943,587 Members | Top Members by Rank

Web Development > ColdFusion > login password problems
Ad:
  • ColdFusion Discussion Thread
  • Unsolved
  • Views: 2184
  • ColdFusion RSS
Permalink
Jul 6th, 2009
0

login password problems

Expand Post »
When a user logs in that has the same password as another user the latest person to register with that passwords details are revealed, im struggling to make it check that the username and password are connected and only if the username and password match should that users details be accessibale. The codes here (although i may not have explained my problem too well)



coldfusion Syntax (Toggle Plain Text)
  1. 			  <!-- If statement to show login form if not logged in -->
  2. 			  <cfif Session.Logged EQ "false">
  3.  
  4.                     <cfform action="your.cfm" method="post" name="user_loginform">            
  5.                     <b>Username </b><br />
  6. 					<cfinput name="username" type="text" class="normal" required="yes" message="Username Required" /><br /><br />
  7. 					<b>Password</b><br />
  8.                     <cfinput name="password" type="password" class="normal" required="yes" message="Password Required" /><br />
  9.                     <input name="Submit" type="submit" value="Login" class="button_blue" />
  10.                     </cfform>            
  11.  
  12.                 	<p class="link">Click to register:<a href="register.cfm">Register</a></p>    		
  13.  
  14. 				<!-- Compares details to database and lets user log in if match found -->
  15. 					<cfif isdefined("form.Password")>
  16.                     <cflock timeout="5">
  17.  
  18. 						<cfset Encrypted = encrypt(Form.Password, Request.PasswordKey)>
  19.                         <cfquery name="user_login" datasource="#Request.DSN#">
  20.                         select  email, username, password, name from users 
  21.                         where password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#Encrypted#">
  22.                         </cfquery>
  23.  
  24.  
  25. 					  <cfif user_login.recordcount>
  26.                  <!-- If username and password match, user is logged and session is set to logged -->
  27.                                     <cfset Session.Logged = "true">
  28.                                     <cfset Session.emailname = "#user_login.email#">
  29.                                     <cfset Session.userName = "#user_login.username#">
  30.                                     <cfset Session.password = "#user_login.password#">
  31.                                     <cfset Session.name = "#user_login.name#">
  32.                         <cflocation url="your.cfm">
  33.                         <cfelse>
Last edited by peter_budo; Jul 8th, 2009 at 7:32 am. Reason: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks) and [icode] (inline code) tags.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
aycmike is offline Offline
10 posts
since Jul 2009
Permalink
Jul 6th, 2009
0

Re: login password problems

I think the problem occurs when select statement takes place, i need to make sure that the username matches the username entered in the login form and the password stored in the database.

Any help would be much appreciated !
Reputation Points: 10
Solved Threads: 0
Newbie Poster
aycmike is offline Offline
10 posts
since Jul 2009
Permalink
Jul 17th, 2009
0

Re: login password problems

I think you should also include the "username" in where clause in the query. So that both username and password get matched in database. Therefore not any other user with same password would be able to get logged in with some other user name.

Hope this is what you are looking for.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
thesaintbug is offline Offline
4 posts
since Jan 2009
Permalink
Aug 21st, 2009
0

Re: login password problems

In addition to what thesaintbug said, there is another thing you might need to change. Rather than 'Encrypting' passwords, the better option would be to Hash them. Hashing is a one-way process - which means no one will be able to guess what a user's password is even if they got their hands on the HASHed password. Encryption on the other hand has the risk of your user info being compromised if someone got to know what the PasswordKey is.

Just something for you to think about!
Reputation Points: 10
Solved Threads: 2
Light Poster
cheapterp is offline Offline
33 posts
since Jun 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in ColdFusion Forum Timeline: Could Sony Open eBook Decision Pressure Amazon?
Next Thread in ColdFusion Forum Timeline: Register page problem.





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC