Context Navigation

Application.cfm @ 21

Revision 5, 1.7 kB (checked in by DanWilson, 17 years ago)
Initial Commit Of ModelGlue? Website (upgrade to blogcfc 511)

Line
1	<cfsetting enablecfoutputonly=true>
2	<cfprocessingdirective pageencoding="utf-8">
3	<!---
4	Name : /client/admin/Application.cfm
5	Author : Raymond Camden
6	Created : 04/06/06
7	Last Updated : 3/9/07
8	History : Shlomy Gantz suggested a 'pause' on badlogin to help prevent brute force attacks (rkc 3/9/07)
9	--->
10
11	<cfinclude template="../Application.cfm">
12
13	<cflogin>
14	<cfif isDefined("form.username") and isDefined("form.password") and len(trim(form.username)) and len(trim(form.password))>
15	<cfif application.blog.authenticate(left(trim(form.username),50),left(trim(form.password),50))>
16	<cfloginuser name="#trim(username)#" password="#trim(password)#" roles="admin">
17	<!---
18	This was added because CF's built in security system has no way to determine if a user is logged on.
19	In the past, I used getAuthUser(), it would return the username if you were logged in, but
20	it also returns a value if you were authenticated at a web server level. (cgi.remote_user)
21	Therefore, the only say way to check for a user logon is with a flag.
22	--->
23	<cfset session.loggedin = true>
24	<cfelse>
25	<!--- Suggested by Shlomy Gantz to slow down brute force attacks --->
26	<cfset createObject("java", "java.lang.Thread").sleep(500)>
27	</cfif>
28	</cfif>
29	</cflogin>
30
31	<!--- Security Related --->
32	<cfif isDefined("url.logout") and isLoggedIn()>
33	<cfset structDelete(session,"loggedin")>
34	<cflogout>
35	</cfif>
36
37	<cfif findNoCase("/admin", cgi.script_name) and not isLoggedIn() and not findNoCase("/admin/notify.cfm", cgi.script_name)>
38	<cfsetting enablecfoutputonly="false">
39	<cfinclude template="login.cfm">
40	<cfabort>
41	</cfif>
42
43	<cfsetting enablecfoutputonly=false>

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format