If I have a site where there is a protected back end and I'm looking to use an application.cfm file, how can I tell which pages use the application filesa and which ones do not.
index.cfm
update/application.cfm
update/loginexpired.cfm
update/login.cfm
update/somesecurepage.cfm
update/someothersecurepage.cfm
I want updates/login.cfm to create the session if the login is correct.
If the secure pages update/somesecurepage.cfm and update/someothersecurepage.cfm are accessed without correct login the application should forward to update/loginexpired.cfm but I don't want any of the other pages to use application.cfm.
Is this plausible or should I use cfinclude instead?
Always make sure you name your Application.cfm and Application.cfc files with a capital "A". This way if you move from Windows to a case sensitive file system, you wont have an issue where ColdFusion cannot find your Application.cfm/cfc files.
As far as your question goes, with your current structure, all files in the "update" folder will use the Application.cfm file. It will be executed before any other code in those files. If you only want certain pages to redirect to a loginexpired page, then I would typically create a subfolder, put an Application.cfm file in that folder that includes the Application.cfm file from the parent folder: <cfinclude template="../Application.cfm" />. Then in this file, you would add your security check. in the parent Application.cfm file you would include the <cfapplication /> tag. If you are using sessions, be sure to enable session management in your cfapplication tag. (<cfapplication name="myappname" sessionmanagement="true" />)
You really should have an Application.cfm or Applciation.cfc file in the root of your site. If you do not, the application will run without an application scope. ColdFusion has a kind of "unnamed" application where this would run without a defined application name. You will most likely encounter undesired effects. All CF apps should have a named application, using the cfapplication tag or a Application.cfc file with this.name set.
If you are writing this as a new application, I would suggest you use Application.cfc instead of Application.cfm. You will have access to the application, session and request life cycles (onApplicationStart/End, onSessionStart/End, onRequestStart/End) as well as the onError and onMissingTemplate event handlers giving your more control over the flow of your application.
When a .cfm page is loaded, it will first look for an Application.cfc (The modern, recommended Application object) in the same folder and run it. If that file is not present, it will look for an Application.cfm (the old way of instantiating an Application.)
If neither exists in that folder, it will look up the tree to the next folder and check there for Application.cfc, then Application.cfm, it will repeat this until it finds one or gets to the root of the server.
Therefore, ALL of the files you listed in your 'update' folder will automatically use the application.cfm. Only the index.cfm listed in the root will not. (because neither Application.cfc nor Application.cfm are located in that folder.)
So it would be best to use an Application.cfc in the root of your site for everyone, and then put the locked down pages in a subfolder with a more restrictive Application.cfc.
I hope that answers your question directly. Otherwise, I agree with what Sean stated.
More info about Application.cfc and Application.cfm is available on Adobe's Coldfusion site.
I suggest to you to make a different Appliction.cfm (pref Application.cfc) for the public area and secure area. Also define a differnt name for those Application.
Oops, spelling error
I suggest to you to make a different Appliction.cfm (pref Application.cfc) for the public area and secure area. Also define a different name for those Application.
Related
In my application root folder, I have an Application.cfc file. In a subfolder, there is an Application.cfm. When I call a script in the subfolder which Application file executes: Application.cfc or Application.cfm?
When you call templates in the subfolder then the Application.cfm in the subfolder gets executed.
Application.cfm gets executed and to learn more about the order of execution.
From the documentation:
How ColdFusion finds and process application definition pages
ColdFusion uses the following rules to locate and process the
Application.cfc, Application.cfm, and OnRequestEnd.cfm pages that
define application-specific elements. The way ColdFusion locates these
files helps determine how you structure an application.
Each time ColdFusion processes a page request it does the following:
When ColdFusion starts processing the request, it does the following:
It searches the page's directory for a file named Application.cfc. If one exists, it creates a new instance of the CFC, processes the
initial events, and stops searching. (ColdFusion creates a new
instance of the CFC and processes its initialization code for each
request.)
If the requested page's directory does not have an Application.cfc file, it checks the directory for an Application.cfm file. If one
exists, ColdFusion logically includes the Application.cfm page at the
beginning of the requested page and stops searching further.
If the requested page's directory does not have an Application.cfc or Application.cfm file, ColdFusion searches up the directory tree
and checks each directory first for an Application.cfc file and
then, if one is not found, for an Application.cfm page, until it
reaches the root directory (such as C:). When it finds an
Application.cfc or Application.cfm file, it processes the page and
stops searching.
ColdFusion processes the requested page's contents.
When the request ends, ColdFusion does the following:
If you have an Application.cfc, ColdFusion processes the CFC's onRequestEnd method
and releases the CFC instance.
If you do not have an
Application.cfc, but do have an Application.cfm page, ColdFusion looks
for an OnRequestEnd.cfm in the same directory as the Application.cfm
page ColdFusion uses for the current page. ColdFusion does not search
beyond that directory, so it does not run an OnRequestEnd.cfm page
that resides in another directory. Also, the OnRequestEnd.cfm page
does not run if there is an error or an exception on the application
page, or if the application page executes the cfabort or cfexit tag.
The following rules determine how ColdFusion processes application
pages and settings:
ColdFusion processes only one Application.cfc or Application.cfm page for each request. If a ColdFusion page has a cfinclude tag
pointing to an additional ColdFusion page, ColdFusion does not
search for an Application.cfc or Application.cfm page when it
includes the additional page.
If a ColdFusion page has a cfapplication tag, it first processes any Application.cfc or Application.cfm, and then processes the
cfapplication tag. The tag overrides the settings from the
application files, including the application name and the behaviors
set by the cfapplication tag attributes.
You can have multiple Application.cfc files, Application.cfm files, and cfapplication tags that use the same application name. In this
case, all pages that have the same name share the same application
settings and Application scope and set and get all the variables in
this scope. ColdFusion uses the parameter settings of the
cfapplication tag or the most recently processed file, if the
settings, such as the session time-out, differ among the files.
Actually there are server settings which also influence the way which application.cfc/cfm file is executed.
In the
Application.cfc/Application.cfm lookup order
Select the order in which ColdFusion searches for Application.cfm or >Application.cfc if it is not found in the current project folder. You can >set ColdFusion to search as follows:
default search order: ColdFusion looks for an >Application.cfc/Application.cfm file from the current folder until the >system root directory. On Windows, this could be C:\ and on UNIX, /opt.
till web root: ColdFusion looks for an Application.cfc/Application.cfm >file from the current folder till web root.
in web root: ColdFusion looks for an Application.cfc/Application.cfm file >in the current folder or web root.
CFIDE SETTINGS
Anyone with a bit of experience with CFWheels will know how awesome it is, but also how fiddly it is with its placement in the web root / sub-folders etc.
I have a CFWheels website, that I would now like to place alongside a WordPress installation.
CFWheels placed in the web root (which is fine) and I would like WordPress to run in a sub-folder in that same web root named 'blog'. How can I do this without invoking CFWheels desire to find a controller or action called 'blog'?
I know that the 'miscellaneous' folder is a folder that I can place things that CFWheels will ignore, but putting the blog into this directory isn't really an option.
Any help or advice would be great.
EDIT: I just noticed that the miscellaneous folder has a blank Application.cfc file that stops CFWheels messing with it. I'm not around to test this right now, but will update later if it's possible to use this same technique on other folders I create. I may have answered my own question in record time.
Thanks,
Mikey.
Wordpress runs on PHP so CFWheels should never get involved in the process. If it does, simply change the DirectoryIndex (or IIS equivalent) to have index.php ahead of index.cfm for the Wordpress directory (or link to blog using full URL and not just the directory) and you should be fine.
Placing a blank Application.cfc file in the folder of choice, stops CFWheels getting involved with everything in it.
I have a couple web applications written in ColdFusion. The applications have their own folder inside the CF root folder. When I do a successful <cflogin> I am returned to the index page of the root folder. I want the user to stay within that apps folder I know it can be done, I just can't remember how to start. Something where you set the root page for the application withing that App's Application.cfc page. Any insight?
If you delete an Application.cfc from your local drive, that doesn't mean it was deleted from the server. So you might have some hidden Application.cfc's thoughout the App.
I'm working in a legacy app that was built upon the use of Application.cfm files rather than Application.cfc files.
There is a need to be able to run code after a request has processed. (Basically, I am wanting to use the <cfhtmlhead> tag to inject some Javascript and CSS files into every loaded document. Before I was doing this with a GreaseMonkey user script, but something server-side would be best.)
From what I read, I think I should be able to do this with the onRequestEnd() function, however, I've only ever seen that referenced in regards to Application.cfc files. I have read that you can put an onRequestEnd.cfm file in the same directory as an Application.cfm file to have it register it to the onRequestEnd() function, but the system does not map to one Application.cfm file (i.e. I would have to throw this onRequestEnd.cfm file in a lot of directories).
Is there some other way to register this onRequestEnd() function using an Application.cfm setup? In case it matters, we are running Coldfusion 9.
Just to clarify, the onRequestEnd() method is only available if you are utilizing the Application.cfc file.
The OnRequestEnd.cfm file does indeed work like the Application.cfm file in that ColdFusion automatically looks for it and will process it's contents when found. Do note that you cannot use an OnRequestEnd.cfm page if you have an Application.cfc file for your application. So assuming that you have no Application.cfc files for your application and are only using Application.cfm files then the OnRequestEnd.cfm file should work for you. All you need to do is insert the CFML code that you would like to be executed after the page request into that file.
If you have several Application.cfm files spread out in various folders then, yes, you will also need to copy/create the OnRequestEnd.cfm files in those directories as well. You might be able to copy stub OnRequestEnd.cfm files in those directories that do nothing more than cfinclude your actual code from another, single, location. At least that way once you have all of the stub files out there you can modify the code in a single place.
See the documentation for Structuring an application (it was written for ColdFusion 8 but the same rules still apply). In case that page is taken down, here is the relevant text:
How ColdFusion finds and process application definition pages
ColdFusion uses the following rules to locate and process the Application.cfc, Application.cfm, and OnRequestEnd.cfm pages that define application-specific elements. The way ColdFusion locates these files helps determine how you structure an application.
Each time ColdFusion processes a page request it does the following:
When ColdFusion starts processing the request, it does the following:
It searches the page's directory for a file named Application.cfc. If one exists, it creates a new instance of the CFC, processes the initial events, and stops searching. (ColdFusion creates a new instance of the CFC and processes its initialization code for each request.)
If the requested page's directory does not have an Application.cfc file, it checks the directory for an Application.cfm file. If one exists, ColdFusion logically includes the Application.cfm page at the beginning of the requested page and stops searching further.
If the requested page's directory does not have an Application.cfc or Application.cfm file, ColdFusion searches up the directory tree and checks each directory first for an Application.cfc file and then, if one is not found, for an Application.cfm page, until it reaches the root directory (such as C:). When it finds an Application.cfc or Application.cfm file, it processes the page and stops searching.
ColdFusion processes the requested page's contents.
When the request ends, ColdFusion does the following:
If you have an Application.cfc, ColdFusion processes the CFC's onRequestEnd method and releases the CFC instance.
If you do not have an Application.cfc, but do have an Application.cfm page, ColdFusion looks for an OnRequestEnd.cfm in the same directory as the Application.cfm page ColdFusion uses for the current page. ColdFusion does not search beyond that directory, so it does not run an OnRequestEnd.cfm page that resides in another directory. Also, the OnRequestEnd.cfm page does not run if there is an error or an exception on the application page, or if the application page executes the cfabort or cfexit tag.
The following rules determine how ColdFusion processes application pages and settings:
ColdFusion processes only one Application.cfc or Application.cfm page for each request. If a ColdFusion page has a cfinclude tag pointing to an additional ColdFusion page, ColdFusion does not search for an Application.cfc or Application.cfm page when it includes the additional page.
If a ColdFusion page has a cfapplication tag, it first processes any Application.cfc or Application.cfm, and then processes the cfapplication tag. The tag can override the settings from the application files, including the application name and the behaviors set by the cfapplication tag attributes.
You can have multiple Application.cfc files, Application.cfm files, and cfapplication tags that use the same application name. In this case, all pages that have the same name share the same application settings and Application scope and can set and get all the variables in this scope. ColdFusion uses the parameter settings of the cfapplication tag or the most recently processed file, if the settings, such as the session time-out, differ among the files.
Note: If your application runs on a UNIX platform, which is case-sensitive, you must spell Application.cfc, Application.cfm, and OnRequestEnd.cfm with capital letters.
Since you are using ColdFusion 9, it would be fairly trivial to upgrade to using Application.cfc instead of trying to figure out how to plug in OnRequestEnd.cfm files. Plus, there are advantages to using Application.cfc to Application.cfm.
A few references:
http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=appFramework_15.html
http://forum.hostek.com/showthread.php?724-Converting-to-Application-cfc
http://www.bennadel.com/blog/726-ColdFusion-Application-cfc-Tutorial-And-Application-cfc-Reference.htm
http://www.raymondcamden.com/index.cfm/2009/12/30/Best-of-CF9-Applicationcfc-Script-Template
http://cfruss.blogspot.com/2009/11/applicationcfc-reference-in-cfscript.html
I am modifying an existing web application which has been coded in Coldfusion. In the existing code, a large portion of the folders contain an Application.cfm file which sets the Application variables
However, part of my modification to these apps requires me to use the Application.cfc rather then the existing .cfm file.
Is there any potiential problems of having both of these files in the same directory? Or will Coldfusion default to using one over the other (or will it run both?)
Thanks,
Steven
EDIT
Just to shine some more light onto this. I am integrating a new centralized login system, but a caveat of this is that it must have a fall back login (in case of downtimne for login system). That is why i dont want to blow out the old code
If there is an Application.cfc file ColdFusion will use that. If you have both, Application.cfm will be ignored.