Setting up ColdFusion 11 and SQL Server Express 2014 on Windows 8

Recently I installed Windows 8.1 in a virtual machine so I could set up IIS, ColdFusion (Developer version) and SQL Server (Express), which would match some of my client’s hosting well enough to use as a test environment.

SQL Server Express and ColdFusion developer edition can be used for free by developers, which makes this a nice, low cost development environment.

I hit big problems trying to get ColdFusion to talk to SQL Server Express, so I thought I ought to document the setup process for next time I tried and hit these problems. Sorry if you’re reading this and some of the notes are not detailed enough, I’ve set up ColdFusion and SQL Server enough times that the basics have stuck, if you need more help you might find it useful to search YouTube for help videos.

Setting up SQL Server Express 2014

Download SQL Server Express 2014 and running the installer. This all worked fine so just Google for wherever Microsoft are putting the installers now (which is a different place whenever I look, which is several years apart.) Try to find out if you’ve got a 32bit or 64bit version of Windows first, as you need to download the version which matches your Windows.

Setting up IIS

Go in to Windows settings > Control Panel > Programs > Turn Windows features on and off

I’m not sure I needed all of these, but I ended up turning them on while trying to solve problems:

Tick all of these (where nested, tick the ones inside the nest, not just to install everything):

.Net framework 3.5
.Net framework 4
Within Internet Information Services:
– Web Management Tools:
– – IIS 6 Management Compatibility
– – – IIS Metabase and IIS 6 configuration compatibility
– – IIS Management Console
– – IIS Management Service
– World Wide Web Services:
– – Application Development Features:
– – – .Net Extensibility 3.5
– – – .Net Extensibility 4.5
– – – ASP.NET 3.5
– – – ASP.NET 4
– – – CGI
– – – ISAPI Extensions
– – – ISAPI Filters
– – Common HTTP Features:
– – – Default Document
– – – Directory Browsing
– – – HTTP Errors
– – – HTTP Redirection
– – – Static Content
– – Health and Diagnostics:
– – – HTTP Logging
– – Performance Features:
– – – Dynamic Content Compression
– – – Static Content Compression
– – Security:
– – – Request Filtering

Setting up ColdFusion 11

Download from http://coldfusion.adobe.com

Run the installer

Choose the option to install a standalone web server, then, later in the install options you can choose to connect it up to IIS.

Setting up a database user in SQL Server Express 2014

In SQL Server Management Studio

Create a database:

Right click on Databases in the left column ‘Object Explorer’ > ‘New Database…’ and run through the short form

Create a user:

In left column ‘Object Explorer’, click on Security, right click on ‘Logins’ > ‘New Login…’

Add a new user, e.g. ‘CFUser’

Choose SQL Server authentication, give it a password.

Uncheck ‘Enforce password policy’

In the ‘Default Database’ drop down, change it to your new database

On the left hand ‘Select a page’ click on ‘User Mapping’

Tick the your new database, further down add them as a type of user to the database – ‘db_datareader’ & ‘db_datawriter’

Configuring Windows Firewall to allow access to SQL Server

As per these instructions from Microsoft I ran WF.msc then set up an Inbound Rule to allow TCP on port 1433 for local use.

Configuring security to allow ColdFusion to get data from SQL Server Express 2014

Apparently by default, SQL Server Express doesn’t allow remote connections, but configuring it to allow a remote connection so ColdFusion could get data from it was very hard, as the 2014 version of SQL Server Express is more locked down than previous versions. I wouldn’t have got it working without this Stackoverflow question about SQL Server Express 2012.

Open ‘SQL Server Configuration Manager’ (by searching for ‘SQL Server configuration’ on the Start screen.)

Under ‘SQL Server Network Configuration’ > ‘Protocols for SQLEXPRESS':

Change ‘Named Pipes’ to ‘Enabled’ (by right clicking) (I’m not sure this step is necessary, as I found it in a bit of advice while I was still trying to get everything working.)

Change ‘TCP/IP’ to ‘Enabled’, then right click again and choose ‘Properties’

Under ‘IP2′ set the IP address to be that of the computer’s IP address on the local subnet (I found this out by running ‘netstat -a’ on the command line and looking down for port 1433 while I was trying something else, I’m sure there’s an easier way of finding it.)

Scroll down to the settings for IPAII.

Make sure ‘TCP Dynamic Ports’ is blank (not the 5 digit number that mine had in there by default.)

Make sure the ‘TCP Port’ is set to ‘1433’ (mine was blank by default.)

You may also need to go to ‘Services’ (by searching for it in Windows) and turning on the SQL Server Browser service (and setting it to run automatically) – I already had mine turned on during other debugging, I’ve read different advice on whether it should be on or off.

Some of the settings for SQL Server don’t take until you’ve re-started the SQL Server service. I think in the end I restarted Windows to be sure things were going to take long-term.

After all of this, I was able to go in to ColdFusion administrator and successfully set up a datasource using the database user I’d set up. Just getting SQL Server and ColdFusion to talk to each other was 3-4 hours of messing about with my settings, hence writing up these notes to make it easier next time.

The Zopim chat widget and Google processing Javascript when crawling

A client contacted me with an odd problem recently. When searching for their own company name in Google, this is the snippet beneath the link to their site:

“We’re sorry! Seems no one can serve you now. If you leave your email address, we’ll get back to you soon.”

Ah, I thought, they’ve got some odd text in their page somewhere, and Google has picked up on it. So I look at the source of their home page and… no sign of the text. No use of “sorry” at all.

So, maybe this is an old cache of the page and the text has changed. I check the source of the cached page in Google, nope. Now, maybe the cache is a different version from what’s being used to build the snippet, but that’s unlikely and the client says they haven’t ever had the sorry text on the page.

So I checked whether anyone else is having this problem by searching for the exact start of the phase in Google.

Lots of results, all with the same snippet text:

Google Search results for "We're sorry. It seems no one can serve"

Opening up a few of the pages I can see they’re all using the same chat widget from Zopim.

Sensibly, if you try to use the chat widget when no one is available, Zopim will show a friendly message saying no one can be contacted. However, it’s not the same message as I’m seeing in the snippet.

So, I right-click on one of the pages in Chrome and use ‘Inspect Element’, this is using Chrome’s developer tools to see what’s on the page when it’s finished being made, including any changes Javascript code may have made to it. However, searching still doesn’t show the word ‘sorry’.

I’m running out of ideas now, so use a small script to grab the source of the client’s page as if it was a search engine crawler. Definitely no phrase in there, or use of the word ‘sorry’.

I remember Firebug in Firefox runs a little differently to Chrome’s developer tools, so use that to check a page. Hey presto, there’s the “We’re sorry…” text. Setting up the screenshot, I click on the little ‘f’ you can see below. That’s the Flashblock extension at work, in Firefox I have to click on any area where Flash wants to run. I installed it to stop obnoxious adverts running. However, when I allowed Flash to run, the message I was looking for disappeared.

So, when Google is crawling the web, it is running Javascript. That’s the only way that it could have seen this text that it’s grabbed as the snippet. It does not run Flash content, otherwise it would not have seen this message.

We're sorry text in source of the page
(Note, not my client. I’m under NDA with them so I’m not saying who they are.)

I’ve heard rumours of Google running Javascript within its crawler for years. I’ve seen it able to get at pages that some Javascript navigation had hidden away, although only when that navigation was using very common scripts like the ones that come in Dreamweaver, or sites using the #! URL schemes like Twitter did for a while. This is the first time I’ve seen it definitely run Javascript, and also pluck out a message only revealed by Javascript in to the search results snippet.

Does this mean we can be sure Google will crawl all of the content on a site using Javascript to load all of it’s content? No, I would say this current crawling is experimental – choosing the “We’re sorry…” text for the snippet on the brand search that kicked off my investigation was a very poor choice given the other text available on the page. I can only think they did this because the text was very high up on the page, within thesection. Does it point to them doing more and more to crawl the web ‘naturally’, as most web users do? Yes.

As more and more content gets hidden away behind AJAX and snazzy, Javascript-run interfaces, Google will have to put more and more effort in to being able to crawl that content effectively. This is proof they are doing that, if imperfectly.

If you use the Zopim chat widget, you may want to move the block of Javascript you put in thedown to the footer of the page and check if the chat still works. You don’t want a useless snippet in a brand search for your company just because of the chat service you’re using.

A Google A/B test for Adwords adverts

Yesterday I noticed when I was searching in Google using a Chrome ‘incognito’ window I was seeing a different version of Google’s search results than normal. Here’s what I was seeing in the incognito window:

New 'Ads' next to Adwords adverts

And for reference, here’s what I’d normally see at the moment:

current-google-adwords-block

The difference is the Adwords block of adverts above the search results had a white background rather than the yellow they’ve shown for many years, and each advert at the top is noted with an ‘Ad’ label on a dark yellow background. The adverts on the side also have this more noticeable label above them, where the subtle, grey on white label currently sits.

This is what’s known as an ‘A/B’ test – Google are showing me (or the one version of me represented by that web browser) a different version of their results page and seeing how I react to it. They’ll do this to thousands, potentially hundreds of thousands of people, then statistically judge which of the layouts is best, under whatever criteria they have set – understanding for the person seeing them, amount of people who click on the adverts, or anything you can record.

Does this mean we’re going to see a change in the search results soon? Well… maybe. Google are well known for testing potential changes before they go live, but most are subtle enough that you don’t notice them.

They have received criticism in the past because apparently a large percentage of searchers do not notice the yellow background to the adverts above the main results, and therefore don’t realise they are paid adverts and not part of the ‘natural’, unpaid for results. Perhaps this label next to each advert is a way for Google to ensure people do realise what each of the adverts above the main results are – paid placements.

I think this could be a good change if it is indeed true that people do not realise they are adverts. I also prefer the way the ‘sitelinks’ under the the adverts work – they’re the extra links under the top advert in the upper screenshot of the new layout, under the second advert in the lower screenshot.

Only time will tell if there is enough response to this for Google to decide to roll it out to everyone. Today, I don’t see it in any of my browsers. Such is the constant change that goes on behind most of the big sites we visit every day, most of which we never even notice.

My first Stripe integration, using PHP

Recently I carried out my first integration to the new (to the UK) payment processing provider Stripe. My client Jasper Goodall was looking at moving to Paypal for taking payments and having integrated with Paypal in the past, I suggested Stripe as a more developer and client friendly alternative. He liked the look of Stripe and signed up.

I was moving the site from using Sagepay over to Stripe and as all the basket and post-payment logic was written, dropping in Stripe was very straightforward. Their documentation is very clear, testing is simple, and taking a payment is a doddle. I hit a few minor issues, which were:

PHP needs ‘mbstring’ turned on

My local PHP 5.2.4 install didn’t have mbstring on by default, so I had to install it. This was on my Windows PC so I had to move the mbstring DLL in to the main ‘php’ directory and edit the httpd.conf file to include the DLL as one that needed to be loaded. I then restarted Apache and it was working fine.

My host did have mbstring turned on, so I didn’t need to change anything there.

Secure certificate required

My client didn’t have a certificate to allow his to use SSL. However his host, Claranet, had a shared secure area that all of their customers could use without requiring their own certificate. This was good, but I had to re-code parts of his site so things like the stylesheets would load properly when using this area.

If you or your client are on shared hosting with one of the larger providers, it’s worth checking to see if they have a secure area you can use before investing in your own certificate. This can save you some money, but has the disadvantage that the URL of your secure pages won’t show your domain in that part of the website address, which may make some customers suspicious. It will be worth adding some text to your pages explaining how they are secured if you think that is going to be a problem.

Coding up receipts

Previously, we were using Sagepay which takes various information about the products in the customer’s basket and builds an e-mail notification of the sale for you. Stripe just take the amount of money you are charging, so I had to update the website to create a notification for the customer, and one to tell the client a sale had been made. These were very simple additions to the post-sale process.

Overall, Stripe was a delight to integrate with. I’ve set up shops using several payment gateways – Sagepay (was Protx), Worldpay, Secure Trading, Paypal, and Paypoint. Stripe was by far the easiest, taking only a few hours to integrate with including the bug fixing of my setup and the re-coding of the existing shop to send the right information through and use the extra secure area of their hosting. If you were starting from a cleaner base, you’d probably be looking at an hour or two including reading the documentation. Really nice.

I am giving (and listening to) a Freelancing talk on Tues 24th

On Tuesday 24th September I’ll be talking about Freelancing at the ‘Achieving Freelancing Awesomeness‘ evening hosted by Freelance Advisor in Hove, along with Kati Byrne and Bex White.

I’ll be talking about making friends with other freelancers to help you get more work in, Bex is talking about managing your time effectively so you can grow your business, and Kati about using social media as a freelancer. There will also be lots of time for questions and answers about the talk and anything to do with freelancing.

I’m very much looking forward to the event and hearing the other talks. If you’re interested you can find out more on Freelance Advisor, or go straight to sign up here.

The event is from 6pm-8pm at Freelance Advisor / Crunch’s office, which is in the ‘Perfumery’ building next to Hove station so it’s a doodle to get to – either train to Hove, or if you’re in Brighton and don’t want to walk it, the number 7 and 7A buses go to Hove station, you’ll need to cross over the tracks to get to the right building.

There are quite a few people registered already, so if you’re interested please get a ticket now.