29 Replies Latest reply on May 22, 2008 7:15 PM by Newsgroup_User

    Page security, please help

    CFmonger Level 1
      Hello;
      I am trying to come up with a script that will lock you out of a page if you do not use the proper criteria. It is a search for a site, and I set it up right now so that if you try and get to the result page without using a form, it gives you a message and a new search box. This works fine.

      What happens now is if you preform a search and it comes back with lets say 9 records, I have the next / previous set to allow 3 per page, when you click next it comes back and gives the message I set you to get if you didn't use a form button.

      How do I make this security tag work with both the next previous and using a form button?

      (If I don't lock it down like this, and you access the page directly, you get errors, so I need to make the user use the page the way I set it.)

      This is my script:

      <cfif NOT isDefined('form.submit')>
      You get this telling to to try again
      <cfelse>
      this runs the cod on the page
      </cfif>

      The link I am trying to allow to pass this uses this:

      http://www.mysite.com/result.cfm?startRow=4

      What can I add to this script to make both of these senarios pass?

      Thank you.

      CFmonger
        • 1. Re: Page security, please help
          Level 7
          CFmonger wrote:
          > (If I don't lock it down like this, and you access the page directly, you get
          > errors, so I need to make the user use the page the way I set it.)
          >

          If you are not doing this for a security reason, why don't you just
          provide a default behavior so the error can not happen. Rather then
          lock the user out. There are sometimes reasons to lock out users, but
          one should always provide behavior so your result pages works at all
          times. Rather then just try and prevent the errant behavior. This would
          be a more scalable solution.


          Other then that, your <cfif...> branch would need to look for either
          case you want to allow through your logic. I.E. either form.submit or
          url.startRow looking at your code. But I am not recommending this
          fragile fix.
          • 2. Re: Page security, please help
            CFmonger Level 1
            So basically, your talking about custom error handling? Create a page that would handle an error if someone tried to access the result page without using the search from?

            If I use url.startrow it throws an error, then there is endrow for going back a record.

            cannot convert the value "url.startRow" to a boolean


            The error occurred in C:\Websites\4npp8b\result.cfm: line 11

            9 : <cfset application.cont=cont>
            10 : </cflock>
            11 : <cfif NOT isDefined('form.submit') OR ('url.startRow')>
            12 : <cfelse>
            13 : <cfsearch name="GetResults"

            So how owuld I send someone to another page if they got an error? The page works fine accept for this lock out I am trying to write. Should I post the code for the page so you see what is going on?

            CFmonger
            • 3. Re: Page security, please help
              Level 7
              CFmonger wrote:
              > So basically, your talking about custom error handling? Create a page that
              > would handle an error if someone tried to access the result page without using
              > the search from?

              That is one way. But an easier way, if it works for the project at
              hand. Is just to provide a default value. So if somebody somehow
              circumvents the form they just get a default set of data. Usually all
              the records (1=1) or none of the records (1=0) depending on which works
              better for the requirements.
              • 4. Re: Page security, please help
                Level 7
                CFmonger wrote:
                > If I use url.startrow it throws an error, then there is endrow for going back
                > a record.
                >
                > cannot convert the value "url.startRow" to a boolean
                >

                You need to use isDefined() again and since you are looking at the
                negatives you will need to 'AND' them instead of 'OR' them.

                <cfif NOT isDefined('form.submit') AND NOT isDefined('url.startRow')>
                <!--- do error stuff neither from.submit nor url.start exists. --->
                <cfelse>
                <!--- do valid stuff either form.submit or url.startRow exists --->
                </cfif>

                • 5. Re: Page security, please help
                  CFmonger Level 1
                  Hmmm. I just found another error that makes what we are working on not important right now, But that does work. What I realized is that when you run a search, and hit the resultpage I have it so there will be 3 records shown at a time and then next > and <previous

                  when you hit next I get an error anyway >.<

                  Element CRITERIA is undefined in FORM.


                  The error occurred in C:\Websites\4npp8b\result.cfm: line 15

                  13 : <cfsearch name="GetResults"
                  14 : collection="pdsSite"
                  15 : criteria="#FORM.criteria#">
                  16 : <cfset rowsPerPage = 3>
                  17 : <cfparam name="URL.startRow" default="1" type="numeric">


                  So here is my code, I'm kind of confused as to what to do to make this work:

                  result.cfm page:

                  <cfsearch name="GetResults"
                  collection="pdsSite"
                  criteria="#FORM.criteria#">
                  <cfset rowsPerPage = 3>
                  <cfparam name="URL.startRow" default="1" type="numeric">
                  <cfset totalRows = GetResults.recordCount>
                  <cfset endRow = min(URL.startRow + rowsPerPage - 1, totalRows)>
                  <cfset startRowNext = endRow + 1>
                  <cfset startRowBack = URL.startRow - rowsPerPage>
                  <head>
                  </head>
                  <body>
                  <cfform action="result.cfm" method="post">
                  <cfinput type="text" name="criteria" value="#FORM.criteria#" message="Please enter your key word to search." validateat="onSubmit" validate="noblanks" required="yes" id="criteria" size="30" class="search_input">

                  <input type="submit" class="SformButtons" name="submit" value=" Search ">
                  </cfform>
                  <cfoutput> Search Results: #FORM.criteria# </cfoutput>
                  No files found for specified search, please try a new search.

                  <cfelse>
                  <cfloop query="GetResults" startRow="#URL.startRow#" endRow="#endRow#">
                  <cfoutput>
                  <cfset bgcolor=IIf(CurrentRow Mod 2,
                  DE('ffffff'),
                  DE('ffffcf'))>
                  #CurrentRow#

                  <cfset Body=summary>
                  <cfset FileName=GetFileFromPath(Key)>
                  <cfset Ext=ListLast(FileName, ".")>
                  <cfif Trim(Title) IS "">
                  <cfset display=GetFileFromPath(Key)>
                  <cfelse>
                  <cfset display=title>
                  </cfif>
                  <a href="#Custom1#" class="subNav">#display#</a> <span class="style8">(#score#)</span> <br>
                  <span class="style8"><small>#summary#</small></span>
                  </cfoutput>
                  </cfloop>

                  <cfoutput>
                  <cfif startRowBack GT 0>
                  <a href="#CGI.script_name#?startRow=#startRowBack#"> < Previous </a>
                  </cfif>

                  <cfif startRowNext lte totalRows>
                  <a href="#CGI.script_name#?startRow=#startRowNext#">Next > </a>
                  </cfif>
                  </cfoutput>
                  </cfif>

                  That is the result page code. How do I get my next and previous links to remember the results from your search criteria?

                  I am also using this tage in spots to stop people from just going to the resultpage:
                  <cfif NOT isDefined('form.submit') AND NOT isDefined('url.startRow')>
                  You get just a search box
                  <cfelse>
                  this runs the result code
                  </cfif>

                  Is there a better way to use this?

                  I know it is a lot to ask, I am hoping it is easy fixes.

                  Thank you for all the help.

                  CFmonger
                  • 6. Re: Page security, please help
                    Level 7
                    CFmonger wrote:
                    >
                    > Is there a better way to use this?
                    >

                    Yes. What I would do is use a persistent variable such as session. The
                    form would submit to an action page that retrieves the results and
                    stores them in a session variable and then pass on to a display page
                    that knows how to display and navigate through the stored data. Thus
                    you are separating your display logic (the form and the display page)
                    and the the business logic (the action page). This will start you on
                    the path of design patterns and reusable code.
                    • 7. Re: Page security, please help
                      CFmonger Level 1
                      Ok, I understand what your saying, but I don't know how I would write that. Is there cfdocs that would show that senario? or could you show me how i would write that? Would I be able to use the code I have on my result page and just fix it up so it isn't running from the actual collection tag? That would go on the action form, correct?
                      • 8. Re: Page security, please help
                        Level 7
                        CFmonger wrote:
                        > Ok, I understand what your saying, but I don't know how I would write that. Is
                        > there cfdocs that would show that senario? or could you show me how i would
                        > write that? Would I be able to use the code I have on my result page and just
                        > fix it up so it isn't running from the actual collection tag? That would go on
                        > the action form, correct?
                        >


                        You should not have to change much of your logic. Just change what
                        actual variables you are using and break your code up a bit.

                        High Level Outline:
                        form.cfm -- collect the data from the user

                        action.cfm -- use the data from the user to generate the results. Store
                        these in the session scope.

                        display.cfm -- display and navigate through the session scope results.


                        A couple of key pieces of code:

                        <cfsearch name="Session.GetResults"
                        collection="pdsSite"
                        criteria="#FORM.criteria#">

                        <cfloop query="Session.GetResults"
                        startRow="#URL.startRow#"
                        endRow="#endRow#">

                        Untested code. Sometimes you can not use session scope variable
                        directly like this. In that case just use a local variable like you
                        where then transfer the local variable to the session and back again as
                        needed.

                        I.E.

                        <cfset session.GetResults = variables.GetResults>
                        ...
                        <cfset variables.GetResults = session.GetResults>
                        • 9. Re: Page security, please help
                          CFmonger Level 1
                          Ok, then how would I create the variables as a session in the action page?

                          Like this?

                          <cfparam name="FORM.criteria" type="string">
                          <cfsearch name="GetResults"
                          collection="pdsSite"
                          criteria="#FORM.criteria#">
                          <cfif GetResults.recordCount eq 1>
                          <cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
                          <cfset SESSION.auth = structNew()>
                          <cfset SESSION.auth.GetResults = "yes">
                          </cflock>
                          <cflocation url="result.cfm">
                          <cfelse>

                          Is this the way I would make a session out of it, or does there need to be more? (This way doesn't work, so obviously I am somewhat wrong in what my thinking is here)
                          • 10. Re: Page security, please help
                            Level 7
                            CFmonger wrote:
                            > Is this the way I would make a session out of it

                            No that is not the way.

                            <cfparam name="FORM.criteria" type="string">
                            <cfsearch name="GetResults" <!--- this is the name of a local
                            variable.
                            Make this local variable a session
                            variable and it will be available on
                            subsequent pages. --->
                            ...


                            First thing to try. Replace all 'getResults', which really means
                            'variables.getResults', with 'session.getResults'.

                            I.E.
                            <cfsearch name="session.getResults"...>

                            OR assign the local variable to a session variable after the
                            <cfsearch...> call.

                            I.E.
                            <cfsearch name="GetResults"
                            collection="pdsSite"
                            criteria="#FORM.criteria#">

                            <cfset session.getResults = getResults>

                            OR with a better coding practice of scoping all variables.

                            <cfset session.getResults = variables.getResults>
                            • 11. Re: Page security, please help
                              CFmonger Level 1
                              So it would be written like this?

                              search-action.cfm

                              <cfset session.getResults = variables.getResults>
                              <cfsearch name="Session.GetResults"
                              collection="pdsSite"
                              criteria="#FORM.criteria#">
                              <cfif GetResults.recordCount eq 1>
                              <cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
                              <cfset SESSION.auth = structNew()>
                              <cfset SESSION.auth.Session.GetResults = "yes">
                              </cflock>
                              <cflocation url="result.cfm">
                              </cfif>

                              Is this how it would also get passed to another page?
                              <cflocation url="result.cfm">
                              or like this?
                              <cflocation url="result.cfm?#Session.GetResults #">

                              then on the results page, I can take away the code for the search that is now on the action page
                              <cfsearch name="Session.GetResults"
                              collection="pdsSite"
                              criteria="#FORM.criteria#">
                              and leave all the other code reading it?
                              • 12. Re: Page security, please help
                                Level 7
                                CFmonger wrote:

                                I strongly suggest your read up on ColdFusion's persistent variable
                                scopes. There are entire sections on the topic in the documentation
                                provided with CF, on-line especially at adobe.com and Ben Forta's books.

                                > search-action.cfm
                                >
                                > <cfset session.getResults = variables.getResults>
                                This line is rather meaningless until after the following <cfsearch...> tag.

                                > <cfsearch name="Session.GetResults"
                                If you assign the results of the <cfsearch ...> tag directly to a
                                session scope, you do not need the above <cfset...> tag.

                                > collection="pdsSite"
                                > criteria="#FORM.criteria#">
                                > <cfif GetResults.recordCount eq 1>
                                > <cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
                                > <cfset SESSION.auth = structNew()>
                                > <cfset SESSION.auth.Session.GetResults = "yes">
                                > </cflock>
                                This <cflock...> block of code does nothing for the above search
                                results, but if it has another purpose then fine.

                                > <cflocation url="result.cfm">
                                > </cfif>
                                >
                                > Is this how it would also get passed to another page?
                                > <cflocation url="result.cfm">
                                It is one of many possible methods, but a fine method if it meets your
                                requirements.

                                > or like this?
                                > <cflocation url="result.cfm?#Session.GetResults #">
                                No, this is meaningless. The session scope is a persistent scope. It
                                does not need to be passed through the URL request. This does presume
                                that you have sessions enabled in the CF administrator, they can be
                                turned off. Also you have to provide a 'name' for the application so
                                that CF can keep track of what session goes to what user using what
                                application.

                                This is done with either a <cfapplicaiton name="myAppName"...> included
                                on every template that should belong to the application. Usually by
                                placing it in an 'Application.cfm' file so this happens automatically.
                                Or in an Application.cfc file as this.name="myAppName" in the pseudo
                                constructor section of the component.

                                You also need to enable session management in the applicaiton scope
                                either with a sessionManagement="true" parameter in the
                                <cfapplicaiton...> tag or a this.sessionManagement=true in the
                                Application.cfc pseudo constructor.

                                All these details are fully explained in the above mentioned documentation.

                                >
                                > then on the results page, I can take away the code for the search that is now
                                > on the action page
                                > <cfsearch name="Session.GetResults"
                                > collection="pdsSite"
                                > criteria="#FORM.criteria#">

                                Yes this logic was accomplished on the preceding action page.

                                > and leave all the other code reading it?
                                You would have to modify the display code to access the result query
                                stored in the 'session' scope rather then the local 'variables' scope.
                                But other then that, yes the logic should be the same.


                                • 13. Re: Page security, please help
                                  CFmonger Level 1
                                  I made the changes and there are aspects that aren't working right now. In my next / previous nav I get an error now. this is the code I am using for it:

                                  <cfset rowsPerPage = 3>
                                  <cfparam name="URL.startRow" default="1" type="numeric">
                                  <cfset totalRows = Session.GetResults.recordCount>
                                  <cfset endRow = min(URL.startRow + rowsPerPage - 1, totalRows)>
                                  <cfset startRowNext = endRow + 1>
                                  <cfset startRowBack = URL.startRow - rowsPerPage>

                                  <cfloop query="Session.GetResults" startRow="#URL.startRow#" endRow="#endRow#">
                                  <cfoutput>
                                  <cfset FileName=GetFileFromPath(Key)>
                                  <cfset Ext=ListLast(FileName, ".")>
                                  <cfif Trim(Title) IS "">
                                  <cfset display=GetFileFromPath(Key)>
                                  <cfelse>
                                  <cfset display=title>
                                  </cfif>
                                  <a href="#Custom1#" class="subNav">#display#</a> <span class="style8">(#score#)</span> <br>
                                  <span class="style8"><small>#summary#</small></span>
                                  </cfoutput></cfloop>

                                  <cfoutput>
                                  <cfif startRowBack GT 0>
                                  <a href="#CGI.script_name#?startRow=#startRowBack#"> < Previous </a>
                                  </cfif>

                                  <cfif startRowNext lte totalRows>
                                  <a href="#CGI.script_name#?startRow=#startRowNext#"> Next > </a>
                                  </cfif>
                                  </cfoutput>

                                  this is my error:

                                  Element GETRESULTS.RECORDCOUNT is undefined in SESSION.


                                  The error occurred in C:\Websites\4npp8b\result.cfm: line 18

                                  16 : <cfset rowsPerPage = 3>
                                  17 : <cfparam name="URL.startRow" default="1" type="numeric">
                                  18 : <cfset totalRows = Session.GetResults.recordCount>
                                  19 : <cfset endRow = min(URL.startRow + rowsPerPage - 1, totalRows)>
                                  20 : <cfset startRowNext = endRow + 1>

                                  What do I change the variable to in the code to allow you to scroll through the results?
                                  the session scope seems to work fine, just passing the wrong varibale.
                                  • 14. Re: Page security, please help
                                    Level 7
                                    At the top of the page <cfdump var="#session.GetResults#"> and make sure
                                    you are passing the query record set you believe you are.

                                    Looking at some of the older code you have posted, I suspect that there
                                    maybe some left over stuff in there that replaces the query data from
                                    the search results with other data.
                                    • 15. Re: Page security, please help
                                      CFmonger Level 1
                                      Yes there are, but what do I change them to?
                                      I tried:

                                      <cfset rowsPerPage = 3>
                                      <cfparam name="Session.GetResults.startRow" default="1" type="numeric">
                                      <cfset totalRows = Session.GetResults.recordCount>
                                      <cfset endRow = min(Session.GetResults.startRow + rowsPerPage - 1, totalRows)>
                                      <cfset startRowNext = endRow + 1>
                                      <cfset startRowBack = Session.GetResults.startRow - rowsPerPage>

                                      and it threw errors.

                                      An error occurred while trying to modify the query named class coldfusion.sql.QueryTable.
                                      Query objects cannot be modified, they can only be displayed.

                                      The error occurred in C:\Websites\4npp8b\result.cfm: line 14

                                      12 :
                                      13 : <cfset rowsPerPage = 3>
                                      14 : <cfparam name="Session.GetResults.startRow" default="1" type="numeric">
                                      15 : <cfset totalRows = Session.GetResults.recordCount>
                                      16 : <cfset endRow = min(Session.GetResults.startRow + rowsPerPage - 1, totalRows)>

                                      when I left it the origial way, it didn't throw any errors until I hit the next button, then it threw the error in my last post. when I did the dump, it came back with all the variables that the cfsearch usese the ones that are being used are:

                                      CUSTOM1
                                      KEY
                                      RANK
                                      RECORDSSEARCHED
                                      SCORE
                                      SUMMARY
                                      TITLE

                                      Would I use the RECORDSSEARCHED to run the next / prev? if so, how would I change the code to work?
                                      • 16. Re: Page security, please help
                                        CFmonger Level 1
                                        I was doing a lot of reading in cfdocs and what I am reading, it doesn't seem we are doing here in this code.

                                        CFDocs CF 8:
                                        To use ColdFusion session variables without using cookies, each page must pass the CFID and CFToken values to any page that it calls as part of the request URL.

                                        We aren't passing variables via the url. Correct?

                                        So what would we need to do to pass the proper variables and make the next / prev work properly when going through the search results?
                                        • 17. Re: Page security, please help
                                          Level 7
                                          CFmonger wrote:
                                          > I was doing a lot of reading in cfdocs and what I am reading, it doesn't seem
                                          > we are doing here in this code.
                                          >
                                          > CFDocs CF 8:
                                          > To use ColdFusion session variables without using cookies, each page must pass
                                          > the CFID and CFToken values to any page that it calls as part of the request
                                          > URL.

                                          Yes for sessions to work in ColdFusion it needs the CFID and CFToken
                                          values to know which clients belong to which session state. This is to
                                          combat that the HTTP standard says there is NO state maintained from one
                                          request to another. These values are normally stored in cookies that a
                                          browser will return with every request. But if you want a site that
                                          works without cookies then the CFID and CFToken values can be passed
                                          through the URL. This is seldom done in this age, but it is an option.

                                          >
                                          > We aren't passing variables via the url. Correct?
                                          >
                                          > So what would we need to do to pass the proper variables and make the next /
                                          > prev work properly when going through the search results?


                                          You can mix scopes as you like. This method that should require the
                                          least modifications to your original code (not sure about it's current
                                          state) would be to store the query record set in the session scope where
                                          it is available from request to request, but pass the startRow and
                                          endRow pointers through the URL. This is, by no means, not the only way
                                          to do this but it should work.

                                          form.cfm
                                          --------
                                          <form action="action.cfm">
                                          ...
                                          </form>

                                          action.cfm
                                          ----------
                                          <cfsearch name="session.theResults"...>

                                          <cflocation template="display.cfm>

                                          display.cfm
                                          -----------
                                          <cfparam name="url.startRow" default="1">
                                          <cfset displayRows = 3>
                                          <cfset endRow = min(url.startRow +
                                          displayRows,session.theResults.recordCount)

                                          <cfoutput query="session.theResults" startRow="#url.startRow#"
                                          endRow="#endRow#>
                                          ...
                                          </cfoutput>


                                          I'll leave the rest of creating the next and previous links from these
                                          basic data elements.
                                          • 18. Page security, please help
                                            CFmonger Level 1
                                            I changed things around and the links still are throwing errors, now the result page doesn't even load. I am learning how to navigate sessions as I go along here, but still don't have a grasp on how this should be written to make it work. this is what I did from what you said in last post:

                                            result.com

                                            <cfset displayRows = 3>
                                            <cfparam name="URL.startRow" default="1" type="numeric">
                                            <cfset totalRows = SESSION.GetResults.recordCount>
                                            <cfset endRow = min(url.startRow + displayRows,session.GetResults.recordCount)>
                                            <cfset startRowNext = endRow + 1>
                                            <cfset startRowBack = URL.startRow - rowsPerPage>
                                            <head>
                                            </head>
                                            <body>
                                            <cfloop query="Session.GetResults" startRow="#URL.startRow#" endRow="#endRow#">
                                            <cfoutput>
                                            .... output results....
                                            </cfoutput></cfloop>

                                            <cfoutput>
                                            <cfif startRowBack GT 0>
                                            <a href="#CGI.script_name#?startRow=#startRowBack#"><previous </a>
                                            </cfif>

                                            <cfif startRowNext lte totalRows>
                                            <a href="#CGI.script_name#?startRow=#startRowNext#">Next ></a>
                                            </cfif>
                                            </cfoutput>

                                            The error:

                                            The error occurred in C:\Websites\4npp8b\result.cfm: line 18

                                            16 : <cfset endRow = min(url.startRow + displayRows,session.GetResults.recordCount)>
                                            17 : <cfset startRowNext = endRow + 1>
                                            18 : <cfset startRowBack = URL.startRow - rowsPerPage>
                                            19 :


                                            I have looked everywhere and there is NO documentation out there that helps develop a next / prev for sessions. Not to mention now that we moved this off to a session I lost other code usage in this form and can't figure out how to get it back.

                                            IE:
                                            <cfoutput> Search Results #cfsearch.Criteria# </cfoutput>

                                            and adding it to a search box
                                            <cfinput type="text" name="criteria" value="#criteria#" id="criteria" size="30" class="search_input">

                                            Both of these don't work anymore and I don't know how to pull the session variables to make them work.
                                            Any ideas? I spent all last night looking over cfdocs and a book I have on CF8 by macromedia and can't find any solutions. It really doesn't get inot verity search in depth like this has gotten.

                                            • 19. Re: Page security, please help
                                              CFmonger Level 1
                                              Can you help me get this working the rest of the way? I am not firmilliar with navigating sessions and I have not been able to figure out this error. I have spent my whole day so far looking this up and have found nothing. I realize it is probably easy fixes with the existing code, but I don't know what they are.

                                              Thank you.

                                              CFmonger
                                              • 20. Re: Page security, please help
                                                Level 7
                                                "Navigating Sessions" is not a very logical expression. You are
                                                navigating a query. It should not matter whether that query is stored
                                                in the variables scope, your old way or the session scope, the new way.

                                                Start with some basics.

                                                Build the form.

                                                Test

                                                Build the action page

                                                Test

                                                Build a simple display page, start with a <cfdump>

                                                Test

                                                Enhance the display

                                                Test

                                                Enhance the User Interface

                                                Test.

                                                Rinse, Repeat.

                                                • 21. Re: Page security, please help
                                                  CFmonger Level 1
                                                  I have done all that, the search works, I am at the enhancing the innerface and I can't get the next / prev to work. I use it on regular querys and it works fine. But it will not work on this, I have been trying all types of senarios and it all errors.

                                                  What do I need to do to fix this code and make it work?
                                                  • 22. Re: Page security, please help
                                                    Level 7
                                                    CFmonger wrote:
                                                    > I have done all that, the search works, I am at the enhancing the innerface and
                                                    > I can't get the next / prev to work. I use it on regular querys and it works
                                                    > fine. But it will not work on this, I have been trying all types of senarios
                                                    > and it all errors.
                                                    >
                                                    > What do I need to do to fix this code and make it work?
                                                    >


                                                    Well what is the code as it stands now and what are the errors. I find
                                                    that 9 out of 10 times the error messages point me right to the error.

                                                    Of course the 1 out of 10 times it has occasionally been a doozy.
                                                    • 23. Re: Page security, please help
                                                      Kronin555 Level 1
                                                      Scrap the "put it in the session" idea. Go back to your original code.

                                                      Put <cfparam> tags at the top of the page your search form posts to.
                                                      Put a cfparam for the URL variables that get submitted when you do next/previous. Setup defaults.
                                                      Put a cfparam for all form fields from your search form. Setup defaults.

                                                      Now, you should be able to go directly to that page and it shouldn't throw an error. Why? because, you provided defaults for all the variables that page is expecting. Simple. No session. No user lock out. Good coding practice.
                                                      • 24. Re: Page security, please help
                                                        CFmonger Level 1
                                                        Ok, I changed it all back. (I didn't think that way was going to get me the results I was looking for.)

                                                        Now, the error I get is with my cfparam tag.

                                                        I wrote it wrong

                                                        How do I write the param tags so it will work?

                                                        here is my working code now accept for the next / previous and the error:

                                                        result.cfm

                                                        <cfparam name="#FORM.criteria#" default="">
                                                        <cfparam name="#URL.criteria#" default="">
                                                        <cfsearch name="GetResults"
                                                        collection="pdsSite"
                                                        criteria="#FORM.criteria#">
                                                        <cfset rowsPerPage = 3>
                                                        <cfparam name="URL.startRow" default="1" type="numeric">
                                                        <cfset totalRows = GetResults.recordCount>
                                                        <cfset endRow = min(URL.startRow + rowsPerPage - 1, totalRows)>
                                                        <cfset startRowNext = endRow + 1>
                                                        <cfset startRowBack = URL.startRow - rowsPerPage>
                                                        <head>
                                                        </head>
                                                        <body>
                                                        <cfif GetResults.RecordCount is 0>
                                                        No files found for specified search, please try a new search.
                                                        <cfelse>
                                                        <cfloop query="GetResults" startRow="#URL.startRow#" endRow="#endRow#">
                                                        <cfoutput>
                                                        <cfset bgcolor=IIf(CurrentRow Mod 2,
                                                        DE('ffffff'),
                                                        DE('ffffcf'))>
                                                        <cfset Body=summary>
                                                        <cfset FileName=GetFileFromPath(Key)>
                                                        <cfset Ext=ListLast(FileName, ".")>
                                                        <cfif Trim(Title) IS "">
                                                        <cfset display=GetFileFromPath(Key)>
                                                        <cfelse>
                                                        <cfset display=title>
                                                        </cfif>
                                                        <a href="#Custom1#" class="subNav">#display#</a> <span class="style8">(#score#)</span> <br>
                                                        <span class="style8"><small>#summary#</small></span>
                                                        </cfoutput>
                                                        </cfloop>

                                                        <cfoutput>
                                                        <cfif startRowBack GT 0>
                                                        <a href="#CGI.script_name#?startRow=#startRowBack#">< Previous</a></cfif>

                                                        <cfif startRowNext lte totalRows>
                                                        <a href="#CGI.script_name#?startRow=#startRowNext#">Next > </a>
                                                        </cfif>
                                                        </cfoutput>

                                                        Here is my error now:

                                                        Element CRITERIA is undefined in FORM.


                                                        The error occurred in C:\Websites\4npp8b\result.cfm: line 1

                                                        1 : <cfparam name="#FORM.criteria#" default="">
                                                        2 : <cfparam name="#URL.criteria#" default="">


                                                        How do I write these to make it work?
                                                        thank you for teh help!!!!!!!!!!!!!!

                                                        • 26. Page security, please help
                                                          CFmonger Level 1
                                                          I have one last question.

                                                          I got it working using these 2 paramiters:

                                                          <cfparam name="FORM.criteria" default="0" type="string">
                                                          <cfparam name="URL.criteria" default="" type="string">

                                                          1. do I need any more? and are these done correctly?
                                                          2. Now that i use these there is 2 lines of code not workin:
                                                          <cfoutput> Search Results:#Criteria#</cfoutput>
                                                          and this:
                                                          <cfform action="result.cfm" method="post">
                                                          <cfinput type="text" name="criteria" value="#Criteria#" id="criteria" size="30" class="search_input">
                                                          --- submit button ---
                                                          </cfform>

                                                          the value doesn't stay either.
                                                          when I click the next button, these 2 lines are disbaled. How would I fix that?
                                                          3. when I hit previous, it messes with the page layout. Makes cells with results bigger and distorts the page a little.
                                                          • 27. Re: Page security, please help
                                                            Level 7
                                                            i would probably cfparam like this:
                                                            <cfparam name="url.criteria" default="">
                                                            <cfparam name="form.criteria" default="#url.criteria#">

                                                            as for the other errors - you are not scoping your CRITERIA variable: it
                                                            should be probably #form.criteria# in your case.


                                                            Azadi Saryev
                                                            Sabai-dee.com
                                                            http://www.sabai-dee.com/
                                                            • 28. Re: Page security, please help
                                                              CFmonger Level 1
                                                              Thank you, the cfparam works nice that you posted, I saw I didn't scope my variables before you posted and fixed it, but now when you hit next it goes away. How would I make it stay? do a

                                                              <cfif isDefined ('#FORM.criteria#')>
                                                              <cfoutput> Search Results:#FORM.criteria#</cfoutput>
                                                              <cfelse>
                                                              <cfoutput> Search Results:#URL.criteria#</cfoutput>
                                                              </cfif>
                                                              or is there a better way?
                                                              • 29. Re: Page security, please help
                                                                Level 7
                                                                well, this has been a very long thread, with lots of bits of code
                                                                posted... hard to keep track of current state of affairs.
                                                                can you re-state what the current problem is? and post relevant code
                                                                that does not work as expected/throws errors?

                                                                how is your pagination set up? do the prev/next links re-submit your
                                                                form or just pass parameters in url? if the latter, make sure you pass
                                                                ALL required parameters in the url: criteria, page, etc etc...

                                                                the FORM scope variables will only be available on the page the form
                                                                submits to and only if the form has been submitted.
                                                                thus the cfparams will work on first access to the results page, when
                                                                the search form has been submitted to it, but will both evaluate to ""
                                                                on click of prev/next link if you are not re-submitting the form with
                                                                those links...

                                                                does this make sense?

                                                                Azadi Saryev
                                                                Sabai-dee.com
                                                                http://www.sabai-dee.com/