We are using CF MX7 for one of our applications.
When we enter a set of characters to search for through the application CF throws out an error stating the below:
Element USER_NAME is undefined in URL.
The error occurred in D:\Inetpub\wwwroot\MISWEB\lci\userNavigator.cfm: line 2
1 : <CFSET login_id = #url.user_login#>
2 : <CFSET user_name = #url.user_name#>
3 : <CFSET user_id = #url.user_id#>
This is occurring when we enter a login ID to search for that has an # character in it 0952#2. so basically, i understood that the problem is with the login ID that we are entering, but we cannot ask the user to change his login ID. is there an alternate way to change the code in such a way that it accepts these values?
<CFSET login_id = #0952#2#>
hence the error is being thrown out at the second line where it is not accepting the username as it is not correct. Is there any way we can include the # present in the login ID provided inside the declaring #..# open and close # function?
Because the search form is performing a GET request, the form fields are added to the URL. The problems is the hashes (#) are being interpreted by the browser as an on-page location, so nothing after the first hash in the URL is even being sent to the server, which is why ColdFusion says it doesn't exist.
To overcome this, you'll need to encode the hashes before submitting the form. You can do this with JavaScript and the form's onsubmit handler.
escape(document.formName.user_name.value);
This will send the user_name in the URL in an encoded format (%230952%232%23), which you can then decode when you set it to user_name.
<cfset user_name = urlDecode(url.user_name)>
Related
I am setting the cookie value to (id, hash_of_id), but when the code is reading the value of the cookie it is getting only the part before comma. Not sure why:
These are the codes:
This is setting the values of the cookie named user_id.
self.response.headers.add_header('Set-Cookie', 'user_id = %s; Path=/'
% id_hash)
The value of id_hash is coming from following:
def make_hash(user_id): return hmac.new(SECRET,
str(user_id)).hexdigest()
def new_hash(user_id): id_hash = make_hash(user_id) return "%s,%s"
%((user_id), id_hash)
id_hash = new_hash(user.key().id())
When I am checking the value of the cookie in the browser using Edit this Cookie extension, it shows something like this:
This shows cookie has got id and hashed value of id.
Now value of cookie is being read:
cookiess = self.request.cookies.get('user_id')
When I am displaying the value of variable cookiess using
self.render("welcome.html", username = cookiess)
It shows only the part before comma,
enter image description here
I am not able to understand why the self.request.cookie.get returns value only till comma and not complete value.
Came to know that there is a bug in google appengine due to which
self.request.cookie.get()
was returning value only till comma. Instead of comma if something else like a pipe (|) is used as separator, then this function is working properly.
I am trying some code using cfldap in ColdFusion. The problem is when I try using a password that includes a #, I get an error:
Authentication failed:[LDAP: error code 49 - 80090308: LdapErr:
DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]
Is it possible to use a cfldap password containing #? I've tried with ReplaceNoCase. When the password has a #, it changes to ##, so ColdFusion knows it is a text, not a variable, but still get this error. Thank you so much guys.
Here's my code
<cfset convertPwd = ReplaceNoCase(txtPassword,"##","####")>
<cfldap action="QUERY"
name="ChkUserName"
attributes="sAMAccountName,givenName,initials,sn,cn,mail,objectClass,dn"
start="#trim(qGetSettingLdap.bindserver)#"
server="#trim(qGetSettingLdap.ipserver)#"
scope="SUBTREE"
username="#form.txtName#"
password="#trim(convertPwd)#"
port="#trim(qGetSettingLdap.portserver)#" filter="(sAMAccountName=#form.txtName#)">
How to verify email through link.
I have user edit profile and it is showing user email.I want to give one link to verify email.I do not what to do.
Add one column to your
User Model : email_verification and by default set to zero (0).
Then using persistence_token create a URL and sent to that specific email address. If you dnt have persistence_token as column in your User model then you can add custom column of your choice like verify_email_token as column name and stored 50 random string.
Using
o = [('a'..'z'),('A'..'Z'),('0'..'9')].map{|i| i.to_a}.flatten
string = (0...50).map{ o[rand(o.length)] }.join
URL example :
http://www.yoursitename.com/VerifyEmailAddress/?token=persistence_token ;
When user click on that link, internally call function like VerifyEmailAddress and in that method update email_verification column by one (1).
I'm using Django registration inside my project on a development server.
When I register a new user, I use EMAIL_BACKEND = 'django.core.mail.backends.filebased.EmailBackend' to get the activation link.
When I try to put the activation link into the web browser, I have an error, and the account is not activated.
It is said :
Thank you.
This function is used to generate the key.
def create_profile(self, user):
"""
Create a ``RegistrationProfile`` for a given
``User``, and return the ``RegistrationProfile``.
The activation key for the ``RegistrationProfile`` will be a
SHA1 hash, generated from a combination of the ``User``'s
username and a random salt.
"""
salt = hashlib.sha1(str(random.random())).hexdigest()[:5]
username = user.username
if isinstance(username, unicode):
username = username.encode('utf-8')
activation_key = hashlib.sha1(salt+username).hexdigest()
return self.create(user=user,
activation_key=activation_key)
I received that mail. But I use EMAIL_BACKEND'django.core.mail.backends.filebased.EmailBackend'.
I think the problem comes from here. But I can't test in production server.
I solved the problem actually It's because I generate the email to send inside a file thanks to the file email backends provided by django for development purpose. Inside this file, when there is a carriage return, it adds an = characters. And this is the case with the link to active the account.
You shouldn't have a = character in your activation key.
Although sergzach's answer will work, I'd be more interested in finding out why that = is there in the first place.
django-registration usually generates the key as follows:
salt = sha.new(str(random.random())).hexdigest()[:5]
activation_key = sha.new(salt+user.username).hexdigest()
Where are you generating yours?
The character '=' is not in the range of \w+. Use [\w=]+ instead of \w+.
Replace ?P<activation_key>\w+ to ?P<activation_key>[\w=]+
I'm trying to run a very quick update query to record that a user's email address is confirmed (setting the confirmed [bit] column in my users table to 1 after they click a link sent via email). Here's the action that should do it:
<cffunction name="confirmEmail">
<cfscript>
user = model("user").findOne(where="id=#params.userid# AND uuid='#params.uuid#'", returnAs="query");
if(user.recordCount) {
pageTitle = "E-mail Confirmation Success";
user.update(confirmed=1);
} else {
redirectTo(route="authenticationDenied", alert="Something was wrong with your confirmation string. Please contact site administrators.");
}
</cfscript>
</cffunction>
But when I submit the appropriate URL (I've dumped and can see the model call finds one valid record), I get the following error in Railo 3.3.x:
No matching Method/Function [update] for call with named arguments found
...highlighting the user.update(confirmed=1); line in my code. So what am I doing wrong? Previously I have always used save/update(params.user) or thereabouts for these queries, but that seems like overkill here; I just want to pass a 1-bit update.
Okay, my CTO who is new to CFML and Wheels figured this out in like 5 seconds. Hence the "C" I guess.
By returning the user model as a query instead of an object, I didn't have access to the update/save() methods. (Duh, MVC n00b.) The reason I was returning it as a query was simply that I've been doing that a fair bit in order to have easy manipulation of output, and in this case so that I can test for the existence of a record the way I always have (if recordCount). But this works...
<cffunction name="confirmEmail">
<cfscript>
user = model("user").findOne(where="id=#params.userid# AND uuid='#params.uuid#'");
if(isObject(user)) {
user.update(confirmed="1");
} else {
flashInsert(error="Something was wrong with your confirmation string. Please contact site administrators.");
redirectTo(route="authenticationDenied");
}
</cfscript>
</cffunction>