHTTP Basic authentication, and therefore includes an Authorization
header with the username and password.
A request that uses NTLM or Digest authentication. In this case, the username and password
are hashed using a one-way algorithm in the Authorization header; ColdFusion gets the
username from the web server and sets the
cflogin.password value to the empty string.
You can use these values in the
cflogin tag body to authenticate the user, and, in the
cfloginuser tag, to log the user in. The structure is only available in the cflogin tag body.
Example
The following example shows a simple authentication. This code is typically in the
Application.cfc
onRequestStart method or in the application.cfm page.
<cflogin>
<cfif NOT IsDefined("cflogin")>
<cfinclude template="loginform.cfm">
<cfabort>
<cfelse>
<cfif cflogin.name eq "admin">
<cfset roles = "user,admin">
<cfelse>
<cfset roles = "user">
</cfif>
<cfloginuser name = "#cflogin.name#" password = "#cflogin.password#"
roles = "#roles#" />
</cfif>
</cflogin>
The following view-only example checks the user ID and password against a data source:
<cfquery name="qSecurity"
datasource="UserRolesDb">
select Roles FROM SecurityRoles
where username=<cfqueryparam value="#cflogin.name#"
CFSQLTYPE="CF_SQL_VARCHAR"
and password=<cfqueryparam value="#cflogin.password#"
CFSQLTYPE="CF_SQL_VARCHAR"
</cfquery>