I've been going through a lot of the documentation online about managing users in Exchange distribution lists with cfldap. I'm wanting to pass the distribution list and member attributes as form variables from cfldap queryies but I'm getting a little confused on syntax. The cfldap queries that display the distribution lists and users or be added or removed work, where I'm getting tripped up is passing those form variables to the cfldap that modifies the list.
My cfldap query that displays the distribution lists for the user to select, uses name as the attribute. In the cfldap modify action, I'd pass that attribute as a form variable for the distribution list to be modified as:
dn="CN=#form.Name#,CN=Users,dc=domain, dc=org" (all of our distribution lists are located here, don't ask me why, just the way it is.)
Then the member to be added or deleted would be passed to the same cfldap action as another form variable:
attributes="mail=#form.email#"
Which would be the email address of the users selected.
Am I on the right track with this? In addition to being a ColdFusion noob, I'm an ldap noob as well. Any links to documentation on "cfldap For Dummies" would be appreciated.
Thanks
Related
We are using Sitecore 7.2 with multi-site implementation. The actual data is shared between multisite, hence it's been stored in common Global Item folder.
We are facing a problem generating aunique ID on URL. I had a good search but could not find any solution except to use Sitecore Item ID.
This is what we want:
domain/players/player_id
e.g. domain/players/1234
where 1234 is uniquely generated ID.
Could someone please suggest if this is possible?
Every page that is managed in Sitecore is a Sitecore Item. As such, you should be able to just navigate to the name of the player item. If you were trying to say in your post that player items are stored in globals and not as pages, then you are left with the following options:
Query String: domain/players/player?playerId={ID}
If this is the route that you choose to take then I would suggest using the player item's Sitecore ID for the value of the query string parameter.
If you have other IDs then put the specified ID there, however it would be easiest with Sitecore IDs
What you would then do is get the item with the ID specified in the query string parameter (or get the item with the player ID specified in the query string parameter, depending on which route you take) and display the data for that player on the page
Sitecore.Context.Database.GetItem(Request.QueryString["playerId"])
playerItems.FirstOrDefault(playerItem => playerItem["Player ID"] == Request.QueryString["playerId"])
Note that this assumes that the Player ID is a field, not the Sitecore ID
If it is the Sitecore ID then change the lambda to use playerItem.ID == new ID(Request.QueryString["playerId"]
Regardless of which one you use, I suggest adding null checks to the QueryString getter
Sublayout Parameters
If you use this method, the query string will not change and people will not be able to get to the page from the direct URL
The process is the same as for query strings, except that you are using Sublayout parameters instead
Note that you must set these in a parent sublayout or in Sitecore (which means that you have a separate page for each player - i.e. this would be a bad solution)
Virtual Items
This is really what I think you are looking for
This can be a lot of work if you do it from scratch, or you can use the Wildcard Module
If you do it from scratch, you will need a custom pipeline and/or processor for handling the requests
Good suggestions from Zachary. I will add a couple more:
1) IIS Rewrite Module. If what you are really after is having external URLs look like /domain/players/1234, you could easily accomplish this by forwarding these requests to something like Zachary's option #1. The client sees /domain/players/1234, but it's really handled by a single Sitecore item at /domain/player/player.aspx?playerid=1234. Client doesn't have to know that.
2) Custom ItemResolver pipeline handler. Custom Pipelines may be a bit intimidating at first, but they are actually pretty easy to implement and highly useful. Would be pretty straightforward to add a new one which checked for "players/1234" and set the ContextItem to your player handling page and drop the ID into a session variable or some context variable.
Using: ColdFusion 10, JQuery 1.9, IIS
I made a CFC (allows remote access) which handles the insertion of comments into a database, whether they are new comments or replies to an existing one.
I have a Form which submits to this CFC when you want to make a comment.
At the moment I am passing (as hidden fields) form variables to the CFC to tell it various things about the comment that's to be inserted: e.g. which User the comment is for (the RecipientID) and which CommentID its in reference to (if its a reply). These values change a lot because sometimes a user is replying to another user's comment.
I don't want to send the hidden variables in my form because it can easily be modified by a malicious person. How can I send the main Form information using form variables (e.g. the comment body) but pass the sensitive variables using just ColdFusion so its not manipulable by a hacker?
One thing I could do is submit back to the page itself and then use <cfinvoke> to call the CFC and pass in the arguments. I would set the arguments in the invocation rather than in the Form. Would this be the correct way to do it?
The only place where the malicious users can't modify easily is in the Session.
Keep sensitive stuff in the Session, and make sure the logged in user has the proper right to do the action they requested (e.g. can delete their own stuff only, not other ppl's stuff)
Regarding, "One thing I could do is submit back to the page itself and then use to call the CFC and pass in the arguments. I would set the arguments in the invocation rather than in the Form. Would this be the correct way to do it?"
I think this would be a lot better than submitting to the cfc which is what you say you are doing now. Slight variations of this theme are:
Submit to another page which invokes the cfc method.
Forget the cfc and put the database call into a .cfm page. In
fact, if the cfc contains nothing but the insert query and is not
used elsewhere, it's unnecessary.
As far as not using hidden form fields goes, you might be in trouble. The user info can be stored in the session scope as suggested by Henry, but the recipient info is harder to protect. You could make the recipient id part of the form field name. Then to protect yourself from neer do wells, add another check on the cgi.http_referrer variable.
I want to make sure that my visitors (not authenticated users), are unable to visit a particular view without coming directly from a "previous view". I've kind of had to manually create a form preview and confirmation state. It's the step between submission and preview, and preview and confirm I'd like to "secure".
form submission-view -> preview-view -> confirm-view.
Is there some way that I can create a unique hash, POST it, and check if it's correct, or somewhat generate a cookie, session — or anything else that feels clever?
I'm a Django beginner (programming beginner in general) and any snippets' or pointing me in a right direction would be very much appreciated!
Thanks.
There are at least two ways you can accomplish this that I can think of:
One would be to include a hidden field in your form or querystring value that contains your hash/unique that you want to pick up in the next view. If it's not there, or incorrect, redirect.
Another would be to check the referring url from the request.META to see if they've come from the view you want them to come in on first, and save a session value from the form submission to carry through the rest of the views. If it's not there, redirect. If the referring URL isn't what you expect, redirect.
Whether you use a cookie, session, querystring parameter or hidden form post, it's all doing the same thing - validating a value exists. Whatever method works best, is what makes the most sense for you as the developer and most likely maintainer of said app.
To POST data to the server for an object, one must provide the object's ID for lookup. Where to include the ID and send it to the server is something that has been bugging me. There are three options I have in mind:
Include the ID as part of the URL
Include the ID as part of the POST data
Put the ID in query string (I'm not sure if query string is allowed when doing a POST)
I use python/django for my server end.
Someone please comment on which one I should go with and why. Thanks.
I'd do it via the URL in most cases, particularly if you are creating a view to display an object. Furthermore, I'd use the slug (if there is one) instead of an ID as it looks better in Google SERP, it makes more sense semantically, and it is more readable for users.
Remember that you can easily reverse object's urls using get_absolute_url(), the {% url ... %} tag and the reverse() function. You won't be able to avail of these if you use query strings or Posts to display your objects.
Regarding query strings/parameters; I usually go by the rule of constructing the queryset with my URL, but filtering it with parameters. i.e. If I want to see all posts tagged with something, I get the main queryset via the URL /posts/tagged/some_tag and then drill them down where necessary with parameters; /posts/tagged/some_tag?rating=2
Regarding POST data; this should only really apply when you are presenting a form to edit an object. I would still use the URL to find and display the form (i.e. /posts/my-post-slug/edit/) and I would use parameters to control any options or features (i.e. /posts/my-post/slug/edit/?highlight_required_fields=true) but all the fields of the form would be submitted via POST
I have a content type that has a lookup field for a document library in its sub site. The content type is declared a site collection root level but I want the look up field to look up the document library in its local sub site where used. I deploy the content types using PowerShell and have used an event receiver to add the look up field. I can't however get it to reference the correct list, it only ever references the list at the root site collection.
How can I overwrite the look up list?
I avoid setting the List attribute in the Field element. I have had problems saving the site as a template when a custom Field has the List attribute set. But the other problem is that these properties are write-once. Better to leave it blank in the definition and then set it in the instance programmatically using SPFieldLookup.LookupWebId and SPFieldLookup.LookupList.