/
Application.cfc
executable file
·61 lines (54 loc) · 2.64 KB
/
Application.cfc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<cfcomponent output="false" scriptprotect="none">
<cfset this.name = "halfCMS" />
<cfset this.sessionManagement = "true" />
<cfset this.sessionTimeout=CreateTimeSpan(0,7,0,0) />
<cfset this.clientStorage = "cookie" />
<cfset this.scriptProtect = "none" />
<cffunction name="onrequest">
<cfargument name="targetPage" /><cfsilent>
<cfsavecontent variable="htmloutput">
<cfparam name="FORM.userName" default="" />
<cfparam name="FORM.password" default="" />
<cfparam name="SESSION.comiEditor.isAuthenticated" default="false" />
<cfif isDefined("URL.logout")>
<!--- logout of both the editor and the CMS --->
<cfset structDelete(SESSION, "halfCMS")>
<cfset structDelete(SESSION, "comiEditor")>
<cflocation url="index.cfm" addtoken="false" />
</cfif>
<cfinclude template="inc/config/settings.cfm" />
<cfinclude template="inc/functions.cfm" />
<!--- auto login from CMS --->
<cfif structKeyExists(SESSION, "halfCMS")>
<cfset SESSION.comiEditor.isAuthenticated = true>
<cfset SESSION.comiEditor.username = SESSION.halfCMS.user.username>
<cfset SESSION.comiEditor.homeFolder = "">
</cfif>
<!--- already authenticated, load the requested page --->
<cfif SESSION.comiEditor.isAuthenticated>
<cfinclude template="#targetPage#" />
<!--- attempting authentication --->
<cfelseif FORM.username NEQ "" AND FORM.password NEQ "">
<!--- hash the password --->
<cfset loginCredentials = { username = FORM.username, passwordHash = hash(FORM.password, "SHA-512") } />
<!--- loop through the valid users until there is a match on username --->
<cfloop array="#comiEditor.authedUsers#" index="user">
<cfif user.username EQ loginCredentials.username>
<!--- if password matches, let them in --->
<cfif user.passwordHash EQ loginCredentials.passwordHash>
<cfset SESSION.comiEditor.isAuthenticated = true />
<cfset SESSION.comiEditor.username = FORM.username/>
<cfset SESSION.comiEditor.homeFolder = user.defaultFolder />
<cflocation url="#CGI.script_name#?login=success#CGI.query_string##findNoCase("folder", CGI.query_string) GT 0 ? "" : "&folder="&SESSION.comiEditor.homeFolder#" addtoken="false" />
</cfif>
</cfif>
</cfloop>
<!--- no match, send them back to the form --->
<cflocation url="#CGI.script_name#?#CGI.query_string#" addtoken="false" />
<!--- not logged in, show the login form --->
<cfelse>
<cfinclude template="inc/views/editor/login.cfm" />
</cfif>
</cfsavecontent>
</cfsilent><cfcontent reset="true"><cfoutput>#trim(htmloutput)#</cfoutput></cffunction>
</cfcomponent>