如何僅爲會員區域創建登錄

Question

我正在爲我的項目工作創建電子商務網站。在我從this tutorial創建一個application.cfm頁面，使用代碼：

<!--- Create the application ---> 
     <cfapplication name="MyApp" 
      clientmanagement="Yes" 
      sessionmanagement="Yes" 
      sessiontimeout="#CreateTimeSpan(0,0,0,10)#" 
      applicationtimeout="#CreateTimeSpan(0,0,0,10)#" /> 

     <!--- Now define that this user is logged out by default ---> 
     <CFPARAM NAME="session.allowin" DEFAULT="false" /> 

     <!--- Now define this user id to zero by default, this will be used later on to access specific information about this user. ---> 
     <CFPARAM NAME="session.user_id" DEFAULT="0" /> 

     <!--- Now if the variable "session.allowin" does not equal true, send user to the login page ---> 
     <!--- the other thing you must check for is if the page calling this application.cfm is the "login.cfm" page and the "Login_process.cfm" page since the Application.cfm is always called, if this is not checked the application will simply Loop over and over. To check that, you do the following call ---> 

     <cfif session.allowin neq "true"> 
      <cfif ListLast(CGI.SCRIPT_NAME, "/") EQ "loginn.cfm"> 
      <cfelseif ListLast(CGI.SCRIPT_NAME, "/") EQ "login_process.cfm"> 
      <cfelse> 
       <!--- this user is not logged in, alert user and redirect to the login.cfm page ---> 
       <script> 
        alert("You must login to access this area!"); 
        self.location="loginn.cfm"; 
       </script> 
      </cfif> 
     </cfif> 

這是Login_process.cfm頁：

<!--- Get all records from the database that match this users credentials ---> 
    <cfquery name="qVerify" datasource="cfdb2"> 
     SELECT User_name, User_pass 
     FROM uid_pass 
     WHERE User_name = '#name#' 
    and User_pass='#pass#' 
    </cfquery> 

    <cfif qVerify.RecordCount> 
     <!--- This user has logged in correctly, change the value of the session.allowin value ---> 
      <cfset session.allowin = "True" /> 

     <cfset session.User_name = qVerify.User_name /> 

     <!--- Now welcome user and redirect to "<strong>members_only.cfm</strong>" ---> 
     <script> 
      alert("Welcome user, you have been successfully logged in!"); 
      self.location="index.cfm"; 
     </script> 
    < cfelse> 
     <!--- this user did not log in correctly, alert and redirect to the login page ---> 
     <script> 
      alert("Your credentials could not be verified, please try again!!!"); 
      self.location="Javascript:history.go(-1)"; 
     </script> 
    </cfif> 

我的代碼面臨的問題是，當我打開它要求我登錄的索引頁面。沒有登錄，我無法繼續。如果我直接打開registration.cfm頁面，則會發生同樣的情況。我如何構建代碼以便訪客可以訪問事物，但必須在使用「添加到購物車」選項時登錄。

Answer 1

所以，你需要「白名單」，可以不被記錄在喜歡的東西訪問的任何頁面：

<cfif session.allowin neq "true"> 
    <!--- check if this is a page that doesn't require authentication ---> 
    <cfset currentScript = ListLast(CGI.SCRIPT_NAME, "/")> 
    <cfif listFindNoCase("login.cfm,registration.cfm,login_process.cfm", currentScript) eq 0> 
     <!--- redirect to login.cfm page ---> 
     <cflocation addtoken="false" href="login.cfm"> 
    </cfif> 
</cfif> 

我注意到你正在使用Application.cfm，真的是你應該使用的Application.cfc 。然後您可以進入應用程序生命週期。您的安全檢查，可以在onRequestStart方法，你可以設置在onSessionStart方法等會議

始終使用cfqueryparam在查詢中保護自己免受SQL注入攻擊。喜歡的東西：

<cfquery name="qVerify" datasource="cfdb2"> 
    SELECT User_name, User_pass 
    FROM uid_pass 
    WHERE User_name = <cfqueryparam value="#name#" cfsqltype="cf_sql_varchar"> 
     and User_pass = <cfqueryparam value="#pass#" cfsqltype="cf_sql_varchar"> 
</cfquery> 

我也建議您在存儲密碼讀了起來，從你的代碼，它看起來像你存儲在純文本數據庫的密碼 - 這是不好的。你想看看使用單向密碼加密。