ColdFusion GuestBook Tutorial
This tutorial shows how a guestbook might be created using ColdFusion. The directions will help you to set up and manage your guestbook with little effort or intervention. The instructions are targeted to the construction of a guestbook that will reside within your site in it's own directory (to keep the content separate and manageable).
Creating the GuestBook
Create a web page for your guestbook named index.cfm and locate this page in a directory of it's own within your web site. You can use your web site design if you so choose. To this page you will add three parts in following order: the processing code, the display code, and the submission code.
Processing code:
This code processes the submission, modifies the associated files, and e-mails the guestbook owner after every new entry. It is placed before the display code.
Three messages are provided by this section depending on the status of the visit to the guestbook: a link down to the form for a new visitor, a thank you for a new submission, and a message that sequential submissions are not permitted by the same visitor.
Processing Note:
Replace each occurrence in the file that reads PATH_TO_YOUR_GUESTBOOK_DIRECTORY with the correct path to these files.
Example: The path to this demo guestbook is:
/www/tutorial/guestbook/gb
You might also want to specify the color of the titles, the e-mail address of the guestbook owner, and how many messages to display. Where and how to provide these are identified in comments within the file. Additional instructions are provided in the first part of the file as well.
Display code:
This call will display the current information found in the guestbook. The code must be after the [processing code] in order to display the current changes to the guestbook.
Display Note:
Replace the occurrence in the file that reads PATH_TO_YOUR_GUESTBOOK_DIRECTORY with the correct path to these files.
Example: The path to this demo guestbook is:
/www/tutorial/guestbook/gb
Submission code:
The submission code is a fairly standard web form that simply calls the same page where the form initially was found. In calling itself, the form executes the associated ColdFusion code to process the submission and redisplay the result. This section is generally placed near the end of the guestbook page so that a visitor may read prior submissions before they submit their own feedback. The ColdFusion code in this section will automatically insert the address of the current web page so that the form will work properly.
Submission Note:
If you need to modify this form to ask for other information you will also need to modify the ColdFusion of the [processing code] for that information to be used and saved.
Creating the Associated Files
Two text files are needed to store messages posted to your guestbook:
- GB-current.txt
- 'Current' postings to display will be found in this file.
- GB-archive.txt
- This file will contain the postings for 'Archive' purposes.
| <hr /><!-- GB END --><hr /> |
The 'Archive' postings file should have a comment or message indicating it's purpose but it is not necessary. This message will be retained at the start of the file.
Giving the server read/write permission:
FACL Note:
The following 'setfacl' commands require that your web server support File Access Control Lists (FACL). If your server, or host, does not support FACL you will need to have your system administrator set the appropriate permissions. The permissions of the two guestbook text files should allow the ColdFusion server to modify the file contents, but not allow the 'world' to make changes.
|
setfacl -m u:nobody:6 GB-current.txt setfacl -m u:nobody:6 GB-archive.txt |
The name 'nobody' is the permission group of the web server.
|
setfacl -d u:nobody GB-current.txt setfacl -d u:nobody GB-archive.txt |
Securing Your GuestBook with File Access Control
Caution: Using this security feature may prevent some users from accessing your guestbook. The method explained will also only work on an Apache web server. The reason for this is the feature checks to see where the visitor was when they requested the guestbook page (the referring web address).
Some Internet providers do not forward referring address information (i.e. AOL). Because of this those visitors will never be able to view your guestbook. You must weigh your options: 1) let any referrer call your guestbook, thereby bypassing your site entirely; 2) restrict referrers and in the process loose some possible feedback.
One additional file is needed to ensure that the entry to your guestbook is only made from your web site. Your guestbook directory needs an access control file in the name of .htaccess to control who can call your guestbook. This file is placed in your guestbook directory.
HTACCESS Note:
In this file replace PATH_TO_YOUR_WEB_SITE with the correct path to your web site (not to your guestbook directory), and replace http://WEB_SERVER_ADDRESS/ with your web server's address.
| /tutorial/guestbook/ |
|
http://www.melvinwallerjr.com/ |
| http://www.melvinwallerjr.com/tutorial/guestbook/ |
If you have this set up correctly, links from your web site should display your guestbook. However, links from other sites, browser bookmarks, or entering the address directly in the browser should result in another page within your web site. (Be sure to reload your page to verify this works. Some browsers will cache the guestbook page and not show the true results.)
Finishing Up
You should now have created one directory (located within your web site) which contains four files. These are: the guestbook web page, the current postings file, the archive postings file, and the access control file. All that is needed now is to link to your guestbook and test it.
PHP GuestBook Demo
Finally, now that you have gone through the steps of how to build the guestbook, I would normally offer a CFM GuestBook working example. The problem is my current web site provider does not offer CFM support. So instead, have a look at the PHP GuestBook working example since they both work the same.
