I have a few session variables I need setup for permissions and only the userID, userName and sessionAdmin variables are making it through. I do a cfdump and see all of the variables set to 0, which is the cfparam default. I also can not get the page to redirect to my sample address.
login.cfm
<cfif isDefined("FORM.login")>
<cfset Encryptpwd = Encrypt(FORM.password, application.PsswrdKy)>
<cfset loginInfo = CFCmain.getLogin(FORM.username,Encryptpwd)>
<cflock timeout=20 scope="session" type="exclusive">
<cfset session.UserName = loginInfo.username>
<cfset session.userid = loginInfo.id>
<cfset session.Access_admin = loginInfo.superadmin>
<cfset session.Access_var1 = loginInfo.var1>
<cfset session.Access_var2 = loginInfo.var2>
<cfset session.Access_var3 = loginInfo.var3>
<cfset session.Access_var4= loginInfo.var4>
<cfset session.Access_agency = loginInfo.agency>
</cflock>
<cflocation url="http://www.google.com">
</cfif>
and main.cfc where my variables are pulled from the db
<cffunction name= "getLogin" access="remote" returntype="any" >
<cfargument name="uname" type="string">
<cfargument name="pwd" type="string">
<cfquery name="getdata" datasource="#application.db#">
select * from users2 where username = '#arguments.uname#' and password = '#arguments.pwd#'
</cfquery>
<cfreturn getdata>
</cffunction>
For me it looks like the variable FORM.login is not defined!?
try:
<cfif isDefined("FORM.login")>
<cfdump var="hello">
<cfabort>
....
if you don't see the "hello", FORM.login is not defined...
try also:
<cfdump var="#form#" abort>
to see what is defined in the form scope.
And how others said, use cfqueryparam!! (security)
<cfquery name="getdata" datasource="#application.db#">
select *
from users2
where username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.uname#">
and password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.pwd#">
</cfquery>
Currently working with Coldfusion 10 and cfsearch.
After many hours of trial and error, I have managed to get cfindex to collect all my custom field data so that it is available to me as fields for the output on my search results page.
My only issue now, is that the search will be able to search for things like true / false strings and it will return in the search results.
I could run a QoQ to strip those out, im just wondering if anyone has any suggestions for adding fields to an index but not having them searchable.
Any ideas greatly appreciated
my current code is below
<cftry>
<!-- create new searchable collection -->
<!--- cfcollection action= "create" collection="testsearch" path= "#expandPath('/assets/scripts/server/solr/')#" ---->
<cfcollection action= "list" name="collectionlist">
<cfdump var="#collectionlist#">
<cfquery name="MyQuery" datasource="#request.DSN#" maxrows="10">
SELECT *
FROM Store_products
</cfquery>
<cfdump var="#myQuery#">
<cfset myAttr = structNew()>
<cfset variables.columns = "COST,CREATEDDATE,CUSTOM_MESSAGE,CUSTOM_MESSAGE_LENGTH,DISPLAYNAME,DONTINCLUDEINSTOCKUPDATE,FEATUREDPRODUCT,FINALDAYS,FREEDELIVERY,HEIGHT,HTMLMETADESCRIPTION,HTMLMETAKEYWORDS,IMAGE1,IMAGE10,IMAGE2,IMAGE3,IMAGE4,IMAGE5,IMAGE6,IMAGE7,IMAGE8,IMAGE9,ISBUNDLE,ISNEWPRODUCT,ISONLINE,ISONSALE,ISSILENT,LONGDESCRIPTION,MANUFACTURER,NOVOUCHERS,ONLINEEXCLUSIVE,PARTNUMBER,PRICE,PRICELEVEL1,PRICELEVEL10,PRICELEVEL11,PRICELEVEL12,PRICELEVEL13,PRICELEVEL14,PRICELEVEL15,PRICELEVEL2,PRICELEVEL3,PRICELEVEL4,PRICELEVEL5,PRICELEVEL6,PRICELEVEL7,PRICELEVEL8,PRICELEVEL9,PRODUCTCATEGORY,PRODUCTCOLOR,PRODUCTMATERIAL,PRODUCTNAME,PRODUCTSIZE,PRODUCTSTYLE,PRODUCTTITLE,PRODUCTVIEWS,RRP,SALEEND,SALEPRICE,SALESTART,SHORTDESCRIPTION,SOLDOUT,STOCKQUANTITY,STORESORTORDER,TAXEXEMPT,VOLUME,WEIGHT,WIDTH">
<cfloop from="1" to="#ListLen(variables.columns,',')#" index="idx">
<cfset myAttr[listGetAt(variables.columns,idx,',') & "_s"] = listGetAt(variables.columns,idx,',') >
</cfloop>
<cfindex attributecollection="#myAttr#" action="update" collection="testsearch" type="custom" body="DISPLAYNAME,HTMLMETADESCRIPTION,HTMLMETAKEYWORDS,LONGDESCRIPTION,MANUFACTURER,PARTNUMBER,PRODUCTNAME,PRODUCTTITLE,RRP,SHORTDESCRIPTION" query="MyQuery" key= "productname">
<cfsearch name="searchResults" collection="testsearch" criteria="false" >
<cfdump var="#searchResults#">
<cfcatch type="any">
<cfdump var="#cfcatch#">
</cfcatch>
</cftry>
I have a form where I can upload logos a plenty. I'm validating files (empty form fields, wrong extension, ...) inside a cftry/cfcatch statement.
When I find an error in the cftry, I do this:
<cfthrow type="FileNotFound" message="#tx_settings_app_error_create_first#" />
and inside my 'cfcatch'
<cfcatch>
<cfoutput><script type="text/javascript">window.onload = function(){alert("#cfcatch.message#");window.location.href="hs_apps.cfm"; } </script></cfoutput>
</cfcatch>
This works fine, catches all errors and alerts the user what is wrong.
Now I wanted to use the same handler on a database call where I'm checking for duplicate username. Still the same:
<cfquery datasource="#Session.datasource#" name="duplicates">
SELECT a.app_alias
FROM apps AS a
WHERE a.iln = <cfqueryparam value = "#Session.loginID#" cfsqltype="cf_sql_varchar" maxlength="13">
AND a.app_alias = <cfqueryparam value = "#form.app_basic_alias#" cfsqltype="cf_sql_varchar" maxlength="50">
</cfquery>
<cfif duplicates.recordcount GT 0>
<cfthrow type="FileNotFound" message="#tx_settings_apps_error_dup#" />
</cfif>
The cfcatch is also the same.
However. This now procudes a server error page and I'm thrown out of the application.
Question:
Any idea, why I'm struggling to get cftry/cfcatch to work here? I'm clueless.
Thanks!
EDIT:
Here is the full code
<cfif isDefined("send_basic")>
<cfset variables.timestamp = now()>
<cfset variables.orderview = "1">
<cfif form.send_basic_type EQ "new">
<cftry>
<cfif module_check.recordcount GT 0>
<cfloop query="module_check">
<cfif module_check.module_name EQ "preorder">
<cfset variables.module_name = module_check.module_name>
<cfset variables.b2b_preord_ok = "true">
</cfif>
</cfloop>
<cfif form.app_basic_orderview EQ "preo">
<cfset variables.orderview = "0">
</cfif>
</cfif>
<!--- PROBLEM HERE: DUPLICATES --->
<cfquery datasource="#Session.datasource#" name="duplicates">
SELECT a.app_alias
FROM apps AS a
WHERE a.iln = <cfqueryparam value = "#Session.loginID#" cfsqltype="cf_sql_varchar" maxlength="13">
AND a.app_alias = <cfqueryparam value = "#form.app_basic_alias#" cfsqltype="cf_sql_varchar" maxlength="50">
</cfquery>
<cfif duplicates.recordcount GT 0>
<cfthrow type="FileNotFound" message="#tx_settings_apps_error_dup#" />
</cfif>
<!--- IF PASS, CREATE/UPDATE --->
<cfquery datasource="#Session.datasource#">
INSERT INTO apps ( ... )
VALUES( ... )
</cfquery>
<cfset variables.app_action = "Applikation erstellt">
<!--- success --->
<cfoutput><script type="text/javascript">window.onload = function(){alert("#tx_settings_app_cfm_create#");}</script></cfoutput>
<cfcatch>
<cfoutput><script type="text/javascript">window.onload = function(){alert("#tx_settings_app_err_create#");}</script></cfoutput>
</cfcatch>
</cftry>
<cfelse>
<cftry>
<!--- UPDATE --->
<cfquery datasource="#Session.datasource#">
UPDATE apps
SET ... = ...
</cfquery>
<cfset variables.app_action = "Applikation aktualisiert">
<!--- success --->
<cfoutput><script type="text/javascript">window.onload = function(){alert("#tx_settings_app_cfm_update#");}</script></cfoutput>
<cfcatch>
<cfoutput><script type="text/javascript">window.onload = function(){alert("#tx_settings_app_err_update#");}</script></cfoutput>
</cfcatch>
</cftry>
</cfif>
</cfif>
The error message I'm getting it the message I specify =
<cfthrow type="FileNotFound" message="#tx_settings_apps_error_dup#" />
Which if caught should alert the text behind tx_settings_apps_error_dup. If I dump the cfcatch, cfcatch.message is my specified text, so the error gets caught allright, only I get a server error page vs. an alert. I'm using exactly the same handler for fileuploads and form submits. I don't get why it's not working here?
Thanks for helping out!
WORKAROUD:
Note nice, but suffice(s):
<cfif dups.recordcount NEQ 0>
<cfoutput><script type="text/javascript">window.onload = function(){alert("#tx_settings_apps_error_dup#"); location.href = "hs_apps_detail.cfm?create=newApp&id=none";}</script
</cfoutput>
<cfabort>
</cfif>
So when a duplicate is found I alert the user, reload the exact same page and cfabort to prevent the old page from processing further. Patch that is.
(moved this down from being just a comment)
OK, so the catch is definitely catching the exception if you're able to dump it, so it's not that the try/catch ain't working, it's something else. Bear in mind that processing will continue until the end of the request after your catch block, and only then will the output buffer be flushed, and your alert() sent to the browser. It sounds to me like after your output the alert, and processing continues, some OTHER error is occurring which is causing the server's error page to display. I recommend getting rid of the error page temporarily and eyeballing the actual error CF is raising.
NB: if you want processing to stop immediately in the catch block after you output the alert(), you're going to need to tell CF that, ie: with a <cfabort>. Otherwise, as per above, it'll just keep going.
I think exceptions that are caught by the server error page are still logged in the exception log, but I could be wrong. You could always put an onError() handler in your Application.cfc, log whatever error occurred, then rethrow the error so the error page still deals with it. That way you get the info on the error, and the punter still sees the nice error page.
I have a cfselect statement that is bound to a remote cfc. It passes the value of another element in the form to the cfc in order to populate the cfselect. I was running this code with cfdebug enabled and it seemed to be working fine, but I found that if I do not have cfdebug enabled nothing is populated. I am not getting any other errors that I know of, and I have tried it in chrome and mozilla - same problem.
Here is my cfselect:
<cfselect name="intlRepID" id="intlRepID" required="yes" value="userID" display="businessName" bind="cfc:nsmg.extensions.components.user.getIntlRepRemote({programID})" bindonload="true" />
Here is my remote function:
<cffunction name="getIntlRepRemote" access="remote" returntype="array" output="false" hint="Gets a list of Intl. Reps. assigned to a candidate">
<cfargument name="programID" default="" hint="Get Intl. Reps. Based on a list of program ids">
<cfscript>
// Define variables
var qGetIntlRepRemote='';
var result=ArrayNew(2);
var i=0;
</cfscript>
<cfquery
name="qGetIntlRepRemote"
datasource="#APPLICATION.DSN#">
SELECT
u.userID,
u.businessName
FROM
smg_users u
INNER JOIN
smg_students s ON s.intRep = u.userID
WHERE
s.companyid = <cfqueryparam cfsqltype="cf_sql_integer" value="#CLIENT.companyid#">
<cfif LEN(ARGUMENTS.programID)>
AND
s.programID IN ( <cfqueryparam cfsqltype="cf_sql_integer" value="#ARGUMENTS.programID#" list="yes"> )
</cfif>
AND
s.active = <cfqueryparam cfsqltype="cf_sql_integer" value="1">
GROUP BY
u.userID
ORDER BY
u.businessName
</cfquery>
<cfscript>
// Add default value
result[1][1]=0;
result[1][2]="---- All - Total of " & qGetIntlRepRemote.recordCount & " International Representatives ----" ;
// Convert results to array
For (i=1;i LTE qGetIntlRepRemote.Recordcount; i=i+1) {
result[i+1][1]=qGetIntlRepRemote.userID[i];
result[i+1][2]=qGetIntlRepRemote.businessName[i];
}
return result;
</cfscript>
</cffunction>
How can this be rewritten using the new scripting syntax along with the hibernate query language in CF9?
<cfcomponent output="no">
<cffunction name="Login" output="no">
<cfargument name="UsrName">
<cfargument name="UsrPassword">
<cfquery name="local.qry">
SELECT * FROM UsrView
WHERE UsrName = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.UsrName#">
AND UsrPassword = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.UsrPassword#">
</cfquery>
<cfreturn local.qry>
</cffunction>
</cfcomponent>
Is this what you are after?
component{
public query function Login(UsrName,UsrPassword){
// get array of entities matching filter
var arrayOfUsers = EntityLoad('User',{
UsrName=arguments.UsrName, UsrPassword=arguments.UsrPassword
});
// convert entity array to a query object
return EntitytoQuery(arrayOfUsers);
}
}