Monday, May 21, 2012    
Home My Books Blog ColdFusion About Me Back    

Calendar
<< Nov 2007 >>
S M T W T F S
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Search

Categories
 • Acrobat (5) [RSS]
 • Adobe (117) [RSS]
 • AdobeMAX06 (45) [RSS]
 • AdobeMAX07 (59) [RSS]
 • AdobeMAX08 (66) [RSS]
 • AdobeMAX09 (39) [RSS]
 • AdobeMAX10 (34) [RSS]
 • AdobeMAX11 (28) [RSS]
 • AdobeMAX13 (1) [RSS]
 • AIR (299) [RSS]
 • Appearances (217) [RSS]
 • Books (86) [RSS]
 • CFEclipse (15) [RSS]
 • Cloud (1) [RSS]
 • ColdFusion (1482) [RSS]
 • ColdFusion Builder (23) [RSS]
 • Data Services (43) [RSS]
 • Fish Tank (5) [RSS]
 • Flash (368) [RSS]
 • Flex (565) [RSS]
 • Home Automation (5) [RSS]
 • HTML5 (35) [RSS]
 • JavaScript (3) [RSS]
 • Jobs (133) [RSS]
 • jQuery (15) [RSS]
 • JRun (14) [RSS]
 • Labs (63) [RSS]
 • LiveCycle (37) [RSS]
 • MAX (285) [RSS]
 • Mobile (257) [RSS]
 • PhoneGap (17) [RSS]
 • Regular Expressions (19) [RSS]
 • RIA (21) [RSS]
 • SQL (45) [RSS]
 • Stuff (554) [RSS]
 • Tips (CF Studio) (80) [RSS]
 • Tips (CF) (795) [RSS]
 • Tips (Dreamweaver) (91) [RSS]
 • Tips (Flex Builder) (2) [RSS]
 • Using CF (167) [RSS]

Other BLOGs
 • Charlie Arehart
 • Lee Brimelow
 • Ray Camden
 • Christophe Coenraets
 • Sean Corfield
 • Mihai Corlan
 • Cornel Creanga
 • Mark Doherty
 • John Dowdell
 • Danny Dura
 • Enrique Duvos
 • Steven Erat
 • Kevin Hoyt
 • Serge Jespers
 • Adam Lehman
 • Duane Nickull
 • Miti Pricope
 • Andrew Shorten
 • Ryan Stewart
 • James Ward
 • Greg Wilson
 • Full As A Goog

RSS Feeds
 • Feed
 • Subscribe

Join my mailing list and find out about new books and other topics of interest.
Thoughts, ideas, tips, musings, and pontifications (not necessarily in that order) by Ben Forta ...
NOTE: This is my personal blog, and the opinions and statements voiced here are my own.

Viewing By Entry / Main
November 21, 2007

ColdFusion UDF: RandString()

Posted At : 9:03 AM
Related Categories: ColdFusion :

A user sent me some code he was having trouble with, and in the code I saw a rather verbose and complex block of CFML being used to generate random strings for use with CAPTCHA verifications. So, while replying to his e-mail, I also sent him the RandString() function I use myself. And, as it may be of use others, here it is:

<!--- Generate random strings of specified length --->
<cffunction name="RandString" output="no" returntype="string">
    <cfargument name="length" type="numeric" required="yes">

    <!--- Local vars --->
    <cfset var result="">
    <cfset var i=0>

    <!--- Create string --->
    <cfloop index="i" from="1" to="#ARGUMENTS.length#">
        <!--- Random character in range A-Z --->
        <cfset result=result&Chr(RandRange(65, 90))>
    </cfloop>

    <!--- Return it --->
    <cfreturn result>
</cffunction>

Comments (6) | Print |
Comments
[Add Comment] [Subscribe to Comments]
Mind if I add this to CFLIB?
# Posted By Raymond Camden | 11/21/07 9:11 AM
Please do, we all love CFLIB!

--- Ben
# Posted By Ben Forta | 11/21/07 9:13 AM
Oops, CFLib already has a few like this. Here is one.

http://www.cflib.org/udf.cfm/randstr

It is more complex though. Sometimes simpler is better.
# Posted By Raymond Camden | 11/21/07 9:21 AM
My approach is pretty similar, but I like to start with a list of chars (so as to exclude ambiguous chars like I, 1, l, etc...)

here's a sampling:

<cfset var captchaChars = "2,3,4,5,6,7,8,9,a,b,d,e,f,g,h,j,n,q,r,t,y,A,B,C,D,E,F,G,H,K,L,M,N,P,Q,R,T,U,V,W,X,Y,Z" />
<cfset var cLength = 2 />
<cfset var cString="" />
<cfset var cStringHashed = "" />
<cfset var i = "" />
   
<!--- Create a loop that builds the string from the random characters. --->
<cfloop from="1" to="#cLength#" index="i">
<cfset cString = cString & listGetAt(captchaChars, RandRange(1, listLen(captchaChars))) />
</cfloop>

<cfset cStringHashed = Hash(ucase(cString)) />
# Posted By todd sharp | 11/21/07 12:27 PM
I think Ben's version is great for captchas in the sense that it provides only upper case letters. I do have a slight mod/suggestions to offer. Instead of making length required, make it optional and set the default to a random length. That way, if you do use it for captchas, they'll constaly vary in length. See below.

<cffunction name="RandString" output="no" returntype="string">
<cfargument name="length" type="numeric" required="no">

<!--- Local vars --->
<cfset var result="">
<cfset var i=0>

<!--- set a default length --->
<cfparam name="arguments.length" default="#RandRange(5,9)#">

<!--- Create string --->
<cfloop index="i" from="1" to="#ARGUMENTS.length#">
<!--- Random character in range A-Z --->
<cfset result=result&Chr(RandRange(65, 90))>
</cfloop>

<!--- Return it --->
<cfreturn result>
</cffunction>
# Posted By Dutch Rapley | 11/21/07 4:49 PM
Correct me if I'm wrong but, it seems the purpose of captcha is to simply make a form secure against scriptbots (yeah, thats my new term). So then length or randomness seems almost useless. Maybe randomness to keep the programmer from hardcoding it into his scriptbot, but not length or case or alpha/numeric/symbol mix. Yes, I know that less security means an easier target for a crack, but whats the possibility and danger for a blog. Your not securing a CIA database.

I like Ben's two character simple captcha, he understands.
# Posted By Clint | 11/22/07 7:14 AM
[Add Comment]

  © Copyright 1997-2009 Ben Forta, All Rights Reserved