我是使用cookies登录coldfusion的新手。
我认为我已经相对接近于弄清楚如何使用cookie登录,但仍然不确定如何让每个页面都正确地重新进行登录检查。我希望我的网站中的每个页面都被引用到登录。
这是登录页面:
<cfif IsDefined("cookie.username")>
<!--- a cookie exist, so let's put in this username automatically into the form --->
<cfset username = cookie.username>
<cfelse>
<!--- a cookie DOES NOT exist, so let's put a blank value in the username field --->
<cfset username = "">
</cfif>
<cfif IsDefined("cookie.password")>
<!--- a cookie exist, so let's put in this password automatically into the form --->
<cfset password = cookie.password>
<cfelse>
<!--- a cookie DOES NOT exist, so let's put a blank value in the password field --->
<cfset password = "">
</cfif>
<cfoutput>
<form action="LoginProcess.cfm" method="post">
<table width="500" border="0">
<tr>
<td width="500" colspan="2"></td>
</tr>
<tr>
<td width="250">Username:</td>
<td width="250"><input type="text" name="username" value="#username#"></td>
</tr>
<tr>
<td width="250">Password:</td>
<td width="250"><input type="password" name="password" value="#password#"></td>
</tr>
<tr>
<td width="250">Remember Me</td>
<td width="250"><input type="checkbox" name="RememberMe" value="Yes"
<cfif IsDefined("cookie.username") OR
IsDefined("cookie.password")>CHECKED</cfif>></td>
</tr>
<tr>
<td width="250"></td>
<td width="250"><input type="submit" name="Process" value="Login"></td>
</tr>
</table>
</form>
</cfoutput>
这是处理登录过程并将用户带到网站主页的页面。
<cfquery name="qVerify" datasource="SodaWebsite">
SELECT *
FROM Admins
WHERE Username = '#FORM.username#' AND Password = '#FORM.password#'
</cfquery>
<cfif qVerify.RecordCount>
<!--- this user is good, before actually logging them in, see if their information will be saved for next time --->
<cfif IsDefined("RememberMe")>
<!--- members wants their information remembered, so set the cookies --->
<cfcookie name="username" value="#form.username#" expires="NEVER">
<cfcookie name="password" value="#form.password#" expires="NEVER">
<cfelse>
<!--- member does NOT want their information remember, EXPIRE their cookies NOW so they are deleted for good! --->
<cfcookie name="username" value="#form.username#" expires="NOW">
<cfcookie name="password" value="#form.password#" expires="NOW">
</cfif>
<!--- now that you're done with the cookie, follow the REGULAR login procedures as you regularly do --->
</cfif>
<cfif IsDefined(cookie.username) and IsDefined(cookie.password)>
<cfabort>
<Cfelse>
<cfinclude template="Index.cfm">
</cfif>
对于实际的第一页,我只显示在标题部分,因为我相信它会出现在那里。
<html>
<head>
<cfif isdefined(Cookie.Username) and isdefined(Cookie.password)>
<cfabort>
<cfelse>
<cfinclude template="LoginProcess.cfm">
</cfif>
</head>
<body>
如果您希望对每个页面请求进行登录检查,请将其放在onRequest方法中。然而,使用onSessionStart方法只进行一次cookie检查,然后使用onRequest将用户发送到请求的页面,或者将他们发送到登录页面,这将更有意义。
// this belongs in application.cfc, convert to tag-based if you prefer.
function onSessionStart() {
session.userid = 0;
if (cookies were valid) { // replace with your cookie check logic
session.userid = theuserid;
}
}
function onRequest(template) {
if (session.userid == 0) {
include template="/login.cfm";
}
else {
include template=template;
}
}
在重定向之前,不要忘记在成功登录时在login.cfm中设置session.userid。
你真的应该重新考虑你的密码存储以及你在cookie中使用的内容,将用户名/密码存储在cookie中并将密码以明文形式存储在数据库中是不安全的。您的查询也很容易受到sql注入攻击。
请记住,确保登录系统安全的目的不仅仅是为了应用程序,而是为了确保用户的安全。如果你不保护你的用户,你可能会让他们都面临丢失个人信息的风险(在某些情况下,不仅仅是你存储在数据库中的信息)