Adobe ColdFusion 8

Example: Application.cfc

The Application.cfc page consists of the following:

<cfcomponent>
<cfset This.name = "Orders">
<cfset This.Sessionmanagement="True">
<cfset This.loginstorage="session">

<cffunction name="OnRequestStart">
    <cfargument name = "request" required="true"/>
    <cfif IsDefined("Form.logout")>
        <cflogout>
    </cfif>

    <cflogin>
        <cfif NOT IsDefined("cflogin")>
            <cfinclude template="loginform.cfm">
            <cfabort>
        <cfelse>
            <cfif cflogin.name IS "" OR cflogin.password IS "">
                <cfoutput>
                    <h2>You must enter text in both the User Name and Password fields.
                    </h2>
                </cfoutput>
                <cfinclude template="loginform.cfm">
                <cfabort>
            <cfelse>
                <cfquery name="loginQuery" dataSource="cfdocexamples">
                SELECT UserID, Roles
                FROM LoginInfo
                WHERE
                    UserID = '#cflogin.name#'
                    AND Password = '#cflogin.password#'
                </cfquery>
                <cfif loginQuery.Roles NEQ "">
                    <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#"
                        roles="#loginQuery.Roles#">
                <cfelse>
                    <cfoutput>
                        <H2>Your login information is not valid.<br>
                        Please Try again</H2>
                    </cfoutput>    
                    <cfinclude template="loginform.cfm">
                    <cfabort>
                </cfif>
            </cfif>    
        </cfif>
    </cflogin>

    <cfif GetAuthUser() NEQ "">
        <cfoutput>
             <form action="securitytest.cfm" method="Post">
                <input type="submit" Name="Logout" value="Logout">
            </form>
        </cfoutput>
    </cfif>

</cffunction>
</cfcomponent>

Reviewing the code

The Application.cfc page executes before the code in each ColdFusion page in an application. For more information on the Application.cfc page and when it is executed, see Designing and Optimizing a ColdFusion Application.

The following table describes the CFML code in Application.cfc and its function:

Code

Description

<cfcomponent> <cfset This.name = "Orders"> <cfset This.Sessionmanagement="True"> <cffunction name="OnRequestStart"> <cfargument name = "request" required="true"/>

Identifies the application, enables session management, and enables storing login information in the Session scope.

Begins the definition of the onRequestStart method that runs at the starts of each request.

<cfif IsDefined("Form.logout")> <cflogout> </cfif>

If the user just submitted the logout form, logs out the user. The following cflogin tag runs as a result.

<cflogin> <cfif NOT IsDefined("cflogin")> <cfinclude template="loginform.cfm"> <cfabort>

Executes if there is no logged-in user.

Tests to see if the user has submitted a login form. If not, uses cfinclude to display the form. The built-in cflogin variable exists and contains the user name and password only if the login form used j_username and j_password for the input fields.

The cfabort tag prevents processing of any code that follows on this page.

<cfelse> <cfif cflogin.name IS "" OR cflogin.password IS ""> <cfoutput>   <H2>You must enter text in both the   User Name and Password fields</H2> </cfoutput> <cfinclude template="loginform.cfm"> <cfabort>

Executes if the user submitted a login form.

Tests to make sure that both name and password have data. If either variable is empty, displays a message, followed by the login form.

The cfabort tag prevents processing of any code that follows on this page.

<cfelse> <cfquery name="loginQuery" dataSource="cfdocexamples"> SELECT UserID, Roles FROM LoginInfo WHERE UserID = '#cflogin.name#' AND Password = '#cflogin.password#' </cfquery>

Executes if the user submitted a login form and both fields contain data.

Uses the cflogin structure's name and password entries to find the user record in the database and get the user's roles.

<cfif loginQuery.Roles NEQ ""> <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#" roles="#loginQuery.Roles#">

If the query returns data in the Roles field, logs in the user using the user's name and password and the Roles field from the database. In this application, every user must be in some role.

<cfelse> <cfoutput> <H2>Your login information is not valid.<br> Please Try again</H2> </cfoutput> <cfinclude template="loginform.cfm"> <cfabort>

Executes if the query did not return a role. If the database is valid, this means there was no entry matching the user ID and password. Displays a message, followed by the login form.

The cfabort tag prevents processing of any code that follows on this page.

</cfif> </cfif> </cfif> </cflogin>

Ends the loginquery.Roles test code.

Ends the form entry empty value test.

Ends the form entry existence test.

Ends the cflogin tag body.

<cfif GetAuthUser() NEQ ""> <cfoutput> <form action="MyApp/index.cfm" method="Post"> <input type="submit" Name="Logout" value="Logout"> </form> </cfoutput> </cfif>

If a user is logged-in, displays the Logout button.

If the user clicks the button, posts the form to the application's (theoretical) entry page, index.cfm.

Application.cfc then logs out the user and displays the login form. If the user logs in again, ColdFusion displays index.cfm.

</cffunction> </cfcomponent>

Ends the onRequestStart method

Ends the Application component.