Solved

Setting Server Variables--How?

Posted on 2000-04-05
10
330 Views
Last Modified: 2010-08-05
I have a server variable being checked by someone else's code.  It's like this:

If Request.Server("PATH_INFO") <> "login.asp" Then
Response.Redirect("login.asp")
End If

Is there any way for me to set the PATH_INFO variable so that I can fool that line of code into evaluating into true even if the user came from "login.asp" ?
0
Comment
Question by:bsimmons
10 Comments
 
LVL 4

Expert Comment

by:FRehman
ID: 2688633
if you click the hyperlink from login.asp page and come to that page which you disscussed above then you simply use HTTP_REFERER
simply write the code in that page so it tell you from where the request are submitted
response.write request.servervariable("HTTP_REFERER")
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2688645
How about this;

If Not Request.ServerVariables("PATH_INFO") <> "login.asp" Then
Response.Redirect("login.asp")

I'm not really sure of what you are trying to do... do you not want the user to go to login.asp, or what?  By getting the path info what are you gaining?
0
 

Author Comment

by:bsimmons
ID: 2689796
The code MUST stay as is.  I need to write an ASP that will allow you to do the login in the background.  This code is just something that checks if they came from a page on that server.  The "login.asp" is coincidental.  I just want to know if I can change the Server("PATH_INFO") variable using another ASP.  In other words: can I set Server("PATH_INFO") to equal anything I want it to?
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2690059
Yes.

Server("PATH_INFO") = TRUE
or
Server("PATH_INFO") = Fred's page

I still don't see the logic behind using PATH_INFO though...
0
 

Author Comment

by:bsimmons
ID: 2690230
Thanks for the insight.  Send me an answer and I'll give you the points.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 18

Expert Comment

by:mgfranz
ID: 2690353
If you are asking if you can set the variable PATH_INFO before it gets to the vaildation page then the answer is no!  I assume you want to set the variable to something other than login.asp in order to trick the <> Redirect into thinking that you already logged in...  The fact is that besides this beig a malitious act, it is impossible to modify the information being passed to the server as a packet.  The server is going to check the info as required, not as you pass it to the script.  I'm sure there is a way to trick the server into thinking the page info being passed to it is = login.asp, but I'm not going to discuss it.  Especially since you stated that the code MUST remain the same..

This is an act of hacking... please do not ask these types of questions here, we do not condone the malitious acts of hackers.

If this is not a malitious act then explain why you request it.
0
 

Author Comment

by:bsimmons
ID: 2690392
I am the Intranet Applications administrator at Ciena Corporation.  I am far from a hacker, however, yes, I am trying to hack MY SERVER.  The code MUST stay as is because it was written by a contractor we hired to write it.  Our MIS team doesn't want us to change his code, but make add-ons.  Essentially what I am trying to do is make the logon occur on a separate server so that users can log on to multiple secure intranet sights via ONE LOGIN.  I can't do that if his code is checking the packets.  Do you see another way around it?
Feel free to call me to validate existance as a non-hacker: 410-694-8189.
Or email bsimmons@ciena.com
0
 
LVL 1

Expert Comment

by:nunya
ID: 2690592
too bad text inputs have no spell check.
;-)
0
 
LVL 18

Accepted Solution

by:
mgfranz earned 50 total points
ID: 2691102
OK, thanks for clarifying this.  :-)  Now on with the good stuff, I imagine this could be done with a Session property that is passed to the server from another server.  Essentially what you would do is when a user logs in, it will set a session property, (you could use a cookie too), the session values would then be used to pass values to the other server.  I think you could set the PATH_USER property this way.  To make ammendments to the Request.ServerValues("PATH_USER") on the other server is not going to happen, you will need to modify the var path to either remove the "" in the var string to make it call a seperate value var of PATH_USER.

But check on the Session value, this might be the ticket...

And I appologize.
0
 

Author Comment

by:bsimmons
ID: 2691121
Thanks for all the help.  I kinda figured I was stuck with no recourse.  I wanted a second opinion.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now