Lizra Technologies-Software Programming,Web Development,E-Commerce Development Web Hosting

About Us

Tutorials

File Uploading Custom tag in Cold Fusion

Sometimes we need to allow upload files to the server from cold fusion pages.Cold fusion has got many powerful tags to do different actions in the server that includes <cffile uploading tag. When we give the file uploading option through our pages, we need to consider many things such as protect server from malicious file uploads.
Server security must be taken care by several ways of validations in the file processing page. One way to do this is restrict file extensions to only certain types. Also you may want to restrict the file size.
Recently I had a chance to write a file uploading custom tag in cold fusion, which you might find useful in your cold fusion applications. I'll write down step by step what I’m trying to achieve with my custom tag.

Upload the file from local system to a temporary directory in live server.
Validate File extension and File Size.
Delete file from the server if file is invalid.
Move file to a Permanent Directory id file is valid.
Before we proceed any further with the file upload custom tag, we take a look at the <cffile file tag briefly.

<cffile tag

This tag handles all the interaction with the files based on the value passed on the action attribute of the tag. Action attribute can be read, readBinary, write, append, delete, copy, rename, move or upload.
For example, if we want to upload a file to the server from an html form, following cold fusion code should do that job.

<cffile action = "upload" fileField= "form-field-name" destination ="file-uploading-directory" mode = "666">

After a file upload completed to the server, file upload status can be retrieved using cffile prefix. For instance, Cffile.fileWasSaved gives the status of file upload. Cold fusion documentation has provided with all the file upload status information.

On UNIX servers permission needs to set with <cffile tag to perform file upload. Use mode attribute to pass permission values. Permissions are assigned for owner, group, and other, respectively. In the above example mode = "666" assigns read/write permissions for owner, group, and other. This mode attribute is ignored on Windows Servers.

Upload a File

First we have to create a form to upload a file from html or a cold fusion page.

I name this as first.cfm

<form method="post" action="uploadprocess.cfm" enctype="multipart/form-data">
<input type="file" name="filename" size="30"><br>
<input type="submit" name="frmbtn" value="submit">
</form>

Make sure that passing parameter ‘multipart/form-data’ to form enctype attribute. It is the way telling server that there may be attachments associated with this form.

Uploading file should process in uploadprocess.cfm

<cfmodule template = "tg_uploadfiles.cfm" accepted_ext = ".gif,.jpeg,.txt"
allowed_filesize = "100" file_field = "filename"
file_displayname = "Attachment"
temp_dir = "temporary directory name"
upload_dir = "permanent directory name">

<cfif error_type eq "Success">


Upload status: successfully uploaded <br>
File name : <cfoutput>#filename#</cfoutput>
File size :<cfoutput>#filesize#</cfoutput>

<cfelse>

<cfoutput>
Error type : #error_type# <br>
Error message: #string_error# <br>
File name : #filename#
</cfoutput>
</cfif>

See the following Input/output parameter details of this custom tag.

Input parameters:
accepted_ext(optional) = accepted file extensions (e.g., .gif,.jpeg,.jpg).
allowed_filesize (optional) = pass the value and restrict uploading file size (e.g., 100)
file_field (required) = uploading file name from form.
file_displayname(optional) = uploading file display name . This will display with error message if it occurs while uploading (e.g., 'Default image').
temp_dir (required) = temporary uploading directory.
upload_dir (required) = permanent uploading directory.

Out put variables:
error_type = status of the upload. The value should be one of the following:

Parameter Error - some value is missing to custom tag.
File Support - System doesn't support file type user tried to upload. This message will display only if 'accepted_ext' input variable set.
File Size - file size is exceeded than the value passed through input variable 'allowed_filesize'.
Save Error - Couldn't save the file. There is something wrong with uploading the file.
Unknown Error - Caught an error while uploading the file. Details will display on 'string_error' variable.
Success - file uploaded successfully.
string_error = string message if some error occurs
filename = return uploaded file name if the error_type ='Success'.
filesize = size of the uploaded file

tg_uploadfiles.cfm

<cfparam name="attributes.accepted_ext" default="">
<cfparam name="attributes.allowed_filesize" default="">
<cfparam name="attributes.file_field" default="">
<cfparam name="attributes.file_displayname" default="Uploading">
<cfparam name="attributes.temp_dir" default="">
<cfparam name="attributes.upload_dir" default="">
<cfset caller.filename="">
<cfset caller.filesize="">

<cftry>

<cfif (len(attributes.file_field) eq 0 or
len(attributes.temp_dir) eq 0 or
len(attributes.upload_dir) eq 0)>

<cfset caller.error_type="Parameter Error">
<cfset caller.string_error="Error! Some parameters are missing to this custom tag."> <cfelse>

<cffile action = "upload" mode="666" fileField= "#attributes.file_field#"
destination = "#attributes.temp_dir#" nameConflict= "MakeUnique">

<cfif cffile.fileWasSaved eq "Yes">

<cfif len(trim(attributes.accepted_ext))>

<cfset ext_Found = listFindNoCase(attributes.accepted_ext,".#cffile.serverFileExt#")> <cfelse>
<cfset ext_Found =1>
</cfif>

<cfif ext_Found is 0>
<cfset caller.error_type="File Support">
<cfset caller.string_error="#attributes.file_displayname# file is not supported. supporting file extensions are: #attributes.accepted_ext#.">

<cfif fileexists("#attributes.temp_dir##cffile.serverFile#")>
<cflock type="EXCLUSIVE" scope="SESSION" timeout="30">
<cffile action = "delete" file = "#attributes.temp_dir##cffile.serverFile#">
</cflock>
</cfif>
<cfelseif (len(trim(attributes.allowed_filesize)) and
cffile.fileSize gt (attributes.allowed_filesize*1024*1024))>
<cfset caller.error_type="File Size">
<cfset caller.string_error="#attributes.file_displayname# file size should be less than #attributes.allowed_filesize#.">

<cfif fileexists("#attributes.temp_dir##cffile.serverFile#")>
<cflock type="EXCLUSIVE" scope="SESSION" timeout="30">
<cffile action = "delete" file = "#attributes.temp_dir##cffile.serverFile#"> </cflock>
</cfif>
<cfelse>
<cfif fileexists("#attributes.upload_dir##cffile.serverFile#")>

<cfset lcl_newfilename=
dateformat(now(),'ddmmyyyy')&timeformat(now(),'hhmmss')&".#cffile.serverFileExt#">

<cflock type="EXCLUSIVE" scope="SESSION" timeout="30">
<cffile action = "rename" source = "#attributes.temp_dir##cffile.serverFile#"
destination="#attributes.upload_dir##lcl_newfilename#">

</cflock> <cfelse>

<cfset lcl_newfilename=lcase(cffile.serverFile)>


<cflock type="EXCLUSIVE" scope="SESSION" timeout="30">
<cffile action = "move" source = "#attributes.temp_dir##cffile.serverFile#" destination="#attributes.upload_dir##lcl_newfilename#">

</cflock>

</cfif>
<cfset caller.error_type="Success">
<cfset caller.string_error="File successfully uploaded. File location: #attributes.upload_dir##lcl_newfilename# ">
<cfset caller.filename=lcl_newfilename>
<cfset caller.filesize=cffile.fileSize>
</cfif>
<cfelse>
<cfset caller.error_type="Save Error">
<cfset caller.string_error="Couldn't upload the file. Please contact administrator for details">
</cfif>
</cfif>

<cfcatch type = "Any">

<cfset caller.error_type="Unknown Error">
<cfset caller.string_error=cfcatch.message>
</cfcatch>
</cftry>

Author: SR

Send any comments at: contact@lizratechnologies.com