CFDJ Issue 2: Vol: 8  p.39
Security Made Simple
Author: Kelly Brown

Listing 1:  
<!--- Turn On Session variables --->
<cfapplication name="AccessSecurity"
 sessionmanagement="Yes"
 setclientcookies="Yes"
 sessiontimeout="#CreateTimeSpan(0, 2, 0, 0)#">

<!-- If not logged in, run login procedure --->
<CFIF NOT IsDefined("Session.user_id")>
 <CFSET message="">
 <!--- If submitting login form, process it --->
 <CFIF IsDefined("Form.login")>
  <!--- Check login and password --->
  <cfquery name="check" datasource="users">
   SELECT user_id
   FROM users
   WHERE email='#FORM.securitylogin#'
   and password='#FORM.securitypassword#'
  </cfquery>
  <!--- If user found set session variable,
         otherwise set error message --->
  <CFIF check.RecordCount IS NOT 0>
   <CFSET Session.user_id=check.user_id>
  <CFELSE>
   <CFSET message="Invalid Login.">
  </CFIF>
 </CFIF>
 <!--- If logging in or invalid login
       show login form --->
 <CFIF NOT IsDefined("Form.login") or
       message IS NOT "">
  <html><head><title>User Login</title></head>
  <body  bgcolor="white">
  <P align="CENTER"><B>Login</B></P>
  <CFIF message IS NOT "">
   <CFOUTPUT><P align="CENTER"><FONT color="red">
    <B>#message#</B></font></P>
   </CFOUTPUT><P>
  </CFIF>
  <!--- Extract the current file name from template
        path and append the url parameters--->
  <CFOUTPUT>
   <FORM
    action="#GetFileFromPath(CF_TEMPLATE_PATH)
         #?#CGI.QUERY_STRING#" method="POST">
  </cfoutput>
  <!--- Create all passed in form variables as
     hidden form fields --->
  <CFIF IsDefined("Form.FieldNames")>
   <CFLOOP INDEX="ThisVar" list="#Form.FieldNames#">
    <CFIF ThisVar IS NOT "securitylogin" AND
       ThisVar IS NOT "securitypassword">
     <CFOUTPUT>
      <input type=hidden
             name="#ThisVar#"
             value="#Evaluate("Form.#ThisVar#")#">
     </cfoutput>
 </cfif>
   </cfloop>
  </cfif>
  <DIV align="center">
  <TABLE border="0" cellspacing="0">
   <TR>
    <TD align=right><B>Email</B></TD>
    <TD><input name="securitylogin" size=40></TD>
   </TR>
   <TR>
    <TD align=right><B>Password</B></TD>
    <TD><input type="password"
            name="securitypassword"
      size=15></TD>
   </TR>
  </TABLE>
  <P>
  <input type=submit value="Login" name="login">
  </FORM>
  </div>
  </body>
  </html>
  <!--- Stop the template here when logging in,
        ignoring the rest of page --->
  <CFABORT>
 </CFIF>
 <!--- If our login was okay we fall through to the
       rest of the page --->
</CFIF>