Authentication with Session Control - Exercise

Contact Us or call 1-877-932-8228
Authentication with Session Control - Exercise

Authentication with Session Control

Duration: 45 to 60 minutes.

In this exercise, you will create a login form that allows a user to log in to a site, rather than just a page on the site. You will also modify several other pages so that their content changes based on whether or not the user is logged in.

  1. Open SessionAndApplication/Exercises/Login.cfm.
  2. If the user logs in successfully, set session variables for firstname, lastname, and userid with values from the query. Then redirect to index.cfm.
  3. In the user's log in fails, set a variable called badlogin to true.
  4. Open SessionAndApplication/Exercises/index.cfm.
  5. Write code that
    • Sets the firstname session variable with the value of "Stranger" if it doesn't already exist.
    • Changes the sentence that indicates the time and date to include the user's first name (e.g, "John the time is...").
    • Replaces the login form with "Logged in as firstname lastname" if the user is logged in.
  6. Open SessionAndApplication/Exercises/Logout.cfm.
    • Write code to log the user out. You'll need to use StructDelete().
  7. Open SessionAndApplication/Exercises/Includes/Navbar.cfm.
    • Change the code so that the last link is to Logout.cfm if the user is logged in and to Login.cfm if she is not.
    • If the user is logged in, add an additional link to MyAccount.cfm, which has been created for you.
  8. Open SessionAndApplication/Exercises/Register.cfm.
    • Modify it to automatically log the user in on a successful registration.
  9. When you have completed your work, test the site:
    • Go to SessionAndApplication/Exercises/Register.cfm and create a new account.
    • Click on the link to the home page. You should be logged in.
    • Click on the Logout link. You should be logged out.
    • Click on the Login link and login.

Write code so that the user can indicate that she would like to be remembered between visits. If she chooses to be remembered, she should never have to login again. You will have to modify Login.cfm, Application.cfm and Logout.cfm.

Solution:

SessionAndApplication/Solutions/Login.cfm
<cfif isDefined("FORM.submitted")>
	<cfquery name="logincheck" datasource="#APPLICATION.datasource#">
		SELECT firstname, lastname, userid
		FROM Users
		WHERE email='#FORM.email#'
			AND password='#FORM.password#'
	</cfquery>
	<cfif logincheck.RecordCount EQ 1>
		<cfset SESSION.firstname = logincheck.firstname>
		<cfset SESSION.lastname = logincheck.lastname>
		<cfset SESSION.userid = logincheck.userid>
		<cflocation url="index.cfm" addtoken="no">
	<cfelse>
		<cfset badlogin=true>
	</cfif>
</cfif>
---- C O D E   O M I T T E D ----

Solution:

SessionAndApplication/Solutions/index.cfm
               <cfparam name="SESSION.firstname" default="Stranger">

<html>
<head>
<title>Runners Home&trade;</title>
<link href="Styles/Main.css" rel="stylesheet">
</head>
<body>
<cfinclude template="Includes/NavBar.cfm">

<div id="greeting">
	<cfoutput>#SESSION.firstname#, the time is #TimeFormat(Now(),"h:mm tt")# on #DateFormat(Now(), "mmmm d, yyyy")#.</cfoutput>
</div>

<table align="center" cellpadding="10" cellspacing="0"
					width="100%" height="100%" id="hometable">
<tr valign="top">
<td width="25%" id="leftcolumn">
	<cfif isDefined("SESSION.userid")>
		Logged in as <cfoutput>#SESSION.firstname# #SESSION.lastname#</cfoutput>
	<cfelse>
	<h2>Log in</h2>
	<form method="post" action="Login.cfm">
	<input type="hidden" name="submitted" value="true">
		<table>
		<tr>
			<td class="whiteText">Email:</td>
			<td><input type="text" name="email" size="14"></td>
		</tr>
		<tr>
			<td class="whiteText">Password:</td>
			<td>
			<input type="password" name="password" size="14">
			</td>
		</tr>
		<tr>
			<td align="right" colspan="2">
			<input type="submit" value="Log in">
			</td>
		</tr>
		</table>
	</form>
	<a href="Register.cfm">Register</a>
	</cfif>
---- C O D E   O M I T T E D ----

Solution:

SessionAndApplication/Solutions/Logout.cfm
               <cfset StructDelete(Session,"userid")>
<cfset StructDelete(Session,"firstname")>
<cfset StructDelete(Session,"lastname")>

<cflocation url="index.cfm" addtoken="no">

Solution:

SessionAndApplication/Solutions/Includes/NavBar.cfm
<div align="center" id="navbar">
	<a href="index.cfm">Home</a> |
	<a href="Races.cfm">Races</a> |
	<a href="Resources.cfm">Resources</a> |
	<a href="Calculator.cfm">Calculator</a> |
	<a href="RunningLog.cfm">Running Log</a> |
	<cfif isDefined("SESSION.userid")>
		<a href="MyAccount.cfm">My Account</a> |
		<a href="Logout.cfm">Log out</a>
	<cfelse>
		<a href="Login.cfm">Log in</a>
	</cfif>
</div>

Solution:

SessionAndApplication/Solutions/Register.cfm
---- C O D E   O M I T T E D ----
	<cfif Form.password EQ Form.password2>
		<cfquery datasource="#Application.datasource#" name="insert">
			INSERT INTO Users
			(firstname, lastname, email, password)
			VALUES ('#Form.firstname#', '#Form.lastname#', '#Form.email#', '#Form.password#')
		</cfquery>
		<cfquery datasource="#Application.datasource#" name="getuserid">
			SELECT userid
			FROM Users
			WHERE email='#FORM.email#'
		</cfquery>
		<cfset Session.firstname = Form.firstname>
		<cfset Session.lastname = Form.lastname>
		<cfset Session.userid = getuserid.userid>
		
		<cflocation url="index.cfm" addtoken="no">

	<cfelse>
		<p class="errors"><b>Your passwords
		do not match. Please <a href=
		"Register.cfm">try again</a>.</p>
	</cfif>
---- C O D E   O M I T T E D ----

Challenge Solution:

SessionAndApplication/Solutions/Login-challenge.cfm
<cfif isDefined("FORM.submitted")>
	<cfquery name="logincheck" datasource="#APPLICATION.datasource#">
		SELECT * FROM Users
		WHERE email='#FORM.email#'
				AND password='#FORM.password#'
	</cfquery>
	<cfif logincheck.RecordCount EQ 1>
		<cfset SESSION.firstname = logincheck.firstname>
		<cfset SESSION.lastname = logincheck.lastname>
		<cfset SESSION.userid = logincheck.userid>
		<cfif isDefined("FORM.rememberme")>
			<cfcookie name="loggedin" value="#logincheck.userid#" expires="never">
		</cfif>
		<cflocation url="index.cfm" addtoken="no">
	<cfelse>
		<cfset badlogin=true>
	</cfif>
</cfif>
<cfparam name="FORM.email" default="">
<html>
<head>
<title>Login Page</title>
<link href="Styles/Main.css" rel="stylesheet">
</head>
<body>
<cfinclude template="Includes/NavBar.cfm">

<div id="subbody" align="center">

	<h2>Log in</h2>
	<cfif isDefined("badlogin")>
		<p class="errors"><b>That is not the
			correct email and password. Please
			<a href="Login-challenge.cfm">try again</a>.</p>
	</cfif>
	<cfoutput><form method="post" action="#CGI.SCRIPT_NAME#"></cfoutput>
	<input type="hidden" name="submitted" value="true">
		<table>
		<tr>
			<td>Email:</td>
			<td><input type="text" name="email"
					value="<cfoutput>#FORM.email#</cfoutput>" size="40"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td>
			<input type="password" name="password" size="14">
			</td>
		</tr>
		<tr>
			<td colspan="2">
			<input type="checkbox" name="rememberme"> Remember Me
			</td>
		</tr>
		<tr>
			<td align="right" colspan="2">
			<input type="submit" value="Log in">
			</td>
		</tr>
		<tr>
			<td colspan="2">
				<br><a href="Register.cfm">Register</a>
			</td>
		</tr>
		</table>
	</form>
</div>
<cfinclude template="Includes/Footer.cfm">

</body>
</html>

Challenge Solution:

SessionAndApplication/Solutions/Application-challenge.cfm
<cfapplication sessionmanagement="yes" clientmanagement="yes" name="RunnersHome">

<cfif NOT isDefined("APPLICATION.datasource")>
	<cfset APPLICATION.datasource="runners">
</cfif>

<cfif NOT isDefined("SESSION.userid") AND isDefined("COOKIE.loggedin")>
	<cfquery name="getuserinfo" datasource="#APPLICATION.datasource#">
		SELECT firstname,lastname,userid
		FROM Users
		WHERE userid=#COOKIE.loggedin#
	</cfquery>
	<cfif getuserinfo.RecordCount EQ 1>
		<cfset SESSION.firstname = getuserinfo.firstname>
		<cfset SESSION.lastname = getuserinfo.lastname>
		<cfset SESSION.userid = getuserinfo.userid>
	</cfif>
</cfif>

Challenge Solution:

SessionAndApplication/Solutions/Logout-challenge.cfm
<cfset StructDelete(Session,"userid")>
<cfset StructDelete(Session,"firstname")>
<cfset StructDelete(Session,"lastname")>

<cfcookie name="loggedin" expires="now">

<cflocation url="index.cfm" addtoken="no">
Next