|
|
|
Question : N00b trying to understand part of this CF page...
|
|
|
|
Hi,
I'm new to coldfusion, I'm trying to modify this script, I need to understand which part of it is controlling access levels...
The system works like this, If the user isn't registered, they are a guest, and cannot access the page, instead, they're redirected to the login page. If they're registered, they get redirected, if they are registered and have a valid subscription, they have access...
What I need to do, is change it so that if they're registered, but not having a valid subscription, they'll be able to view it, but with some stuff removed, so I need to know what variable is likely to contain the data relating to their access level, so I can do Ifs, elses to make it show the data I need depending on the situation...
Thanks.
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
|
<cfprocessingdirective suppresswhitespace="yes">
<cfsilent>
<cfparam name="seo_override" type="boolean" default=false>
<cfif seo_override is false>
<cfparam name="page_id" type="numeric" default="0">
<cfset section_id = 1>
<cfset page_content = "">
<cfset rc_template = "rc_auctions.cfm">
<cfset seo_content = "">
<cfset page_file = "/">
<cfset section = "">
<cfset section_link = "">
<cfset page_login = "">
<cfset pageAccess = false>
<cfset msgAccess = "">
<cfquery name="dbRsPage" datasource="#datasource#" maxrows="1">
SELECT p.section_id AS section_id,
p.title AS title,
p.meta_title AS meta_title,
p.meta_desc AS meta_desc,
p.meta_kw AS meta_kw,
p.content AS content,
p.seo_content AS seo_content,
p.rc_template AS rc_template,
p.filename AS page_file,
s.description AS section,
s.link AS section_link,
p.login AS login
FROM page p,
section s
WHERE p.section_id = s.id AND
p.id = #page_id#
</cfquery>
<cfif dbRsPage.recordcount eq 1>
<cfset section_id = dbRsPage.section_id>
<cfset page_title = dbRsPage.title>
<cfset meta_title = dbRsPage.meta_title>
<cfset meta_desc = dbRsPage.meta_desc>
<cfset meta_kw = dbRsPage.meta_kw>
<cfset page_content = dbRsPage.content>
<cfset rc_template = dbRsPage.rc_template>
<cfset seo_content = dbRsPage.seo_content>
<cfset page_file = dbRsPage.page_file>
<cfset section = dbRsPage.section>
<cfset section_link = dbRsPage.section_link>
<cfset page_login = dbRsPage.login>
</cfif>
<cfif page_login is "Y" and uId eq 0>
<!--- <cflocation url="/my_account/?LOGIN"> --->
<!---<cflocation url="/my_account/login.cfm">--->
<cfset pageAccess = false>
<cfset msgAccess = "The page you are trying to access requires you to log in">
<cflock scope="session" timeout="30">
<cfset session.uRedirect = cgi.SCRIPT_NAME & "?" & cgi.QUERY_STRING>
<cfset session.msgAccess = msgAccess>
</cflock>
<cflocation url="/my_account/login.cfm?REDIRECT" addtoken="false">
<cfelseif page_login is "Y">
<cfquery name="dbRsAccess1" datasource="#datasource#">
SELECT pub_id
FROM page_pub
WHERE page_id = #page_id#
</cfquery>
<cfset pubIds = valueList(dbRsAccess1.pub_id)>
<cfif pubIds is "">
<cfset pubAccess = true>
<cfelse>
<cfset pubAccess = false>
</cfif>
<cfquery name="dbRsAccess2" datasource="#datasource#">
SELECT sub_level_id
FROM page_sub_level
WHERE page_id = #page_id#
</cfquery>
<cfset levelIds = valueList(dbRsAccess2.sub_level_id)>
<cfif levelIds is "">
<cfset levelAccess = true>
<cfelse>
<cfset levelAccess = false>
</cfif>
<cfset subCount = arrayLen(uSubs)>
<cfif subCount gt 0>
<cfloop from="1" to="#subCount#" index="i">
<cfset subData = uSubs[i]>
<cfif listFind(pubIds,subData.pub_id) gt 0>
<cfset pubAccess = true>
</cfif>
<cfif listFind(levelIds,subData.level) gt 0>
<cfset levelAccess = true>
</cfif>
</cfloop>
</cfif>
<cfif pubAccess is true and levelAccess is true>
<cfset pageAccess = true>
</cfif>
<!---<cfquery name="dbRsAccess" datasource="#datasource#">
SELECT COUNT(*) AS access_count
FROM page_pub p,
page_sub_level l,
subscription s
WHERE p.page_id = #page_id# AND
p.pub_id = s.publication_id AND
l.page_id = #page_id# AND
l.sub_level_id = s.sub_level_id AND
s.id = #uSubId#
</cfquery>--->
</cfif>
</cfif>
<cfloop from="1" to="7" index="n">
<cfif val(section_id) eq n>
<cfset navSuffix = "on">
<cfelse>
<cfset navSuffix = "">
</cfif>
<cfset "nav#n#Class" = "nav#numberFormat(n,"00")##navSuffix#">
</cfloop>
<cfif pageAccess is true and isdefined("url.REDIRECTED")>
<cflock scope="session" timeout="30">
<cfset session.uRedirect = "">
</cflock>
</cfif>
</cfsilent>
</cfprocessingdirective>
|
|
|
|
|
Answer : N00b trying to understand part of this CF page...
|
|
This line of code seems to test if the page requires a login and also if the user is not logged in, if the page does require a login and the user is not logged in, then enter this CFIF and are then redirected to the login page.
<cfif page_login is "Y" and uId eq 0>
Moving down a few lines, this next cfelseif block tests to see if the page requires a login (at this point because of the previous CFIF statement, we know the user is logged in)
<cfelseif page_login is "Y">
So the user enters this CFIF structure if they are logged in and the page requires a login.
The query "dbRsAccess1" checks to see if public access is allowed on that page
and a variable "pubaccess" is set with the results
That means that you should not modify this code to give a user access to the page. The access is driven by the database. There may be an admin screen that you check use to check off that a logged in user is allowed access to the page. Once you have checked that off, the user will gain access, then you can modify the page so that only certain things are shown if the user has certain subscriptions.
The next query dbRsAccess2 defines the subscription levels needed by the page, again, this is database driven. A variable LevelAccess is set depending on the page
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
|
<cfif page_login is "Y" and uId eq 0>
<!--- <cflocation url="/my_account/?LOGIN"> --->
<!---<cflocation url="/my_account/login.cfm">--->
<cfset pageAccess = false>
<cfset msgAccess = "The page you are trying to access requires you to log in">
<cflock scope="session" timeout="30">
<cfset session.uRedirect = cgi.SCRIPT_NAME & "?" & cgi.QUERY_STRING>
<cfset session.msgAccess = msgAccess>
</cflock>
<cflocation url="/my_account/login.cfm?REDIRECT" addtoken="false">
<cfelseif page_login is "Y">
<cfquery name="dbRsAccess1" datasource="#datasource#">
SELECT pub_id
FROM page_pub
WHERE page_id = #page_id#
</cfquery>
<cfset pubIds = valueList(dbRsAccess1.pub_id)>
<cfif pubIds is "">
<cfset pubAccess = true>
<cfelse>
<cfset pubAccess = false>
</cfif>
<cfquery name="dbRsAccess2" datasource="#datasource#">
SELECT sub_level_id
FROM page_sub_level
WHERE page_id = #page_id#
</cfquery>
<cfset levelIds = valueList(dbRsAccess2.sub_level_id)>
<cfif levelIds is "">
<cfset levelAccess = true>
<cfelse>
<cfset levelAccess = false>
</cfif>
<cfset subCount = arrayLen(uSubs)>
<cfif subCount gt 0>
<cfloop from="1" to="#subCount#" index="i">
<cfset subData = uSubs[i]>
<cfif listFind(pubIds,subData.pub_id) gt 0>
<cfset pubAccess = true>
</cfif>
<cfif listFind(levelIds,subData.level) gt 0>
<cfset levelAccess = true>
</cfif>
</cfloop>
</cfif>
<cfif pubAccess is true and levelAccess is true>
<cfset pageAccess = true>
</cfif>
|
|
|
|
|
|
