Week 7

IBS 685

Displaying an Image using CFOUTPUT

1. Save images in a folder under wwwroot directory2. Create a database column and name it e.g. imagefilename

• Make sure that imagefilename column’s datatype is “Text”3. Create a query that selects the imagefilename column4. Create a img src tag where you want to display the image

5. Create a CFOUTPUT tag to display the image• <cfoutput><img src=“#imagefilename#”alt=“image" border="0">

</cfoutput>6. The alt tag can be dynamic too. You can output the definition of the image

if you have the information in your database.

<CFMAIL>

• The structures of the email (such as the recipient list, the subject line and sender) is specified in attributes to the CFMAIL tag.

• The content of the message is placed between opening and closing CFMAIL tags.The critical attributes used in the CFMAIL tag are:To: specifies the email address of the recipientsFrom: Specifies the content of the From line of the

messageSubject: Specifies the Subject line of the email

CFMAIL Example

• <CFMAIL to=someone@some.domainFrom=thesender@another.domainSubject=“A sample Coldfusion E-mail”This is my test message</CFMAIL>Type:Specifies the content type of the messageServer: Specifies an alternate SMTP mail

server. By default, the mail server specified in the CF administrator is used for sending outgoing messages

CFMAIL

<CFMAIL TO="recipient“ FROM="sender" SUBJECT="msg_subject" TYPE="msg_type" MIMEATTACH="path“>

• Before you can use the <CFMAIL> tag to send email messages, you need to specify a mail server in the CF Administrator.

Generating Email from the Contents of a Form

<HTML> <HTML> <TITLE>Send a Greeting</TITLE> </HTML> <BODY> <H1>Send a Greeting</H1> <HR> <P>Use the following form to send a greeting to a friend by e-mail</P> <FORM METHOD=POST ACTION="sendgreeting.cfm"> Your Friend's E-mail Address: <INPUT TYPE="text" NAME="to" SIZE=20><BR> Your Name: <INPUT TYPE="text" NAME="name" SIZE=20><BR> <INPUT TYPE=SUBMIT VALUE="Send"> </FORM> </BODY></HTML>

<HTML> <HEAD> <TITLE>Sending Your Greeting</TITLE> </HEAD> <BODY> <CFIF Form.to is not ""> <CFMAIL TO="#Form.to#" FROM="bozdogan@mercy.edu" SUBJECT="A Greeting">Hi! This is a quick, computer-generated greeting sent to You courtesy of #Form.name# and the CFMAIL

tag. </CFMAIL> <H1>Message Sent</H1> <CFOUTPUT> <P>Your message to #Form.to# has been sent </P> </CFOUTPUT> <CFELSE> <H1>Oops </H1> <P>You need to provide an E-mail address for the recipient. Hit the Back button to return to the form and provide one. Thanks.</P> </CFIF> </BODY></HTML>

Generating Email from the Contents of a Form

Structures

• Structures are the most powerful data type in Coldfusion.

• Structures provide a way to store data within data.

Structures<cfset contact=structNew()><cfset contact.firstname="Ben"><cfset contact.lastname="forta"><cfset contact.email="Ben@forta.com"><cfset contact.lastname="forta">

<!--- <cfoutput>email:<a href="mailto:#contact.email#">#contact.firstname# #contact.lastname# </a>

</cfoutput> --->

<cfdump var="#contact#"><cfoutput>

#StructCount(contact)#</cfoutput>

<CFDUMP> p.175

• Is an invaluable diagnostics and debugging tool capable of displaying all sorts data in a clean and easy to read format.

Introducing Web Application Framework

WAF

• Features all have to do with making all your CF pages for a particular site behave as if they were related to one another– that is to make them behave a single

application.

WAF

• The Web application framework is designed to help you with the following:– Consistent look and feel– Sharing variables between pages

• So far the variables that you have worked all “die” when each page request has been processed.

• Variety of ways to maintain the values of variables between page requests.

WAF

• The framework is the force that binds your templates together.

Using Application.cfm

• To get started with the WAF, you first must create a special file called Application.cfm.

• This file is just an ordinary CF template. • Only two things make Application.cfm special:

– The code in your Application.cfm file will be automatically included just before any of your pages

– You cant visit an Application.cfm directly. You will receive an error message from CF.

Application.cfm File (page 382)

• CF looks for an Application.cfm file in the directory of the called page.– If not found in the current directory, CF will

continue to search the directory structure for a file named Application.cfm

– If found, the Application.cfm file will be included at the top of the page

– If not found, CF continues processing the page without it.

Listing 16.1 Application1.cfm<!--- Filename: Application.cfm (The "Application Template") Created by: Nate Weiss (NMW) Please Note: All code here gets executed with every page request!! Purpose: Sets "constant" variables and includes consistent header--->

<!--- Any variables set here can be used by all our pages ---><CFSET DataSource = "ows"><CFSET CompanyName = "Orange Whip Studios">

<!--- Display our Site Header at top of every page ---><CFINCLUDE TEMPLATE="SiteHeader.cfm">

You can refer to this variable as the datasource attribute for all the <cfquery> tags in the application, as in datasource=“#datasource#”

Using Application.cfm

<HTML>

<HEAD>

<TITLE>

<cfquery name=getemp datasource=#Datasource#>

<cfoutput> #CompanyName#</cfoutput>

</HEAD>

</HTML>

OnRequestEnd.cfm (page 385)

• Automatically included at the very end of every page request, rather than at the beginning.

• This file cannot be visited directly• CF looks for OnrequestEnd.cfm in the same

folder as application.cfm• Place OnrequestEnd.cfm in the same location in

which your Application.cfm is sitting.

<!---Display our site footer at bottom of everypage--->

<cfinclude template = “Sitefooter.cfm”>

OnRequestEnd.cfm

Another Example

<cfoutput>

<font size = “1” face=“sans-serif” color=“silver”>

<p>(c) #year(Now())# #CompanyName#.

All rights reserved.<br>

</cfoutput>

</body>

</html>

Working with Sessions( Page 417)

• WAF focusing on the features that let you track variables on a per-user basis.

• This opens up all kinds of opportunities for keeping track of what each – user needs,– wants,– has seen– or interacting with.

The Web's StatelessnessPage 417

• HTTP creates a new connection for every page request– Variables and flags set during one request

are not available for the next request

• Work around this problem by using:  – Cookies– Application framework– Session variables

Solutions Provided by ColdFusion

• CF provides three types of variables that help you maintain the state of a users visit from page to page and between visits.

– Cookies– Client Variables – Session Variables

HTTP Cookie Variables

• Cookies are simple variables that can be stored on a client machine.

• Browsers store cookies in a physical file or files on the client machine.

• Once the browser has a cookie set, each and every HTTP request will retrieve all cookies for the requested web server domain.

• If the user requests a page from the Macromedia domain, all cookies for that domain would be sent in the HTTP header to the web server.

• Once the browser send the cookies via the HTTP header, CF has access to all of these cookies at runtime.

HTTP Cookie Variables

• Cookies are:– Domain specific-set and retrieved for specific

servers.– Sent to the Web server with every HTTP

request– Persistent-they remain stored in the browser

until expired or deleted– Limited to 20 per domain and 4 K worth of

information.

Cookie Uses

• Cookies are used to obtain information about a user between and within browser sessions. Use of cookies include:– Storing a unique identifier as a cookie, so that

information such as shopping cart data is identified to the browser session.

– Storing a session information, such as a flag that they are logged in until the browser is closed.

– Storing user preferences, so they might return to the site and have the same look and feel.

Making Cookies

• CF allows you to create cookie by using <CFCOOKIE> tag.

• The most common reason for using <CFCOOKIE> is to control how long the cookie will live before before it expires.

• To set a cookie with user_ID with value of 2344:– <CFCOOKIE Name= “USER_ID” value=“2344”

Expires = “100”>

Cookie Types

• There are two types of cookies you can create:• Persistent cookies• Session cookies

• Both can be created using the <CFCOOKIE> tag• Differentiated by the use of the EXPIRES

attribute.

Persistent vs. Session Cookies

• Persistent Cookies:– EXPIRES attribute determines when the cookie

gets deleted from the browser machine:•EXPIRES = "n" •EXPIRES = "date" •EXPIRES = "never" •EXPIRES = "now"

Session Cookies

• Created by omitting the EXPIRES attribute from the <CFCOOKIE> tag

• Only valid until all the browser sessions on that client machine are closed

• Use this value when you only want to track the user for the current session

• Destroyed when the browser sessions close, and are never stored in a file on the browser machine

Accessing Cookies

• Since HTTP specifies that all cookies be automatically sent to the requesting Web server domain, you do not need to fetch them.

• You would access a cookie simply by using it and prefixing it with the Cookie prefix.– The user_ID is:– <cfoutput>#cookie.user_ID# </cfoutput>

• Because cookies are physical files stored on the browser computer that can be deleted at will, you should always test for the existence of cookies prior to use.– Test for existence using the IsDefined () function

<cfif isdefined (cookie.user_ID)>

The user ID is:

<cfoutput>#cookie.user_ID# </cfoutput>

</cfif>

Accessing Cookies

Session Variables• Session variables are:

– Stored in the Web server's memory – Lost when the Web server is restarted – Used for single site visit

• Session variables are not stored physically in the server’s or in the database. Instead they are stored in the servers RAM

• In order to use Session variables, you will need to:1.Check the ColdFusion Administrator for Session

settings 2.Enable Session variables within your Application.cfm file3.Set Session variables in your ColdFusion pages

ColdFusion Administrator Settings

• Session variables must be enabled before use. • Check the following settings in the ColdFusion

Administrator to:1. Make sure that Session variables have not been

disabled

2. Set/reset the Session variables default and maximum timeout settings

ColdFusion Administrator Settings 11-22

• Found in the ColdFusion Administrator in the Server Settings section under Memory Variables

Enabling Session Variables

• Enable session variables by using <CFAPPLICATION> tag.• This tag is always included in Application.cfm file.• Enable session variables in the Application.cfm file:

<CFAPPLICATION name="CoffeeValley" sessionmanagement="Yes"sessiontimeout=#CreateTimeSpan("0", ”1", “0”, "0")#>

• Enables session variables and sets expiration to 1 hour after last browser activity for each session

The maximum timeout default in the ColdFusion Administrator is 20 minutes. Change this value in order for the above tag to allow timeout at 1 hour.

• After you have enabled session variables using <CFAPPLICATION>, you can start using them in your code.

• You can set and use session variables by simply using the Session prefix in front of a variable’s name.

1. The first time a browser requests a page from ColdFusion, it will encounter the <CFAPPLICATION> tag. This is always placed in an Application.cfm file.

2. ColdFusion will generate a unique identifier for the browser. The unique ID is made up of two values: CFID and CFTOKEN.

3. Two cookies are created and sent to the browser: CFID and CFTOKEN.

4. These two values are also stored in the Web server’s memory within the application. This is the link between the Web server and the browser session.

Creating Session Variables

• Session variables are stored in server memory with the matching CFID and CFTOKEN values

• Each session will have a separate set of variables• Once the association between the browser and

the session is made, session variables can be created using the <CFSET> tag

• The Session. prefix is required<CFSET Session.BGColor="red">

Creating Session Variables

• Session variables are stored in server memory with the matching CFID and CFTOKEN values

• Each session will have a separate set of variables

• Once the association between the browser and the session is made, session variables can be created using the <CFSET> tag

• The Session. prefix is required

<CFSET Session.BGColor="red">

Securing your Applications

This line must be wrapped within whatever code validates a users password

<CFSET session.isloggedIN=“yes”>

This line must be put on whatever pages you need to protect

<CFIF not isdefined (“session.isloggedin”)>Sorry, you don’t have a permission to look at that<cfabort></cfif>

<!--- Filename: Application.cfm Created by: Nate Weiss (NMW) Please Note: Executes for every page request--->

<!--- Any variables set here can be used by all our pages ---><CFSET DataSource = "ows"><CFSET CompanyName = "Orange Whip Studios">

<!--- Name our app, and enable Session variables ---><CFAPPLICATION NAME="OrangeWhipSite" SESSIONMANAGEMENT="Yes">

<!--- If user is not logged in, force them to now ---> <CFIF NOT IsDefined("SESSION.Auth.IsLoggedIn")> <!--- If the user is now submitting "Login" form, ---> <!--- Include "Login Check" code to validate user ---> <CFIF IsDefined("Form.UserLogin")> <CFINCLUDE TEMPLATE="LoginCheck.cfm"> </CFIF>

<CFINCLUDE TEMPLATE="LoginForm.cfm"> <CFABORT></CFIF>

All pages in your application have now been locked down and will never appear until you create code that sets the session.auth.isloggedin value

Loginform.cfm<!--- Filename: LoginForm.cfm Created by: Nate Weiss (NMW) Purpose: Presented whenever a user has not logged in yet Please Note: Included by Application.cfm--->

<!--- If the user is now submitting "Login" form, ---><!--- Include "Login Check" code to validate user ---><CFIF IsDefined("Form.UserLogin")> <CFINCLUDE TEMPLATE="LoginCheck.cfm"></CFIF>

<HTML><HEAD> <TITLE>Please Log In</TITLE></HEAD>

<!--- Place cursor in "User Name" field when page loads---><BODY onLoad="document.LoginForm.UserLogin.focus();">

<!--- Start our Login Form --->Read last paragraph of page 473 (cgi script)<CFFORM ACTION="#CGI.SCRIPT_NAME#" NAME="LoginForm" METHOD="POST"> <!--- Make the UserLogin and UserPassword fields required ---> <INPUT TYPE="Hidden" NAME="UserLogin_required"> <INPUT TYPE="Hidden" NAME="UserPassword_required">

<!--- Use an HTML table for simple formatting ---> <TABLE BORDER="0"> <TR><TH COLSPAN="2" BGCOLOR="Silver">Please Log In</TH></TR> <TR> <TH>Username:</TH> <TD>

<!--- Text field for "User Name" ---> <CFINPUT TYPE="Text" NAME="UserLogin" SIZE="20" VALUE="" MAXLENGTH="100" REQUIRED="Yes" MESSAGE="Please type your Username first.">

</TD> </TR><TR> <TH>Password:</TH> <TD> <!--- Text field for Password ---> <CFINPUT TYPE="Password" NAME="UserPassword" SIZE="12" VALUE="" MAXLENGTH="100" REQUIRED="Yes" MESSAGE="Please type your Password first.">

<!--- Submit Button that reads "Enter" ---> <INPUT TYPE="Submit" VALUE="Enter"> </TD> </TR> </TABLE> </CFFORM>

</BODY></HTML>

Logincheck.cfm<!--- Filename: LoginCheck.cfm Created by: Nate Weiss (NMW) Purpose: Validates a user's password entries Please Note: Included by LoginForm.cfm--->

<!--- Make sure we have Login name and Password --->

<CFPARAM NAME="Form.UserLogin" TYPE="string">

<CFPARAM NAME="Form.UserPassword" TYPE="string">

<!--- Find record with this Username/Password ---><!--- If no rows returned, password not valid ---><CFQUERY NAME="GetUser"

DATASOURCE="#DataSource#"> SELECT ContactID, FirstName FROM Contacts WHERE UserLogin = '#Form.UserLogin#' AND UserPassword = '#Form.UserPassword#'</CFQUERY>

<!--- If the username and password are correct --->

<CFIF GetUser.RecordCount EQ 1> <!--- Remember user's logged-in status, plus ---

> <!--- ContactID and First Name, in structure ---

> <CFSET SESSION.Auth = StructNew()> <CFSET SESSION.Auth.IsLoggedIn = "Yes"> <CFSET SESSION.Auth.ContactID =

GetUser.ContactID> <CFSET SESSION.Auth.FirstName =

GetUser.FirstName>

<!--- Now that user is logged in, send them ---> <!--- to whatever page makes sense to start ---

> <CFLOCATION

URL="#CGI.SCRIPT_NAME#"></CFIF>