Solved

Want vbscript to execute after submit button is pressed

Posted on 2004-04-09
14
560 Views
Last Modified: 2008-01-09
Hi!

I have the below listed code in an asp page.

I am trying to accomplish the following:

After a user enters their email address in the form's input field and presses the submit button
the vbscript will look in the table for a matching email address if a match is found an email will be sent using the matching email address in the table to the user along with their password. After the email is generated the page will automatically redirect the user to the login page. If a match is not found the no records found function will be called and the user will be redirected to the form's input field and it will be cleared.

Currently, the vbscript is being executed before the submit button is pressed and the email code is being executed before finding a match.

Any ideas?


<%@ Language=VBScript %>
<!-- #include virtual="/AppData.asp" -->
<!-- #include virtual="/adovbs.inc" -->
<!-- #include virtual="/utils.asp" -->

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="robots" content="noindex, nofollow">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Forgot Password</title>
<meta name="Microsoft Theme" content="st-pvlogoblue 0011, default">
<meta name="Microsoft Border" content="tlb, default">
</head>

<body>

<form name="form1" onsubmit="if(doSubmit) { return true; } else { return false; }" ACTION="sendpwd.asp" METHOD="POST">

<p align="center">
   <b>Please enter your email address below and then press submit button</b>
   <input type="text" name=ud_UserEmailAddress></input><br><br>
   <input type="submit" name=submit></input>
</p>  

<%
Response.Buffer = True
Response.Expires = 0

'Retrieve Password
'Declare all local variables
Dim conn, rs, strsql, strconn
'Set local variable to the connection string and open the connection
strconn = Application("abc_ConnectionString")
Set conn = server.createobject("adodb.connection")
conn.open strconn
'Set local recordset variable equal to rs
Set rs = server.createobject("adodb.recordset")
'Sets the sql query that determine what records get brought back to the asp page.
'This could easily be change to a very specific set of fields or instead of using a ORDER BY statement
'Using a  WHERE statement to determine what records get selected
strsql = "SELECT EmailAddress, UserLastName, UserFirstName, LoginPassword FROM dbo.WebAccess WHERE EmailAddress = '" & request("ud_UserEmailAddress") & "'"
rs.open strsql, conn

response.write strsql
response.end

If ( (rs.EOF = TRUE)  AND  (rs.BOF = TRUE) ) Then
       Call NoRecordsFound()
         Else
                 Set oMailer = Server.CreateObject("Persits.MailSender")
              oMailer.Host = "mail.domain.com"  'Email Server
                oMailer.From = "techserv@domain.com"   'specify senders address
            oMailer.FromName = "Technical Support"     'specify senders name
                Call oMailer.AddAddress(EmailAddress, UserFirstName & " " & UserLastName)
                  oMailer.Subject = "Your Password for ??? Web Site"
                oMailer.Body = sOutput
                oMailer.IsHTML = true
                  On Error Resume Next
                Call oMailer.Send()
              If Err <> 0 Then
               Response.Write "Error encountered: " & Err.Description
                End If
                %>
                <Form Method=post action="">
               <p align="center">
                 <input type="button" value="Thank You" onClick="window.location='https://www.secured.domain.com/html/login.htm';" name="ok">
               </p>
            </Form>
            <%
End If  

rs.close()
Set rs = Nothing
conn.close()
Set conn = Nothing

'============================================================================='
FUNCTION NoRecordsFound
'============================================================================='
    Set FileObject = Server.CreateObject("Scripting.FileSystemObject")
    TemplateText = Server.MapPath("HTML/blank.htm")
    Set InStream = FileObject.OpenTextFile (TemplateText, 1, False, False)
    TemplateText = Empty
    While not InStream.AtEndOfStream
    TemplateText = TemplateText & InStream.ReadLine & vbcrlf
    Wend
    Set Instream = Nothing
    DIM tmpMsg
    tmpMsg = "<a href='JAVASCRIPT:history.back();'>No records were found</a>"
    TemplateText = Replace(TemplateText,"@ClarionData@",tmpMsg)
    Response.Write(TemplateText)
    Set FileObject = Nothing

END FUNCTION
'-----------------------------------------------------------------------------'
%>

</form>

</body>
</html>
0
Comment
Question by:TrueBlue
  • 7
  • 6
14 Comments
 
LVL 12

Expert Comment

by:venkateshwarr
ID: 10795144
where is your VB script part
0
 

Author Comment

by:TrueBlue
ID: 10795152
Hi!

The vb script starts at the line response.buffer = true.

0
 
LVL 7

Expert Comment

by:brgivens
ID: 10795162
You need to separate your code:

login.asp:

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="robots" content="noindex, nofollow">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Forgot Password</title>
<meta name="Microsoft Theme" content="st-pvlogoblue 0011, default">
<meta name="Microsoft Border" content="tlb, default">
</head>

<body>

<form name="form1" ACTION="sendpwd.asp" METHOD="POST">

<p align="center">
   <b>Please enter your email address below and then press submit button</b>
   <input type="text" name=ud_UserEmailAddress></input><br><br>
   <input type="submit" name=submit></input>
</p>
</form>

</body>
</html>


sendpwd.asp:

<%@ Language=VBScript %>
<!-- #include virtual="/AppData.asp" -->
<!-- #include virtual="/adovbs.inc" -->
<!-- #include virtual="/utils.asp" -->

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="robots" content="noindex, nofollow">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Forgot Password</title>
<meta name="Microsoft Theme" content="st-pvlogoblue 0011, default">
<meta name="Microsoft Border" content="tlb, default">
</head>

<body>

<form name="form1" onsubmit="if(doSubmit) { return true; } else { return false; }" ACTION="sendpwd.asp" METHOD="POST">

<p align="center">
   <b>Please enter your email address below and then press submit button</b>
   <input type="text" name=ud_UserEmailAddress></input><br><br>
   <input type="submit" name=submit></input>
</p>  

<%
Response.Buffer = True
Response.Expires = 0

'Retrieve Password
'Declare all local variables
Dim conn, rs, strsql, strconn
'Set local variable to the connection string and open the connection
strconn = Application("abc_ConnectionString")
Set conn = server.createobject("adodb.connection")
conn.open strconn
'Set local recordset variable equal to rs
Set rs = server.createobject("adodb.recordset")
'Sets the sql query that determine what records get brought back to the asp page.
'This could easily be change to a very specific set of fields or instead of using a ORDER BY statement
'Using a  WHERE statement to determine what records get selected
strsql = "SELECT EmailAddress, UserLastName, UserFirstName, LoginPassword FROM dbo.WebAccess WHERE EmailAddress = '" & request("ud_UserEmailAddress") & "'"
rs.open strsql, conn

If ( (rs.EOF = TRUE)  AND  (rs.BOF = TRUE) ) Then
       Call NoRecordsFound()
         Else
                Set oMailer = Server.CreateObject("Persits.MailSender")
             oMailer.Host = "mail.domain.com"  'Email Server
              oMailer.From = "techserv@domain.com"   'specify senders address
            oMailer.FromName = "Technical Support"     'specify senders name
              Call oMailer.AddAddress(EmailAddress, UserFirstName & " " & UserLastName)
               oMailer.Subject = "Your Password for ??? Web Site"
              oMailer.Body = sOutput
              oMailer.IsHTML = true
                On Error Resume Next
              Call oMailer.Send()
             If Err <> 0 Then
               Response.Write "Error encountered: " & Err.Description
              End If
              %>
              <Form Method=post action="">
               <p align="center">
                 <input type="button" value="Thank You" onClick="window.location='https://www.secured.domain.com/html/login.htm';" name="ok">
               </p>
            </Form>
            <%
End If  

rs.close()
Set rs = Nothing
conn.close()
Set conn = Nothing

'============================================================================='
FUNCTION NoRecordsFound
'============================================================================='
    Set FileObject = Server.CreateObject("Scripting.FileSystemObject")
    TemplateText = Server.MapPath("HTML/blank.htm")
    Set InStream = FileObject.OpenTextFile (TemplateText, 1, False, False)
    TemplateText = Empty
    While not InStream.AtEndOfStream
    TemplateText = TemplateText & InStream.ReadLine & vbcrlf
    Wend
    Set Instream = Nothing
    DIM tmpMsg
    tmpMsg = "<a href='JAVASCRIPT:history.back();'>No records were found</a>"
    TemplateText = Replace(TemplateText,"@ClarionData@",tmpMsg)
    Response.Write(TemplateText)
    Set FileObject = Nothing

END FUNCTION
'-----------------------------------------------------------------------------'
%>
0
 
LVL 7

Expert Comment

by:brgivens
ID: 10795165
actually, the first file can be a .htm (ie login.htm instead of login.asp)
0
 
LVL 7

Expert Comment

by:brgivens
ID: 10795169
oops... i forgot to take all the html out of sendpwd.asp, but I'm sure you get the idea
0
 

Author Comment

by:TrueBlue
ID: 10796732
Hi!

I broke the html and vbscript into two pages as suggested now the vbscript is executed only after the submit button is pressed, however I am still not getting an email generated.

I placed two response.write statements. I then took the generated strsql value and cut and pasted it into the query analyzer and got the expected results.

However, I get no errors but also get no username from my below listed code.

Here is my current version of the vbscript.

Any ideas what I am missing now?

<%@ Language=VBScript %>
<!-- #include virtual="/AppData.asp" -->
<!-- #include virtual="/adovbs.inc" -->
<!-- #include virtual="/utils.asp" -->
<%
Response.Buffer = True
Response.Expires = 0

'Retrieve Password
'Declare all local variables
Dim conn, rs, strsql, strconn
'Set local variable to the connection string and open the connection
strconn = Application("abc_ConnectionString")
Set conn = server.createobject("adodb.connection")
conn.open strconn
'Set local recordset variable equal to rs
Set rs = server.createobject("adodb.recordset")
'Sets the sql query that determine what records get brought back to the asp page.
'This could easily be change to a very specific set of fields or instead of using a ORDER BY statement
'Using a  WHERE statement to determine what records get selected
strsql = "SELECT EmailAddress, UserLastName, UserFirstName, LoginPassword FROM dbo.WebAccess WHERE EmailAddress = '" & request("ud_UserEmailAddress") & "'"
rs.open strsql, conn

response.write strsql & chr(13) & chr(10)
response.write "UserName: " & UserLastName
response.end

If ( (rs.EOF = TRUE)  AND  (rs.BOF = TRUE) ) Then
       Call NoRecordsFound()
         Else
          If "" & rs.Fields("EmailAddress").Value <> "" Then
                 Set oMailer = Server.CreateObject("Persits.MailSender")
              oMailer.Host = "mail.domain.com"  'Email Server
                oMailer.From = rs.Fields("EmailAddress").Value   'specify senders address
            oMailer.FromName = rs.Fields("UserFirstName").Value & " " & rs.Fields("UserLastName").Value   'specify senders name
                Call oMailer.AddAddress(rs.Fields("EmailAddress").Value, UserFirstName & " " & UserLastName)
                Call oMailer.AddCC("techserv@domain.com", "Technical Support")
                  oMailer.Subject = "Your Password for the ??? Web Site"
                  'Build message body
                  Body = "Your IP Address: " & Request.ServerVariables("REMOTE_HOST") & chr(13) & chr(10)
                  Body = Body & "Your password is: " & rs.Fields("LoginPassword").Value & chr(13) & chr(10)
                  oMailer.Body = Body
                oMailer.IsHTML = true
                  On Error Resume Next
                Call oMailer.Send()
              If Err <> 0 Then
               Response.Write "Error encountered: " & Err.Description
                End If
                  Else
                  %>
                       <script language="javascript" type="text/javascript">javascript: window.history.back(-2)</script>
              <%
          End IF
End If  

rs.close()
Set rs = Nothing
conn.close()
Set conn = Nothing

'============================================================================='
FUNCTION NoRecordsFound
'============================================================================='
    Set FileObject = Server.CreateObject("Scripting.FileSystemObject")
    TemplateText = Server.MapPath("HTML/blank.htm")
    Set InStream = FileObject.OpenTextFile (TemplateText, 1, False, False)
    TemplateText = Empty
    While not InStream.AtEndOfStream
    TemplateText = TemplateText & InStream.ReadLine & vbcrlf
    Wend
    Set Instream = Nothing
    DIM tmpMsg
    tmpMsg = "<a href='JAVASCRIPT:history.back();'>No records were found</a>"
    TemplateText = Replace(TemplateText,"@ClarionData@",tmpMsg)
    Response.Write(TemplateText)
    Set FileObject = Nothing

END FUNCTION
'-----------------------------------------------------------------------------'
%>
0
 
LVL 7

Expert Comment

by:brgivens
ID: 10796743
Change
  If ( (rs.EOF = TRUE)  AND  (rs.BOF = TRUE) ) Then

to
  If NOT rs.EOF Then
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:TrueBlue
ID: 10796797
Hi!

I changed the code as suggested.
If I enter a valid email address I get no records found.
If I enter a non-existent email address I get the following error:

ADODB.Field error '800a0bcd'

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

It refers to this line of code:

          If "" & rs.Fields("EmailAddress").Value <> "" Then

I think the problem still stems from the fact that no data is being returned from the sql select statement.

I just do not know why.
0
 

Author Comment

by:TrueBlue
ID: 10796811
Hi!

Update I went back to my original code of:
 If ( (rs.EOF = TRUE)  AND  (rs.BOF = TRUE) ) Then

And the no records found is being called properly for an non-existent email address.

Like I said the problem now is why is no data being returned from a properly formated sql select statement?
0
 

Author Comment

by:TrueBlue
ID: 10796843
Hi!

I got the email working now.

So the only thing not working, is that the javascript is not redirecting the user to the login page.

<script language="javascript" type="text/javascript">javascript: window.history.back(-2)</script>

Any ideas?

Or is there a way to send the user to a specific page upon the email being executed?
0
 
LVL 7

Expert Comment

by:brgivens
ID: 10796854
What was the problem?  While I was looking at the code, I cleaned up the email section.  Also the redirect will work with this:

If rs.BOF OR rs.EOF Then
  Call NoRecordsFound()
Else
  If rs.Fields("EmailAddress").Value <> "" Then
    Set oMailer = Server.CreateObject("Persits.MailSender")
    oMailer.Host = "mail.domain.com"  'Email Server
    oMailer.From = rs.Fields("EmailAddress").Value   'specify senders address
    oMailer.FromName = rs.Fields("UserFirstName").Value & " " & rs.Fields("UserLastName").Value   'specify senders name
    Call oMailer.AddAddress(rs.Fields("EmailAddress").Value, UserFirstName & " " & UserLastName)
    Call oMailer.AddCC("techserv@domain.com", "Technical Support")
    oMailer.Subject = "Your Password for the ??? Web Site"
    'Build message body
    Body = "Your IP Address: " & Request.ServerVariables("REMOTE_HOST") & chr(13) & chr(10)
    Body = Body & "Your password is: " & rs.Fields("LoginPassword").Value & chr(13) & chr(10)
    oMailer.Body = Body
    oMailer.IsHTML = true
    On Error Resume Next
    Call oMailer.Send()
    If Err <> 0 Then
      Response.Write "Error encountered: " & Err.Description
    End If
End If

Response.Redirect("some url")
0
 
LVL 7

Accepted Solution

by:
brgivens earned 500 total points
ID: 10796861
OK, let me change my answer, yet again:

If rs.BOF OR rs.EOF Then
  Call NoRecordsFound()
Else
  If rs.Fields("EmailAddress").Value <> "" Then
    Set oMailer = Server.CreateObject("Persits.MailSender")
    oMailer.Host = "mail.domain.com"  'Email Server
    oMailer.From = rs.Fields("EmailAddress").Value   'specify senders address
    oMailer.FromName = rs.Fields("UserFirstName").Value & " " & rs.Fields("UserLastName").Value   'specify senders name
    Call oMailer.AddAddress(rs.Fields("EmailAddress").Value, UserFirstName & " " & UserLastName)
    Call oMailer.AddCC("techserv@domain.com", "Technical Support")
    oMailer.Subject = "Your Password for the ??? Web Site"
    'Build message body
    Body = "Your IP Address: " & Request.ServerVariables("REMOTE_HOST") & chr(13) & chr(10)
    Body = Body & "Your password is: " & rs.Fields("LoginPassword").Value & chr(13) & chr(10)
    oMailer.Body = Body
    oMailer.IsHTML = true
    On Error Resume Next
    Call oMailer.Send()
    If Err <> 0 Then
      Response.Write "Error encountered: " & Err.Description
    Else
      Response.Redirect("some url")
    End If
End If
0
 

Author Comment

by:TrueBlue
ID: 10796950
Hi!

I believe what is happening is the hosting company is somehow disabiling the ability to response.write data from the sql table. Because the script works fine now but if I try to display returned data other than the sql string I get no value.

Thank you for your assistance and patience.
0
 
LVL 7

Expert Comment

by:brgivens
ID: 10798166
You're welcome.  Thank-you for the points!  :)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now