maintaining code structure and locking the admin folder

92 views Asked by At

I am trying to use the following to make a page security enable for the admin folders of my website

the structure of my application is like the switch case statements

index.cfm page has the switch.cfm which further defines the code as:

<cfswitch expression="#mode#">
<cfcase value="admin.1"><cfinclude template="1.cfm"></cfcase>
<cfdefaultcase><cfinclude template="login.cfm"></cfcase>
</cfswitch>

now in my application.cfc i have defined like this

<cfif (NOT structKeyExists( session, "isLoggedIn" )) OR (session.isLoggedIn eq false) AND CGI.query_string contains 'admin'>
<cfinclude template="index.cfm"> - why `index`, it will include the `switch.cfm` and `switch.cfm` has the `defaultcase` of `login.cfm`, so apparently it will include `login.cfm` - **This is why i think it should do**. 

now when i call my page as:

http://localhost/?mode=admin.1 - it goes into it, rather than sending the user to the login.cfm, am i missing something

1

There are 1 answers

6
Jedihomer Townend On

I believe your logic is wrong...

You're saying:

if not logged in, include index.cfm

In index.cfm you are asking,

if mode == admin.1 then include 1 else include the login

You are passing in the correct mode, so admin.1 is run.

You probably want something like:

<cfif (NOT structKeyExists( session, "isLoggedIn" )) OR (session.isLoggedIn eq false) AND CGI.query_string contains 'admin'>
    <cfinclude template="login.cfm">
<cfelse>
    <!--- this should mean the user is logged in --->
    <cfinclude template="index.cfm">
</cfif>

Or something like that...