Context Navigation

Application.cfm @ 5

Revision 5, 1.7 kB (checked in by DanWilson, 17 years ago)
Initial Commit Of ModelGlue? Website (upgrade to blogcfc 511)

Rev	Line
[5]	1	<cfsetting enablecfoutputonly=true>
	2	<cfprocessingdirective pageencoding="utf-8">
	3	<!---
	4	Name : /client/admin/Application.cfm
	5	Author : Raymond Camden
	6	Created : 04/06/06
	7	Last Updated : 3/9/07
	8	History : Shlomy Gantz suggested a 'pause' on badlogin to help prevent brute force attacks (rkc 3/9/07)
	9	--->
	10
	11	<cfinclude template="../Application.cfm">
	12
	13	<cflogin>
	14	<cfif isDefined("form.username") and isDefined("form.password") and len(trim(form.username)) and len(trim(form.password))>
	15	<cfif application.blog.authenticate(left(trim(form.username),50),left(trim(form.password),50))>
	16	<cfloginuser name="#trim(username)#" password="#trim(password)#" roles="admin">
	17	<!---
	18	This was added because CF's built in security system has no way to determine if a user is logged on.
	19	In the past, I used getAuthUser(), it would return the username if you were logged in, but
	20	it also returns a value if you were authenticated at a web server level. (cgi.remote_user)
	21	Therefore, the only say way to check for a user logon is with a flag.
	22	--->
	23	<cfset session.loggedin = true>
	24	<cfelse>
	25	<!--- Suggested by Shlomy Gantz to slow down brute force attacks --->
	26	<cfset createObject("java", "java.lang.Thread").sleep(500)>
	27	</cfif>
	28	</cfif>
	29	</cflogin>
	30
	31	<!--- Security Related --->
	32	<cfif isDefined("url.logout") and isLoggedIn()>
	33	<cfset structDelete(session,"loggedin")>
	34	<cflogout>
	35	</cfif>
	36
	37	<cfif findNoCase("/admin", cgi.script_name) and not isLoggedIn() and not findNoCase("/admin/notify.cfm", cgi.script_name)>
	38	<cfsetting enablecfoutputonly="false">
	39	<cfinclude template="login.cfm">
	40	<cfabort>
	41	</cfif>
	42
	43	<cfsetting enablecfoutputonly=false>

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format