In website development, more often than not certain files or directories need access restrictions.  Access can be restricted either through server-side scripting (i.e. Coldfusion, PHP, or ASP) or the web server, like Apache.  To restrict access in Apache, a file named “.htaccess” can be uploaded into the directory of which you want access restricted. The .htacess file is a text file that lets the web server prompt for a username or password, or displays a message that you are not authorized to view the contents of this page.  When restricting users by login name and password, the .htaccess file references a file called .htpasswd.  There is a program in the Apache directory called htpasswd.exe that will create a user and password in an encrypted MD5 format.  There are many options for the htpasswd.exe program that include recreating the file, appending the file, and using different encryption types.  Below is an example of the contents in a .htaccess file.

AuthUserFile c:\security\.htpasswd
AuthName “Please Enter a User and Password”
AuthType Basic
require valid-user

This would be an example of the .htpasswd file.

user1:Nd8VlAyM/Byno
admin:L7L1bBFu6QwEg

Recently, I have implemented a CAPTCHA system on a form using LylaCaptcha. A CAPTCHA is a type of challenge-response to test whether or not a user is human. The CAPTCHA generates an image with distorted text for the user to decipher.

I modified the CAPTCHA to work on static HTML pages and I also implemented additional encryption on top of the hash function. The first thing I did was upload the captchaSerive.cfc and the captcha.xml into a directory called captcha from the root path of the site. Then, I added the following to the application variable:

<cfif isDefined(”URL.reinit”) OR NOT isDefined(”application.init”)>
<cfset application.captcha = CreateObject(”component”,”captcha.captchaService”).init(configFile=”/captcha/captcha.xml”) >
<cfset application.captcha.setup()>
<cfset application.init = true>
</cfif>
<cfif not isDefined(”session.captchaHash”)>
<cflock scope=”Session” timeout=”120″ type=”exclusive”>
<cfset session.captchaHash = structnew()>
<cfscript>
session.captchaHash = “”;
</cfscript>
</cflock>
</cfif>

I then created a script called setcaptcha.cfm, which sets the session.captchaHash and outputs the value for the hash value encrypted with the coldfusion crypt function to the JavaScript XMLHttpRequest Object. Once the readyState is equal to complete or 4, the JavaScript outputs the CAPTCHA image into the HTML, passing the encrypted hash value to another script which displays the image by decrypting the hash value then passing it to the lyla function that streams the image. Lastly, if the form is processing, then I validate the entered text with the session.CaptchHash value with the following function:

application.captcha.validateCaptcha(session.captchaHash,form.textValue)

In Coldfusion, there are many ways to format a number using built-in functions within Coldfusion. Someone might need to format a number in order to pass it on to a Google analytics tracker or to display the number on the screen. One function that is easy to use is the DecimalFormat function; it takes only one parameter and it returns the number as a string with two decimal places, and after every three digits on the left, it adds a comma. If you need the number displayed in U.S. currency format, then use the DollarFormat which does the same thing as the DecimalFormat function except that it adds a leading dollar sign. To display the currency as a number to the thousands place, use the NumberFormat(variableName,”9.99”) function which takes two parameters, the number, and a mask.

In PHP, functions number_format and money_format are used with different options in the parameter fields if you would want commas after every thousands place or not. In C#, String.Format function or adding a mask in the console.writeline/response.writeLine function will diplay the number in different formats.

PEAR (PHP Extension and Application Repository) is a framework and distribution system for PHP components. These components come in packages and are open source. All of the packages come with documentation on uses, requirements, and how to instantiate them into your code. There are a wide variety of PEAR modules that let web programmers do XML parsing, database query caching, form validation, excel document generation, mathematical functions, and more.

Current PHP releases have the PEAR base installation. If PEAR is not installed, then you could either upload the go-pear.php file into your site’s directory or use the command line installer. The PHP website has information on how to use and install the PEAR package manager on Windows, Linux, and shared hosting environments. Packages can be installed by using the PEAR install –options module_name command. Packages are continually updated for bug fixes and for new features.

A Common PEAR package is HTML_QuickForm2 which can be used for creating, validating, and processing forms. Forms can be created through object classes and methods which would allow forms to be created easily through fields in a database, allowing the end user or client of the web site to make changes at their own discretion consequently limiting time of a web developer or webmaster.

PHP can do a lot more than generate dynamic HTML, it can also generate images. There could be many reasons why you would need dynamically generated images over standard images, like creating buttons from text fields in a database or creating visual graphs from web site usage or ecommerce data. PHP also allows the image to be in a variety of formats like JPEG, GIF, BMP, and PNG.

PHP uses the function imagecreate, which takes at least two parameters (the width and height) of the image to return the handle for the image or the resource identifier. To use colors, the color must be allocated in a resource identifier using the function ImageColorAllocate($(Image Handle),RED,GREEN,BLUE). That function returns the handle or resource identifier for the color selected, which then can be used with functions like imagechar, imagefill, imagefilledrectangle, imagefilledpolygon, and imagestring.

Dreamweaver CS3 has many features that can help a programmer to identify bugs and visualize the flow of a program. Built-in features that help are color coding for different languages, strings, tags, methods, and objects. This program also has the ability to compress tag blocks, which could be very useful in debugging and commenting out information. Also, Dreamweaver knows the attributes and values for many tags in many languages. This is helpful in making sure you don’t assign or declare anything into reserve words.

There are three basic views in Dreamweaver: code, design, and split. Split is has both code and design view. In programming, I usually just edit the code to change the way the page displays, but the design view lets you drag and arrange images, tables and divs to let the page display as you want. Another very important feature that can save lots of time is the search and replace feature, which will look through all pages with any web page extension and the line numbers on the side of the page. Applying CSS styles to different elements is a nice feature and it will manage all your styles to. FTP connection and FTP logs are built in so pages can be uploaded to the server easily.

Orderwave is a software application that can automate many processes of an online ordering application or shopping cart. It can do order retrieval, data validation, inventory allocation, data delivery, and payment processing and capturing. It can act as a gateway between a warehouse, shipping, and your commerce shopping application. Orderwave passes data between the client cart and Orderwave system through XML. Some of the XML methods that they have are addorder, getinventory, getshipupdate, getorderstatus, getcatalog, and getcarrierrejects. For the application I was coding, I only needed to used the addorder method.

First, I had to build the list of order items in a variable through a loop.

<cfset linedata = “”>

<cfset numitems = 0>

<cfloop query=”Cart”>

<cfset numitems = numitems + 1>

<cfset linedata = linedata & ” <line_item>

<item_number>#Cart.SKU_MERCHSKUID#</item_number>

<inventory_number>#Cart.SKU_MERCHSKUID#</inventory_number>

<item_description>#Cart.product_Name#</item_description>

<item_price>#Replace(NumberFormat(Cart.SKU_Price,’999999999.99′),” “,”",”ALL”)#</item_price>

<item_quantity>#Cart.cart_sku_qty#</item_quantity> <extended_item_price>#Replace(NumberFormat(Cart.SKU_Price*Cart.cart_sku_qty,’999999999.99′),” “,”",”ALL”)#</extended_item_price>

</line_item>

“>

</cfloop>

Then, I had to build the addorder XML method in a variable then post it through https to Orderwave’s server.

<cfoutput>

<cfsavecontent variable=”strXML”><?xml version=”1.0″ encoding=”utf-8″ ?>

<orderwave>

<call>addorder</call>

<version>1.0.8</version>

<username>#Replace(Replace(orderwavelogin, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</username>

<password>#Replace(Replace(orderwavepass, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</password>

<call_values>

<order_number>#Replace(Replace(Client.CartID, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</order_number>

<order_status>active</order_status>

<order_date>#Year(now())#-#month(now())#-#Day(now())#</order_date>

<email>#Replace(Replace(CustBilling.cst_Email, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</email>

<ship_method>#Replace(Replace(getMethodName.shipmeth_OName, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_method>

<ship_instructions>none</ship_instructions>

<partial_shipment>0</partial_shipment>

<gift_order>0</gift_order>

<order_source>website</order_source>

<bill_to>

<bill_firstname>#Replace(Replace(CustBilling.cst_FirstName, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_firstname>

<bill_lastname>#Replace(Replace(CustBilling.cst_LastName, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_lastname>

<bill_address1>#Replace(Replace(CustBilling.cst_Address1, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_address1>

<bill_address2>#Replace(Replace(CustBilling.cst_Address2, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_address2>

<bill_city>#Replace(Replace(CustBilling.cst_City, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_city>

<bill_state>#Replace(Replace(CustBilling.stprv_Name, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_state>

<bill_zip>#Replace(Replace(CustBilling.cst_Zip, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_zip>

<bill_country>#Replace(Replace(CustBilling.country_Code, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_country>

<bill_phone>#Replace(Replace(CustBilling.cst_Phone, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</bill_phone>

</bill_to>

<ship_to>

<ship_firstname>#Replace(Replace(GetToken(CustShipping.cst_ShpName, 1, ” “), “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_firstname>

<ship_lastname>#Replace(Replace(Replace(CustShipping.cst_ShpName,”#GetToken(CustShipping.cst_ShpName, 1, ” “)# “,”"), “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_lastname>

<ship_address1>#Replace(Replace(CustShipping.cst_ShpAddress1, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_address1>

<ship_address2>#Replace(Replace(CustShipping.cst_ShpAddress2, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_address2>

<ship_city>#Replace(Replace(CustShipping.cst_ShpCity, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_city>

<ship_state>#Replace(Replace(CustShipping.stprv_Code, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_state>

<ship_zip>#Replace(Replace(CustShipping.cst_ShpZip, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_zip>

<ship_country>#Replace(Replace(CustShipping.country_Code, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_country>

<ship_phone>#Replace(Replace(CustBilling.cst_Phone, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</ship_phone>

</ship_to>

<continuity>

<enrolled>0</enrolled>

</continuity>

<charges>

<sub_total>#Replace(Replace(Replace(NumberFormat(Client.OrderTotal-(Client.ShipTotal+Client.TaxAmt),’999999999.99′),” “,”",”ALL”), “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</sub_total>

<tax>#Replace(Replace(Replace(NumberFormat(Client.TaxAmt,’999999999.99′),” “,”",”ALL”), “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</tax>

<shipping>#Replace(Replace(Replace(NumberFormat(Client.ShipTotal,’999999999.99′),” “,”",”ALL”), “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</shipping>

<discount>0.00</discount>

<total>#Replace(Replace(Replace(NumberFormat(Client.OrderTotal,’999999999.99′),” “,”",”ALL”), “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</total>

</charges>

<payment>

<payment_status>uncharged</payment_status>

<cc_number>#Replace(Replace(request.CCNumber, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</cc_number>

<cc_expiration_month>#Replace(Replace(request.ExprMonth, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</cc_expiration_month>

<cc_expiration_year>#Replace(Replace(request.ExprYr, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</cc_expiration_year>

<cc_cvv>#Replace(Replace(request.CCV, “>”,”>”,”ALL”), “<”,”<”,”ALL”)#</cc_cvv>

<check_account_number></check_account_number>

<check_routing_number></check_routing_number>

<check_bank_name></check_bank_name>

<check_branch_city></check_branch_city>

<multi_pay_profile></multi_pay_profile>

</payment>

<line_item_count>#numitems#</line_item_count>

<line_items>

#linedata#</line_items>

</call_values>

</orderwave></cfsavecontent></cfoutput>

<cfset strXML = Replace(strXML, “&”,”&”,”ALL”)>

<cfhttp url=”https://app.orderwave.com/api/main.lasso” timeout=”4000″ port=”443″ method=”post”>

<CFHTTPPARAM type=”body” name=”transaction” value=”#strXML.trim()#” encoded=”no”>

<CFHTTPPARAM type=”HEADER” name=”Content-Type” value=”text/xml” encoded=”no”>

</cfhttp>

Backing up data and files is important. It is also, the first step in any disaster recovery plan. There are many reasons why one might want to backup data, including accidental deletion/modification, virus corruption, hardware failure, and natural disaster. There many different types of backups, but the two most commonly implemented are full backups and incremental backups. A full backup is downloading every file and folder that needs to be backed up every time the task is scheduled or run. An incremental backup is only downloading any file that has been created or modified since the last full backup or last incremental backup.

There are many different ways a backup agent distinguishes if a file has been changed; it could change the archive bit on the file, or check with file sizes and timestamps. When using an incremental backup plan, it is good practice to do full backups frequently because when doing a restore you must restore all incremental backups since the last full backup.

A program that we use called Novosoft Handy Backup is a very good program for system administrators to use if they want to back up their web site and file directories from a remote client without installing any additional software on a server other than an ftp server, which most often is already included on a web server. Handy Backup is one of few programs that allow the target files to be an ftp location and the destination to be a local drive or media. Handy Backup has the ability to schedule multiple backup tasks at different times and different intervals it also has wide range of other features too, but we only use it to back up our files on our FTP servers.

IPCharge is a form of VeriFone Payment Processing Software, which allows credit cards to be charged through a payment gateway. It is similar to PCCharge, but doesn’t require any proprietary software installed on the computer. The credit card information (name, address, zip, card data and client info) is stored in an XML document then passed to VeriFone’s server. The server then returns an XML file that must be parsed to determine if the transaction was successful or if any other transaction information is needed.

IPCharge includes a variety of methods, including but not limited to Sale, Pre-Auth, Void, Post-Auth, and Credit. Post-Auth validates the card then stores the information on the gateways server to be processed in a settlement when the items ship to the customer. Credit transfers funds to the card. Sale charges the credit card. Void cancels a transaction that has not been charged. Pre-Auth stores the credit card data, validates it, and reserves the amount on the credit card in order for it to be processed at a later time.

When I downloaded the documentation for IPCharge, they had code samples for ASP, Visual Basic 6, and C#. So I had to adapt the method for Coldfusion 6. The code below stores the XML into a variable then posts the data to the IPCharge server.

<cfsavecontent variable=”strXML”><?xml version=”1.0″ encoding=”utf-8″?><TRANSACTION>
<CLIENT_ID>XXXXXXXXXXX</CLIENT_ID>
<USER_ID>#ipchargeuser#</USER_ID>
<USER_PW>#ipchargepass#</USER_PW>
<FUNCTION_TYPE>PAYMENT</FUNCTION_TYPE>
<COMMAND>SALE</COMMAND>
<PAYMENT_TYPE>CREDIT</PAYMENT_TYPE>
<PRESENT_FLAG>1</PRESENT_FLAG>
<ACCT_NUM>#form.card#</ACCT_NUM>
<CUSTOMER_STREET>#form.street#</CUSTOMER_STREET>
<CUSTOMER_ZIP>#form.zip#</CUSTOMER_ZIP>
<EXP_MONTH>#form.expirm#</EXP_MONTH>
<EXP_YEAR>#form.expiry#</EXP_YEAR>
<INVOICE>#ticketnum#</INVOICE>
<TRANS_AMOUNT>#numberFormat(amount,.00)#</TRANS_AMOUNT>
<CARDHOLDER>#FullName#</CARDHOLDER>
<CVV2>#form.CVV2#</CVV2>
<MERCHANTKEY>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</MERCHANTKEY>
</TRANSACTION></cfsavecontent></cfoutput>

<cfhttp url=”https://IPCharge.net/IPCHAPI/rh.aspx” timeout=”1000″ port=”443″ method=”post”>
<cfhttpparam type=”body” name=”transaction” value=”#strXML.trim()#” encoded=”yes”>
<cfhttpparamtype=”HEADER” name=”Content-Type” value=”text/xml” encoded=”yes”>
</cfhttp>

NAT is an acronym for Network Address Translation. It can allow a single WAN (Wide Area Network) IP address to represent a group of LAN (Local Area Network) IP addresses. When a computer with a local IP address communicates with a server with an outside IP address, it first goes to the NAT router and writes an entire routing table. When the server responds, it sends the packets of data to the WAN IP address on the router. Once the data is received, the NAT router checks the routing table to see where the destination address is on the LAN for the data.

There are many different ways NAT routers can be configured; some include one-to-one NAT, basic NAT, overlapping, overloading, and static NAT. IP packets include the following information: source IP address, source port, destination IP address, and destination port. There are two different types of IP ports: TCP and UDP.