I'm using CFML for my application. I need help with developing a logout operation that destroys a session. For now, on the logout link I'm calling the login page but when the BACK Button on the browser is clicked the user is still logged in.
<!---LoginForm.cfm>--->
<!---Handle the logout--->
<cfif structKeyExists(URL,'logout')>
<cfset createObject("component",'authenticationService').doLogout() />
</cfif>
<!---Form processing begins here--->
<cfif structkeyExists(form,'submitLogin')>
<!---Create an instane of the authenticate service component--->
<cfset authenticationService=createObject("component",'authenticationService') />
<!---Server side data validation--->
<cfset aErrorMessages=authenticationService.validateUser(form.userEmail,form.userPassword)>
<cfif ArrayisEmpty(aErrorMessages)>
<!---Proceed to the login procedure --->
<cfset isUserLoggedIn=authenticationService.doLogin(form.userEmail,form.userPassword) >
</cfif>
</cfif>
<!---Form processing ends here--->
<cfform>
<fieldset>
<legend>Login</legend>
<cfif structKeyExists(variables,'aErrorMessages') AND NOT ArrayIsEmpty(aErrorMessages)>
<cfoutput>
<cfloop array="#aErrorMessages#" index="message" >
<p >#message#</p>
</cfloop>
</cfoutput>
</cfif>
<cfif structKeyExists(variables,'isUserLoggedIn') AND isUserLoggedIn EQ false>
<p class="errorMessage">User not found.Please try again!</p>
</cfif>
<cfif structKeyExists(session,'stLoggedInUser')>
<!---display a welcome message--->
<p><cfoutput>Welcome #session.stLoggedInUser.userFirstName# </cfoutput>
<p>Logout</p>
<cfelse>
<dl>
<dt>
<label for="userEmail">Email address</label>
</dt>
<dd>
<cfinput type="email" name="userEmail" required="true" >
</dd>
<dt>
<label for="userEmail">Password</label>
</dt>
<dd>
<cfinput type="password" name="userPassword" required="true" >
</dd>
</dl>
<cfinput type="submit" name="submitLogin" value="Login" />
</fieldset>
</cfif>
</cfform>
<cfdump var="#session#">
<!---authenticationService.cfc--->
<cfcomponent>
<cffunction name="validateUser" access="public" output="false" returntype="array">
<cfargument name="userEmail" type="string" required="true" />
<cfargument name="userPassword" type="string" required="true" />
<cfset var aErrorMessages=ArrayNew(1) />
<!---Validate the email--->
<cfif NOT isValid('email',arguments.userEmail)>
<cfset arrayAppend(aErrorMessages,'Please,provide a valid email address') />
</cfif>
<!---Validating the Password--->
<cfif arguments.userPassword EQ ''>
<cfset arrayAppend(aErrorMessages,'Please, provide a password') />
</cfif>
<cfreturn aErrorMessages />
</cffunction>
<!---doLogin() Method--->
<cffunction name="doLogin" access="public" output="false" returntype="boolean">
<cfargument name="userEmail" type="string" required="true" />
<cfargument name="userPassword" type="string" required="true" />
<!---create the isUserLoggedIn variable--->
<cfset var isUserLoggedIn=false />
<!---get the user data from the database--->
<cfquery datasource="myapp" name="getInfo">
select * from Info
where emailid='#form.userEmail#' and password='#form.userPassword#'
</cfquery>
<!---Check if the query returns one and only one user--->
<cfif getInfo.recordcount eq 1 >
<!--- log the user in --->
<cflogin>
<cfloginuser name="#getInfo.username#" password="#getInfo.password#" roles="#getInfo.role#">
</cflogin>
<!--- save user data in session scope --->
<cfset session.stLoggedInUser={'userFirstName'=getInfo.username} />
<!---change the isUserLoggedIn variable to true--->
<cfset var isUserLoggedIn=true />
</cfif>
<!---return the isUserLoggedIn variable --->
<cfreturn isUserLoggedIn />
</cffunction>
<!---doLogout() Method--->
<cffunction name="doLogout" access="public" output="false" returntype="any">
<!---delete user from session scope--->
<cfset structDelete(session,'stLoggedInUser') />
<!---log the user out--->
<cflogout />
</cffunction>
</cfcomponent>
Regarding the back button after logout, the situation being that someone could log off and walk away from their computer without closing the browser or locking it. Then anyone else could go back on their browser and view the data they had been viewing before logging out.
We solved this for a financial application by implementing a Pragma: no-cache header on every page request. This forces requests to the page to reload from the server, not just load what's in the browser's cache. This means the back button will request the previous URL from the server, which will check session and kick you to your logged out landing page.
It will throw off some users who are used to navigating your site a certain way, but it will make it much more secure.
Related
I am getting error saying "Error invoking CFC componentname.cfc : The method onRequest was not found in component ..\filepath\Application.cfc".
This works fine with CF8 but not CF9 with same code. Both environments use Apache and Fusebox 5. The method onRequest exists in application.cfc.
Please help.
CODE FOR CFC BIND:
<cfselect name="officeNum" id="officeNum" bind="cfc: userYODSU.GetOfficeList({empID},{fy})" display="officeNameTxt" value="officeNum" bindOnLoad="true"><option value="">---</option></cfselect>
Code in APPLICATION.CFC
<cfcomponent output="false">
<cfprocessingdirective suppresswhitespace="true">
<!---
Copyright 2006-2007 TeraTech, Inc. http://teratech.com/
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
--->
<!--- code that must execute at the very start of every single request --->
<!--- FB5: allow "" default - FB41 required this variable: --->
<cfparam name="variables.FUSEBOX_APPLICATION_PATH" default="" />
<!--- FB5: application key - FB41 always uses 'fusebox': --->
<cfparam name="variables.FUSEBOX_APPLICATION_KEY" default="fusebox" />
<!--- FB51: allow application to be included from other directories: --->
<cfparam name="variables.FUSEBOX_CALLER_PATH" default="#replace(getDirectoryFromPath(getBaseTemplatePath()),"\","/","all")#" />
<!--- FB55: easy way to override fusebox.xml parameters programmatically: --->
<cfparam name="variables.FUSEBOX_PARAMETERS" default="#structNew()#" />
<cfparam name="variables.attributes" default="#structNew()#" />
<cfset structAppend(attributes,URL,true) />
<cfset structAppend(attributes,form,true) />
<!--- FB5: uses request.__fusebox for internal tracking of compiler / runtime operations: --->
<cfset request.__fusebox = structNew() />
<!--- FB55: bleeding variables scope back and forth between fusebox5.cfm and this CFC for backward compatibility --->
<cfset variables.exposed = structNew() />
<!--- FB55: scaffolder integration --->
<cfif structKeyExists(attributes,"scaffolding.go")>
<!--- if we're not already executing the scaffolder, branch to it --->
<cfif findNoCase("/scaffolder/",CGI.SCRIPT_NAME) eq 0>
<cftry>
<cfinclude template="/scaffolder/manager.cfm" />
<cfcatch type="missinginclude">
<cfif structKeyExists(attributes,"scaffolding.debug")>
<cfrethrow />
</cfif>
<cfthrow type="fusebox.noScaffolder" message="Scaffolder not found" detail="You requested the scaffolder but /scaffolder/index.cfm does not exist." />
</cfcatch>
</cftry>
</cfif>
</cfif>
<cffunction name="bleed" returntype="any" access="public" output="false">
<cfargument name="outerVariables" type="any" required="true" />
<cfset variables.exposed = arguments.outerVariables />
<!--- expose known variables: --->
<cfset variables.exposed.attributes = variables.attributes />
<cfreturn this />
</cffunction>
<cffunction name="onApplicationStart" output="false">
<!--- FB5: myFusebox is an object but has FB41-compatible public properties --->
<cfset variables.myFusebox = createObject("component","myFusebox").init(variables.FUSEBOX_APPLICATION_KEY,variables.attributes,variables) />
<!--- expose known variables: --->
<cfset variables.exposed.myFusebox = variables.myFusebox />
<!--- FB55: guarantee XFA struct exists --->
<cfparam name="variables.xfa" default="#structNew()#" />
<!--- FB51: ticket 164: add OO synonym for attributes scope --->
<cfparam name="variables.event" default="#createObject('component','fuseboxEvent').init(attributes,xfa,myFusebox)#" />
<!--- expose known variables: --->
<cfset variables.exposed.xfa = variables.xfa />
<cfset variables.exposed.event = variables.event />
<cfset loadFusebox() />
</cffunction>
<cffunction name="onSessionStart" output="false">
</cffunction>
<cffunction name="onRequestStart" output="false">
<cfargument name="targetPage" type="string" required="true" />
<cfset var doCompile = true />
<!--- ensure CFC / Web Service / Flex Remoting calls are not intercepted --->
<cfif right(arguments.targetPage,4) is ".cfc">
<cfset doCompile = false />
<cfset structDelete(variables,"onRequest") />
<cfset structDelete(this,"onRequest") />
</cfif>
<!--- onApplicationStart() may create this (on first request) --->
<cfif not structKeyExists(variables,"myFusebox")>
<!--- FB5: myFusebox is an object but has FB41-compatible public properties --->
<cfset variables.myFusebox = createObject("component","myFusebox").init(variables.FUSEBOX_APPLICATION_KEY,variables.attributes,variables) />
<!--- expose known variables: --->
<cfset variables.exposed.myFusebox = variables.myFusebox />
</cfif>
<!--- FB55: guarantee XFA struct exists --->
<cfparam name="variables.xfa" default="#structNew()#" />
<!--- FB51: ticket 164: add OO synonym for attributes scope --->
<cfparam name="variables.event" default="#createObject('component','fuseboxEvent').init(variables.attributes,variables.xfa,variables.myFusebox)#" />
<!--- expose known variables: --->
<cfset variables.exposed.xfa = variables.xfa />
<cfset variables.exposed.event = variables.event />
<cfif variables.myFusebox.parameters.load>
<cflock name="#application.ApplicationName#_fusebox_#variables.FUSEBOX_APPLICATION_KEY#" type="exclusive" timeout="300">
<cfif variables.myFusebox.parameters.load>
<cfset loadFusebox() />
<cfelse>
<!--- _fba should *not* be exposed --->
<cfset _fba = application[variables.FUSEBOX_APPLICATION_KEY] />
<!--- fix attributes precedence --->
<cfif _fba.precedenceFormOrURL is "URL">
<cfset structAppend(variables.attributes,URL,true) />
</cfif>
<!--- set the default fuseaction if necessary --->
<cfif not structKeyExists(variables.attributes,_fba.fuseactionVariable) or trim(variables.attributes[_fba.fuseactionVariable]) is "">
<cfset variables.attributes[_fba.fuseactionVariable] = _fba.defaultFuseaction />
</cfif>
<cfset variables.attributes[_fba.fuseactionVariable] = trim(variables.attributes[_fba.fuseactionVariable]) />
<cfset variables.attributes.fuseaction = variables.attributes[_fba.fuseactionVariable] />
</cfif>
</cflock>
<cfelse>
<cfset _fba = application[variables.FUSEBOX_APPLICATION_KEY] />
<!--- fix attributes precedence --->
<cfif _fba.precedenceFormOrURL is "URL">
<cfset structAppend(variables.attributes,URL,true) />
</cfif>
<!--- set the default fuseaction if necessary --->
<cfif not structKeyExists(variables.attributes,_fba.fuseactionVariable) or trim(variables.attributes[_fba.fuseactionVariable]) is "">
<cfset variables.attributes[_fba.fuseactionVariable] = _fba.defaultFuseaction />
</cfif>
<cfset variables.attributes[_fba.fuseactionVariable] = trim(variables.attributes[_fba.fuseactionVariable]) />
<cfset variables.attributes.fuseaction = variables.attributes[_fba.fuseactionVariable] />
</cfif>
<!---
Fusebox 4.1 did not set attributes.fuseaction or default the fuseaction variable until
*after* fusebox.init.cfm had run. This made it hard for fusebox.init.cfm to do URL
rewriting. For Fusebox 5, we default the fuseaction variable and set attributes.fuseaction
before fusebox.init.cfm so it can rely on attributes.fuseaction and rewrite that. However,
in order to maintain backward compatibility, we need to allow fusebox.init.cfm to set
attributes[_fba.fuseactionVariable] and still have that reflected in attributes.fuseaction
and for that to actually be the request that gets processed.
--->
<cfif _fba.debug>
<cfset variables.myFusebox.trace("Fusebox","Including fusebox.init.cfm") />
</cfif>
<cftry>
<!--- _fba_ttr_fav and _ba_attr_fa should *not* be exposed --->
<cfset _fba_attr_fav = variables.attributes[_fba.fuseactionVariable] />
<cfset _fba_attr_fa = variables.attributes.fuseaction />
<cfinclude template="#_fba.getCoreToAppRootPath()#fusebox.init.cfm" />
<cfif variables.attributes.fuseaction is not _fba_attr_fa>
<cfif variables.attributes.fuseaction is not variables.attributes[_fba.fuseactionVariable]>
<cfif variables.attributes[_fba.fuseactionVariable] is not _fba_attr_fav>
<!--- inconsistent modification of both variables?!? --->
<cfthrow type="fusebox.inconsistentFuseaction"
message="Inconsistent fuseaction variables"
detail="Both attributes.fuseaction and attributes[{fusebox}.fuseactionVariable] changed in fusebox.init.cfm so Fusebox doesn't know what to do with the values!" />
<cfelse>
<!--- ok, only attributes.fuseaction changed --->
<cfset variables.attributes[_fba.fuseactionVariable] = variables.attributes.fuseaction />
</cfif>
<cfelse>
<!--- ok, they were both changed and they match --->
</cfif>
<cfelse>
<!--- attributes.fuseaction did not change --->
<cfif variables.attributes[_fba.fuseactionVariable] is not _fba_attr_fav>
<!--- make attributes.fuseaction match the other changed variable --->
<cfset variables.attributes.fuseaction = variables.attributes[_fba.fuseactionVariable] />
<cfelse>
<!--- ok, neither variable changed --->
</cfif>
</cfif>
<cfcatch type="missinginclude" />
</cftry>
<cfif doCompile>
<!---
must special case development-circuit-load mode since it causes circuits to reload during
the compile (post-load) phase and therefore must be exclusive
--->
<cfif _fba.debug>
<cfset variables.myFusebox.trace("Fusebox","Compiling requested fuseaction '#variables.attributes.fuseaction#'") />
</cfif>
<!--- _parsedFileData should *not* be exposed --->
<cfif _fba.mode is "development-circuit-load">
<cflock name="#application.ApplicationName#_fusebox_#variables.FUSEBOX_APPLICATION_KEY#" type="exclusive" timeout="300">
<cfset _parsedFileData = _fba.compileRequest(attributes.fuseaction,myFusebox) />
</cflock>
<cfelse>
<cflock name="#application.ApplicationName#_fusebox_#variables.FUSEBOX_APPLICATION_KEY#" type="readonly" timeout="300">
<cfset _parsedFileData = _fba.compileRequest(attributes.fuseaction,myFusebox) />
</cflock>
</cfif>
</cfif>
</cffunction>
<!--- excuse the formatting here - it is done to completely suppress whitespace --->
<cffunction name="onRequest"><cfargument
name="targetPage" type="string" required="true" /><cfsetting
enablecfoutputonly="true">
<cfif variables.myFusebox.parameters.execute>
<cfif _fba.debug>
<cfset myFusebox.trace("Fusebox","Including parsed file for '#variables.attributes.fuseaction#'") />
</cfif>
<cftry>
<!---
readonly lock protects against including the parsed file while
another threading is writing it...
--->
<cflock name="#_parsedFileData.lockName#" type="readonly" timeout="30">
<cfinclude template="#_parsedFileData.parsedFile#" />
</cflock>
<cfcatch type="missinginclude">
<cfif right(cfcatch.missingFileName, len(_parsedFileData.parsedName)) is _parsedFileData.parsedName>
<cfthrow type="fusebox.missingParsedFile"
message="Parsed File or Directory not found."
detail="Attempting to execute the parsed file '#_parsedFileData.parsedName#' threw an error. This can occur if the parsed file does not exist in the parsed directory or if the parsed directory itself is missing." />
<cfelse>
<cfrethrow />
</cfif>
</cfcatch>
</cftry>
</cfif>
<cfsetting enablecfoutputonly="false">
</cffunction>
<cffunction name="onRequestEnd" output="true">
<cfargument name="targetPage" type="string" required="true" />
<cfif structKeyExists(variables,"myFusebox")>
<cfset variables.myFusebox.trace("Fusebox","Request completed") />
</cfif>
<cfif isDefined("_fba.debug") and _fba.debug and structKeyExists(variables,"myFusebox") and right(arguments.targetPage,4) is not ".cfc">
<cfoutput>#variables.myFusebox.renderTrace()#</cfoutput>
</cfif>
</cffunction>
<cffunction name="onSessionEnd" output="false">
</cffunction>
<cffunction name="onApplicationEnd" output="false">
</cffunction>
<cffunction name="onError">
<cfargument name="exception" />
<cfset var stack = 0 />
<cfset var prefix = "Raised at " />
<!--- top-level exception is always event name / expression for Application.cfc (but not fusebox5.cfm) --->
<cfset var caughtException = arguments.exception />
<cfif structKeyExists(caughtException,"rootcause")>
<cfset caughtException = caughtException.rootcause />
</cfif>
<cfif listFirst(caughtException.type,".") is "fusebox">
<cfif isDefined("_fba.debug") and _fba.debug and structKeyExists(variables,"myFusebox")>
<cfset variables.myFusebox.trace("Fusebox","Caught Fusebox exception '#caughtException.type#'") />
<cfif structKeyExists(caughtException,"tagcontext")>
<cfloop index="stack" from="1" to="#arrayLen(caughtException.tagContext)#">
<cfset variables.myFusebox.trace("Fusebox",prefix &
caughtException.tagContext[stack].template & ":" &
caughtException.tagContext[stack].line) />
<cfset prefix = "Called from " />
</cfloop>
</cfif>
</cfif>
<cfif not isDefined("_fba.errortemplatesPath") or (
structKeyExists(variables,"attributes") and structKeyExists(variables,"myFusebox") and
not _fba.handleFuseboxException(caughtException,variables.attributes,variables.myFusebox,variables.FUSEBOX_APPLICATION_KEY)
)>
<cfif isDefined("_fba.debug") and _fba.debug and structKeyExists(variables,"myFusebox")>
<cfoutput>#variables.myFusebox.renderTrace()#</cfoutput>
</cfif>
<cfthrow object="#caughtException#" />
</cfif>
<cfelse>
<cfif isDefined("_fba.debug") and _fba.debug and structKeyExists(variables,"myFusebox")>
<cfset variables.myFusebox.trace("Fusebox","Request failed with exception '#caughtException.type#' (#caughtException.message#)") />
<cfif structKeyExists(caughtException,"tagcontext")>
<cfloop index="stack" from="1" to="#arrayLen(caughtException.tagContext)#">
<cfset variables.myFusebox.trace("Fusebox",prefix &
caughtException.tagContext[stack].template & ":" &
caughtException.tagContext[stack].line) />
<cfset prefix = "Called from " />
</cfloop>
</cfif>
<cfoutput>#variables.myFusebox.renderTrace()#</cfoutput>
</cfif>
<cfthrow object="#caughtException#" />
</cfif>
<!--- if we hit an error before starting the request, prevent the request from running --->
<cfset myFusebox.parameters.execute = false />
</cffunction>
<cffunction name="override" returntype="void" access="public" output="false">
<cfargument name="name" type="string" required="true" />
<cfargument name="value" type="any" required="true" />
<cfargument name="useThisScope" type="boolean" default="false" />
<cfif arguments.useThisScope>
<cfset this[arguments.name] = arguments.value />
<cfelse>
<cfset variables[arguments.name] = arguments.value />
</cfif>
</cffunction>
<cffunction name="onFuseboxApplicationStart">
</cffunction>
<cffunction name="loadFusebox" access="private" output="false">
<!--- ticket 232: extend request timeout value on framework load --->
<cfsetting requesttimeout="600" />
<cfif not structKeyExists(application,variables.FUSEBOX_APPLICATION_KEY) or variables.myFusebox.parameters.userProvidedLoadParameter>
<!--- can't be conditional: we don't know the state of the debug flag yet --->
<cfset variables.myFusebox.trace("Fusebox","Creating Fusebox application object") />
<cfset _fba = createObject("component","fuseboxApplication") />
<cfset application[variables.FUSEBOX_APPLICATION_KEY] = _fba.init(variables.FUSEBOX_APPLICATION_KEY,variables.FUSEBOX_APPLICATION_PATH,variables.myFusebox,variables.FUSEBOX_CALLER_PATH,variables.FUSEBOX_PARAMETERS) />
<cfelse>
<!--- can't be conditional: we don't know the state of the debug flag yet --->
<cfset variables.myFusebox.trace("Fusebox","Reloading Fusebox application object") />
<cfset _fba = application[variables.FUSEBOX_APPLICATION_KEY] />
<!--- it exists and the load is implicit, not explicit (via user) so just reload XML --->
<cfset _fba.reload(variables.FUSEBOX_APPLICATION_KEY,variables.FUSEBOX_APPLICATION_PATH,variables.myFusebox,variables.FUSEBOX_PARAMETERS) />
</cfif>
<!--- fix attributes precedence --->
<cfif _fba.precedenceFormOrURL is "URL">
<cfset structAppend(variables.attributes,URL,true) />
</cfif>
<!--- set the default fuseaction if necessary --->
<cfif not structKeyExists(variables.attributes,_fba.fuseactionVariable) or variables.attributes[_fba.fuseactionVariable] is "">
<cfset variables.attributes[_fba.fuseactionVariable] = _fba.defaultFuseaction />
</cfif>
<!--- set this up for fusebox.appinit.cfm --->
<cfset variables.attributes.fuseaction = variables.attributes[_fba.fuseactionVariable] />
<!--- flag this as the first request for the application --->
<cfset variables.myFusebox.applicationStart = true />
<!--- force parse after reload for consistency in development modes --->
<cfif _fba.mode is not "production" or variables.myFusebox.parameters.userProvidedLoadParameter>
<cfset variables.myFusebox.parameters.parse = true />
</cfif>
<!--- need all of the above set before we attempt any compiles! --->
<cfif variables.myFusebox.parameters.parseall>
<cfset _fba.compileAll(variables.myFusebox) />
</cfif>
<!--- FB55: template method to allow no-XML application initialization --->
<cfif _fba.debug>
<cfset variables.myFusebox.trace("Fusebox","Executing onFuseboxApplicationStart()") />
</cfif>
<cfset onFuseboxApplicationStart() />
<!--- FB5: new appinit include file --->
<cfif _fba.debug>
<cfset variables.myFusebox.trace("Fusebox","Including fusebox.appinit.cfm") />
</cfif>
<cftry>
<cfinclude template="#_fba.getCoreToAppRootPath()#fusebox.appinit.cfm" />
<cfcatch type="missinginclude" />
</cftry>
<!--- ticket 269 ensure there is no double reload at CF startup --->
<cfset variables.myFusebox.parameters.load = false />
</cffunction>
</cfprocessingdirective>
</cfcomponent>
I dunno why you'd be getting the error you're seeing, but in CF9 you don't need to do all that horsing around deleting onRequest(), you can simply have an onCfcRequest() method in there, which'll get called instead of onRequest() when requests for CFCs are made. So doing that could remove the situation in which the error situation arises.
Finally I was able to resolve this issue. I figured that the error shows only in the localhost but not on any servers. Also, found that the problem was only with the cfselect with bind cfc. I didn't see any difference with the settings in localhost and other servers. So I tried some changes to the fusebox code and fixed it. Following change in fusebox5.cfm made it working.
<cftry>
<cfset __fuseboxAppCfc.onRequest(CGI.SCRIPT_NAME) />
<cfset __fuseboxAppCfc.onRequestEnd(CGI.SCRIPT_NAME) />
<cfcatch type="any">
<cfset __fuseboxAppCfc.onError(cfcatch)>
</cfcatch>
</cftry>
Changed this to:
<cftry>
<cfif right(CGI.SCRIPT_NAME,"4") NEQ ".cfc">
<cfset __fuseboxAppCfc.onRequest(CGI.SCRIPT_NAME) />
</cfif>
<cfset __fuseboxAppCfc.onRequestEnd(CGI.SCRIPT_NAME) />
<cfcatch type="any">
<cfset __fuseboxAppCfc.onError(cfcatch)>
</cfcatch>
</cftry>
I tried to bind a CFGrid in ColdFusion through a CFC function which works correctly, but after login when I tried to surf to the page the CFGrid does not get populated with any records.
Here is my grid.cfm code:
<cfform name="GridForm">
<cfgrid format="html" name="UserGrid" pagesize="10" selectmode="row" bind="cfc:Consumer.getUserinfo({cfgridpage},{cfgridpagesize},{cfgridsortcolumn},{cfgridsortdirection})">
<cfgridcolumn name="FirstName" width="300" header="FirstName" />
<cfgridcolumn name="LastName" width="180" header="LastName" />
<cfgridcolumn name="UserName" width="120" header="UserName" />
<cfgridcolumn name="Age" width="60" header="Age" />
</cfgrid>
<br/>
</cfform>
And here is my cfc function:
<cfcomponent output="false">
<cffunction name="getUserInfo" access="remote" returntype="struct" >
<cfargument name="page" required="true" />
<cfargument name="pageSize" required="true" />
<cfargument name="gridsortcolumn" required="true" />
<cfargument name="gridsortdirection" required="true" />
<cfif arguments.gridsortcolumn eq "">
<cfset arguments.gridsortcolumn = "FirstName" />
<cfset arguments.gridsortdirection = "asc" />
</cfif>
<cfquery name="GetUser" datasource="MyDatabase" >
select *
from UserInfo
order by #arguments.gridsortcolumn# #arguments.gridsortdirection#
</cfquery>
<cfreturn queryconvertforgrid(GetUser, page, pagesize) />
</cffunction>
</cfcomponent>
Why doesn't this grid get populated after the login?
I recommend using the developer tools / javascript console in Chrome. Turn on log XMLHTTPRequests. Then, next time you reload your app, the console will show you all of the ajax calls your app is making and if they succeed or fail.
If you have a failing request you can right click on it and open it in a new tab to see the error details just like you would normally trouble shoot a problem.
I signed up for reCaptcha, got my private/public keys, made my recaptcha.cfm and put the code in my form. The form renders perfectly when you go to the URL but it submits even when the person doesn't put anything in the captcha. This is the code for my recaptcha.cfm and I have the relevant code for the form page commented out in recaptcha.cfm under "Sample." Any help would be greatly appreciated. Thank you.
<cfsetting enablecfoutputonly="true">
<!---
Use the reCAPTCHA API to verify human input.
reCAPTCHA improves the process of digitizing books by sending words that
cannot be read by computers to the Web in the form of CAPTCHAs for
humans to decipher. More specifically, each word that cannot be read
correctly by OCR is placed on an image and used as a CAPTCHA. This is
possible because most OCR programs alert you when a word cannot be read
correctly.
You will need a key pair from http://recaptcha.net/api/getkey to use this tag.
Sample
--------------------------------
<html>
<body>
<cfform>
<cf_recaptcha
privateKey="6LepjdQSAAAAAMspsO04gZUXltxddkiI0ZgSF02h"
publicKey="6LepjdQSAAAAADoLvfvgkwacBAI_GbL-nTy2zvS6">
<cfinput type="submit" name="submit">
</cfform>
<cfif isDefined("form.submit")>
<cfoutput>recaptcha says #form.recaptcha#</cfoutput>
</cfif>
</body>
</html>
--->
<cfscript>
CHALLENGE_URL = "http://api.recaptcha.net";
SSL_CHALLENGE_URL = "https://api-secure.recaptcha.net";
VERIFY_URL = "http://api-verify.recaptcha.net/verify";
</cfscript>
<cfif not structKeyExists(attributes, "publicKey")>
<cfthrow type="RECAPTCHA_ATTRIBUTE"
message="recaptcha: required attribute 'publicKey' is missing">
</cfif>
<cfif not structKeyExists(attributes, "privateKey")>
<cfthrow type="RECAPTCHA_ATTRIBUTE"
message="recaptcha: required attribute 'privateKey' is missing">
</cfif>
<cftry>
<cfparam name="attributes.action" default="render">
<cfif not listContains("render,check", attributes.action)>
<cfset sInvalidAttr="action not render|check">
<cfthrow>
</cfif>
<cfset sInvalidAttr="ssl not true|false">
<cfparam name="attributes.ssl" type="boolean" default="false">
<cfparam name="attributes.theme" type="regex" pattern="(red|white|blackglass)" default="red">
<cfif not listContains("red,white,blackglass", attributes.theme)>
<cfset sInvalidAttr="theme not red|white|blackglass">
<cfthrow>
</cfif>
<cfset sInvalidAttr="tabIndex not numeric">
<cfparam name="attributes.tabIndex" type="numeric" default="0">
<cfcatch type="any">
<cfthrow type="RECAPTCHA_ATTRIBUTE"
message="recaptcha: attribute #sInvalidAttr#">
</cfcatch>
</cftry>
<cfif isDefined("form.recaptcha_challenge_field") and isDefined("form.recaptcha_response_field")>
<cftry>
<cfhttp url="#VERIFY_URL#" method="post" timeout="5" throwonerror="true">
<cfhttpparam type="formfield" name="privatekey" value="#attributes.privateKey#">
<cfhttpparam type="formfield" name="remoteip" value="#cgi.REMOTE_ADDR#">
<cfhttpparam type="formfield" name="challenge" value="#form.recaptcha_challenge_field#">
<cfhttpparam type="formfield" name="response" value="#form.recaptcha_response_field#">
</cfhttp>
<cfcatch>
<cfthrow type="RECAPTCHA_NO_SERVICE"
message="recaptcha: unable to contact recaptcha verification service on url '#VERIFY_URL#'">
</cfcatch>
</cftry>
<cfset aResponse = listToArray(cfhttp.fileContent, chr(10))>
<cfset form.recaptcha = aResponse[1]>
<cfset structDelete(form, "recaptcha_challenge_field")>
<cfset structDelete(form, "recaptcha_response_field")>
<cfif aResponse[1] eq "false" and aResponse[2] neq "incorrect-captcha-sol">
<cfthrow type="RECAPTCHA_VERIFICATION_FAILURE"
message="recaptcha: the verification service responded with error '#aResponse[2]#'. See http://recaptcha.net/apidocs/captcha/ for error meanings.">
</cfif>
<cfelse>
<cfset form.recaptcha = false>
</cfif>
<cfif attributes.action eq "render">
<cfif attributes.ssl>
<cfset challengeURL = SSL_CHALLENGE_URL>
<cfelse>
<cfset challengeURL = CHALLENGE_URL>
</cfif>
<cfoutput>
<script type="text/javascript">
<!--
var RecaptchaOptions = {
theme : '#attributes.theme#',
tabindex : #attributes.tabIndex#
};
//-->
</script>
<script type="text/javascript"
src="#challengeURL#/challenge?k=#attributes.publicKey#">
</script>
<noscript>
<iframe src="#challengeURL#/noscript?k=#attributes.publicKey#"
height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
value="manual_challenge">
</noscript>
</cfoutput>
</cfif>
<cfsetting enablecfoutputonly="false">
That custom tag is badly out of date. You need to update the URLs because Google changed them. Change them to this:
CHALLENGE_URL = "http://www.google.com/recaptcha/api";
SSL_CHALLENGE_URL = "https://www.google.com/recaptcha/api";
VERIFY_URL = "http://www.google.com/recaptcha/api/verify";
I have posted an updated version of this custom tag as a Gist here: https://gist.github.com/2210356
I have the following Applicaton.cfc
<cffunction name="onApplicationStart" access="public" returntype="Object">
<cfset application.dsn = "myDB" />
<cfset application.userGateway = createObject("component","cfc.UserGateway").init(dsn = application.dsn) />
<cfreturn this />
</cffunction>
This is my component UserGateway.cfc
<cfcomponent name="UserGateway" hint="Data Access Object" output="false">
<cffunction name="init" access="public" hint="constructor" output="false" returntype="UserGateway">
<cfargument name="dsn" type="string" required="true" hint="datasource" />
<cfset variables.dsn = arguments.dsn />
<cfreturn this />
</cffunction>
<cffunction name="getUsers" access="public" output="false" returntype="query">
<cfargument name="id" type="String" default="" />
<cfargument name="name" type="String" default="" />
<cfargument name="district" type="String" default="" />
<cfset var qQuery = "" />
<cfquery name="qQuery" datasource="#variables.dsn#">
SELECT *
FROM A INNER JOIN B
ON A.X = B.Y
WHERE 0=0
<cfif "#arguments.id#" neq "">
AND B.X LIKE '%#arguments.id#%'
</cfif>
<cfif "#arguments.name#" neq "">
AND (A.I LIKE '#arguments.name#%'
OR A.J LIKE '#arguments.name#%')
</cfif>
<cfif "#arguments.district#" neq "">
AND A.O LIKE '%#arguments.district#%'
</cfif>
</cfquery>
<cfreturn qQuery />
</cffunction>
</cfcomponent>
And this is my same.cfm
<cfform action="same.cfm" method="post" preservedata="true">
<p>ID: <cfinput type="text" name="id" size="20" maxlength="4" /></p>
<p>Name: <cfinput type="text" name="name" size="20" maxlength="64" /></p>
<p>District: <cfinput type="text" name="district" size="20" maxlength="3" /></p>
<p><cfinput class="button" type="submit" name="submit" value="OK" /></p>
</cfform>
<cfif IsDefined("form.submit")>
<table>
<cfset qQuery = application.userGateway.getUsers(id = form.id, name = form.name, district = form.district) />
<cfoutput query="qQuery">
<tr>
<td>#qQuery.currentRow#.</a></td>
<td>#qQuery.I#</a></td>
<td>#qQuery.M#, #qQuery.N#</a></td>
<td>#qQuery.D#</a></td>
</tr>
</cfoutput>
</table>
</cfif>
I get the following error:
Element USERGATEWAY is undefined in a Java object of type class [Ljava.lang.String;.
The error occurred in same.cfm: line 10
What am i missing?
-------------------------------------------
-------------------------------------------
When i do it this way it works. it must be something trivial that i as a beginner do not get.
Application.cfc
<cffunction name="onRequestStart" access="public" returntype="String">
<cfset request.dsn="myDB" />
</cffunction>
same.cfm
<cfset userGateway = createObject("component","cfc.UserGateway").init(dsn = request.dsn) />
<cfset qGetUser = userGateway.getUsers(id = form.personid, name = form.name, district = form.district) />
<cfoutput query="qQuery">
<tr>
<td>#qQuery.currentRow#.</a></td>
<td>#qQuery.I#</a></td>
<td>#qQuery.M#, #qQuery.N#</a></td>
<td>#qQuery.D#</a></td>
</tr>
</cfoutput>
There are two things I see wrong here:
First, To my understanding, using the 'this' scope in application.cfc doesn't work the way you're trying to do it. By setting your userGateway object to an application scoped value, it becomes globally available and really makes returning it in onApplicationStart unnecessary. In your application.cfc, change your returntype to boolean and just return true; that should fix your problem.
Second, if in your query, your arguments and conditionals are not proxies of what you actually have, you're referencing an argument 'personid' which does not exist in your function. When calling that query through an object call in the application scope, I've seen the java string error returned as an error before as opposed to the CF Friendly 'variable doesn't exist' error.
In same.cfm, run this:
<cfset OnApplicationStart()>
Then refresh the page again. Does it now work?
<cffunction name="init" access="public" hint="constructor" output="false" returntype="UserGateway">
should be:
<cffunction name="init" access="public" hint="constructor" output="false" returntype="Any">
The following line is incorrect:
<cfset application.userGateway = createObject("component","cfc.UserGateway").init(dsn = application.dsn) />
It should read with out "cfc." at the beginning of the component name you want:
<cfset application.userGateway = createObject("component","UserGateway").init(dsn = application.dsn) />
Also, double check the rest of the application.cfc for correctness because something isn't running right, as you should have seen this error that it couldn't find component cfc.UserGateway.
EDIT:
I also forgot to mention that onApplicationStart does not need to return anything. The return type should be void and no <return this/> needs to be present.
Could it be this:
http://kathylynnward.wordpress.com/2008/04/14/lyra-captcha-error-element-captcha-is-undefined-in-a-java-object-of-type-class-ljavalangstring/
(I'll elaborate the post if this is the problem)
restart your CF service might help.
Is there a recommended (and preferably free) way in ColdFusion to access a remote file that is protected by NTLM authentication? The cfhttp tag appears to only support Basic authentication.
This CFX Tag - CFX_HTTP5 - should do what you need. It does cost $50, but perhaps it's worth the cost? Seems like a small price to pay.
Here is some code I found in:
http://www.bpurcell.org/downloads/presentations/securing_cfapps_examples.zip
There are also examples for ldap, webservices, and more.. I'll paste 2 files here so you can have an idea, code looks like it should still work.
<cfapplication name="example2" sessionmanagement="Yes" loginStorage="Session">
<!-- Application.cfm -->
<!-- CFMX will check for authentication with each page request. -->
<cfset Request.myDomain="allaire">
<cfif isdefined("url.logout")>
<CFLOGOUT>
</cfif>
<cflogin>
<cfif not IsDefined("cflogin")>
<cfinclude template="loginform.cfm">
<cfabort>
<cfelse>
<!--Invoke NTSecurity CFC -->
<cfinvoke component = "NTSecurity" method = "authenticateAndGetGroups"
returnVariable = "userRoles" domain = "#Request.myDomain#"
userid = "#cflogin.name#" passwd = "#cflogin.password#">
<cfif userRoles NEQ "">
<cfloginuser name = "#cflogin.name#" password = "#cflogin.password#" roles="#stripSpacesfromList(userRoles)#">
<cfset session.displayroles=stripSpacesfromList(userRoles)><!--- for displaying roles only --->
<cfelse>
<cfset loginmessage="Invalid Login">
<cfinclude template="loginform.cfm">
<cfabort>
</cfif>
</cfif>
</cflogin>
<!-- strips leading & trailing spaces from the list of roles that was returned -->
<cffunction name="stripSpacesfromList">
<cfargument name="myList">
<cfset myArray=listtoarray(arguments.myList)>
<cfloop index="i" from="1" to="#arraylen(myArray)#" step="1">
<!--- <cfset myArray[i]=replace(trim(myArray[i]), " ", "_")>
out<br>--->
<cfset myArray[i]=trim(myArray[i])>
</cfloop>
<cfset newList=arrayToList(myArray)>
<cfreturn newList>
</cffunction>
This is the cfc that might be of interest to you:
<!---
This component implements methods for use for NT Authentication and Authorization.
$Log: NTSecurity.cfc,v $
Revision 1.1 2002/03/08 22:40:41 jking
Revision 1.2 2002/06/26 22:46 Brandon Purcell
component for authentication and authorization
--->
<cfcomponent name="NTSecurity" >
<!--- Authenticates the user and outputs true on success and false on failure. --->
<cffunction name="authenticateUser" access="REMOTE" output="no" static="yes" hint="Authenticates the user." returntype="boolean">
<cfargument name="userid" type="string" required="true" />
<cfargument name="passwd" type="string" required="true" />
<cfargument name="domain" type="string" required="true" />
<cftry>
<cfscript>
ntauth = createObject("java", "jrun.security.NTAuth");
ntauth.init(arguments.domain);
// authenticateUser throws an exception if it fails,
ntauth.authenticateUser(arguments.userid, arguments.passwd);
</cfscript>
<cfreturn true>
<cfcatch>
<cfreturn false>
</cfcatch>
</cftry>
</cffunction>
<!---
Authenticates the user and outputs true on success and false on failure.
--->
<cffunction access="remote" name="getUserGroups" output="false" returntype="string" hint="Gets user groups." static="yes">
<cfargument name="userid" type="string" required="true" />
<cfargument name="domain" type="string" required="true" />
<cftry>
<cfscript>
ntauth = createObject("java", "jrun.security.NTAuth");
ntauth.init(arguments.domain);
groups = ntauth.GetUserGroups(arguments.userid);
// note that groups is a java.util.list, which should be
// equiv to a CF array, but it's not right now???
groups = trim(groups.toString());
groups = mid(groups,2,len(groups)-2);
</cfscript>
<cfreturn groups>
<cfcatch>
<cflog text="Error in ntsecurity.cfc method getUserGroups - Error: #cfcatch.message#" type="Error" log="authentication" file="authentication" thread="yes" date="yes" time="yes" application="no">
<cfreturn "">
</cfcatch>
</cftry>
</cffunction>
<!---
This method combines the functionality of authenticateUser and getUserGroups.
--->
<cffunction access="remote" name="authenticateAndGetGroups" output="false" returntype="string" hint="Authenticates the user and gets user groups if it returns nothing the user is not authticated" static="yes">
<cfargument name="userid" type="string" required="true" />
<cfargument name="passwd" type="string" required="true" />
<cfargument name="domain" type="string" required="true" />
<cftry>
<cfscript>
ntauth = createObject("java", "jrun.security.NTAuth");
ntauth.init(arguments.domain);
// authenticateUser throws an exception if it fails,
// so we don't have anything specific here
ntauth.authenticateUser(arguments.userid, arguments.passwd);
groups = ntauth.GetUserGroups(arguments.userid);
// note that groups is a java.util.list, which should be
// equiv to a CF array, but it's not right now
groups = trim(groups.toString());
groups = mid(groups,2,len(groups)-2);
</cfscript>
<cfreturn groups>
<cfcatch>
<cfreturn "">
</cfcatch>
</cftry>
</cffunction>
</cfcomponent>
If the code from Brandon Purcell that uses the jrun.security.NTauth class doesn't work for you in cf9 (it didn't for me) the fix is to use the coldfusion.security.NTAuthentication class instead. Everything worked fine for me.
You could try following the guidance here: http://cfsilence.com/blog/client/index.cfm/2008/3/17/ColdFusionSharepoint-Integration--Part-1--Authenticating
Here is what it boils down to you doing:
edit the client-config.wsdd
Change
<transport
name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender">
</transport>
to
<transport
name="http"
pivot="java:org.apache.axis.transport.http.CommonsHTTPSender">
</transport>
In my case I fixed this problem using 'NTLM Authorization Proxy Server'
http://www.tldp.org/HOWTO/Web-Browsing-Behind-ISA-Server-HOWTO-4.html
work fine for me :)