Solved

ASP Function

Posted on 2004-04-20
46
433 Views
Last Modified: 2007-12-19
Hi there

I was wondering if anyone could help. I am using a encryption component. If you press a button on a form the password of the user is decrypted. Now if you see the code:

sqlstr =  "SELECT TUTOR_USERNAME, TUTOR_PASSWORD "
sqlStr = sqlStr & "FROM login "
sqlStr = sqlStr & "WHERE TUTOR_USERNAME = 'pung'"
oRS.Open sqlStr, objConn

%>
<script language="vbscript">

Sub Decrypt()
      Set Context = XEncrypt.OpenContext("mycontainer", False)
      Set Key = Context.GenerateKeyFromPassword("my password")

      Set Blob = XEncrypt.CreateBlob
      Blob.Base64 =  

document.frmPreviewPassword.txtPassword.Value ******
document.frmPreviewPassword.txtDecrypt.Value
=  Key.DecryptText(Blob) *****

End Sub
</script>

<head>


</head>

<form name="frmPreviewPassword"> **********
<input type="text" name="txtPassword" value="<%=oRS("TUTOR_PASSWORD")%>">

<input type=text name=txtDecrypt><input type=button onclick=decrypt value=Decrypt>

</form>

<object
classid="clsid:f9463571-87cb-4a90-a1ac-2284b7f5af4e"
codebase="aspencrypt.dll"
id="xencrypt">
</object>
</body>
</html>

What I want to do is this, I want to run the function without having to press the button.

So say after the sql query selects the appropiate value, what I want is that value ie the encrypted password to be sent into the function and then the password will be decrypted and can be stored in either a variable or the fuction itself, so say its in a variable I can manipulate it.

If you see on the lines with a star, :

document.frmPreviewPassword refers to the the form called frmPreviewPassword

Hope someone can help me automate the running of this function without have to press the button in the form.

Hope someone can help
Thanks
Pungwick
0
Comment
Question by:Pungwick
  • 22
  • 20
  • 4
46 Comments
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Ok keep the form as it is but include the following

between the <head></head>
============================
<script language="JavaScript">
<!--
function DoSubmit()
   {
      document.frmPreviewPassword.submit()
   }
//-->
</script>


The include in the <body> tag....
============================
<body onLoad="DoSubmit()">


This way when the page loads the form is automatically submitted.
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
I don't think that gonna quite work - coz the onClick is call the Sub - need a quick re-think.
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
hehe :) basically what I want to do is have a form...the user puts in their email address into the form and presses submit,

On submittion I have two options either to send the query string value(email addrees) to another form and then select the password of the user and run the decryption on the second page, or to do everything on one page.

How do you suggest, becasue what I want to do is use CDONTs to email the user the password

So i need the decrypted password in a varaible so I can manipulate it
Hope you can help thanks

Pungwick
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
I'd do everything on a single page - less to manage
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
ok sounds good :)

Any sucess with the code?

thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Ok, yes i tihnk it will work - have the onLoad - whch call the DoSubmit - which submits the page then Response.Form("button") ~ process for - with the elements from the sub - once encrypted just need to descide what to do.

<%
If Request.Form("button") = "Decrypt" then
     Set Context = XEncrypt.OpenContext("mycontainer", False)
     Set Key = Context.GenerateKeyFromPassword("my password")
     Set Blob = XEncrypt.CreateBlob

Blob.Base64 = document.frmPreviewPassword.txtPassword.Value
EncryptedPassword =  Key.DecryptText(Blob)

'Then we need to descide what to do here
End If
%>
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
A little bit confused :)

does this mean the existing code I have is fine? Also what is the reqest.form button refering to, you above code. As we are doing everything on one page, when the types their email addrees in and presses submit , the email address will be used in the sql, and once the password is reteribed using the sql it has 2 be decrypted and then sent to the user :)

I am a bit unsure as you this is happen:)

say I have the following page called reminder.asp

<html>
<head></head>
<body>
 <form method="POST" action="reminder.asp" name="form" ;>
           <p>Enter your email address:<br>
      <input type="text" size="30" name="email">
      <p><input type="submit" value="Submit" name="B1"></p>
</body>
</html>

now after the user types in their email address into this how will the code come into play? Where abouts would it go, would you kind enough to add the decrypt and onload in their appropiate places. Also how would the value from the form be used in the sql query??? I mean how can it be reterived when the form is sent?

Hope you can help
Thanks
Pungwick

ps your username brings back good memories about back to the future :) hehe thanks

0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Sorry also withing the page we need to include somewhere the password will decrypt to also. Hope you can help thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
i'll put together a page from the bits and peices that i've done - am i right in thinking that this first page will have a form to collect the username?
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
yes the username is the email address:)

You you be kind enough to additionally add within your page, the sql query and also the CDONTS function you provided on the other thread.

I really appericate your help
Many thanks



0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Mc fly have you had any success with the writing of the code?

thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Now I've found the question again - I'm on it :)
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Pls remember this is not tested...

<%@ Language=VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<%
Dim objCon
Dim rsChck
Dim sErrMsg, sForm(0), sQuery

Dim Context, Key, Blob

sErrMsg = ""

If Request.Form("Buuton") = "Login" then
      sErrMsg = ""
      
      sForm(0) = Trim(Request.Form("f_0"))

      If sForm(0) = "" then
            sErrMsg = "Error: Username - required."
      Else
            'The connection stuff obviously needs to be replaced with your own....
            Set objCon = Server.CreateObject("ADODB.Connection")
            objCon.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;Data Source=" & Request.ServerVariables("APPL_PHYSICAL_PATH") & "\_EE\Login\DataDB.mdb"
            
            Set rsChck = Server.CreateObject("ADODB.RecordSet")
            sQuery = "SELECT TUTOR_USERNAME, TUTOR_PASSWORD " &_
                         "FROM login " &_
                         "WHERE TUTOR_USERNAME = '" & sForm(0) & "'"
            rsChck.Open sQuery, objCon
            
            If rsChck.EOF then
                  sErrMsg = "Error: Username - invalid."
            Else
                  'This bit talen from you code...
                  Set Context = XEncrypt.OpenContext("mycontainer", False)
                  Set Key = Context.GenerateKeyFromPassword("my password")
                  Set Blob = XEncrypt.CreateBlob
                  
                  'Slight change to your code...
                  Blob.Base64 = rsChck("TUTOR_PASSWORD")
                  Session("EncryptedPassword") = Key.DecryptText(Blob)

                  'The you need to decide what you want to do...
                  '==================================================
                  
                  
                  'Go to a different page
                  Response.Redirect "AnotherPage.asp"

                  'Decrypt the password....
                  'You didn't provide any code for this and not knowing the software you use for
                  'this I'm not going to guess - you must have that somewhere - the encrypted password
                  'is now held in Session("EncryptedPassword")
                  
                  'The emails stuff
                  sBody = ""
                  sBody = sBody & "<!DOCTYPE HTML PUBLIC '-//IETF//DTD HTML//EN'>"
                  sBody = sBody & "<html>"
                  sBody = sBody & "<head>"
                  sBody = sBody & "<title>Message...</title>"
                  sBody = sBody & "<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>"
                  sBody = sBody & "</head>"
                  sBody = sBody & "<body>"
                  sBody = sBody & "<font face='Verdana' size='2' color='#000000'>"
                  sBody = sBody & "You have received a message:<br><br>"
                  sBody = sBody & "The Message:<br>"
                  sBody = sBody & "================================================<br>"
                  sBody = sBody & "<b>Hello</b>"
                  sBody = sBody & "</font>"
                  sBody = sBody & "</body>"
                  sBody = sBody & "</html>"
            
                  'If using CDONTS to send emails then uncomment
                  '================================================================
                  Set objMail = Server.CreateObject("CDONTS.NewMail")
                  objMail.BodyFormat = 0
                  objMail.MailFormat = 0
                  objMail.Body = sBody
            
                  'If using CDOSYS to send emails then uncomment
                  '================================================================
                  'Set objMail = Server.CreateObject("CDO.Message")
                  'objMail.HTMLBody = sBody
            
                  'Common for both CDONTS & CDOSYS...
                  '================================================================
                  objMail.To = sForm(0)
                  objMail.From = "peter@internection.co.uk"
                  objMail.Subject = "Email From Somehwere..."
                  objMail.Send
            End If
      End If
End If

%>
<html>
<head>
<title>Example</title>
<script language="Javascript">
<!--
//-->
</script>
</head>
<body>
<form name="Login" method="post" action="">
      <%If sErrMsg <> "" then
            Response.Write sErrMsg & "<br><br>"
      End If%>
      Username: <input type="text" name="f_0" value=""><br>
      <br>
      <input type="submit" name="Buuton" value="Login">
</form>
<object classid="clsid:f9463571-87cb-4a90-a1ac-2284b7f5af4e" codebase="aspencrypt.dll" id="xencrypt"></object>

</body>
</html>
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Hi,

In terms of the ASP encryption, its an asp componenet that I have installed on my pc, so the code provided calls the component.

Sub Decrypt()
     Set Context = XEncrypt.OpenContext("mycontainer", False)
     Set Key = Context.GenerateKeyFromPassword("my password")

     Set Blob = XEncrypt.CreateBlob
     Blob.Base64 =  

document.frmPreviewPassword.txtPassword.Value ******
document.frmPreviewPassword.txtDecrypt.Value
=  Key.DecryptText(Blob) *****

End Sub

the password isnt held in a session, the encrypted version is held in the database. What the componenet does is decrypt the password when the button on a form is pressed.

I was just wondering as you have created an encrpytion session what will this have to be replaced by to fit my senerio?

Because what I want it decryption of the password once the form has been submitted this is if the email entered is correct :)

Hope this makes bit more sense.

Hope you can help
Thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
You need to include the code for the decryption - my example stores the encrypted password in the Session("EncryptedPassword") - as yet you have not shown any code for the decryption - only the encryption - I can't guess the code for decrypting it :)

Once you show this code then I can suggest how to incorporate it.

And the code you've just included still refers to your original code - however I have provided alternative code - are you going to or are you using this?

If you don't update you code how is it going to advance as you require!
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Hi there :)

the code that I provided is the code that decrypted the password:) It does it trust me there is no other code. This is all I have on the page, ......

<!--#include file ="database.asp"-->

<%

dim varUsername
dim sqlStr
'varUsername=Request.QueryString("StudentId")

sqlstr =  "SELECT TUTOR_USERNAME, TUTOR_PASSWORD "
sqlStr = sqlStr & "FROM login "
sqlStr = sqlStr & "WHERE TUTOR_USERNAME = 'pung'"
oRS.Open sqlStr, objConn

%>
<script language="vbscript">

Sub Decrypt()
      Set Context = XEncrypt.OpenContext("mycontainer", False)
      Set Key = Context.GenerateKeyFromPassword("my password")

      Set Blob = XEncrypt.CreateBlob
      Blob.Base64 = document.frmPreviewStudentPassword.txtPassword.Value
      document.frmPreviewStudentPassword.txtDecrypt.Value = Key.DecryptText(Blob)
End Sub
</script>


<head>
<title></title>

</head>

<form name="frmPreviewStudentPassword">
<input type="text" name="txtPassword" value="<%=oRS("TUTOR_PASSWORD")%>">

<input type=text name=txtDecrypt><input type=button onclick=decrypt value=Decrypt>

</form>

<object
classid="clsid:f9463571-87cb-4a90-a1ac-2284b7f5af4e"
codebase="aspencrypt.dll"
id="xencrypt">
</object>
</body>
</html>



This is the url of my webserver

http://warge-da2.zapto.org/login/trytest.asp

You can test it out yourself :)

Its an asp component, we dont need to worry at all about the ecryption code, as you can see from the sql all I am using is a query string value and then when I press the button the password is shown.

The encrypted password is on the left hand box as shown in the webpage. Take a look :)

Hope this makes things clearer and you understand exactly what I mean and how i want to use this decyption function. What I want to do is as soon as a user enters their email address into the form and submits it, if the email address is valid then an email is sent to the user. I am pretty confident with the CDONT now, all I want to do is somehow decrpyt the password and then store it in a variable so then I can call that back in the email message body when using CDONTS.

I really hope you can help

Thanks
Pungwick

0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Ok if you get your page to a stage where you have a page with a form so that an email address (username) can be put in and it checks it against the db then maybe we can taclke the decrypt problem.

I have supplied code and as of yet you appear to of made NO changes to your page - work with me here and maybe we'll get a resolve.

The value that initially appears in txtPassword - is the value actually held in the db because the code you've supplied doesn't do any encrypting before it it is placed in the form value - am I right?

Where did you source the DDL from, do you have any instructions on using it - do you have a link where I can read about the DLL?
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Hi

I really dont understand your code does it decrpt the password once the email address it is sent ????

http://www.aspencrypt.com/index.html thats the information as regards the component. Maybe yo are looking to much into what he component does, all I want is to run the fuction on the fly without having to run it pressing the button.

Did you take a look at the websever url i sent u???

Thanks
Pungwick
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
I did - it didn't do anything :)

Can you paste in your page as you currently have it - this should contain the form for entering the username and has the validation against you db of this username.

This is before I look at the URL you have just supplied.

I am guessing that the code for your DLL that you have is supposed to do the decrptying and it currently isn't - this is where I'm maybe misunderstanding - the code you have so far - the encrypted password that is in the form - how does that get encrypted - its not done within the code that you supplied.
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
HI there,

the code that encrypts the password is as follows, this is on another page, so say when a user trys to sign in, what they enter on page submit is encrypted and sent over:

the whole page

<%@ Language=VBScript %>
<% Option Explicit %>

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">



<script language="vbscript">


sub encryptsign

'***********************************************************************
' encrypt
'***********************************************************************

  set context = xencrypt.opencontext("mycontainer", false)
  set key = context.generatekeyfrompassword("my password")
  set blob = key.encrypttext( document.frmTutorLogin.txtTutorPassword.value )
  document.frmTutorLogin.txtencrypt.value = blob.base64

'***********************************************************************
' sign
'***********************************************************************

      ' Open "MY" certificate store which contains client certs
      Set Store = XEncrypt.OpenStore("MY", False )

      ' Does the store contain certificates?
      Count = Store.Certificates.Count
      If  Count = 0 Then
            MsgBox "You have no certificates."
            Exit Sub
      End If

      ' If store contains more than one, enable user to pick one
      If Count > 1 Then
            Set Cert = XEncrypt.PickCertificate(Store, 4+8+16, "Select Certificate Please", "Select the one you want to be used for signing")
            If Cert Is Nothing Then Exit Sub
      Else
            ' otherwise just pick that only one cert
            Set Cert = Store.Certificates(1)
      End If

      ' Make sure the cert has a private key associated with it
      If Cert.PrivateKeyExists = False Then
            MsgBox "This certificate has no private key associated with it."
            Exit Sub
      End If

      ' obtain private key context for this cert
      Set Context = Cert.PrivateKeyContext

      ' create empty hash object associated with this context
      Set Hash = Context.CreateHash
      Hash.AddText document.frmTutorLogin.txtencrypt.value

      Set Blob = Hash.Sign(Context.KeySpec)
      document.frmTutorLogin.txtSignature.value = Blob.Base64
call frmTutorLogin.submit()
end sub

</script>

<html>
<head>

</head>

<body>
<form name="frmTutorLogin" action="verify.asp" method="post"onSubmit="return checkFields()">
<input type="hidden" name="FormAction" value="verifyTutor">
<input type="text" name="txtsignature">
<input type="text" name="txtencrypt">

<table border="0" width="100%">
<tr>
<td align="right"><img src="logo.gif">
</td>
</tr>
</table>

<table border="0">
<tr bgcolor="#b90404">
<td width="130" align="center">&nbsp;</td>
<td width="900" align="right"><a href="main.htm">Home</a></td>
</tr>
</table>

<table border="0" width="30%" align="center">

<tr bgcolor="#CCCCCC">
<td colspan="2" align="left"><b>Tutor Login</b></td>
</tr>

<tr bgcolor="eeeeee">
<td align="right">Username:</td>
<td><input type="text" name="txtTutorUsername"></td>
</tr>


<tr bgcolor="eeeeee">
<td align="right">Password:</td>
<td><input type="password" name="txtTutorPassword"></td>
</tr>

<tr bgcolor="#CCCCCC">
<td colspan="2" align="left"><a href="TutorSignUp.asp">Sign Up</a>
<input type="button" onclick="encryptsign" value="Sign In"></td>
</tr>

</table>

</form>
<object
classid="clsid:f9463571-87cb-4a90-a1ac-2284b7f5af4e"
codebase="aspencrypt.dll"
id="xencrypt">
</object>
</body>
</html>

0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Sorry but at the moment the page does not exist thats why I am using a test page so the code is simple and easy to understand... if we can get this working ie decryption of a password without clicking of the button then the same technique can be encroporated using another page..ie one with html design.

thanks

So please could you work with the page I sent a few posts up, the validation atthe moment is also not relevant to what we are tryng to achieve. All I want to do is get the password decryped into a variable, if then I can respone.write the variable and confirm the password decryption has taken place I will be satified as I am confident of doing the rest of the code myself

Hope you can help
Thanks
Pungwick
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Ok, looked at the page - the code seems fine - apart from where I've called my Session("EncryptedPassword") - call it Session("DecryptedPassword") - the results of the code is a decrypted password :)

I notice in your code that your <script> code is outside of your <head></head> tags - I don't know is this makes any difference - but its worth a try - or put the <script> somewhere between the <body></body> tages.
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
HI there using you code................


<%@ Language=VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>

<!--#include file ="database1.asp"-->
<%
Dim objCon
Dim rsChck
Dim sErrMsg, sForm(0), sQuery, one,rsone, XEncrypt

Dim Context, Key, Blob

sErrMsg = ""

If Request.Form("Buuton") = "Login" then
     sErrMsg = ""

     sForm(0) = Trim(Request.Form("f_0"))

     If sForm(0) = "" then
          sErrMsg = "Error: Username - required."
     Else

          one = "SELECT TUTOR_USERNAME, TUTOR_PASSWORD " &_
                     "FROM login " &_
                     "WHERE TUTOR_USERNAME = '" & sForm(0) & "'"
          ' response.write one
          set rsone=conn.execute(one)

          If rsone.EOF then
               sErrMsg = "Error: Username - invalid."
          Else
               'This bit talen from you code...
               Set Context = XEncrypt.OpenContext("mycontainer", False)
               Set Key = Context.GenerateKeyFromPassword("my password")
               Set Blob = XEncrypt.CreateBlob

               'Slight change to your code...
               Blob.Base64 = rsone("TUTOR_PASSWORD")

               response.write Blob.Base64



          End If
     End If
End If

%>
<html>
<head>
<title>Example</title>
<script language="Javascript">
<!--
//-->
</script>
</head>
<body>
<form name="Login" method="post" action="">
     <%If sErrMsg <> "" then
          Response.Write sErrMsg & "<br><br>"
     End If%>
     Username: <input type="text" name="f_0" value=""><br>
     <br>
     <input type="submit" name="Buuton" value="Login">
</form>
<object classid="clsid:f9463571-87cb-4a90-a1ac-2284b7f5af4e" codebase="aspencrypt.dll" id="xencrypt"></object>

</body>
</html>

I get an error at line 35

Microsoft VBScript runtime (0x800A01A8)
Object required: ''
/login/mcfly.asp, line 35

hope you can help
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Ok - I've read a little more about the DLL can you try the following...funny enough its a slight change to you orignal code :)

<html>
<head>
<title></title>
<object classid="clsid:f9463571-87cb-4a90-a1ac-2284b7f5af4e" codebase="aspencrypt.dll" id="xencrypt"></object>
<script language="vbscript">
Sub Decrypt()
      Set Context = XEncrypt.OpenContext("mycontainer", False)
      Set Key = Context.GenerateKeyFromPassword("my password")

      Set Blob = XEncrypt.CreateBlob
      Blob.Base64 = document.frmPreviewStudentPassword.txtPassword.Value
      document.frmPreviewStudentPassword.txtDecrypt.Value = Key.DecryptText(Blob)
End Sub
</script>
</head>
<form name="frmPreviewStudentPassword">
      <input type="text" name="txtPassword" value="gOSBfHBL1Mw="><br>
      <input type=text name=txtDecrypt><br>
      <input type=button onclick=decrypt value=Decrypt>
</form>
</body>
</html>

It is slightly different - trust me.
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
????????

the code you provided me doesnt incrypt the password you still have to press the button

http://warge-da2.zapto.org/login/punwick.asp


hope you can help thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
The little bit of code was from the aspencrypt.com site - if it doesn't work then maybe you need to consult them - I was expecting it to work :)

I've downloaded their 30 trial so I can have a go - maybe we're missing something :)
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
hmm OK:)

but the code is still on the pressing of a button which is what I initially had :) I also got the same code from there site :)

hehe

Is there no way as you were trying to before run the proccedure without clicking the button???
 or maybe...when the button is clicked if the email addrees is correct run the code???

thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Ok, humour me on this one - the following code works - I've put an example online - www.internection.co.uk/DLL

This means that the code that you have is correct but not necessarily - maybe its case sentive :)

The code I'm using...

<HTML>
<HEAD>
<TITLE>AspEncrypt - Simple Demo of Client-side ActiveX Control</TITLE>

<OBJECT
      classid="CLSID:F9463571-87CB-4A90-A1AC-2284B7F5AF4E"
       codebase="aspencrypt.dll"
      id="XEncrypt">
</OBJECT>

<SCRIPT LANGUAGE="VBSCRIPT">
Sub Encrypt
      Set Context = XEncrypt.OpenContext("mycontainer", False)
      Set Key = Context.GenerateKeyFromPassword("my password")

      Set Blob = Key.EncryptText( document.frmPreviewStudentPassword.txtPassword.Value )
      document.frmPreviewStudentPassword.txtDecrypt.Value = Blob.Base64
End Sub

Sub Decrypt
      Set Context = XEncrypt.OpenContext("mycontainer", False)
      Set Key = Context.GenerateKeyFromPassword("my password")

      Set Blob = XEncrypt.CreateBlob
      Blob.Base64 = document.frmPreviewStudentPassword.txtDecrypt.Value
      MsgBox Key.DecryptText(Blob)
End Sub
</SCRIPT>
</HEAD>


<BODY>

<FORM NAME="frmPreviewStudentPassword">
<INPUT TYPE="TEXT" NAME="txtPassword" SIZE="60" VALUE="Text to encrypt">
<INPUT TYPE="BUTTON" OnClick="Encrypt" VALUE="Encrypt">
<P>
<INPUT TYPE="TEXT" NAME="txtDecrypt" SIZE="60">
<INPUT TYPE="BUTTON" OnClick="Decrypt" VALUE="Decrypt">
</FORM>

</BODY>
</HTML>

0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
HI there

what you have done is the same as I had initially :) I dont wan 2 press the button at all 2 get the encrypted password, i want it 2 be done automatically

thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Yes but my example worked and yours didn't.

Get yours working :)

I'm just trying to figure out how to do this now I have a working copy myself.
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
My example did work !!!!!!!!!!!!!!!!

the link I sent you worked :)

hehe
please continue with the investigation

we need to get the decryption working onthe fly :)

thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Ok, finally done it :) better lat than never...

<%@ Language=VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<%
Dim conn
Dim rsone
Dim sErrMsg, sForm(0), one, bIsGood

sErrMsg = ""
bIsGood = False

If Request.Form("Buuton") = "Login" then
     sErrMsg = ""

     sForm(0) = Trim(Request.Form("f_0"))

     If sForm(0) = "" then
          sErrMsg = "Error: Username - required."
     Else
            Set conn = Server.CreateObject("ADODB.Connection")
            conn.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;Data Source=" & Request.ServerVariables("APPL_PHYSICAL_PATH") & "\DLL\DataDB.mdb"

            one = "SELECT TUTOR_USERNAME, TUTOR_PASSWORD " &_
                    "FROM login " &_
                    "WHERE TUTOR_USERNAME = '" & sForm(0) & "'"
            'response.write one
                        
            set rsone=conn.execute(one)

            If rsone.EOF then
                  sErrMsg = "Error: Username - invalid."
            Else
                  bIsGood = True
            End If
      End If
End If

If Request.Form("Action") = "Done" then
      Response.Write Request.Form("Username") & "<br>"
      Response.Write Request.Form("D_Password") & "<br>"
      
      Response.End
End If

%>
<html>
<head>
<title>Example</title>
<OBJECT
      classid="CLSID:F9463571-87CB-4A90-A1AC-2284B7F5AF4E"
          codebase="aspencrypt.dll"
      id="XEncrypt">
</OBJECT>
<SCRIPT LANGUAGE="VBSCRIPT">
Sub Decrypt
      Set Context = XEncrypt.OpenContext("mycontainer", False)
      Set Key = Context.GenerateKeyFromPassword("my password")

      Set Blob = XEncrypt.CreateBlob
      Blob.Base64 = document.GoDetails.E_Password.value
      document.GoDetails.D_Password.value = Key.DecryptText(Blob)
      
      document.GoDetails.submit()
End Sub

</SCRIPT>
</head>
<body <%If bIsGood = True then%>onLoad="Decrypt"<%End If%>>
<%If bIsGood = False then%>
      <form name="Login" method="post" action="">
           <%If sErrMsg <> "" then
                Response.Write sErrMsg & "<br><br>"
           End If%>
           Username: <input type="text" name="f_0" value=""><br>
           <br>
           <input type="submit" name="Buuton" value="Login">
      </form>
<%Else%>
      <form name="GoDetails" method="post" action="">
            <input type="hidden" name="Username" value="<%=rsone("TUTOR_USERNAME")%>">
            <input type="hidden" name="E_Password" value="<%=rsone("TUTOR_PASSWORD")%>">
            <input type="hidden" name="D_Password" value="">
            <input type="hidden" name="Action" value="Done">
      </form>
<%End If%>
</body>
</html>
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Brilliant it worked but I cant seem to open the inital page ie the form in the same browser once the users details are displayed.

thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
This bit was just to demonstrate that it worked...

If Request.Form("Action") = "Done" then
     Response.Write Request.Form("Username") & "<br>"
     Response.Write Request.Form("D_Password") & "<br>"
     
     Response.End
End If

Change this line...

<form name="GoDetails" method="post" action="">

Put the page (action="") you want it to go to then you can then use the...

Request.Form("Username")
Request.Form("D_Password")

...to get the details in the new page.
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Hi there

I was wondering how I could cutomise the code to make it more tidy when client side. At the moment a user fails to enter a password or an error occurs the error message is shown on top of the text box. Initially I was thinking of inital form on the to of the page however the if statement around it put me of. Would be grateful if you could help. Also in terms of error messages, is it not possible to instead of the inital error message if the text field is left empty have a windoes type error message box.

Hopw you can help, would be gratful if you could alter the code appriotely. The code I have is as follows:

<%@ Language=VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>

<!--#include file ="database.asp"-->

<%

six= "select * from patient"
set rssix= conn.execute(six)

Dim rsone
Dim six, rssix, Message      , bodytext
Dim sErrMsg, sForm(0), one, bIsGood

sErrMsg = ""
bIsGood = False

If Request.Form("Buuton") = "Login" then
     sErrMsg = ""

     sForm(0) = Trim(Request.Form("f_0"))

     If sForm(0) = "" then
          Response.write "please enter your email address"
     Else
            one = "SELECT EMAIL_ADDRESS, PASSWORD " &_
                 "FROM PATIENT " &_
                 "WHERE EMAIL_ADDRESS= '" & sForm(0) & "'"
          'response.write one

          set rsone=conn.execute(one)

          If rsone.EOF then
               Response.write "Invalid Email Address"
          Else
               bIsGood = True
          End If
     End If
End If

If Request.Form("Action") = "Done" then


                   Message =  "Your Username and Password are as follows:"&"<br>" & "<br>"& "Username:  " & rssix("email_address")& "<BR>" & "Password:  " & Request.Form("D_Password") & "<br>" & "<br>" & "Kindest Regards" & "<br>"& "St Arthurs Hospital"

                   bodytext = rssix("First_Name") & " " & rssix("surname") &","& "<br>" & "<br>" & Message


                     'Dimension variables
                     Dim objCDOMail      'Holds the CDONTS NewMail Object

                     'Create the e-mail server object
                     Set objCDOMail = Server.CreateObject("CDONTS.NewMail")

                     'Who the e-mail is from
                     objCDOMail.From = "admin@stathurshospital.com"

                     'Who the e-mail is sent to
                     objCDOMail.To = rssix("email_address")

                     'Set the subject of the e-mail
                     objCDOMail.Subject = "Password Reminder"

                     'Set the e-mail body format (0=HTML 1=Text)
                     objCDOMail.BodyFormat = 0

                     'Set the mail format (0=MIME 1=Text)
                     objCDOMail.MailFormat = 0

                     'Set the main body of the e-mail
                     objCDOMail.Body = bodytext

                     'Importance of the e-mail (0=Low, 1=Normal, 2=High)
                     objCDOMail.Importance = 1

                     'Send the e-mail
                     objCDOMail.Send

                     'Close the server object
                     Set objCDOMail = Nothing

            response.write "Your Password has been emailed to you"

End If

%>
<html>
<head>
<title>Example</title>
<OBJECT
     classid="CLSID:F9463571-87CB-4A90-A1AC-2284B7F5AF4E"
         codebase="aspencrypt.dll"
     id="XEncrypt">
</OBJECT>
<SCRIPT LANGUAGE="VBSCRIPT">
Sub Decrypt
     Set Context = XEncrypt.OpenContext("mycontainer", False)
     Set Key = Context.GenerateKeyFromPassword("my password")

     Set Blob = XEncrypt.CreateBlob
     Blob.Base64 = document.GoDetails.E_Password.value
     document.GoDetails.D_Password.value = Key.DecryptText(Blob)

     document.GoDetails.submit()
End Sub

</SCRIPT>
</head>
<body <%If bIsGood = True then%>onLoad="Decrypt"<%End If%>>
<%If bIsGood = False then%>
     <form name="Login" method="post" action="">
          Username: <input type="text" name="f_0" value=""><br>
          <br>
          <input type="submit" name="Buuton" value="Login">
     </form>

<%Else%>
     <form name="GoDetails" method="post" action="">
          <input type="hidden" name="Username" value="<%=rsone("EMAIL_ADDRESS")%>">
          <input type="hidden" name="E_Password" value="<%=rsone("PASSWORD")%>">
          <input type="hidden" name="D_Password" value="">
          <input type="hidden" name="Action" value="Done">
     </form>
<%End If%>
</body>
</html>


thanks
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
You have...

 If sForm(0) = "" then
          Response.write "please enter your email address"
     Else


I had......


    If sForm(0) = "" then
          sErrMsg = "Error: Username - required."
     Else
          Set conn


The reason I put the error in a variable (sErrMsg) is so that you have the freedom to place it anywhere you like.

You could even do the following....

<body <%If sErrMsg <> "" then%>onLoad="alert('<%=sErrMsg%>')"<%End If%>> and it it 'popup' the error.

Please not that under EE rules you are not supposed to asked additional question outside of the scope of your orginal post.
0
 
LVL 1

Expert Comment

by:hengzhe
Comment Utility
I think what you want is basically the manipulation of a variable that should store
the decrypted password of corresponding user.
Below is my code.
<%
dim deCryptPwd

sqlstr ="SELECT TUTOR_USERNAME, TUTOR_PASSWORD FROM login WHERE TUTOR_USERNAME = 'pung'"
oRS.Open sqlStr, objConn

deCryptPwd=Decrypt(oRS("TUTOR_PASSWORD")
'deCryptPw can be utilized in your code which is used to send email.

%>
<script runat="server" language="vbscript">
function Decrypt(pwd)
     'instantiate your encryption component
     set XEncrypt=server.createobject("server.component")
 'I don't know the ProgId of your component,or you can create
 'XEncrypt just by using its ClassId in global.asa
     Set Context=XEncrypt.OpenContext("mycontainer", False)
     Set Key=Context.GenerateKeyFromPassword("my password")
     Set Blob=XEncrypt.CreateBlob
     Blob.Base64=pwd
     set XEncrypt=nothing
     Decrypt=Key.DecryptText(Blob)
End function
</script>
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Hi there

I get an error on line 15 saying :

Server object, ASP 0177 (0x800401F3)
Invalid class string
/login/further.asp, line 15

<!--#include file ="database.asp"-->
<%
dim deCryptPwd

sqlstr ="SELECT TUTOR_USERNAME, TUTOR_PASSWORD FROM login WHERE TUTOR_USERNAME = 'pung'"
oRS.Open sqlStr, objConn

deCryptPwd=Decrypt(oRS("TUTOR_PASSWORD"))
'deCryptPw can be utilized in your code which is used to send email.
response.write deCryptPwd
%>
<script runat="server" language="vbscript">
function Decrypt(pwd)
     'instantiate your encryption component
  set XEncrypt=server.createobject("server.component")
 'I don't know the ProgId of your component,or you can create
 'XEncrypt just by using its ClassId in global.asa
     Set Context=XEncrypt.OpenContext("mycontainer", False)
     Set Key=Context.GenerateKeyFromPassword("my password")
     Set Blob=XEncrypt.CreateBlob
     Blob.Base64=pwd
     set XEncrypt=nothing
     Decrypt=Key.DecryptText(Blob)
End function
</script>

<object
classid="clsid:f9463571-87cb-4a90-a1ac-2284b7f5af4e"
codebase="aspencrypt.dll"
id="xencrypt">
</object>

I tried commenting out that line then got the error saying:

Microsoft VBScript runtime (0x800A01A8)
Object required: 'XEncrypt'
/login/further.asp, line 18

hope you can help
thanks
Pungwick
0
 
LVL 1

Expert Comment

by:hengzhe
Comment Utility
Pay attention to the statement:
set XEncrypt=server.createobject("server.component")
'server.component' is just a 'formula',you should replace it with the ProgId of XEncrypt(your encryption component).
Or,alternatively,you can comment out this statement,and place the following statement in your
page :

<object runat="server"
classid="clsid:f9463571-87cb-4a90-a1ac-2284b7f5af4e"
codebase="aspencrypt.dll"
id="XEncrypt">
</object>

And,I think some attention should also be paid to methods and properties exposed by
your component.
Hope this can help you solve the problem.
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
The solution that you have been offered by hengzhe with the funtion will not work because the DLL is CLIENT-SIDE, you CANNOT instantiate the DLL in the manner described.
0
 
LVL 1

Expert Comment

by:hengzhe
Comment Utility
Pungwick,have you installed and registered  the component(aspencrypt.dll) on your server?
If both installation and registration have been done,then the component can be instantiated using the tag <object>
(runat='server' must be provided).
Otherwise it can not be used in server-side.
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
hengzhe - please note that the DLL being useed is a client-side DLL and is downloaded to the client as an ActiveX object.

For information about the DLL and its usage visit the following URL - http://www.aspencrypt.com/index.html (supplied by Pungwick)



Pungwick :) Shame on you
0
 
LVL 6

Accepted Solution

by:
Lord_McFly earned 40 total points
Comment Utility
In the solution that did work :)

Where you have If Request.Form("Action") = "Done" then
     Response.Write Request.Form("Username") & "<br>"
     Response.Write Request.Form("D_Password") & "<br>"
     
     Response.End
End If

...why don't you just change it to

If Request.Form("Action") = "Done" then
     Session("Username") = Request.Form("Username")
     Session("Password") = Request.Form("D_Password")
     
     Response.Redirect "ThePageYouWant.asp"
End If

The you can extract the details from the Session variable.
0
 
LVL 1

Expert Comment

by:hengzhe
Comment Utility
Thanks Lord_McFly,I am ignorant,I didn't know what XEncrypt is.
After reading some documents,I made the following change:

function Decrypt(pwd)
    Set CM=Server.CreateObject("Persits.CryptoManager")
   Set Context = CM.OpenContext("mycontainer",True)
   'attention: the second para.(MachineKey) should be set to True,because in my 'solution I want to use aspEncrypt in server-side.
   'I don't know whether the parameter mycontainer is approriate,I just went through
   'documents(http://www.aspencrypt.com/)
     Set Key = Context.GenerateKeyFromPassword("originalkey")
     Set Blob =CM.CreateBlob
     Blob.Base64=pwd
     set CM=Nothing
 Decrypt=Key.DecryptText(Blob)
End function
 
Emphasis: My solution is to decrypt the password retrieved from db in server-side
(so I use CryptoManager which can be instantiated on server in asp environment).And
the decrypted password is returned by Decrypt(pwd) which is a server side
function(runat='server') and can then be stored in a variable so that you
can manipulate it(ig.to use it to send email.)
Because I just went through documents provided by http://www.aspencrypt.com,
I am not quite sure whether parameters I provided in my code were valid or
approriate.
0
 
LVL 6

Expert Comment

by:Lord_McFly
Comment Utility
Hi Pungwick

Need any further assistance with this problem?

Cheers

McFly
0
 
LVL 1

Author Comment

by:Pungwick
Comment Utility
Sorry all extrmely busy at presnt I will reply properly in the next few days

thanks
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
Problem to be resolved in this article Currently, development of website and web application can be done without writing thousands of lines of programming code by hand. Description This can be done through by using a open source framework such …
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now