Skip to main content
C
CFmonger
Inspiring
May 20, 2008
Answered

Page security, please help

  • May 20, 2008
  • 1 reply
  • 2749 views
Hello;
I am trying to come up with a script that will lock you out of a page if you do not use the proper criteria. It is a search for a site, and I set it up right now so that if you try and get to the result page without using a form, it gives you a message and a new search box. This works fine.

What happens now is if you preform a search and it comes back with lets say 9 records, I have the next / previous set to allow 3 per page, when you click next it comes back and gives the message I set you to get if you didn't use a form button.

How do I make this security tag work with both the next previous and using a form button?

(If I don't lock it down like this, and you access the page directly, you get errors, so I need to make the user use the page the way I set it.)

This is my script:

<cfif NOT isDefined('form.submit')>
You get this telling to to try again
<cfelse>
this runs the cod on the page
</cfif>

The link I am trying to allow to pass this uses this:

http://www.mysite.com/result.cfm?startRow=4

What can I add to this script to make both of these senarios pass?

Thank you.

CFmonger
This topic has been closed for replies.
Correct answer Kronin555
I have done all that, the search works, I am at the enhancing the innerface and I can't get the next / prev to work. I use it on regular querys and it works fine. But it will not work on this, I have been trying all types of senarios and it all errors.

What do I need to do to fix this code and make it work?
Scrap the "put it in the session" idea. Go back to your original code.

Put <cfparam> tags at the top of the page your search form posts to.
Put a cfparam for the URL variables that get submitted when you do next/previous. Setup defaults.
Put a cfparam for all form fields from your search form. Setup defaults.

Now, you should be able to go directly to that page and it shouldn't throw an error. Why? because, you provided defaults for all the variables that page is expecting. Simple. No session. No user lock out. Good coding practice.

1 reply

N
Newsgroup_User
Inspiring
May 20, 2008
CFmonger wrote:
> (If I don't lock it down like this, and you access the page directly, you get
> errors, so I need to make the user use the page the way I set it.)
>

If you are not doing this for a security reason, why don't you just
provide a default behavior so the error can not happen. Rather then
lock the user out. There are sometimes reasons to lock out users, but
one should always provide behavior so your result pages works at all
times. Rather then just try and prevent the errant behavior. This would
be a more scalable solution.


Other then that, your <cfif...> branch would need to look for either
case you want to allow through your logic. I.E. either form.submit or
url.startRow looking at your code. But I am not recommending this
fragile fix.
C
CFmongerAuthor
Inspiring
May 20, 2008
So basically, your talking about custom error handling? Create a page that would handle an error if someone tried to access the result page without using the search from?

If I use url.startrow it throws an error, then there is endrow for going back a record.

cannot convert the value "url.startRow" to a boolean


The error occurred in C:\Websites\4npp8b\result.cfm: line 11

9 : <cfset application.cont=cont>
10 : </cflock>
11 : <cfif NOT isDefined('form.submit') OR ('url.startRow')>
12 : <cfelse>
13 : <cfsearch name="GetResults"

So how owuld I send someone to another page if they got an error? The page works fine accept for this lock out I am trying to write. Should I post the code for the page so you see what is going on?

CFmonger
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices