Cflogin

I'd like to use cflogin not to restrict access not only to an entire folder or page, but to also show edit links on pages that the end user also sees. These links would be hidden unless an admin or moderator has logged in.
Can anyone please point me in the right direction?

 

When you log them in, use cfloginuser to set their role, and then on the page you wish to show the edit links, do something like this:

<cfif IsUserInRole("Admin") >
{{edit link}}
<cfelse >
{{show normal/public content}}
</cfif>

 

For some reason, I'm not able to use the function IsUserInRole with any success. It returns NO, even though I'm able to output the following two variables which show me that the cflogin worked.
<cfset contactID = listFirst(getAuthUser())>
<cfset contactName = listRest(getAuthUser())>

Here's the page where my login form is submitted too:


<cflogin>

<!--- If the user hasn't gotten the login form yet, display it --->
<cfif not (isDefined("FORM.userLogin") and isDefined("FORM.userPassword"))>
<cfinclude template="UserLoginForm.cfm">
<cfabort>

<cfelse>

<cfquery name="getUser" datasource="#APPLICATION.dataSource#">
SELECT ContactID, FirstName, UserRoleName
FROM Contacts LEFT OUTER JOIN UserRoles
ON Contacts.UserRoleID = UserRoles.UserRoleID
WHERE UserLogin = '#FORM.UserLogin#'
AND UserPassword = '#FORM.UserPassword#'
</cfquery>

<cfif getUser.recordCount eq 1>
<cfloginuser
name="#getUser.ContactID#,#getUser.FirstName#"
password="#FORM.userPassword#"
roles="#getUser.userRoleName#">

<cfelse>
<cfinclude template="UserLoginForm.cfm">
<cfabort>
</cfif>


</cfif>

</cflogin>

 

You need to wrap your CFLOGINUSER code with CFLOGIN.

That is.
<CFLOGIN>

<cfloginuser
name="#getUser.ContactID#,#getUser.FirstName#"
password="#FORM.userPassword#"
roles="#getUser.userRoleName#">

</CFLOGIN>

 

Isn't it wrapped already? Please look at my code more closely. Sorry that it is formatted a little sloppy. Here it is formatted better:

<cflogin>

 <cfif not (isDefined("FORM.userLogin") and isDefined("FORM.userPassword"))>
   <cfinclude template="UserLoginForm.cfm">
   <cfabort>
 <cfelse>
   <cfquery name="getUser" datasource="#APPLICATION.dataSource#">
     SELECT ContactID, FirstName, UserRoleName
     FROM Contacts LEFT OUTER JOIN UserRoles
     ON Contacts.UserRoleID = UserRoles.UserRoleID
     WHERE UserLogin = '#FORM.UserLogin#'
     AND UserPassword = '#FORM.UserPassword#'
   </cfquery>
   <cfif getUser.recordCount eq 1>
     <cfloginuser
     name="#getUser.ContactID#,#getUser.FirstName#"
     password="#FORM.userPassword#"
     roles="#getUser.userRoleName#">
   <cfelse>
     <cfinclude template="UserLoginForm.cfm">
     <cfabort>
   </cfif>
  </cfif>

</cflogin>

Code (markup):

 

So it is...sorry, I missed that...

Not that I think it should make a difference, but perhaps just having the cfloginuser tag within the cflogin containter?

Also note that cflogin will only execute the body of the command if there is **no logged in user**. If, during your testing, you logged in, and then re-ran this code without logging out, no changes to the login data would be made.

 

IsRoss is correct, CFLOGIN only executes if no one is logged in. If someone is, then that block of code does not get executed.

What IsRoss was saying is that in your cfloginuser tag, state what roles the user is in. At this juncture consider these suggestions:

1) Trim the roles, they are case-sensitive and the spaces matter
2) Output the role that is being assigned to the user and then test for that exact value.