I am trying to do login section, but it doesn't validated the username and password with database.
can anyone tell me what's wrong in this code?
services/User.cfc
<cffunction name="login" access="public" output="false" returntype="any">
<cfargument name="username" required="true">
<cfargument name="password" required="true">
<cfquery name="getUser">
SELECT users.Id,
users.username,
users.password
FROM Users
Where UserName = <cfqueryparam value="#arguments.username#" cfsqltype="CF_SQL_VARCHAR">
AND Password = <cfqueryparam value="#arguments.password#" cfsqltype="CF_SQL_VARCHAR">
</cfquery>
<cfif getUser.recordcount gt 0>
<cfreturn getUser>
</cfif>
</cffunction>
controllers/login.cfc
<cffunction name="login" access="public" returntype="void">
<cfargument name="rc" type="struct" required="true">
<cfset user = getUserService().login(arguments.rc.Username,arguments.rc.password)>
<cfif arguments.rc.username EQ UserName and arguments.rc.password EQ password>
<cfset session.auth = structNew()>
<cfset session.auth.isLoggedin = "yes"/>
<!--- <cfset session.auth.id = users.id /> --->
<cfset session.auth.username = UserName />
<cfset session.auth.password = password />
<cfelse>
<cfset rc.message = createMessage('error','','entered password is wrong')>
<cfset variables.fw.redirect('login.default','message')>
</cfif>
</cffunction>
Thanks.
where you check the results of of calling login() you've not scoped username and password. try user.UserName and user.Password:
<cfif arguments.rc.username EQ user.UserName and arguments.rc.password EQ user.password>
You will also need to check whether the response from login() is a query at all. Currently if the username/password doesn't match, login() returns nothing. You could use IsQuery() on the result or change login() to always return a resultset and just check the length in your code. You could also look to throw an exception if the username and password don't match. You could then try the login() call and catch and handle failure in your controller's login() method.
You might want to consider renaming the login method in your service to validateUserCredentials or something like that, as the real login (setting session state) happens in your controller, although that's just a matter of personal taste.
Although not part of the question (and possibly addressed elsewhere in your code), you should look at hashing and salting your passwords in order to protect your users
Related
I have a project that is requiring me to Post login data to another domain. After the form submission a cookie is set in the browser and the user is redirected.
I've been able to accomplish this with javascript as follows:
<cfsavecontent variable="headOUT">
<script type="text/javascript">
function redirectPost(url, data) {
var form = document.createElement('form');
document.body.appendChild(form);
form.method = 'post';
form.action = url;
for (var name in data) {
var input = document.createElement('input');
input.type = 'hidden';
input.name = name;
input.value = data[name];
form.appendChild(input);
}
form.submit();
}
</script>
</cfsavecontent>
<cfhtmlhead text="#headOUT#">
<cfset htmlOUT = ''>
<cfset htmlOUT = htmlOUT & '<script type="text/javascript">'>
<cfset htmlOUT = htmlOUT & "redirectPost('#remote_url#', { authen_token: '#encryptedString#' });">
<cfset htmlOUT = htmlOUT & '</script>'>
<cfoutput>#htmlOUT#</cfoutput>
If I use cfhttp:
<cfhttp method="Post" url="#remote_url#" RESOLVEURL="Yes">
<cfhttpparam type="Formfield" name="authen_token" value="#encryptedString#">
</cfhttp>
The response does not include a cookie it is only the HTML with the meta redirect as if I logged-in from their page. But with no cookie I'm not authenticated.
Is there a way to do a redirect and a post with cfhttp and/or cflocation or is the javascript the best solution?
I'm writing an application in Django 2.0
It is a multi membership application. I have to implement PayPal payment method and activate the membership based on payment received.
For this, I have created a button in PayPal with generates code as
upgrade.html
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="<button-id>">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
and views.py is
class Pricing(TemplateView):
template_name = 'membership/pricing.html'
class Upgrade(TemplateView):
template_name = 'membership/upgrade.html'
class PaymentSuccess(TemplateView):
template_name = 'membership/payment-success.html'
class PaymentFailed(TemplateView):
template_name = 'membership/payment-failed.html'
def paypal_ipn(request):
# IPN response goes here
and urls.py
urlpatterns = [
path('pricing/', Pricing.as_view(), name='pricing'),
path('upgrade/', Upgrade.as_view(), name='upgrade'),
path('payment-success/', PaymentSuccess.as_view(), name='payment-success'),
path('payment-failed/', PaymentFailed.as_view(), name='payment-failed'),
path('paypal-ipn/', paypal_ipn, name='paypal-ipn'),
]
All is working fine as Payment is being made and user is redirected to the payment-success page.
But How do I receive the payment confirmation so that I could process the membership and record the transaction data in the database?
I have enabled instant payment notification from the settings in paypal sandbox accoun on url https://example.com/paypal-ipn/
I do not want to use django-paypal plugin due to some limitations.
You can create your own IPN handling page to receive PayPal IPN message. IPN Sample code below.
https://github.com/paypal/ipn-code-samples
How can I redirect from first site to second site.
Second site have form:
<form action="http://example.com/authAs" method="POST">
<input id="login" type="text" name="login"></td>
<input id="password" type="password" name="password"></td>
<button type="submit">login</button>
</form>
I want to authenticate the user at the first site and redirect it to a second site already authorized by POST request
How can I do it?
I have tried do it:
import urllib2,urllib
post_data = [('login', login), ('password', password)]
result = urllib2.urlopen('http://example.com/authAs', urllib.urlencode(post_data))
content = result.read()
But how redirect user to authorized page on second site?
It is not possible to redirect through POST, if you want the client to post to another site the only option is to use javascript to make a browser based redirection.
Instead of redirecting to example site, you can redirect to a local page with the form html and add this JS:
document.forms['form_id'].submit();
Note that the client will see the page for a few seconds before redirection and it won't work if JS is not enabled.
I've created a page to allow our clients to download a file. The trouble is, the browser doesn't know how big the file is and it doesn't show the progress of the download...
How do I get ColdFusion to report the file size at the very least? And, at best, how do I get the browser download bar to detect the file size and download progress?
Here's my code.
<cfparam name="delete_file" default="no">
<cfparam name="URL.d" default="n">
<cfparam name="content_type" default="image/jpeg">
<cfparam name="FileDownload" default="default.jpg">
<cfparam name="URL.file" default="default.jpg">
<cfparam name="folder" default="downloads">
<cfparam name="URL.folder" default="downloads">
<cfset folder = #URL.folder#>
<cfset FileDownload = #URL.file#>
<cfif URL.d IS "y">
<cfset delete_file = "yes">
<cfelse>
<cfset delete_file = "no">
</cfif>
<cfset exten = ListLast(FileDownload, ".")>
<cfswitch expression="#exten#">
<cfcase value="zip"><cfset content_type = "application/zip, application/x-zip, application/x-zip-compressed, application/octet-stream, application/x-compress, application/x-compressed, multipart/x-zip"></cfcase>
<cfcase value="ai"><cfset content_type = "application/illustrator"></cfcase>
<cfcase value="eps"><cfset content_type = "application/illustrator, application/octect-stream"></cfcase>
<cfcase value="pdf"><cfset content_type = "application/pdf, application/x-pdf, application/acrobat, applications/vnd.pdf, text/pdf, text/x-pdf"></cfcase>
<cfcase value="psd"><cfset content_type = "image/photoshop, image/x-photoshop, image/psd, application/photoshop"></cfcase>
<cfcase value="jpg"><cfset content_type = "image/jpeg"></cfcase>
<cfcase value="png"><cfset content_type = "image/png"></cfcase>
<cfcase value="tif"><cfset content_type = "image/tiff"></cfcase>
<cfdefaultcase><cfset content_type = "image/jpeg"></cfdefaultcase>
</cfswitch>
<cfoutput><cfheader name="content-disposition" value="attachment;filename=#FileDownload#">
<cfcontent type="#content_type#" file="#ExpandPath("./#folder#")#/#FileDownload#" deletefile="#delete_file#"></cfoutput>
<cfset fileToGetSizeOf = expandPath("./#folder#/#FileDownload#") />
<cfheader name="content-length" value="#getFileInfo(fileToGetSizeOf ).size#" />
Should do it
I'm trying to use a javascript library in django that requires some attributes for HTML elements in camelCase. For example, I've a model with a CharField field like this:
expires = models.DateField("Expiration Date", db_index = False, blank = True, null = True, editable = True, help_text = "Something")
My ModelForm has the following line in the init method:
self.fields['expires'].widget.attrs['SomeAttribute'] = "SomeValue"
and after the render_to_response the outputed HTML is like this:
<input id="id_expires" type="text" name="expires" someattribute="SomeValue">
instead of:
<input id="id_expires" type="text" name="expires" SomeAttribute="SomeValue">
Am I missing something?
As Issac points out at the top, what you've should be correct. The Django internals responsible for rendering the above in django.forms.widgets
return mark_safe(u'<input%s />' % flatatt(final_attrs))
should give you the correct attr you're looking for. I did get to replicate your problem when I inspected the HTML rendered in Firebug. It seems that Firebug lowercases the attribute name but when I did a view source code, it did show as SomeAttribute versus someattribute in Firebug (if this is indeed what you're doing :))
I couldn't find anything in the django forms codebase that suggests that it's anything that's django's fault. How are you rendering the form? Please see my shell session for my details.
>>> from django import forms
>>> class F(forms.Form):
... a = forms.CharField()
...
>>> f = F()
>>> f.as_p()
u'<p><label for="id_a">A:</label> <input type="text" name="a" id="id_a" /></p>'
>>> f.fields['a'].widget.attrs
{}
>>> f.fields['a'].widget.attrs['dERP'] = 'ddf'
>>> f.as_p()
u'<p><label for="id_a">A:</label> <input id="id_a" type="text" name="a" dERP="ddf" /></p>'
>>>