Hi there,
I've recently been updating a site to use locking on application level variables, and I am trying to use a commonly used method which copies the application struct into the request scope. Application variables are then accessed in this manner Request.App.<Va r>.
To begin with I had a simple functioning login system inside a subdirectory named admin, this subdirectory had it's own application.cfm , I wasn't sure whether to duplicate the method i used in the root application.cfm so i removed the admin/application.cfm and declared the vars i wanted in the root application.cfm .
Everything worked fine and I was able to log into the admin section as before, only when i tryed to navigate to a page in admin section my security component which deals with logging in etc, lost it's variable values.
I'm not sure why it is losing the information, and was hoping someone could point me in the right direction please?
Here is the relevant code:
/Application.cfm :
/taglib/initSecurity.cf m
/com/security.cfc
<!--- security component --->
The admin section has the following structure:
/admin/index.cfm
/admin/display/login.cfm - Login form
/admin/display/dologin.cfm - Shown on login
/admin/news/index.cfm
/admin/news/display/add.cfm
/admin/news/display/edit.cfm
/admin/news/display/view.cfm
I wasn't sure where to put the code to test the user so i have tryed in the index.cfm and the display/* files.
This code checks for the logged in user:
[CODE"]<cfset Request.Ses.sec urity.protect(" staff")>[/CODE]
The security object and it's variables exist when the /admin/index.cfm page is run I have checked with cfdump.
It's just when i try to access one of the function pages
/admin/news/index.cfm?actio n=add
the values stored in the security object get reset somehow.
Has anyone any ideas?
Thanks,
Chromis
I've recently been updating a site to use locking on application level variables, and I am trying to use a commonly used method which copies the application struct into the request scope. Application variables are then accessed in this manner Request.App.<Va r>.
To begin with I had a simple functioning login system inside a subdirectory named admin, this subdirectory had it's own application.cfm , I wasn't sure whether to duplicate the method i used in the root application.cfm so i removed the admin/application.cfm and declared the vars i wanted in the root application.cfm .
Everything worked fine and I was able to log into the admin section as before, only when i tryed to navigate to a page in admin section my security component which deals with logging in etc, lost it's variable values.
I'm not sure why it is losing the information, and was hoping someone could point me in the right direction please?
Here is the relevant code:
/Application.cfm :
Code:
<cfapplication name="myApp" sessionTimeout="#CreateTimeSpan(0, 0, 20, 0)#" sessionmanagement="yes" clientmanagement="yes">
<!--- initialise objects --->
<cfsetting showdebugoutput="no">
<cfimport taglib="taglib" prefix="func">
<!--- Create an exclusive lock for the Application scope and
set a default value for Application.Initialized. --->
<cflock scope="Application" timeout="10" type="exclusive">
<cfparam name="Application.Initialized" default="false">
<!--- Create a Request variable to hold the value so you don't
need a read lock to get it in the next block of code. --->
<cfset Request.Initialized = Application.Initialized>
</cflock>
<!--- If Request.Initialized is false, then the Application scope
has been reset and the variables need to be set. --->
<cfif NOT Request.Initialized>
<!--- Create an exclusive Application scope lock and set the values. --->
<cflock scope="Application" timeout="10" type="exclusive">
<cfscript>
Application.Initialized = true;
<!--- define app level vars --->
</cfscript>
</cflock>
</cfif>
<!--- Create a read-only lock for the Application scope
and duplicate it into Request.App. --->
<cflock scope="Application" timeout="10" type="readonly">
<cfset Request.App = Duplicate(Application)>
</cflock>
<!--- Create a read-only lock for the Session scope
and duplicate it into Request.Ses. --->
<cflock scope="Session" timeout="10" type="readonly">
<cfset Request.Ses = Duplicate(Session)>
</cflock>
<func:initSecurity> <!--- Instantiates security component --->
Code:
<!--- init registration session --->
<cflock scope="Session" timeout="10" type="readonly">
<cfscript>
if(NOT isDefined("Request.Ses.security")) {
Request.Ses.security = createObject("component","com.security");
}
</cfscript>
</cflock>
/com/security.cfc
<!--- security component --->
Code:
<cfcomponent >
<!--- define vars --->
<cfscript>
// datasource
This.dsn = Request.App.dsn;
// member details
This.memberid = "";
This.loggedIn = 0;
This.password = "";
This.username = "";
This.roles = "";
// referal info
This.returnURL = "";
</cfscript>
<cffunction name="validate" access="public" output="true" hint="validates username and password">
<cftry>
<cfquery name="validate" datasource="#This.dsn#">
SELECT id,username,password,roles
FROM cms_security
WHERE username = '#This.username#'
AND password = '#hash(This.password)#'
</cfquery>
<cfcatch type="database">
<p>Sorry, cannot validate user.</p>
<cfabort>
</cfcatch>
</cftry>
<cfscript>
if (validate.recordCount EQ 1) {
This.roles = validate.roles;
login();
}
</cfscript>
<!---
<cfif This.returnURL NEQ "">
<cfset tmpURL = This.returnURL>
<cfset This.returnURL = "">
<cflocation url="#tmpURL#" addtoken="no">
</cfif>
--->
</cffunction>
<cffunction name="login" access="private" output="false" hint="sets values for user session">
<cfscript>
This.loggedIn = 1;
This.password = "";
</cfscript>
</cffunction>
<cffunction name="logout" access="public" output="false" hint="clears security session, logging user out">
<cfscript>
This.memberid = "";
This.loggedIn = 0;
This.password = "";
This.username = "";
This.name = "";
This.roles = "";
// referal info
This.returnURL = "";
</cfscript>
</cffunction>
<cffunction name="protect" access="public" output="true" hint="checks user list of roles against one allowed role">
<cfargument name="roles">
<cfargument name="redirectURL" default="../index.cfm">
<cfif NOT isDefined("Request.Ses.security") OR Request.Ses.security.loggedIn EQ 0>
<cflocation url="#redirectURL#" addtoken="no">
<cfdump var="#Request#"> <!--- Has lost security object at this point --->
</cfif>
<cfset roleFound = false>
<cfdump var="#Request.Ses#">
<cfloop list="#Request.Ses.security.roles#" index="sessionRole">
<cfif listFindNoCase(roles,sessionRole) GT 0><cfset roleFound = true></cfif>
</cfloop>
<cfif roleFound EQ false><cfdump var="#This.roles#"><!---<cflocation url="#redirectURL#" addtoken="no">---></cfif>
</cffunction>
<cffunction name="protectGeneral" hint="protects page from un-logged-in users">
<cfargument name="redirectURL" default="../index.cfm">
<cfif NOT isDefined("Request.Ses.security")>
<cflocation url="#redirectURL#" addtoken="no">
</cfif>
<cfif Request.Ses.security.loggedIn NEQ 1>
<cflocation url="#redirectURL#" addtoken="no">
</cfif>
</cffunction>
<cffunction name="findUsername" access="public" output="false" hint="checks to see if username is in db">
<cfargument name="dsn" required="yes">
<cfargument name="theUsername" required="yes">
<cftry>
<cfquery name="get" datasource="#dsn#">
SELECT username
FROM cms_security
WHERE username = '#theUsername#'
</cfquery>
<cfreturn get.username>
<cfcatch type="database">
<p>Sorry, cannot find username.</p>
<cfabort>
</cfcatch>
</cftry>
</cffunction>
<cffunction name="setNewPassword" access="public" output="false" hint="sets new password">
<cftry>
<cfquery name="set" datasource="#This.dsn#">
UPDATE cms_security
SET
password = '#hash(This.password)#'
WHERE id = #This.id#
</cfquery>
<cfset This.password="">
<cfcatch type="database">
<p>Sorry, setting of new password failed.</p>
<cfabort>
</cfcatch>
</cftry>
</cffunction>
</cfcomponent>
The admin section has the following structure:
/admin/index.cfm
/admin/display/login.cfm - Login form
/admin/display/dologin.cfm - Shown on login
/admin/news/index.cfm
/admin/news/display/add.cfm
/admin/news/display/edit.cfm
/admin/news/display/view.cfm
I wasn't sure where to put the code to test the user so i have tryed in the index.cfm and the display/* files.
This code checks for the logged in user:
[CODE"]<cfset Request.Ses.sec urity.protect(" staff")>[/CODE]
The security object and it's variables exist when the /admin/index.cfm page is run I have checked with cfdump.
It's just when i try to access one of the function pages
/admin/news/index.cfm?actio n=add
the values stored in the security object get reset somehow.
Has anyone any ideas?
Thanks,
Chromis
Comment