Next on the list of major application functions is the user log-in process (Figure II-3.7). To accomplish this, the teams will utilize the new ColdFusion MX <CFLOGIN> authentication scheme and Flash Remoting's ability to natively communicate with it. The Vshift ColdFusion team has placed a <CFLOGIN> tag in the Application.cfm, to ensure that the expenseapp.cfc run the authentication scheme before any of the component functions can be accessed. Figure II-3.7. The movie clip form for the log-in process has all of the objects necessary to log-in to the application.<cflogin> <cfifIsDefined("CFLOGIN")> <cfqueryname="getuser"datasource="expensedb"> SELECTid,access FROMusers WHERE(username='#CFLOGIN.name#') AND(password='#CFLOGIN.password#') </cfquery> <cfifgetuser.recordcountgt0> <cfifgetuser.accesseq2> <cfloginusername="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="admin"> <cfelse> <cfloginusername="#CFLOGIN.name#" password="#CFLOGIN.password#" roles="user"> </cfif> </cfif> </cfif> </cflogin> instant message
When this code is placed in the Application.cfm, ColdFusion will be constantly checking for the CFLOGIN attributes until the Flash application sets them. If the log-in attributes are found, the function then tries to find the given user ID and password in the database. If it finds a valid user ID and password in the database, <CFLOGINUSER> authenticates the user and password, and sets their roles in the CFLOGIN scope. To send the user ID and password from the Flash movie, setCredentials will be used. gatewayConnection.setCredentials("usernameField.text"," passwordField.text"); Once the user is authenticated in the system, ColdFusion can leverage the ROLES attribute of the <CFFUNCTION> tag. The ROLES attribute is a comma-delimited list of user roles that are allowed to run the function. <cffunctionname="myfunction"access="remote"roles="admin"> <!---Ionlyruniftheuserisauthenticatedasanadmin--> </cffunction> The ColdFusion team has also created a CFC function called "logout" that will simply call the <CFLOGOUT> command. This removes the user from the CFLOGIN variable scope, thus forcing ColdFusion to ask for a user ID and password again. instant message
<cffunctionname="logout"access="remote"> <cflogout> </cffunction> |