Category Archives: Code

Setting up ColdFusion 11 and SQL Server Express 2014 on Windows 8

Recently I installed Windows 8.1 in a virtual machine so I could set up IIS, ColdFusion (Developer version) and SQL Server (Express), which would match some of my client’s hosting well enough to use as a test environment.

SQL Server Express and ColdFusion developer edition can be used for free by developers, which makes this a nice, low cost development environment.

I hit big problems trying to get ColdFusion to talk to SQL Server Express, so I thought I ought to document the setup process for next time I tried and hit these problems. Sorry if you’re reading this and some of the notes are not detailed enough, I’ve set up ColdFusion and SQL Server enough times that the basics have stuck, if you need more help you might find it useful to search YouTube for help videos.

Setting up SQL Server Express 2014

Download SQL Server Express 2014 and running the installer. This all worked fine so just Google for wherever Microsoft are putting the installers now (which is a different place whenever I look, which is several years apart.) Try to find out if you’ve got a 32bit or 64bit version of Windows first, as you need to download the version which matches your Windows.

Setting up IIS

Go in to Windows settings > Control Panel > Programs > Turn Windows features on and off

I’m not sure I needed all of these, but I ended up turning them on while trying to solve problems:

Tick all of these (where nested, tick the ones inside the nest, not just to install everything):

.Net framework 3.5
.Net framework 4
Within Internet Information Services:
– Web Management Tools:
– – IIS 6 Management Compatibility
– – – IIS Metabase and IIS 6 configuration compatibility
– – IIS Management Console
– – IIS Management Service
– World Wide Web Services:
– – Application Development Features:
– – – .Net Extensibility 3.5
– – – .Net Extensibility 4.5
– – – ASP.NET 3.5
– – – ASP.NET 4
– – – CGI
– – – ISAPI Extensions
– – – ISAPI Filters
– – Common HTTP Features:
– – – Default Document
– – – Directory Browsing
– – – HTTP Errors
– – – HTTP Redirection
– – – Static Content
– – Health and Diagnostics:
– – – HTTP Logging
– – Performance Features:
– – – Dynamic Content Compression
– – – Static Content Compression
– – Security:
– – – Request Filtering

Setting up ColdFusion 11

Download from http://coldfusion.adobe.com

Run the installer

Choose the option to install a standalone web server, then, later in the install options you can choose to connect it up to IIS.

Setting up a database user in SQL Server Express 2014

In SQL Server Management Studio

Create a database:

Right click on Databases in the left column ‘Object Explorer’ > ‘New Database…’ and run through the short form

Create a user:

In left column ‘Object Explorer’, click on Security, right click on ‘Logins’ > ‘New Login…’

Add a new user, e.g. ‘CFUser’

Choose SQL Server authentication, give it a password.

Uncheck ‘Enforce password policy’

In the ‘Default Database’ drop down, change it to your new database

On the left hand ‘Select a page’ click on ‘User Mapping’

Tick the your new database, further down add them as a type of user to the database – ‘db_datareader’ & ‘db_datawriter’

Configuring Windows Firewall to allow access to SQL Server

As per these instructions from Microsoft I ran WF.msc then set up an Inbound Rule to allow TCP on port 1433 for local use.

Configuring security to allow ColdFusion to get data from SQL Server Express 2014

Apparently by default, SQL Server Express doesn’t allow remote connections, but configuring it to allow a remote connection so ColdFusion could get data from it was very hard, as the 2014 version of SQL Server Express is more locked down than previous versions. I wouldn’t have got it working without this Stackoverflow question about SQL Server Express 2012.

Open ‘SQL Server Configuration Manager’ (by searching for ‘SQL Server configuration’ on the Start screen.)

Under ‘SQL Server Network Configuration’ > ‘Protocols for SQLEXPRESS’:

Change ‘Named Pipes’ to ‘Enabled’ (by right clicking) (I’m not sure this step is necessary, as I found it in a bit of advice while I was still trying to get everything working.)

Change ‘TCP/IP’ to ‘Enabled’, then right click again and choose ‘Properties’

Under ‘IP2’ set the IP address to be that of the computer’s IP address on the local subnet (I found this out by running ‘netstat -a’ on the command line and looking down for port 1433 while I was trying something else, I’m sure there’s an easier way of finding it.)

Scroll down to the settings for IPAII.

Make sure ‘TCP Dynamic Ports’ is blank (not the 5 digit number that mine had in there by default.)

Make sure the ‘TCP Port’ is set to ‘1433’ (mine was blank by default.)

You may also need to go to ‘Services’ (by searching for it in Windows) and turning on the SQL Server Browser service (and setting it to run automatically) – I already had mine turned on during other debugging, I’ve read different advice on whether it should be on or off.

Some of the settings for SQL Server don’t take until you’ve re-started the SQL Server service. I think in the end I restarted Windows to be sure things were going to take long-term.

After all of this, I was able to go in to ColdFusion administrator and successfully set up a datasource using the database user I’d set up. Just getting SQL Server and ColdFusion to talk to each other was 3-4 hours of messing about with my settings, hence writing up these notes to make it easier next time.

My first Stripe integration, using PHP

Recently I carried out my first integration to the new (to the UK) payment processing provider Stripe. My client Jasper Goodall was looking at moving to Paypal for taking payments and having integrated with Paypal in the past, I suggested Stripe as a more developer and client friendly alternative. He liked the look of Stripe and signed up.

I was moving the site from using Sagepay over to Stripe and as all the basket and post-payment logic was written, dropping in Stripe was very straightforward. Their documentation is very clear, testing is simple, and taking a payment is a doddle. I hit a few minor issues, which were:

PHP needs ‘mbstring’ turned on

My local PHP 5.2.4 install didn’t have mbstring on by default, so I had to install it. This was on my Windows PC so I had to move the mbstring DLL in to the main ‘php’ directory and edit the httpd.conf file to include the DLL as one that needed to be loaded. I then restarted Apache and it was working fine.

My host did have mbstring turned on, so I didn’t need to change anything there.

Secure certificate required

My client didn’t have a certificate to allow his to use SSL. However his host, Claranet, had a shared secure area that all of their customers could use without requiring their own certificate. This was good, but I had to re-code parts of his site so things like the stylesheets would load properly when using this area.

If you or your client are on shared hosting with one of the larger providers, it’s worth checking to see if they have a secure area you can use before investing in your own certificate. This can save you some money, but has the disadvantage that the URL of your secure pages won’t show your domain in that part of the website address, which may make some customers suspicious. It will be worth adding some text to your pages explaining how they are secured if you think that is going to be a problem.

Coding up receipts

Previously, we were using Sagepay which takes various information about the products in the customer’s basket and builds an e-mail notification of the sale for you. Stripe just take the amount of money you are charging, so I had to update the website to create a notification for the customer, and one to tell the client a sale had been made. These were very simple additions to the post-sale process.

Overall, Stripe was a delight to integrate with. I’ve set up shops using several payment gateways – Sagepay (was Protx), Worldpay, Secure Trading, Paypal, and Paypoint. Stripe was by far the easiest, taking only a few hours to integrate with including the bug fixing of my setup and the re-coding of the existing shop to send the right information through and use the extra secure area of their hosting. If you were starting from a cleaner base, you’d probably be looking at an hour or two including reading the documentation. Really nice.

Rebranding Paypoint payment pages – gotchas

One of my clients is using Paypoint (AKA SECPay) as the payment gateway for their online store. Their documentation on integrating the shopping basket part of the site with Paypoint is not too bad, but I came unstuck when trying to rebrand the gateway pages to look like the main website.

Before starting – I believe you need to be a ‘Gateway Freedom’ customer to be able to rebrand the page that takes the credit card details on Paypoint.

If you’re a Gateway Freedom customer, you can follow the Gateway Hosted PDF from theirĀ  integration guides page, then make some changes based on the Gateway Freedom PDF, downloadable from the same page.

Part of the Gateway Freedom guide says you make a branded page, they give you a template to save and amend to your design, then upload it in to your Paypoint account and reference it in a hidden variable of the form you send to Paypoint with the various customer and product details. Unfortunately, I couldn’t find the File Manager talked about in any part of my client’s account, either where the documentation says it is or anywhere else.

The thing you actually have to do is make the rebranded template, save it on your site, then reference that in the hidden field. Paypoint then pull that off your server, replace all their placeholder tags with relevant information (i.e. the credit card field labels), and display it to the customer.

The hidden HTML field is ‘template’, so you add to the other hidden fields you send through to them something like this:

<input type=”hidden” name=”template” value=”http://www.yoursite.com/your-rebranded-page.html”>

When you rebrand a page in this way, you need to make sure all references to images are absolute – so they have the whole path to them including the domain. Potentially you’ll need an SSL certificate on your site so you can reference them through https rather than http. This means you won’t get a mixed secure/non-secure warning on the credit card page. If you don’t have an SSL certificate, test that first as my client already had one so I just used it.

Also, if you copy the Paypoint template, the images don’t have absolute URLs and didn’t work for me, I had to put https://www.secpay.com/starter/ in front of them – so small_logo.gif became https://www.secpay.com/starter/small_logo.gif

All rather frustrating, but once you know how it works, it’s easy to set up. I also discovered if you need to amend the HTML when you’re testing, you can just upload a change to your server and refresh the page you’re seeing on Paypoint/SECPay, no need to back out and re-submit your form, which I’ve had with some other payment gateways. That makes testing how changes look very easy.

If you’re doing a Paypoint/SECPay integration – good luck!