-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurity.cfm
62 lines (42 loc) · 1.29 KB
/
security.cfm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<!---
Creating Co. : Hostek.com
Programmed by: Kaleb L.
Creation Date: 11/15/2014
--->
<cftry>
<cfif IsDefined("form.uid") AND IsDefined("form.pwd")>
<cfif Trim(Len(form.uid)) EQ 0 OR Trim(Len(form.pwd)) EQ 0>
<cfthrow message="User name, password or datasource blank.">
<cfelse>
<!--- check if the user has basic select privileges --->
<cfquery datasource="#Application.DSN#" name="check_authorization">
select
*
from
mailerusers
</cfquery>
<cfset passhash = #Hash(form.pwd , "SHA-512")#>
<cfif Hash(Trim(passhash)) EQ Hash(Trim(check_authorization.pass)) AND Hash(Trim(form.uid)) EQ Hash(Trim(check_authorization.user)) >
<cflock timeout="15">
<cfset Session.uid = Trim(form.uid)>
<cfset Session.pwd = Trim(passhash)>
</cflock>
<cflocation url="index.cfm" >
<cfelse>
Login not defined
</cfif>
</cfif>
<cfelseif (NOT IsDefined("Session.uid"))>
<cfthrow message="User not logged in, or session timed out.">
</cfif>
<!--- Your code goes here --->
<cfcatch>
An authorization error has occurred<br />
<br />
Message: <cfoutput>#cfcatch.message#</cfoutput><br />
<br />
Please click on the button to login.<br />
<br />
<input type="button" value="Login" onclick="location.replace('access.cfm')">
</cfcatch>
</cftry>