Against All Odds

Trade Data

Trade data, one of my reporting systems project make me proud. Because I could do what I want to use cool tools in this project. I’ve added Graph features and temp tables of CFMX7. Our client can view monthly reports, yearly report, comparison reports, by commodity reports, badget year reports, by country reports of Export and Import product. It’s very good project for our client who is runing as Stock control Systems.

Systems :

CFMX7, SQL 2005, Ajax and javascript.

Sometimes, most of our websites have been attacked by spontaneously attempted login attack by bots. That’s why we gotta prevent anyone cannot do like that in our web application. Fortunately, it’s very simple to do in ColdFusion. Here is coding…

<cfif session.FailedLogin GT 3>

<cfabort message=”Sorry.! Please contact website administrator to get your password.”>

</cfif>
<cfif loginsuccessfully ….>

Write your code here

<cfelse>

<cfparam name=”session.FailedLogin” default=”0″>
<cfset session.FailedLogin = session.FailedLogin+1>
<cfabort message=”Invalid Username and password”>

</cfif>

In these days, sending spam messages programs are building up and they are now the big challenge for website developers. That’s why some websites prevent this bots by the way of installing captcha program in their site. For coldfusion developer, I’ll describe how to prevent spam bots. Here is coding:

Captcha.cfc

<cfcomponent name=”Captcha” hint=”Writes the captcha to a file”>

<cfscript>

instance = StructNew();

</cfscript>

 

<!——————————————- PUBLIC ——————————————->

<cffunction name=”init” hint=”Constructor” access=”public” returntype=”Captcha” output=”false”>

<cfscript>

return this;

</cfscript>

</cffunction>

 

<cffunction name=”captchaToFile” hint=”Writes the captcha to the designated file path” access=”public” returntype=”void” output=”false”>

<cfargument name=”filePath” hint=”The absolute path to the file the CAPTCHA is to be written to” type=”string” required=”Yes”>

<cfargument name=”text” hint=”The text to display” type=”string” required=”Yes”>

<cfargument name=”width” hint=”The width of the image” type=”numeric” required=”true”>

<cfargument name=”height” hint=”The height of the image” type=”numeric” required=”true”>

<cfargument name=”fontsize” hint=”The font size the text” type=”numeric” required=”true”>

<cfargument name=”leftOffset” hint=”The number of pixels of padding to put to the left of the text” type=”numeric” required=”true”>

<cfargument name=”topOffset” hint=”The number of pixels of padding to put to the top of the text” type=”numeric” required=”true”>

<cfargument name=”shearXRange” hint=”The amount to shear the font on the X axis” type=”numeric” required=”true”>

<cfargument name=”shearYRange” hint=”The amount to shear the font on the Y axis”  type=”numeric” required=”true”>

<cfscript>

var fileOutputStream = createObject(“java”, “java.io.FileOutputStream”).init(arguments.filePath);

writeToStream(fileOutputStream,

 arguments.text,

 arguments.width,

 arguments.height,

 arguments.fontsize,

 arguments.leftOffset,

 arguments.topOffset,

 arguments.shearXRange,

 arguments.shearYRange);

   

   fileOutputStream.flush();

   fileOutputStream.close();

</cfscript>

</cffunction>

 

<cffunction name=”captchaToBinary” hint=”Returns the captcha as binary data for use in the cfcontent ‘variable’ attribute” access=”public” returntype=”any” output=”false”>

<cfargument name=”text” hint=”The text to display” type=”string” required=”Yes”>

<cfargument name=”width” hint=”The width of the image” type=”numeric” required=”true”>

<cfargument name=”height” hint=”The height of the image” type=”numeric” required=”true”>

<cfargument name=”fontsize” hint=”The font size the text” type=”numeric” required=”true”>

<cfargument name=”leftOffset” hint=”The number of pixels of padding to put to the left of the text” type=”numeric” required=”true”>

<cfargument name=”topOffset” hint=”The number of pixels of padding to put to the top of the text” type=”numeric” required=”true”>

<cfargument name=”shearXRange” hint=”The amount to shear the font on the X axis” type=”numeric” required=”true”>

<cfargument name=”shearYRange” hint=”The amount to shear the font on the Y axis”  type=”numeric” required=”true”>

<cfscript>

var byteOutputstream = createObject(“java”, “java.io.ByteArrayOutputStream”).init();

writeToStream(byteOutputstream,

 arguments.text,

 arguments.width,

 arguments.height,

 arguments.fontsize,

 arguments.leftOffset,

 arguments.topOffset,

 arguments.shearXRange,

 arguments.shearYRange);

 

return byteOutputstream.toByteArray();

</cfscript>

</cffunction>

 

<!——————————————- PACKAGE ——————————————->

 

<!——————————————- PRIVATE ——————————————->

 

<cffunction name=”writeToStream” hint=”Writes to a outputStream” access=”private” returntype=”void” output=”false”>

<cfargument name=”outputStream” hint=”Gimme a java.io.OutputStream” type=”any” required=”Yes”>

<cfargument name=”text” hint=”The text to display” type=”string” required=”Yes”>

<cfargument name=”width” hint=”The width of the image” type=”numeric” required=”true”>

<cfargument name=”height” hint=”The height of the image” type=”numeric” required=”true”>

<cfargument name=”fontsize” hint=”The font size the text” type=”numeric” required=”true”>

<cfargument name=”LeftOffset” hint=”The number of pixels of padding to put to the left of the text” type=”numeric” required=”true”>

<cfargument name=”TopOffset” hint=”The number of pixels of padding to put to the top of the text” type=”numeric” required=”true”>

<cfargument name=”shearXRange” hint=”The amount to shear the font on the X axis” type=”numeric” required=”true”>

<cfargument name=”shearYRange” hint=”The amount to shear the font on the Y axis”  type=”numeric” required=”true”>

<cfscript>

/* variables */

var counter = 0; var characters = 0; var top = 0;

var len = 0; var size = 0; var left = 0;

var response = 0; var char = 0; var encoder = 0;

var encoderParam = 0;

 

/* utils */

var staticArrays = createObject(“java”, “java.util.Arrays”);

var staticCollections = createObject(“java”, “java.util.Collections”);

/* prep image  */

var dimension = createObject(“java”, “java.awt.Dimension”).init(width, height);

var imageType = createObject(“java”, “java.awt.image.BufferedImage”).TYPE_INT_RGB;

var bufferedImage = createObject(“java”, “java.awt.image.BufferedImage”).init(JavaCast(“int”, dimension.getWidth()), JavaCast(“int”, dimension.getHeight()), imageType);

var graphics = bufferedImage.createGraphics();

/* get the fonts */

var allFonts = staticArrays.asList(createObject(“java”, “java.awt.GraphicsEnvironment”).getLocalGraphicsEnvironment().getAllFonts());

/* drawing graphics here */

/* background */

var startColor = createRandomLightGreyScaleColor();

var endColor = createRandomLightGreyScaleColor();

var gradientPaint = createObject(“java”, “java.awt.GradientPaint”).init(getRandomPointOnBorder(dimension), 

startColor, 

getRandomPointOnBorder(dimension),  

endColor);

var background = createObject(“java”, “java.awt.Rectangle”).init(dimension);

graphics.setPaint(gradientPaint);

graphics.fill(background);

/* draw some lines */

len = randRange(10, 20);

for(counter = 1; counter lte len; counter = counter + 1)

{

drawRandomLine(graphics, dimension);

}

/* draw the text in random font characters */

characters = text.toCharArray();

len = ArrayLen(characters);

size = fontsize;

top = topOffset;

left = Leftoffset;

staticCollections.shuffle(allFonts);

for(counter = 1; counter lte len; counter = counter + 1)

{

char = characters[counter];

setNewFont(graphics, allFonts, size, arguments.shearXRange, arguments.shearYRange);

graphics.setColor(createRandomDarkGreyScaleColor());

//if cannot display, find a font that can

while(NOT graphics.getFont().canDisplay(char))

{

setNewFont(graphics, allFonts, size, arguments.shearXRange, arguments.shearYRange);

}

graphics.drawString(JavaCast(“string”, char), JavaCast(“int”, left), JavaCast(“int”, top));

left = left + (2 * graphics.getFontMetrics().charWidth(char));

}

/* draw a few more lines */

len = randRange(2, round(max(min(width, height) / 20, 3)));  //draw more lines the bigger it is.

for(counter = 1; counter lte len; counter = counter + 1)

{

drawRandomLine(graphics, dimension);

}

encoder = createObject(“java”, “com.sun.image.codec.jpeg.JPEGCodec”).createJPEGEncoder(arguments.outputstream);

encoderParam = encoder.getDefaultJPEGEncodeParam(bufferedImage);

encoderParam.setQuality(JavaCast(“float”, 0.80), false);

   encoder.setJPEGEncodeParam(encoderParam);

   encoder.encode(bufferedImage);

</cfscript>

</cffunction>

 

<cffunction name=”createRandomLightGreyScaleColor” hint=”Creates a random greyscale java.awt.colour” access=”private” returntype=”any” output=”false”>

<cfscript>

var shade = JavaCast(“int”, RandRange(255, 160));

var color = createObject(“java”, “java.awt.Color”).init(shade, shade, shade);

return color;

</cfscript>

</cffunction>

 

<cffunction name=”createRandomDarkGreyScaleColor” hint=”Returns a dark greyscale java.awt.color” access=”private” returntype=”any” output=”false”>

<cfscript>

var shade = JavaCast(“int”, RandRange(0, 100));

var color = createObject(“java”, “java.awt.Color”).init(shade, shade, shade);

return color;

</cfscript>

</cffunction>

 

<cffunction name=”getRandomPointOnBorder” hint=”Gets a random java.awt.Point on the border” access=”private” returntype=”any” output=”false”>

<cfargument name=”dimension” hint=”The dimension object” type=”any” required=”Yes”>

<cfscript>

var point = createObject(“java”, “java.awt.Point”);

var height = Javacast(“int”, arguments.dimension.getHeight());

var width = JavaCast(“int”, arguments.dimension.getWidth());

var choice = randrange(1,4);

switch (choice)

{

case 1: //left side

point.setLocation(JavaCast(“int”, 0), JavaCast(“int”, RandRange(0, height)));

break;

case 2: //top side

point.setLocation(JavaCast(“int”, RandRange(0, width)), JavaCast(“int”, 0));

break;

case 3: //right side

point.setLocation(width, RandRange(0, height));

break;

case 4: //bottom side

point.setLocation(RandRange(0, width), height);

break;

}

return point;

</cfscript>

</cffunction>

 

<cffunction name=”setNewFont” hint=”Sets a new font in the graphics lib” access=”private” returntype=”void” output=”false”>

<cfargument name=”graphics” hint=”The graphics” type=”any” required=”Yes”>

<cfargument name=”fontCollection” hint=”The current font collection” type=”any” required=”Yes”>

<cfargument name=”size” hint=”The size of the font” type=”numeric” required=”Yes”>

<cfargument name=”shearXRange” hint=”The shear x range” type=”numeric” required=”Yes”>

<cfargument name=”shearYRange” hint=”The shear y range” type=”numeric” required=”Yes”>

<cfscript>

var font = 0;

var staticCollections = createObject(“java”, “java.util.Collections”);

staticCollections.rotate(arguments.fontCollection, 1);

//apply transform twice, just for fun

font = arguments.fontCollection[1].deriveFont(JavaCast(“float”, arguments.size)).deriveFont(getRandomTransformation(arguments.shearXRange, arguments.shearYRange)).deriveFont(getRandomTransformation(arguments.shearXRange, arguments.shearYRange));

arguments.graphics.setFont(font);

</cfscript>

</cffunction>

 

<cffunction name=”getRandomTransformation” hint=”Gets a random transformation” access=”private” returntype=”any” output=”false”>

<cfargument name=”shearXRange” hint=”The shear x range” type=”numeric” required=”Yes”>

<cfargument name=”shearYRange” hint=”The shear y range” type=”numeric” required=”Yes”>

<cfscript>

//create a slightly random affine transform

var transformation = createObject(“java”, “java.awt.geom.AffineTransform”).init();

var shearx = RandRange(-1 * arguments.shearXRange, arguments.shearXRange) / 100;

var sheary = RandRange(-1 * arguments.shearYRange, arguments.shearYRange) / 100;

transformation.shear(shearx, sheary);

return transformation;

</cfscript>

</cffunction>

 

<cffunction name=”drawRandomLine” hint=”draws a random line” access=”private” returntype=”void” output=”false”>

<cfargument name=”graphics” hint=”The graphics” type=”any” required=”Yes”>

<cfargument name=”dimension” hint=”The dimension object” type=”any” required=”Yes”>

<cfscript>

var point1 = getRandomPointOnBorder(arguments.dimension);

var point2 = getRandomPointOnBorder(arguments.dimension);

var staticColor = createObject(“java”, “java.awt.Color”);

arguments.graphics.setColor(staticColor.white);

arguments.graphics.drawLine(

JavaCast(“int”, point1.getX()), 

JavaCast(“int”, point1.getY()), 

JavaCast(“int”, point2.getX()), 

JavaCast(“int”, point2.getY()));

</cfscript>

</cffunction>

 

</cfcomponent>

 

To include your CFM file in like that:

It make “random text and print it onto Captcha Image”

<cfset ststring=structNew()>

<cfloop index=”i” from=”1″ to=”6″ step=”1″>

    <cfset a = randrange(48,122)>

    <cfif (#a# gt 57 and #a# lt 65) or (#a# gt 90 and #a# lt 97)>

        <cfset ststring["#i#"]=”E”>

    <cfelse>

        <cfset ststring["#i#"]=#chr(a)#>

    </cfif>

</cfloop>

<cfset randtext_captcha=”#ststring[1]##ststring[2]##ststring[3]##ststring[4]##ststring[5]##ststring[6]#”>

<cfscript>

captcha = createObject(“component”, “Captcha”).init();

captcha.captchaToFile(expandPath(“captcha.jpg”),”#randtext_captcha#”,400,50,30,10,35,45,60);

</cfscript>

<img src=”captcha.jpg”>

 

How? It’s kinda easy, isn’t it? 

Big Credit: http://www.compoundtheory.com/

I’ve once wrote file upload with flash. But I’m thinking of the weak point of this program would be alright if users don’t have flash player as well as using with GuestAccount. That’s I need to consider how to solve this problem and want to do file upload with Ajax. Eventually, I can do it. Here is coding.

index.cfm

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<title>AJAX File Uploader</title>
<script language=”javascript” type=”text/javascript”>
<!–
function startUpload(){
document.getElementById(‘f1_upload_process’).style.visibility = ‘visible’;
document.getElementById(‘f1_upload_form’).style.visibility = ‘hidden’;
return true;
}

function stopUpload(success){
var result = ”;
if (success == 1){
result = ‘<span class=”msg”>The file was uploaded successfully!<\/span><br/><br/>’;
}
else {
result = ‘<span class=”emsg”>There was an error during file upload!<\/span><br/><br/>’;
}
document.getElementById(‘f1_upload_process’).style.visibility = ‘hidden’;
document.getElementById(‘f1_upload_form’).innerHTML = result + ‘<label>File: <input name=”myfile” type=”file” size=”30″ /><\/label><label><input type=”submit” name=”submitBtn” class=”sbtn” value=”Upload” /><\/label>’;
document.getElementById(‘f1_upload_form’).style.visibility = ‘visible’;
return true;
}
//–>
</script>
</head>

<body>
<form action=”upload.cfm” method=”post” enctype=”multipart/form-data” target=”upload_target” onsubmit=”startUpload();” >
<p id=”f1_upload_process”>Loading…<br/><img src=”loader.gif” /><br/></p>
<p id=”f1_upload_form” align=”center”><br/>
<label>File:
<input name=”myfile” type=”file” size=”30″ />
</label>
<label>
<input type=”submit” name=”submitBtn” value=”Upload” />
</label>
</p>

<iframe id=”upload_target” name=”upload_target” src=”#” style=”width:0;height:0;border:0px solid #fff;”></iframe>
</form>
</body>

Upload.cfm

<cffile action=”UPLOAD” filefield=”myfile” destination=”#application.fpath#test/ajaxupload/files/” nameconflict=”MAKEUNIQUE”>
<cfset myfile = file.serverfile>

<script language=”javascript” type=”text/javascript”>window.top.window.stopUpload(‘1′);</script>

How? It’s easy thought, isn’t it?

Best Credit to : http://www.ajaxf1.com/download.html?item=12

To prevent SQL Injection in Coldfusion, we should use <cfqueryparam> tag between <cfquery> tag. It’s good tag and it output the variable which MS.SQL like. But to get good performance of our website, we should use cachedwidthin attribute of cfquery tag.  If we use <cfqueryparam> tag in <cfquery>, error occur for sure and <cfquery> doesn’t allow <cfqueryparam> tag. So, how to prevent for SQL injection and how to get good performance for your site without using <cfqueryparam>. The answer is quite simple: we need put following coding at the top of your page.

<CFIF IsDefined(“id”) AND NOT IsNumeric(id)>
<cfabort showerror=”Invalid Query String”>
</CFIF>

And, also add following coding in <cfquery> tag,

WHERE ID = #Val(id)#

How? It’s easy though, isn’t it?

Creating communication website, we gotta consider the security, the access and all uploaded data of our users. Now that if anyone want to upload their data into our communication websites, they must have each registered ID. So whenever they come and upload their data into our site, they need to login first and after uploading, they need to logout successfully. It’s ok that no problem without doing logout after uploading if anyone upload their data at their home pc. If Peter (for example) upload their data by using public internet cafe, it’s problem that they didn’t logout after uploading, someone can copy, delete and upload with Peter’s account into communication sites. So, we need to kill our users’ session data whenever they close their browsers after using it. But we cannot do anything if they didn’t logout or didn’t close browser after using.

Here is some coding we need to add in application.cfm

<cfif IsDefined( “Cookie.CFID” ) AND IsDefined(“Cookie.CFTOKEN” )>
<cfset localCFID = Cookie.CFID>
<cfset localCFTOKEN = Cookie.CFTOKEN>
<cfcookie name=”CFID” value=”#localCFID#”>
<cfcookie name=”CFTOKEN” value=”#localCFTOKEN#”>
</cfif>

Since my website has prevented SQL Injection, they keep on attacking on and on. For these case, my sql server reach over-loaded and crushed often. That’s why I need to block the IP of these people before doing anything. So, I’ll create following coding in my application.cfm file.

<cfparam name=”blacklist” default=”">
<cfset application.fpath = “#GetDirectoryFromPath(GetCurrentTemplatePath())#”>

<cfset blacklist = “” />
<cffile action=”read” file=”#application.fpath##fName#” variable=”blacklist” charset=”utf-8″ />

<cfif ListFind(blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cflocation addtoken=”false” url=”/blacklist.cfm” />
</cfif>

<cfif FindNoCase(“DECLARE”,cgi.query_string) and FindNoCase(“CAST”,cgi.query_string) and FindNoCase(“EXEC”,cgi.query_string)>
<cfif not ListFind(blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cfset blacklist = ListAppend(blacklist,cgi.remote_addr,Chr(13)&Chr(10)) />
<cftry>
<cffile action=”write” file=”#application.fpath##fName#” output=”#blacklist#” charset=”utf-8″ />
<cfcatch></cfcatch>
</cftry>
<cflocation addtoken=”false” url=”/blacklist.cfm” />
</cfif>
</cfif>

In these days, some people test writing HTML code, especially javascript tags, marquee tag and so on in input. Because of this case, we need to solve this problem not be inserted miscellaneous codes in our Database. I’ve prevented this kind of problems before time. But, it cannot be used as global function. That’s why I keep searching any solutions in Google and create own coding. Eventually, I’ve get following coding.

<cfscript>
function listFix(list) {
var delim = “,”;
var null = “NULL”;
var special_char_list = “\,+,*,?,.,[,],^,$,(,),{,},|,-,<,>”;
var esc_special_char_list = “\\,\+,\*,\?,\.,\[,\],\^,\$,\(,\),\{,\},\|,\-,&lt,&gt”;
var i = “”;

if(arrayLen(arguments) gt 1) delim = arguments[2];
if(arrayLen(arguments) gt 2) null = arguments[3];

if(findnocase(left(list, 1),delim)) list = null & list;
if(findnocase(right(list,1),delim)) list = list & null;

i = len(delim) – 1;
while(i GTE 1){
delim = mid(delim,1,i) & “_Separator_” & mid(delim,i+1,len(delim) – (i));
i = i – 1;
}

delim = ReplaceList(delim, special_char_list, esc_special_char_list);
delim = Replace(delim, “_Separator_”, “|”, “ALL”);

list = rereplace(list, “(” & delim & “)(” & delim & “)”, “\1″ & null & “\2″, “ALL”);
list = rereplace(list, “(” & delim & “)(” & delim & “)”, “\1″ & null & “\2″, “ALL”);

return list;
}
</cfscript>

How to use?

It’s simple though. Save following coding as ListFix.cfm file. And, include this file before saving users’ data to your Database.

<cfinclude template=”ListFix.cfm”>

<cfquery name=”SaveDataQry” datasource=”MyDSN”>
INSERT INTO MyUsers
(tbl_User_Name)
VALUES
(‘#listFix(username)#’)
</cfquery>

How easy? Try it.

Normally, different language of web programmings are not easy to integrate in the same web page. Although you want to integrate two programming languages in the same webpage, you gotta separate such coding in different portion in <iframe> tag or something else. In CFMX, you don’t need to do like anymore. If you wanna embed in J2EE tags in CFM page, use <cfimport> tag then. Here is simple coding :

<cfimport taglib=”/WEB-INF/lib/random.jar” prefix=”myrand”>
<myrand:number id=”randPass” range=”000000-999999″ algorithm=”SHA1PRNG” provider=”SUN” />
<cfset myPassword = randPass.random>
<cfoutput>
Your password is #myPassword#<br>
</cfoutput>

Big Credit to : http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/Java3.htm#1134309