EasyCFM.COM - ColdFusion Tutorials - ColdFusion Tutorial - ColdFusion Resources - Learn ColdFusion the easy way with our 450+ free coldfusion tutorials!

Tutorial	Views
Using JQUERY to Detect an End of Session event	707
JQuery & Coldfusion Username Check Utility	717
Preventing People From Leeching Your Images!	47,751
Close Preview \| View All Tutorials

Small difference that can cause big troubles!

Small difference that can cause big troubles!

I wanted to add access rights to certain areas of my site and for this purpose I added a new server behavior in Dreamweaver MX:

1. ?Log In User? with Option 'Restrict Access Based On' marked at 'Username, Password, and Access Level' providing the MS SQL Server DB row for the field 'Get Level From' that is 'member_level' which is an integer value: 0 = "no access", 1 = "registered" and 2 = "approved"

2. Then a new server behavior for all pages to restrict is created in 'Restrict Access To Page':
Option field 'Username, Password, and Access Level is selected and Levels 1 and 2 is added to the 'Select Level(s)' box.

Here is a snippet of the current code:

<cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("1,2", MM_UserAuthorization) EQ 0>
    <cfset MM_referer=CGI.SCRIPT_NAME>
    <cfif CGI.QUERY_STRING NEQ "">
        <cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
    </cfif>
    <cfset MM_failureURL="login_failed.cfm?accessdenied=" & URLEncodedFormat(MM_referer)>
    <cflocation url="#MM_failureURL#" addtoken="no">
</cfif>

So far it is working pretty fine: An account holding a 'member_level' of 0 is not allowed to see those pages, but an account with 'member_level' 1 or 2 can!

---
But after deciding to change the 'member_level' field in the DB to a data type of char[15] = {'none','registerd',approved'} and substituting 1 by 'registered' and 2 by 'approved' the CF generated code doesn't work at all!?

<cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("registered,approved",MM_UserAuthorization) EQ 0>
    <cfset MM_referer=CGI.SCRIPT_NAME>
    <cfif CGI.QUERY_STRING NEQ "">
        <cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
    </cfif>
    <cfset MM_failureURL="login_failed.cfm?accessdenied=" & URLEncodedFormat(MM_referer)>
    <cflocation url="#MM_failureURL#" addtoken="no">
</cfif>

---
The solution to this dilemma is to change this code a little bit by adding a 'trim' command to the first line as follows:

<cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind(trim("registered,approved", MM_UserAuthorization)) EQ 0>
    <cfset MM_referer=CGI.SCRIPT_NAME>
    <cfif CGI.QUERY_STRING NEQ "">
        <cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
    </cfif>
    <cfset MM_failureURL="no_access.cfm?accessdenied=" & URLEncodedFormat(MM_referer)>
    <cflocation url="#MM_failureURL#" addtoken="no">
</cfif>

Unfortunately CF MX doesn?t recognize this adapted code as a server behavior any more and skips it out of the tab window!?

All ColdFusion Tutorials By Author: Florian Carstens

Small difference that can cause big troubles!
Trying to restrict certain pages of a CF MX Site via server behaviours isn't every time an easy task!
Author: Florian Carstens
Views: 16,376
Posted Date: Wednesday, June 11, 2003