Thursday, October 31, 2013

Creating a Random Captcha with refresh Option

We all know that creating captcha is not a tough job in ColdFusion. But, one newbie in ColdFsion just asked me to help in creating a random captcha for his application.

I thought to share with others.

I have divided the entire code into three parts.

  1. captcha.cfm - Page where we will display the captcha image.
  2. Util.cfc - It contains a user defined function "generateRandomText" to generate random captcha text.
  3. refreshCaptcha.cfm - Page which will handle AJAX call while refreshing captcha image.

Lets see the "captcha.cfm" below:

Here, in above code I have used "ImageCreateCaptcha" function, which is added in ColdFusion 10 for captcha generation.

Lets see the "Util.cfc"

In this file, I have written a function called "generateRandomText"  for generating captcha string. Logic is very simple, you can modify it according to your requirement.

Next, come to "refreshCaptcha.cfm":

We are making AJAX call to this file which again generates random captcha image and sends to browser for display.

So, this is whole story for generating and refreshing captcha image in ColdFusion!!!

Wednesday, October 30, 2013

You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.

Today, I was setting up a new sample project in my machine and I just got some unexpected error message for loading .CSS and .txt files but my ColdFusion file .cfm was loading fine.

The error message was:

HTTP Error 401.3 - Unauthorized

You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.

After little Googling I got the solution but most of the solutions are not described very well. So, thought to share it again.
***NOTE: This issue may come for other types of files like: JS, ColdFusion or ASP files.

What is the solution for this issue?

  • Go to the directory where you have placed your web application files. EX: For my application it's: C:\Users\Upendra Roul\Documents\GitHub
  • Right Click on that directory then go to properties -> Securtity(Tab). You will see a image like below.

  • Click on "Edit" button of the above image, you will see a next window like below:
  • Click on "Add" button as marked in the above picture then you will see a screen like below:
  • Click on "Advanced" button as highlighted in the above picture, then you will see a screen like below:
  • Here, in the above picture first you have to click on "Find Now" then you will see list of users in "Search result" section below as shown in the above picture. Next, select the highlighted user "IUSR" then click on "OK" button. Then you will see a screen like below:
  • If you mark in the above screen, IUSR is selected in the user selection box then click on "OK" button. Then you will see a screen like below:
  • The above screen is the final set up screen. Here, first select "IUSR" from "Group or user names" then allow all permission for that user by selecting the check boxes in the highlighted section. Then click on "Apply" then Click on "OK". After that for all other screens just Click on "OK".

After all these set up refresh your web page you will see all resources are loading perfectly.

Hope it will save your time!!!

Sunday, October 27, 2013

structDelete & CFCOOKIE for Delete Cookie in ColdFusion

Previously, I had a misconception that we can only delete a cookie from ColdFusion by using CFCOOKIE tag only. But, during experimenting with ColdFusion cookie, I just got to know that even using function "structDelete" we can alos delete a cookie.

Let's see how exactly:

I had written the above CF code to test.

 - When first I run this page, I see two cookie variables - CFID and CFTOKEN. You can see the image below.
 - Next time, I run the same code with "setx = 1" in URL. It just created a new cookie variable "X", with expiration date as one month ahead. You can see the image below.
 - Next, I run the same code again without any url parameter. So, it will go for delete section. As we have not passed any  url variable "delByTag", so it will go for "structDelete" section and in result you can see the cookie dump.
 - Refresh the page again, you will see the target cookie is deleted. As shown below.
Question: What exactly ColdFusion does to delete a cookie from browser?

 - Set the cookie "X" by following the above steps.
 - Pass url parameter "delByTag = 1" and run the page, you can see the cookie "X" is empty in seond dump after refreshing the page you will see no cookie "X" in dump. If we will notice the HTTP request for cookie delete then we will find the following screen shot.
- As you can see, the HHTP response contains command to broser from ColdFusion to delete the cookie. That's why the browser removes the cookie.

If you again set the cookie and for delete don't use "delByTag = 1", so it will use struct delete and in that case if we will see the HTTP response as shown below. Here, we will see the a same thing in resopnse to delete the cookie.
The difference I found, by using cfcookie we can set a past date in the expiry field but "structDelte" will always use the current date for that operation. You can debug more by looking into the HTTP request/response.

Happy Coding!!!

Friday, October 25, 2013

Case Sensitive Issue With Cookie In ColdFusion

Scenario: Few days back one of my colleague was working on a shopping cart project. Where they were setting some cookie by using JavaScript (client side ) and then trying to delete that cookie from server side.

Issue: After deleting the cookie each time it was assigning an empty string to that cookie but that cookie was present in cookie scope and in next request it was coming again.

To show the exact situation I wrote following piece of ColdFusion code:

First time, I run the code without any cookie I got following output.

As we see there is only two cookie in ColdFusion dump and also in Firebug( i.e, - CFID and CFTOKEN)
Then, I run following piece of JS code to set a cookie with name 'x'

document.cookie = 'x=test; expires=Fri, 25 Oct 2013 20:47:11 GMT; path=/';

CASE - 1:
Next, I run the ColdFusion code and I got following result:

  • First Line of ColdFusion code it just dumps cookie scope, where we can see our cookie in lower case with value “test”. 
  •  Next line, if cookie “x” exists then, show message “Inside if” and delete that cookie by setting expiry date as now and value empty string(“”).
  • Else show message “Inside Else”.
  • Dump cookie scope.
I run the same page multiple times I got same results, means my cookie is not getting deleted. If you notice the first cookie dump shows “x” in lower case and next cookie dump shows in upper case.

CASE - 2:

In second test case I cleared all my cookies and again run the following JS code to set the cookie.

document.cookie = 'X=test; expires=Fri, 25 Oct 2013 20:47:11 GMT; path=/';

Here, if you notice I have set cookie name in upper case. Then I run the ColdFusion code and I got the following result:

Here, if you will notice cookie name is in upper case in both the dump and in Fire bug cookie “X” is not available. Then, I refreshed the page and I got following result:

Ahhh. My cookie got deleted, means our target achieved.

Question: What was the problem in previous case why we were
unable to delete that when it was in lower case?


·         ColdFusion is case insensitive, means if we name variable  name as “x” and “X” both are  same for ColdFusion.
·         JavaScript is case sensitive, means variable “x” and “X” are different.

Code Explanation:
·         When our first if clause checks whether “x” exists in cookie or  not it always find it as ColdFusion case in sensitive but when it  sets to delete the code cookie “X”, we got following in HTTP  response header:

·         Here, ColdFusion send command to browser to delete cookie with name “X” by setting the expiry date as now.
·         Browser set the cookie “X” with expiry date as current time but the old cookie (“x”) is not affected by that activity.
·         In second dump ColdFusion overwrites “x” value by “X”, in server side only. But, cookie stored in client side, when we refresh the page “X” is deleted (as we set the expiry date as current time) and “x” is available. So, it again displays “x”.
·         When we set cookie name in upper case(X) by JavaScript, then ColdFusion can able to delete that value as I have already explained that how.

When setting cookie from client side be aware of the case sensitivity.

Saturday, October 12, 2013

Post Parameters Exceeds Maximum Limit

In sometime I was making a “POST” AJAX request to server and it was working fine but latter I had to add few new form elements and then I made the POST AJAX call. Suddenly I got the error:

HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred.

I was using ColdFusion – 9 with IIS. After few searching I found that the problem is with no of form parameters present in the “POST” request. By default ColdFusion provides a default form element limit as “100”. If the no of parameter will exceed to that then we will get error message.

I run the same code in ColdFusion – 10 with Apache and I got the following error message:
POST parameters exceeds the maximum limit.

Then the question arises:

                    Will I get the same error for “GET” request?
                    How can I increase the limit in ColdFusion?

Will I get the same error for “GET” request?

No, for “GET” request you will not get such error . “GET” request depends on the URL length. I mean when you make any “GET” request all parameters are appended to the base URL and they pass in URL scope. Each browser have some limit to length of the URL it can process, if the URL length in “GET” request will exceed to that then you may get some error message or some unwanted result.

How can I increase the limit in ColdFusion?

            In ColdFusion – 9:
Go to {ColdFusion-Home}/lib for Server Installation
{ColdFusion-Home}/WEB-INF/cfusion/lib for Multiserver or J2EE installation.
Open file neo-runtime.xml, after the line.

<var name='postSizeLimit'><number>100.0</number></var>

add the below line and you can change the number 100 to your desired limit.
<var name='postParametersLimit'><number>100.0</number></var>

            In ColdFusion – 10:
Adobe has added an option in ColdFusion Admin to control the number of form elements. Go to
Settings”, you will see a screen like below:

You can change the highlighted section value from “100” to your desired form element limit.

NOTE: After doing all these you will see if you have provided “100” limit then you are able to pass only “99” form elements in post request I.e. 1 element less than the limit. Because when do any form post ColdFusion automatically added a field called “FIELDNAMES”.

ArrayEach() And StructEach() In ColdFusion 10

Today I was looking into new functions added ColdFusion 10 and I found two interesting functions. So, I thought to share those functions.

-        ArrayEach()
-        StructEach()

1.      ArrayEach(array, HandlerFunction( Any currentObj){})

“ArrayEach” is used to loop over an array object and the Handle Function can have each element of the  array during looping. So, we can apply our business logic in side the handler function. We can write the handler function as inline function or a named function which we can reuse in multiple cases.

Lets see the example:

       dispObj = new Display();
       arr = [1,2,3,4,5,6,7,8,9,10];

       function showArrayElement( elem ) {
              Writeoutput(elem & '<br>');

       //Calling an inline function during loop over an array
       arrayEach(arr, function(currentObj) { Writeoutput( currentObj & '<br/>' ); });

       //Calling a named function during looping over the array
       arrayEach(arr, showArrayElement);

       //Calling a named function by object during looping over the array
       arrayEach(arr, dispObj.showArrayElem);
After running the above code I got the following output.

2.  StructEach( structure,  HandlerFunction( key, value ) {})

Similarly like AyyayEach() here we can loop over a structure elements where the handle function have the key and value. Using the handler function we can implement our business logic.

Lets see the code:

       dispObj = new Display();
       struct = {name: "Upendra", place: "Hyderabad", technology: "coldfusion", time: "12:53PM"};

       function showStructElement(key, value) {
              Writeoutput( key & ':' & value & '<br/>' );

       //Calling an inline function while looping over the struct
       structEach( struct, function(key, value) { Writeoutput( key & ':' & value & '<br/>' ); } );

       //Calling a named function during looping over a structure
       structEach( struct, showStructElement );

       //Calling a named function by object during looping over a structure
       structEach( struct, dispObj.showStructElement );
After running above code we will get the following output:

***NOTE: In the output I have not displayed the result of named function call by creating object of a component as it would produce same result as general named function call.


component output="true"{

       function showArrayElem( elem) {
              Writeoutput(elem & '<br>');

       function showStructElement(key, value) {
              Writeoutput( key & ':' & value & '<br/>' );