943,539 Members | Top Members by Rank

Web Development > ColdFusion > Register page problem.
Ad:
  • ColdFusion Discussion Thread
  • Marked Solved
  • Views: 1885
  • ColdFusion RSS
Permalink
Aug 20th, 2009
0

Register page problem.

Expand Post »
I am so confused, I want to add some anti-spam security to my upcoming register page but something is really wrong.
Note that my server is Coldfusion MX7 (i can not afford better) and because of that i can not use
cfimage(captcha).

This is what i have:

ColdFusion Syntax (Toggle Plain Text)
  1. <cfset strLowerCaseAlpha = "abcdefghijklmnopqrstuvwxyz">
  2.  
  3. <cfset strUpperCaseAlpha = UCase( strLowerCaseAlpha )>
  4.  
  5. <cfset strNumbers = "0123456789">
  6.  
  7. <cfset strAllValidChars = (
  8.     strLowerCaseAlpha &
  9.     strUpperCaseAlpha &
  10.     strNumbers
  11.     )>
  12.  
  13. <cfset arrPassword = ArrayNew( 1 )>
  14.  
  15. <cfset arrPassword[ 1 ] = Mid(
  16.     strNumbers,
  17.     RandRange( 1, Len( strNumbers ) ),
  18.     1
  19.     )>
  20.  
  21. <cfset arrPassword[ 2 ] = Mid(
  22.     strLowerCaseAlpha,
  23.     RandRange( 1, Len( strLowerCaseAlpha ) ),
  24.     1
  25.     )>
  26.  
  27. <cfset arrPassword[ 3 ] = Mid(
  28.     strUpperCaseAlpha,
  29.     RandRange( 1, Len( strUpperCaseAlpha ) ),
  30.     1
  31.     )>
  32.  
  33. <cfloop
  34.     index="intChar"
  35.     from="#(ArrayLen( arrPassword ) + 1)#"
  36.     to="8"
  37.     step="1">
  38.  
  39.     <cfset arrPassword[ intChar ] = Mid(
  40.         strAllValidChars,
  41.         RandRange( 1, Len( strAllValidChars ) ),
  42.         1
  43.         )>
  44.  
  45. </cfloop>
  46.  
  47.  
  48. <cfset strPassword = ArrayToList(
  49.     arrPassword,
  50.     ""
  51.     )>
  52.  
  53.  
  54.  
  55.  
  56. <cfif IsDefined("FORM.spamcode")>
  57.     <cfif form.spamcode neq strPassword >
  58.     not equal
  59.     <cfelse>
  60.    finally working
  61. </cfif>
  62. </cfif>
  63.  
  64.  
  65.  
  66.                  <cfif isdefined ("strPassword")>
  67.                  <cfoutput>#strPassword#</cfoutput>
  68.                  </cfif>
  69.  
  70.  
  71. <form action="" method="post">
  72.   <label>
  73.     <input type="text" name="spamcode" id="spamcode" />
  74.   </label>
  75. </form>


this is just testing code but it is somehow messed up.
every time when i click on the submit button i get not equal!
I also need to add when i set up strPassword manualy instead of ArrayToList, for example
<cfset strPassword=test413> and then insert in form test413 and compare it everything is fine. You can copy/paste this code to test it. Any ideas please?
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
pirula is offline Offline
11 posts
since Apr 2009
Permalink
Aug 21st, 2009
0

Re: Register page problem.

Click to Expand / Collapse  Quote originally posted by pirula ...
I am so confused, I want to add some anti-spam security to my upcoming register page but something is really wrong.
Note that my server is Coldfusion MX7 (i can not afford better) and because of that i can not use
cfimage(captcha).

This is what i have:

ColdFusion Syntax (Toggle Plain Text)
  1. <cfset strLowerCaseAlpha = "abcdefghijklmnopqrstuvwxyz">
  2.  
  3. <cfset strUpperCaseAlpha = UCase( strLowerCaseAlpha )>
  4.  
  5. <cfset strNumbers = "0123456789">
  6.  
  7. <cfset strAllValidChars = (
  8.     strLowerCaseAlpha &
  9.     strUpperCaseAlpha &
  10.     strNumbers
  11.     )>
  12.  
  13. <cfset arrPassword = ArrayNew( 1 )>
  14.  
  15. <cfset arrPassword[ 1 ] = Mid(
  16.     strNumbers,
  17.     RandRange( 1, Len( strNumbers ) ),
  18.     1
  19.     )>
  20.  
  21. <cfset arrPassword[ 2 ] = Mid(
  22.     strLowerCaseAlpha,
  23.     RandRange( 1, Len( strLowerCaseAlpha ) ),
  24.     1
  25.     )>
  26.  
  27. <cfset arrPassword[ 3 ] = Mid(
  28.     strUpperCaseAlpha,
  29.     RandRange( 1, Len( strUpperCaseAlpha ) ),
  30.     1
  31.     )>
  32.  
  33. <cfloop
  34.     index="intChar"
  35.     from="#(ArrayLen( arrPassword ) + 1)#"
  36.     to="8"
  37.     step="1">
  38.  
  39.     <cfset arrPassword[ intChar ] = Mid(
  40.         strAllValidChars,
  41.         RandRange( 1, Len( strAllValidChars ) ),
  42.         1
  43.         )>
  44.  
  45. </cfloop>
  46.  
  47.  
  48. <cfset strPassword = ArrayToList(
  49.     arrPassword,
  50.     ""
  51.     )>
  52.  
  53.  
  54.  
  55.  
  56. <cfif IsDefined("FORM.spamcode")>
  57.     <cfif form.spamcode neq strPassword >
  58.     not equal
  59.     <cfelse>
  60.    finally working
  61. </cfif>
  62. </cfif>
  63.  
  64.  
  65.  
  66.                  <cfif isdefined ("strPassword")>
  67.                  <cfoutput>#strPassword#</cfoutput>
  68.                  </cfif>
  69.  
  70.  
  71. <form action="" method="post">
  72.   <label>
  73.     <input type="text" name="spamcode" id="spamcode" />
  74.   </label>
  75. </form>


this is just testing code but it is somehow messed up.
every time when i click on the submit button i get not equal!
I also need to add when i set up strPassword manualy instead of ArrayToList, for example
<cfset strPassword=test413> and then insert in form test413 and compare it everything is fine. You can copy/paste this code to test it. Any ideas please?
I have only had a few minutes to look at the code and the problem I see is that the value in your text field is being compared with the NEW spamcode; not the one that is generated for the page that you entered the text value on.
Try the code below and you will see what I am saying:
Coldfusion Syntax (Toggle Plain Text)
  1. <cfif IsDefined("FORM.spamcode")>
  2.     We are comparing <cfoutput>#form.spamcode# with #strPassword# which happens to be the NEW spamcode</cfoutput><br />
  3.     <cfif form.spamcode neq strPassword >
  4.     not equal
  5.     <cfelse>
  6.    finally working
  7. </cfif>
  8. </cfif>
Last edited by cheapterp; Aug 21st, 2009 at 9:50 am.
Reputation Points: 10
Solved Threads: 2
Light Poster
cheapterp is offline Offline
33 posts
since Jun 2008
Permalink
Aug 21st, 2009
0

Re: Register page problem.

In your form declare a hidden type input and set it to 'strPassword'
<input type="hidden" name="OldCode" value="<cfoutput>#strPassword#</cfoutput>" />
and then change the comparison <cfif> to
<cfif Compare(FORM.spamcode, FORM.OldCode)>
Keep in mind though - Hidden type fields are visible when you do a 'View Source' on the page. Therefore sensitive data should not be passed through them.
Reputation Points: 10
Solved Threads: 2
Light Poster
cheapterp is offline Offline
33 posts
since Jun 2008
Permalink
Aug 21st, 2009
0

Re: Register page problem.

similar idea came to me. i figured out it has something to do with page
refresh. It's perfectly clear now, you explained it well in your first post.
Problem is i still can not make it work. I tried several things with cfifs and cfaborts and somehow, for some reason i didn't succeed. I will keep trying.

i already tried Compare and same! also your code from second post doesn't seem to be working as it supose to. problem still persist.
Last edited by pirula; Aug 21st, 2009 at 4:22 pm.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
pirula is offline Offline
11 posts
since Apr 2009
Permalink
Aug 22nd, 2009
0

Re: Register page problem.

I found a solution for my problem! If you need code please let me know i will post it here.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
pirula is offline Offline
11 posts
since Apr 2009

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in ColdFusion Forum Timeline: login password problems
Next Thread in ColdFusion Forum Timeline: XSS and SQL Injection





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC