Page security, please help

So basically, your talking about custom error handling? Create a page that would handle an error if someone tried to access the result page without using the search from?

If I use url.startrow it throws an error, then there is endrow for going back a record.

cannot convert the value "url.startRow" to a boolean


The error occurred in C:\Websites\4npp8b\result.cfm: line 11

9 : <cfset application.cont=cont>
10 : </cflock>
11 : <cfif NOT isDefined('form.submit') OR ('url.startRow')>
12 : <cfelse>
13 : <cfsearch name="GetResults"

So how owuld I send someone to another page if they got an error? The page works fine accept for this lock out I am trying to write. Should I post the code for the page so you see what is going on?

CFmonger

CFmonger wrote:
> So basically, your talking about custom error handling? Create a page that
> would handle an error if someone tried to access the result page without using
> the search from?

That is one way. But an easier way, if it works for the project at
hand. Is just to provide a default value. So if somebody somehow
circumvents the form they just get a default set of data. Usually all
the records (1=1) or none of the records (1=0) depending on which works
better for the requirements.

CFmonger wrote:
> If I use url.startrow it throws an error, then there is endrow for going back
> a record.
>
> cannot convert the value "url.startRow" to a boolean
>

You need to use isDefined() again and since you are looking at the
negatives you will need to 'AND' them instead of 'OR' them.

<cfif NOT isDefined('form.submit') AND NOT isDefined('url.startRow')>
<!--- do error stuff neither from.submit nor url.start exists. --->
<cfelse>
<!--- do valid stuff either form.submit or url.startRow exists --->
</cfif>

Hmmm. I just found another error that makes what we are working on not important right now, But that does work. What I realized is that when you run a search, and hit the resultpage I have it so there will be 3 records shown at a time and then next > and <previous

when you hit next I get an error anyway >.<

Element CRITERIA is undefined in FORM.


The error occurred in C:\Websites\4npp8b\result.cfm: line 15

13 : <cfsearch name="GetResults"
14 : collection="pdsSite"
15 : criteria="#FORM.criteria#">
16 : <cfset rowsPerPage = 3>
17 : <cfparam name="URL.startRow" default="1" type="numeric">


So here is my code, I'm kind of confused as to what to do to make this work:

result.cfm page:

<cfsearch name="GetResults"
collection="pdsSite"
criteria="#FORM.criteria#">
<cfset rowsPerPage = 3>
<cfparam name="URL.startRow" default="1" type="numeric">
<cfset totalRows = GetResults.recordCount>
<cfset endRow = min(URL.startRow + rowsPerPage - 1, totalRows)>
<cfset startRowNext = endRow + 1>
<cfset startRowBack = URL.startRow - rowsPerPage>
<head>
</head>
<body>
<cfform action="result.cfm" method="post">
<cfinput type="text" name="criteria" value="#FORM.criteria#" message="Please enter your key word to search." validateat="onSubmit" validate="noblanks" required="yes" id="criteria" size="30" class="search_input">

<input type="submit" class="SformButtons" name="submit" value=" Search ">
</cfform>
<cfoutput> Search Results: #FORM.criteria# </cfoutput>
No files found for specified search, please try a new search.

<cfelse>
<cfloop query="GetResults" startRow="#URL.startRow#" endRow="#endRow#">
<cfoutput>
<cfset bgcolor=IIf(CurrentRow Mod 2,
DE('ffffff'),
DE('ffffcf'))>
#CurrentRow#

<cfset Body=summary>
<cfset FileName=GetFileFromPath(Key)>
<cfset Ext=ListLast(FileName, ".")>
<cfif Trim(Title) IS "">
<cfset display=GetFileFromPath(Key)>
<cfelse>
<cfset display=title>
</cfif>
<a href="#Custom1#" class="subNav">#display#</a> <span class="style8">(#score#)</span> <br>
<span class="style8"><small>#summary#</small></span>
</cfoutput>
</cfloop>

<cfoutput>
<cfif startRowBack GT 0>
<a href="#CGI.script_name#?startRow=#startRowBack#"> < Previous </a>
</cfif>

<cfif startRowNext lte totalRows>
<a href="#CGI.script_name#?startRow=#startRowNext#">Next > </a>
</cfif>
</cfoutput>
</cfif>

That is the result page code. How do I get my next and previous links to remember the results from your search criteria?

I am also using this tage in spots to stop people from just going to the resultpage:
<cfif NOT isDefined('form.submit') AND NOT isDefined('url.startRow')>
You get just a search box
<cfelse>
this runs the result code
</cfif>

Is there a better way to use this?

I know it is a lot to ask, I am hoping it is easy fixes.

Thank you for all the help.

CFmonger

CFmonger wrote:
>
> Is there a better way to use this?
>

Yes. What I would do is use a persistent variable such as session. The
form would submit to an action page that retrieves the results and
stores them in a session variable and then pass on to a display page
that knows how to display and navigate through the stored data. Thus
you are separating your display logic (the form and the display page)
and the the business logic (the action page). This will start you on
the path of design patterns and reusable code.

Ok, I understand what your saying, but I don't know how I would write that. Is there cfdocs that would show that senario? or could you show me how i would write that? Would I be able to use the code I have on my result page and just fix it up so it isn't running from the actual collection tag? That would go on the action form, correct?

CFmonger wrote:
> Ok, I understand what your saying, but I don't know how I would write that. Is
> there cfdocs that would show that senario? or could you show me how i would
> write that? Would I be able to use the code I have on my result page and just
> fix it up so it isn't running from the actual collection tag? That would go on
> the action form, correct?
>


You should not have to change much of your logic. Just change what
actual variables you are using and break your code up a bit.

High Level Outline:
form.cfm -- collect the data from the user

action.cfm -- use the data from the user to generate the results. Store
these in the session scope.

display.cfm -- display and navigate through the session scope results.


A couple of key pieces of code:

<cfsearch name="Session.GetResults"
collection="pdsSite"
criteria="#FORM.criteria#">

<cfloop query="Session.GetResults"
startRow="#URL.startRow#"
endRow="#endRow#">

Untested code. Sometimes you can not use session scope variable
directly like this. In that case just use a local variable like you
where then transfer the local variable to the session and back again as
needed.

I.E.

<cfset session.GetResults = variables.GetResults>
...
<cfset variables.GetResults = session.GetResults>

Ok, then how would I create the variables as a session in the action page?

Like this?

<cfparam name="FORM.criteria" type="string">
<cfsearch name="GetResults"
collection="pdsSite"
criteria="#FORM.criteria#">
<cfif GetResults.recordCount eq 1>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.GetResults = "yes">
</cflock>
<cflocation url="result.cfm">
<cfelse>

Is this the way I would make a session out of it, or does there need to be more? (This way doesn't work, so obviously I am somewhat wrong in what my thinking is here)

CFmonger wrote:
> Is this the way I would make a session out of it

No that is not the way.

<cfparam name="FORM.criteria" type="string">
<cfsearch name="GetResults" <!--- this is the name of a local
variable.
Make this local variable a session
variable and it will be available on
subsequent pages. --->
...


First thing to try. Replace all 'getResults', which really means
'variables.getResults', with 'session.getResults'.

I.E.
<cfsearch name="session.getResults"...>

OR assign the local variable to a session variable after the
<cfsearch...> call.

I.E.
<cfsearch name="GetResults"
collection="pdsSite"
criteria="#FORM.criteria#">

<cfset session.getResults = getResults>

OR with a better coding practice of scoping all variables.

<cfset session.getResults = variables.getResults>

So it would be written like this?

search-action.cfm

<cfset session.getResults = variables.getResults>
<cfsearch name="Session.GetResults"
collection="pdsSite"
criteria="#FORM.criteria#">
<cfif GetResults.recordCount eq 1>
<cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
<cfset SESSION.auth = structNew()>
<cfset SESSION.auth.Session.GetResults = "yes">
</cflock>
<cflocation url="result.cfm">
</cfif>

Is this how it would also get passed to another page?
<cflocation url="result.cfm">
or like this?
<cflocation url="result.cfm?#Session.GetResults #">

then on the results page, I can take away the code for the search that is now on the action page
<cfsearch name="Session.GetResults"
collection="pdsSite"
criteria="#FORM.criteria#">
and leave all the other code reading it?

CFmonger wrote:

I strongly suggest your read up on ColdFusion's persistent variable
scopes. There are entire sections on the topic in the documentation
provided with CF, on-line especially at adobe.com and Ben Forta's books.

> search-action.cfm
>
> <cfset session.getResults = variables.getResults>
This line is rather meaningless until after the following <cfsearch...> tag.

> <cfsearch name="Session.GetResults"
If you assign the results of the <cfsearch ...> tag directly to a
session scope, you do not need the above <cfset...> tag.

> collection="pdsSite"
> criteria="#FORM.criteria#">
> <cfif GetResults.recordCount eq 1>
> <cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
> <cfset SESSION.auth = structNew()>
> <cfset SESSION.auth.Session.GetResults = "yes">
> </cflock>
This <cflock...> block of code does nothing for the above search
results, but if it has another purpose then fine.

> <cflocation url="result.cfm">
> </cfif>
>
> Is this how it would also get passed to another page?
> <cflocation url="result.cfm">
It is one of many possible methods, but a fine method if it meets your
requirements.

> or like this?
> <cflocation url="result.cfm?#Session.GetResults #">
No, this is meaningless. The session scope is a persistent scope. It
does not need to be passed through the URL request. This does presume
that you have sessions enabled in the CF administrator, they can be
turned off. Also you have to provide a 'name' for the application so
that CF can keep track of what session goes to what user using what
application.

This is done with either a <cfapplicaiton name="myAppName"...> included
on every template that should belong to the application. Usually by
placing it in an 'Application.cfm' file so this happens automatically.
Or in an Application.cfc file as this.name="myAppName" in the pseudo
constructor section of the component.

You also need to enable session management in the applicaiton scope
either with a sessionManagement="true" parameter in the
<cfapplicaiton...> tag or a this.sessionManagement=true in the
Application.cfc pseudo constructor.

All these details are fully explained in the above mentioned documentation.

>
> then on the results page, I can take away the code for the search that is now
> on the action page
> <cfsearch name="Session.GetResults"
> collection="pdsSite"
> criteria="#FORM.criteria#">

Yes this logic was accomplished on the preceding action page.

> and leave all the other code reading it?
You would have to modify the display code to access the result query
stored in the 'session' scope rather then the local 'variables' scope.
But other then that, yes the logic should be the same.

I made the changes and there are aspects that aren't working right now. In my next / previous nav I get an error now. this is the code I am using for it:

<cfset rowsPerPage = 3>
<cfparam name="URL.startRow" default="1" type="numeric">
<cfset totalRows = Session.GetResults.recordCount>
<cfset endRow = min(URL.startRow + rowsPerPage - 1, totalRows)>
<cfset startRowNext = endRow + 1>
<cfset startRowBack = URL.startRow - rowsPerPage>

<cfloop query="Session.GetResults" startRow="#URL.startRow#" endRow="#endRow#">
<cfoutput>
<cfset FileName=GetFileFromPath(Key)>
<cfset Ext=ListLast(FileName, ".")>
<cfif Trim(Title) IS "">
<cfset display=GetFileFromPath(Key)>
<cfelse>
<cfset display=title>
</cfif>
<a href="#Custom1#" class="subNav">#display#</a> <span class="style8">(#score#)</span> <br>
<span class="style8"><small>#summary#</small></span>
</cfoutput></cfloop>

<cfoutput>
<cfif startRowBack GT 0>
<a href="#CGI.script_name#?startRow=#startRowBack#"> < Previous </a>
</cfif>

<cfif startRowNext lte totalRows>
<a href="#CGI.script_name#?startRow=#startRowNext#"> Next > </a>
</cfif>
</cfoutput>

this is my error:

Element GETRESULTS.RECORDCOUNT is undefined in SESSION.


The error occurred in C:\Websites\4npp8b\result.cfm: line 18

16 : <cfset rowsPerPage = 3>
17 : <cfparam name="URL.startRow" default="1" type="numeric">
18 : <cfset totalRows = Session.GetResults.recordCount>
19 : <cfset endRow = min(URL.startRow + rowsPerPage - 1, totalRows)>
20 : <cfset startRowNext = endRow + 1>

What do I change the variable to in the code to allow you to scroll through the results?
the session scope seems to work fine, just passing the wrong varibale.

At the top of the page <cfdump var="#session.GetResults#"> and make sure
you are passing the query record set you believe you are.

Looking at some of the older code you have posted, I suspect that there
maybe some left over stuff in there that replaces the query data from
the search results with other data.

Yes there are, but what do I change them to?
I tried:

<cfset rowsPerPage = 3>
<cfparam name="Session.GetResults.startRow" default="1" type="numeric">
<cfset totalRows = Session.GetResults.recordCount>
<cfset endRow = min(Session.GetResults.startRow + rowsPerPage - 1, totalRows)>
<cfset startRowNext = endRow + 1>
<cfset startRowBack = Session.GetResults.startRow - rowsPerPage>

and it threw errors.

An error occurred while trying to modify the query named class coldfusion.sql.QueryTable.
Query objects cannot be modified, they can only be displayed.

The error occurred in C:\Websites\4npp8b\result.cfm: line 14

12 :
13 : <cfset rowsPerPage = 3>
14 : <cfparam name="Session.GetResults.startRow" default="1" type="numeric">
15 : <cfset totalRows = Session.GetResults.recordCount>
16 : <cfset endRow = min(Session.GetResults.startRow + rowsPerPage - 1, totalRows)>

when I left it the origial way, it didn't throw any errors until I hit the next button, then it threw the error in my last post. when I did the dump, it came back with all the variables that the cfsearch usese the ones that are being used are:

CUSTOM1
KEY
RANK
RECORDSSEARCHED
SCORE
SUMMARY
TITLE

Would I use the RECORDSSEARCHED to run the next / prev? if so, how would I change the code to work?

I was doing a lot of reading in cfdocs and what I am reading, it doesn't seem we are doing here in this code.

CFDocs CF 8:
To use ColdFusion session variables without using cookies, each page must pass the CFID and CFToken values to any page that it calls as part of the request URL.

We aren't passing variables via the url. Correct?

So what would we need to do to pass the proper variables and make the next / prev work properly when going through the search results?

CFmonger wrote:
> I was doing a lot of reading in cfdocs and what I am reading, it doesn't seem
> we are doing here in this code.
>
> CFDocs CF 8:
> To use ColdFusion session variables without using cookies, each page must pass
> the CFID and CFToken values to any page that it calls as part of the request
> URL.

Yes for sessions to work in ColdFusion it needs the CFID and CFToken
values to know which clients belong to which session state. This is to
combat that the HTTP standard says there is NO state maintained from one
request to another. These values are normally stored in cookies that a
browser will return with every request. But if you want a site that
works without cookies then the CFID and CFToken values can be passed
through the URL. This is seldom done in this age, but it is an option.

>
> We aren't passing variables via the url. Correct?
>
> So what would we need to do to pass the proper variables and make the next /
> prev work properly when going through the search results?


You can mix scopes as you like. This method that should require the
least modifications to your original code (not sure about it's current
state) would be to store the query record set in the session scope where
it is available from request to request, but pass the startRow and
endRow pointers through the URL. This is, by no means, not the only way
to do this but it should work.

form.cfm
--------
<form action="action.cfm">
...
</form>

action.cfm
----------
<cfsearch name="session.theResults"...>

<cflocation template="display.cfm>

display.cfm
-----------
<cfparam name="url.startRow" default="1">
<cfset displayRows = 3>
<cfset endRow = min(url.startRow +
displayRows,session.theResults.recordCount)

<cfoutput query="session.theResults" startRow="#url.startRow#"
endRow="#endRow#>
...
</cfoutput>


I'll leave the rest of creating the next and previous links from these
basic data elements.

I changed things around and the links still are throwing errors, now the result page doesn't even load. I am learning how to navigate sessions as I go along here, but still don't have a grasp on how this should be written to make it work. this is what I did from what you said in last post:

result.com

<cfset displayRows = 3>
<cfparam name="URL.startRow" default="1" type="numeric">
<cfset totalRows = SESSION.GetResults.recordCount>
<cfset endRow = min(url.startRow + displayRows,session.GetResults.recordCount)>
<cfset startRowNext = endRow + 1>
<cfset startRowBack = URL.startRow - rowsPerPage>
<head>
</head>
<body>
<cfloop query="Session.GetResults" startRow="#URL.startRow#" endRow="#endRow#">
<cfoutput>
.... output results....
</cfoutput></cfloop>

<cfoutput>
<cfif startRowBack GT 0>
<a href="#CGI.script_name#?startRow=#startRowBack#"><previous </a>
</cfif>

<cfif startRowNext lte totalRows>
<a href="#CGI.script_name#?startRow=#startRowNext#">Next ></a>
</cfif>
</cfoutput>

The error:

The error occurred in C:\Websites\4npp8b\result.cfm: line 18

16 : <cfset endRow = min(url.startRow + displayRows,session.GetResults.recordCount)>
17 : <cfset startRowNext = endRow + 1>
18 : <cfset startRowBack = URL.startRow - rowsPerPage>
19 :


I have looked everywhere and there is NO documentation out there that helps develop a next / prev for sessions. Not to mention now that we moved this off to a session I lost other code usage in this form and can't figure out how to get it back.

IE:
<cfoutput> Search Results #cfsearch.Criteria# </cfoutput>

and adding it to a search box
<cfinput type="text" name="criteria" value="#criteria#" id="criteria" size="30" class="search_input">

Both of these don't work anymore and I don't know how to pull the session variables to make them work.
Any ideas? I spent all last night looking over cfdocs and a book I have on CF8 by macromedia and can't find any solutions. It really doesn't get inot verity search in depth like this has gotten.

Can you help me get this working the rest of the way? I am not firmilliar with navigating sessions and I have not been able to figure out this error. I have spent my whole day so far looking this up and have found nothing. I realize it is probably easy fixes with the existing code, but I don't know what they are.

Thank you.

CFmonger

"Navigating Sessions" is not a very logical expression. You are
navigating a query. It should not matter whether that query is stored
in the variables scope, your old way or the session scope, the new way.

Start with some basics.

Build the form.

Test

Build the action page

Test

Build a simple display page, start with a <cfdump>

Test

Enhance the display

Test

Enhance the User Interface

Test.

Rinse, Repeat.

I have done all that, the search works, I am at the enhancing the innerface and I can't get the next / prev to work. I use it on regular querys and it works fine. But it will not work on this, I have been trying all types of senarios and it all errors.

What do I need to do to fix this code and make it work?

Ok, I changed it all back. (I didn't think that way was going to get me the results I was looking for.)

Now, the error I get is with my cfparam tag.

I wrote it wrong

How do I write the param tags so it will work?

here is my working code now accept for the next / previous and the error:

result.cfm

<cfparam name="#FORM.criteria#" default="">
<cfparam name="#URL.criteria#" default="">
<cfsearch name="GetResults"
collection="pdsSite"
criteria="#FORM.criteria#">
<cfset rowsPerPage = 3>
<cfparam name="URL.startRow" default="1" type="numeric">
<cfset totalRows = GetResults.recordCount>
<cfset endRow = min(URL.startRow + rowsPerPage - 1, totalRows)>
<cfset startRowNext = endRow + 1>
<cfset startRowBack = URL.startRow - rowsPerPage>
<head>
</head>
<body>
<cfif GetResults.RecordCount is 0>
No files found for specified search, please try a new search.
<cfelse>
<cfloop query="GetResults" startRow="#URL.startRow#" endRow="#endRow#">
<cfoutput>
<cfset bgcolor=IIf(CurrentRow Mod 2,
DE('ffffff'),
DE('ffffcf'))>
<cfset Body=summary>
<cfset FileName=GetFileFromPath(Key)>
<cfset Ext=ListLast(FileName, ".")>
<cfif Trim(Title) IS "">
<cfset display=GetFileFromPath(Key)>
<cfelse>
<cfset display=title>
</cfif>
<a href="#Custom1#" class="subNav">#display#</a> <span class="style8">(#score#)</span> <br>
<span class="style8"><small>#summary#</small></span>
</cfoutput>
</cfloop>

<cfoutput>
<cfif startRowBack GT 0>
<a href="#CGI.script_name#?startRow=#startRowBack#">< Previous</a></cfif>

<cfif startRowNext lte totalRows>
<a href="#CGI.script_name#?startRow=#startRowNext#">Next > </a>
</cfif>
</cfoutput>

Here is my error now:

Element CRITERIA is undefined in FORM.


The error occurred in C:\Websites\4npp8b\result.cfm: line 1

1 : <cfparam name="#FORM.criteria#" default="">
2 : <cfparam name="#URL.criteria#" default="">


How do I write these to make it work?
thank you for teh help!!!!!!!!!!!!!!

The documentation is your friend.

http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_p-q_01.html#1101730