CFFILE Upload all Issues - Coldfusion 9 - coldfusion

I am trying to use this code for uploading files to my server but is giving me an error.
This is the code:
<cfif isdefined("form.submit")>
<cffile action="uploadall" destination="#expandpath('../../images/Uploads/after')#">
</cfif>
<cfform action="#cgi.script_name#" enctype="multipart/form-data">
<cfinput type="file" name="attachment1"><br>
<cfinput type="file" name="attachment2"><br>
<cfinput type="file" name="attachment3"><br>
<cfinput type="submit" name=" submit" value="submit">
</cfform>
This is the Error:
The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Invalid content type: application/x-www-form-urlencoded.
The files upload action requires forms to use enctype="multipart/form-data".
The error occurred in E:\sites\Example.Com\testing\handlers\upload\after.cfm: line 20

I see that you've moved on to a different solution, but I wanted to answer your question because the answer is plain crazy (and is stereotypical of some of the bizarre gotchas in Coldfusion). The problem is that <cfform> simply doesn't support the enctype attribute. If you want to upload files, you have to use a plain <form>. Weird, right?
(I suppose you could change the XSLT so that a cfform with a file input results in the enctype being set correctly automatically. But why it doesn't do this out of the box is beyond me.)

Does the directory structure that you are referencing in the destination attribute exist '"#expandpath('../../images/Uploads/after')#"'?
If the destination attribute is not an absolute path then it is relative to ColdFusion's temp directory. Not relative to your web root or the template that is running.
Here is the description from the docs here
Pathname of directory in which to upload the file. If not an absolute path (starting with a drive letter and a colon, or a forward or backward slash), it is relative to the ColdFusion temporary directory, which is returned by the GetTempDirectory function.

Related

coldfusion 10 cfinclude gives site cannot be reached error

I have a action page that redirects to a page based on condition.
I thought of Including that page insted of redirection.
So i used cfinclude function to include this file.
But including that file doesn't work.
But when i open that page in browser it is working fine without error.
For Ex.
http://domain.com/page2.cfm?cutomerID=10
is working fine.
IN http://domain.com/page1.cfm
I am including below code.
<cfset url.customerID = 10>
<cfinclude template="page2.cfm">
Even i tried to add only HTML content which i get in page source for "http://domain.com/page2.cfm?cutomerID=10"
It is still not working including a coldfusion page with just html text without any coldfusion code.
Strange thing is When i tried to remove some text from this html content it works for some time but when i reload it stops and give the below error again.
I am not sure if cfinclude has to do anything page length or some other factors.
Screenshot for error is attached below.
Error Screenshot Image
If you are asking for a link you can have it as:
<cfoutput>
<cfset href="domain.com/page2.cfm?customerID=#customerid#&etc=#etc#" />
</cfoutput>
For your question you can use this:
<cfset custID = 10/>
<cfinclude template="page2.cfm">
In page2.cfm:
<cfif isDefined(url.customerID) || isDefined(custID)>
<!--- your etc code here --->
</cfif>
Note: If you don't want to use url.customerID you can simply delete the occurance

coldfusion cffile upload how to describe the file to be uploaded

I've never used cffile upload. In looking at the documentation I see that the file to be uploaded is described as
Name of form field used to select the file.
Do not use number signs (#) to specify the field name.
I just cannot decipher this. If the file to be uploaded is john.jpg, residing on the user's disk, how do I indicate that in the cffile command?
I have other questions as well, but would like to start with this very basic one.
What documentation are you using? There should be an example like there is here: <cffile action="upload">
In this example (which I've edited), it shows that you do not reference the name of the file that the user selected, that could be anything, you reference the name of the form field, fileContents, that is used to upload the file.
<!--- Windows Example --->
<!--- Check to see if the Form variable exists. --->
<cfif structKeyExists(Form, "FileContents") >
<!--- If TRUE, upload the file. --->
<cffile action = "upload"
fileField = "FileContents"
destination = "c:\files\upload\"
accept = "text/html"
nameConflict = "MakeUnique">
<cfelse>
<!--- If FALSE, show the Form. --->
<form method="post" action=<cfoutput>#cgi.script_name#</cfoutput>
name="uploadForm" enctype="multipart/form-data">
<input name="FileContents" type="file">
<input name="submit" type="submit" value="Upload File">
</form>
</cfif>
Once the CFFILE process completes, a collection of variables are defined in a structure named CFFILE (see documentation link). One of these variables is cffile.clientFile, which contains the name of the file that was uploaded from the user's computer.
For the cffile command:
<cffile action = "upload"
fileField = "FileContents"
destination = "c:\files\upload\"
accept = "text/html"
nameConflict = "MakeUnique"
result = "thisResult">
...you would use #thisResult.clientFile# to get the original filename.
All the other fields would be available using this also.
I found this on stackoverflow:
ColdFusion ServerFile is undefined in CFFile

How can I include CSRFProvider in my existing site?

\edited: added creation of instance
I want to protect a site against CSRF. But because we're on CF9, I cannot use CSRFGenerateToken(). So I've done a little bit of research and found this: CSRFProvider.
It's a cfc providing protection against CSRF attacks.
My question is, how can I include it in my site? I want to use the 'hidden-forms' method, which is explained as followed:
// Writes a hidden form field to your view, you must pass an 'intention' which should be unique per form, per application
#csrf.renderToken(intention="my_unique_form_name")#
// On form submission, the application must verify the token using the same 'intention'
validSubmission = csrf.verifyToken(intention="my_unique_form_name", token=form._token);
I have copied the cfc in the apllications directory and created a form inside test.cfm with a hidden field:
<cfset csrf = new CSRFProvider()>
<cfform method="post" action="test2.cfm" name="qwertz">
<cfinput name="csrftoken" type="hidden" value="#csrf.renderToken(intention="qwertz")#">
<cfinput name="whatever" type="text" > <br/>
<cfinput name="Submit" type="submit" value="blah"> </cfform>
And in test2.cfm:
<cfif validSubmission = csrf.verifyToken(intention="qwertz", token=form._token); >
<p>valid</P>
<cfelse>
<p>nope</P
</cfif>
When I'm trying to open the site, it always tells me:
The method renderToken was not found in component [actual_path_to_my_applycation]/CSRFProvider.cfc.
Thanks in advance!

Login System in ColdFusion 9

I am working with a very old login system that my company used before on a website that used frames.
Before, when someone tried a wrong user/pass combination the frame would load a simple cfinclude file with the login form and an error message on top of it.
Now I am using a form in a popup window that calls the application.cfc but instead of getting the error message back on my popup window the page load the cfinclude file from the application component to a new page.
So I need a few things to happen for this application. First, I need the initial popup window to stay up and the page should not submit if the combination of user/pass is wrong, and finally I need the error message to appear somewhere on the popup.
If anyone did something like this before I would really appreciate your feedback.
This is a partial of my code:
Login Form:
<!--- loginErrMsg display - to tell why login is denied --->
<cfif isdefined("loginErrMsg")><span style="color:red">#loginErrMsg#</span><br /></cfif>
<form name="LoginForm" id="LoginForm" action="<cfif test is false>https://secure.example.com</cfif>#loginFormAction#" method="post" target="_top">
</cfoutput>
<input type="hidden" name="loginPost" value="true">
<p>
Login below to take advantage of the great services we offer:
</p>
E-mail:<input name="j_username" class="loginform" type="text" size="30" maxlength="50" id="j_username">
Password: <input name="j_password" type="password" size="30" maxlength="16" class="loginform">
<br />
<input type="submit" name="btn" value="Submit" class="bluebuttonnormal">
</form>
Application.cfc Code:
<cflogin applicationtoken="swmadmin">
<cfif NOT IsDefined("cflogin")>
<cfinclude template="login.cfm">
<cfabort>
<cfelse>
<cfquery name="userlookup" datasource="#ds#">
SELECT clientadminID, roles, isFaxOnly, acctEnabled FROM clientadmin
WHERE
username=<cfqueryparam value="#cflogin.name#" CFSQLTYPE="CF_SQL_VARCHAR" maxlength="50">
and password=<cfqueryparam value="#cflogin.password#" CFSQLTYPE="CF_SQL_VARCHAR" maxlength="16">
</cfquery>
<cfif userlookup.recordcount eq 0>
<cfset loginErrMsg = "Invalid login.">
<cfinclude template="login.cfm">
<cfabort>
</cflogin>
I am working with a very old login system that my company used before
on a website that used frames.
If this is a new website, don't use it. Login forms are a dime a dozen and can be done in your sleep. Start fresh and do it right.
So I need a few things to happen for this application. First, I need
the initial popup window to stay up and the page should not submit if
the combination of user/pass is wrong, and finally I need the error
message to appear somewhere on the popup.
You're going to want to use an AJAX solution here, either write your own or use a good library like jQuery. Once you check the login values you can use jQuery or simple javascript to unhide or update the innerHTML of an empty element to display your error message.
<cflogin ...>
...
</cflogin>
CFLogin makes me sad. Another one of ColdFusion's tags meant to simplify something commonly done that doesn't really help much and sacrifices flexibility. You can get far more control over your application without it. instead of CFLogin, try something like this pseudo code
<cfcomponent>
<cffunction name = "onRequest" ...>
<cfargument name="targetPage" type="String" required = "true" />
<cfif !structKeyExists(session, "roles") and !findNoCase("loginHandler.cfm",cgi.script_name)>
<!--- notice I prevent the redirect on the form handler, otherwise the ajax will get redirected to the login.cfm page --->
<cfinclude template = "login.cfm">
<cfelse>
<cfinclude template = "#arguments.targetPage#">
</cfif>
</cffunction>
</cfcomponent>
Your login.cfm would then contain your form but your button would fire something like jQuery.post() to "loginHandler.cfm", then depending on the result of the login, your callback function may use jQuery.html() to display the error or window.location.replace / window.location.href if the login was successful. Of course, in the event of a successful login, your ColdFusion page would have to create their session variables and do whatever else you want it to do before sending the result back to your AJAX call.

<cffile action="Read"> not getting the desired up-load loaction

I am using CF-8,windows-XP and IE 5.5.
I am using simple tag namely . but the output i am getting is pure gibberih along witht the text of the file(word document)
upld.cfm
<cffile action="read" file="C:\ColdFusion8\wwwroot\Proj\updl\fileDisk\SOL.doc" variable="fileDisk" >
<cfoutput>#fileDisk#
</cfoutput>
<cfoutput>
<form name="upload" method="post" action="actionUpld.cfm?form_Num=#form_Num#" enctype="multipart/form-data">
<input name="uplForm" id="uplForm" type="file" >
<input type="submit" name="submitUpld" value="Save" onclick="" >
</form>
</cfoutput>
actionUpld.cfm
<cftry>
<cfscript>
newUPL = CreateCFC('cfcs.projDB');
newUPL.Implementation_Num = url.form_Num;
newUPL.uplForm = form.uplForm;
newUPL.putUPL();
</cfscript>
<cfcatch type="any" >
<cfoutput >
<hr>
<h4>Other Error: #cfcatch.Type#</h4>
<li><b>Message:</b> #cfcatch.Message#
<li><b>Detail:</b> #cfcatch.Detail#
<li><b>Error Code:</b> #cfcatch.ErrorCode#
</cfoutput>
</cfcatch>
</cftry>
<cflocation url="upld.cfm??form_Num=#form_Num#" >
How best to use the cffile to output the file ?
Also when i look at the DB, i am getting the file name as
"C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\qeq344.tmp"
How to correct it?
Is there any better way.
Also when i look at the DB, i am
getting the file name as C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\qeq344.tmp
That is a temporary file name assigned to newly uploaded files. On your action page, you need to use cffile action="upload" ... to move that temporary file to the desired location. That will populate a structure called CFFILE with details about the uploaded file, such as CFFILE.serverFile and CFFILE.serverDirectory. (Or use the "result" attribute to output the details to whatever structure name you choose.)
How best to use the cffile to output
the file ?
You cannot display binary files (like *.doc) with cfoutput. To display/download such files in a browser use cfcontent