-
Notifications
You must be signed in to change notification settings - Fork 0
/
application.cfc
153 lines (117 loc) · 5.67 KB
/
application.cfc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<cfcomponent>
<cfset this.name = "CFP" />
<cfset this.applicationTimeout = CreateTimeSpan(0, 1, 0, 0) />
<cfset this.datasource = "CFP" />
<cfset this.sessionManagement = true />
<cfset this.sessionTimeout = CreateTimeSpan(0, 0, 0, 10) />
<cfset this.SetClientCookies = true />
<cfset this.dsn = "CFP" />
<!--- // this.customTagPaths = [ expandPath('/myAppCustomTags') ]; --->
<!--- // this.mappings = { --->
<!--- // "/foo" = expandPath('/com/myCompany/foo') --->
<!--- // }; --->
<!--- // see also: http://help.adobe.com/en_US/ColdFusion/10.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-750b.html --->
<!--- // see also: http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSED380324-6CBE-47cb-9E5E-26B66ACA9E81.html --->
<cffunction name="onApplicationStart">
<cfset APPLICATION.EncryptionKey = "G0ld3nT!ck3t" />
<cfreturn true />
</cffunction>
<cffunction name="onSessionStart">
<!---
Store the CF id and token. We are about to clear the
session scope for intialization and want to make sure
we don't lose our auto-generated tokens.
--->
<cfset LOCAL.CFID = SESSION.CFID />
<cfset LOCAL.CFTOKEN = SESSION.CFTOKEN />
<!--- Clear the session. --->
<cfset StructClear( SESSION ) />
<!---
Replace the id and token so that the ColdFusion
application knows who we are.
--->
<cfset SESSION.CFID = LOCAL.CFID />
<cfset SESSION.CFTOKEN = LOCAL.CFTOKEN />
<!--- Create the default user. --->
<cfset SESSION.User = {ID = 0, DateCreated = Now()} />
<!---
Now that we are starting a new session, let's check to see if this user want to be automatically logged
in using their cookies.
Since we don't know if the user has this "remember me" cookie in place, I would normally say let's param it
and then use it. However, since this process involves decryption which might throw an error, I say, let's
just wrap the whole thing in a TRY / CATCH and that way we don't have to worry about the multiple checks.
--->
<cftry>
<!--- Decrypt out remember me cookie. --->
<cfset LOCAL.RememberMe = Decrypt(COOKIE.RememberMe, APPLICATION.EncryptionKey, "cfmx_compat", "hex") />
<!---
For security purposes, we tried to obfuscate the
way the ID was stored. We wrapped it in the middle
of list. Extract it from the list.
--->
<cfset LOCAL.RememberMe = ListGetAt(LOCAL.RememberMe, 2, ":") />
<!--- <cfdump var="#Local#" label="Check1"> --->
<!---
Check to make sure this value is numeric,
otherwise, it was not a valid value.
--->
<cfif Len(LOCAL.RememberMe) GTE 35>
<!---
We have successfully retreived the "remember me" ID from the user's cookie. Now, store
that ID into the session as that is how we are tracking the logged-in status.
<cfset SESSION.User.uuid = LOCAL.RememberMe />
--->
<cfset cfcLogin = createObject("component", "api.cfc.login") />
<cfset local.qryUser = cfcLogin.getUser(LOCAL.RememberMe, "uuid") />
<cfif qryUser.status EQ "Success">
<!--- Set Session Variables --->
<cfset session.user.loggedIn = true />
<cfset session.user.loginDateTime = now() />
<cfset session.user.email = qryUser.getUser.email />
<cfset session.user.firstname = qryUser.getUser.username />
<cfset session.user.id = qryUser.getUser.UserID />
<cfset session.user.uuid = qryUser.getUser.UserUUID />
<cfset session.user.type = qryUser.getUser.UserType />
<cfset session.user.ipaddress = cgi.REMOTE_ADDR />
</cfif>
<cfelse>
<cfcookie name="rememberme" value="" expires="now" />
</cfif>
<!--- Catch any errors. --->
<cfcatch>
<cfcookie name="rememberme" value="" expires="now" />
<!---
There was either no remember me cookie, or the cookie was not valid for decryption. Let
the user proceed as NOT LOGGED IN.
--->
</cfcatch>
</cftry>
<!--- Return out. --->
<cfreturn />
</cffunction>
<!--- // the target page is passed in for reference, --->
<!--- // but you are not required to include it --->
<cffunction name="onRequestStart">
<cfargument name="targetPage" type="string" />
<cfset APPLICATION.EncryptionKey = "G0ld3nT!ck3t" />
</cffunction>
<cffunction name="onRequest">
<cfargument name="targetPage" type="string" />
<cfinclude template="#arguments.targetPage#" />
</cffunction>
<cffunction name="onRequestEnd">
</cffunction>
<cffunction name="onSessionEnd">
<cfargument name="SessionScope" type="struct" />
<cfargument name="ApplicationScope" type="struct" />
</cffunction>
<cffunction name="onApplicationEnd">
<cfargument name="ApplicationScope" type="struct" />
</cffunction>
<cffunction name="onError">
<cfargument name="Exception" type="any" />
<cfargument name="EventName" type="string" />
<h2>Something has gone awry!</h2>
<cfdump var="#Exception#" />
</cffunction>
</cfcomponent>