Hey. Has any one even heard of this before? I seem to have encountered it on my new VD server. http://tokeymon.com/ but if I hit cancel twice, then I'm allowed to the page... Any place I have used cfform for different sites, they act the same way... any ideas on this? I'm on IIS6 / Coldfusion 8
well if you look at the source code, I am tryin to access some javascript pages. When you use cfform, CF automatically creates links to these 2 pages. <script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script> <script type="text/javascript" src="/CFIDE/scripts/masks.js"></script> I only say that because I didn't write that in my code, lol. But when I try to access these 2 pages, I get that username/password prompt, so I atleast know linking to anything in the CFIDE folder is what is causing this issue, but I'm not sure what to do to resolve it. my basic cfform code: <cfform action="index.cfm?Action=Upload" enctype="multipart/form-data" id="uploadForm" name="uploadForm"> <cfinput type="file" name="fileUpload" id="fileUpload" /> <cfinput name="go" type="submit" value="Go" /> </cfform> Code (markup):
<script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script> <script type="text/javascript" src="/CFIDE/scripts/masks.js"></script> Code (markup): Why do you need this code? Are you simply trying to upload some sort of file to your web server? From you little bit of code you posted, it seems it may be the start of this. Here's a snippet to upload a file to your web server: <cfform action="submit_recipe.cfm" method="post" name="upload_form" enctype="multipart/form-data" id="upload_form"> Browse for your file you wish to upload>): <br /> <cfinput name="ul_path" type="file" id="ul_path" size="30" required="true" message="Please select a file to upload!"> <cfinput type="submit" name="upload_now" value="submit"> </cfform> <cfif isdefined("form.upload_now")> <cffile action="upload" filefield="ul_path" destination="#ExpandPath("/upload")#" accept="image/jpeg, image/bmp, image/gif, image/jpg, image/svg, image/pjpeg, image/pjpg, image/png, image/x-png" nameconflict="makeunique"> <CFQUERY DATASOURCE="DSN" NAME="UPLOAD"> INSERT INTO UPLOAD(SERVER_FILE_NAME, CLIENT_FILE_NAME) VALUES ( <cfqueryparam value="#CFFILE.serverFile#" cfsqltype="cf_sql_varchar"> , <cfqueryparam value="#CFFILE.clientFile#" cfsqltype="cf_sql_varchar"> ) </CFQUERY> </cfif> Code (markup): The above code will help you get on track with uploading files. Without knowing specifically what you need to do, it's tough to judge what you need. If you want to eliminate the error, I'd workaround by not including that code you have.
whoa, your missing the point of the problem here.. my problem IS with cfform. has nothing to do with me tryin to make an upload form or w/e. what I'm saying IS, all my current pages that use cfform, are NOW causing this username and password prompt to show up. whether its an upload form, a mail contact form, etc. BECAUSE when I use cfform, CF8? automatically includes those 2 JS pages. and for some reason, my new server might not be configured properly?? and for some reason, I don't know how to STOP the user name/password promopt when I wanna access this CFIDE folder.. the above code will still cause the prompts. because your using CFFORM. and CF8 will include those 2 pages.. heres your code, I did not add anything to it..... tokeymon.com/yourcode.cfm but view source.....
Are you having similar problems with other CF tags, or is it solely cfform? Does your web host allow for secure folder access? Sometimes you can restrict a user from accessing a certain page using your web host's security - maybe try checking your web server properties?
The problem is related to the fact that the JS files that CFFORM is trying to hit are protected either with NTFS (windows) or htaccess permissions. I never like to expose my CFIDE directory anyway as there is a security vulnerability there, which it appears you are already aware of or you wouldn't be locking that down. This is where the "scriptsrc" attribute of CFFORM comes in. Just copy the cfform.js and masks.js to a folder in your web root (like "js"). Then in your CFFORM call, include: scriptsrc="/js" -the end...
Oh... one other small thing - if this is a hosted server and you don't have access to those files in the first place, you can copy them from any installation. Just make sure you match up the version (ie, get the CF7 ones if you are on CF7 or CF8 ones if you are on CF8)
well I have full access to the server, so moving the files around isn't a big deal. what in CFIDE is so important tho, if I may ask? I have alot of domains, so is it a big deal if I just put a CFIDE folder in each domain root folder? and how do I disable this password protected folder on windows server 2003? I assume it kept its protected nature from when I copied it from the original installation..?
There are security concerns in leaving your entire CFIDE folder public in that someone could set up a brute force attack against your CF admin. If they did get in, it should be plainly obvious the damage that could be done. That kind of attack is not terribly difficult considering that it isn't even a user/password authentication, but rather just a password. A bigger question is why you would need that directory on a production server? If you really can justify keeping it there, then keeping file level security enabled as you have is definitely the right way. An easier way to manage all that is just to have it in a single spot and use virtual directories in the web server. Now... about the CFFORM scripts stuff, given your setup you could either: a) just open up the permissions in the scripts folder, which would be a nice easy solution that would affect all instances of CFFORM, or b) move those two files to your web root and alter your CFFORM attributes to use the scriptsrc attribute.
ahhhhh, I totally missed that part of your post. after lookin at the cfml reference for cfform, I see they DID add a lot to the tag. well using that attribute DOES solve all my problems for now. just a complete oddball question now tho, is it better to use ONE source for all of my cfforms? wither they be for one site, or my entire server. In the scenario that adobe wanted to make updates, I'd have to go around and update all my cfform.js pages... (kinda like I just did.. lol)
Like many questions when it comes to development, the answer is "it depends". If you aren't likely to modify those files to fit specific needs in your application, then it would probably make the most sense to just keep it in one directory on your server and then create virtual directories in IIS/Apache to point to it. On the other hand, if you start modifying them it would obviously make more sense to have that stored in your source code repository as part of your application. That's my .02 anyway...