Link to home
Start Free TrialLog in
Avatar of Tim
Tim

asked on

Accessing Variable in ASP

In my ASP Page, I am trying to access a variable filled by User Input from a popup Box. However, for some Reason I am unable to:

<body>
      <script language="vbscript">
      Do While ID = ""
            ID = InputBox("Enter Authentication:", "Overview")
            If ID = "Close" Then
                  WScript.Quit(0)
            elseif ID = "" Then
                  WScript.Echo "Invalid Input!"
            End If
      Loop
      </script>
</body>

Later on in the body I try to output the "ID" variable but it is NULL. ANy thoughts on how I can or why I cannot get this variable value passed on after this code is finished?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tim
Tim

ASKER

Hi thanks this is a popup n the same window.
Your question is marked as asp classic.   I think if you are trying to use client side vb, it will only work in internet explorer.

If you are using  a modal, you would have a form

<%
dim user
if request.form("user")<>"" then
' *** In production you will want to scrub your data and not take input directly ** 
   user=request.form("user")
   response.write "the form user is "&user
end if
%>


<!-- modal -->
<form action="current_page.asp" method="post">

  <input name="user">
  <button type="submit">Submit</button>
</form>

Open in new window

Avatar of Tim

ASKER

Do you think I would be better off creating an ActiveX control? That way I can fetch the current logged in users ID without prompting them each time the page loads?
Getting the logged in user is another aspect.  You don't need an activex control.  You should have either a session or encrypted cookie.

<%
session("user")="tr57285"

if request.form("something")<>"" then
' *** In production you will want to scrub your data and not take input directly ** 
   something=request.form("something")
   response.write "the form something is "&something
  
 sql="UPDATE table_name SET field1='"&something&"',fiele2='"&session("user")&"' WHERE some_column=some_value;

end if



%>

Open in new window

Avatar of Tim

ASKER

Yes but a cookie would require me to have the user input their ID the first time correct? Optimally I am looking to grab the ID without having the user input any info.
I think we are getting into a different tangent.  Perhaps how to manage log ins can be a new question topic and another discussion.

If you are taking about using the AD, there are a lot of answers here for classic asp and AD authentication.  I have a couple below but using the AD is not my area of expertise.

https://www.experts-exchange.com/questions/28077231/Classic-ASP-Active-Directory-Authentication.html?anchorAnswerId=39025197#a39025197

https://www.experts-exchange.com/questions/26611970/VBScript-to-validate-a-password-with-Active-Directory.html?anchorAnswerId=34141448#a34141448
Avatar of Tim

ASKER

Ok so I am not trying to get login info.

I am just trying to get an ID from the user accessing the page because of the below:

In my page I am displaying hyperlinks that contain a userID for it to work and since the hyperlink is dependent on the current user I need the current users login ID to make the hyperlinks work.

I think the issue here is that when I call the function and prompt the user for their ID it is run client side:

<head>
<script language="JavaScript">
		function checkCookie()
		{
			ID=getCookie("username");
			if (ID!="")
  			{
  				return ID;
  			}
			else 
  			{
  				ID = prompt("Please enter your name:","");
  				if (ID!="" && ID!=null)
   		 		{
    					setCookie("username",ID,365);
    				}
  			}
		}
</script>
</head>

<body>
	<script language="VBScript">
		ID=javascript:checkCookie()
	</script>
TBPLink = ID
</body>

Open in new window


From the VBScript code I can get the returned ID variable from the Javascript function, but once I leave the VBScript code and return to my body I can no longer access that variable which is what I need to do.

I am trying to access the variable from within the middle of my HTML code but by that point it is no longer available.
just make the variable global or use a hidden form field to store the value:

<head>
<script language="JavaScript">
        var ID = 'some default value';    //-- you don't need to set a default one, i am just so you make sure the right value displays below

		function checkCookie()
		{
			ID=getCookie("username");
                        //-- or you could use a hidden form field
                        document.getElementById('hdnUserName').value = getCookie("username")

			if (ID!="")  //-- or if you're using the hidden form field, you would replace ID with  document.getElementById('hdnUserName').value
  			{
  				return ID;
  			}
			else 
  			{
  				ID = prompt("Please enter your name:","");
                                //-- same thing here, just replace all references of ID with the hidden form field
  				if (ID!="" && ID!=null)
   		 		{
    					setCookie("username",ID,365);
    				}
  			}
		}
</script>
</head>

<body>
<input type="hidden" name="hdnUserName" id="hdnUserName" value="some default value if you want" />

	<script language="VBScript">
		ID=javascript:checkCookie()
	</script>
TBPLink = ID
</body>

Open in new window


the advantage of using a hidden form field over a global variable isn't great, you just don't have to worry about scope; you can access it from anywhere on the page.
You can request the same cookie via js or vb.  http://www.w3schools.com/asp/asp_cookies.asp

The basic scenario below assumes you have a stored cookie for the username, but the user is not logged in.  This allows us to just ask for a password.  Or you may have done a two step log in where the user already entered the user id in a previous page, but the password is not authenticated.

The vbscript here is serverside.

Notice no need to have the user id in a hidden field because we already have the cookie.

The sample below is very basic for testing but should not be used in production as it assumes the password is not encrypted and your cookie data has not been encrypted as well.  For the password, by encrypted, I actually mean hashed.  

<%
userID=Request.Cookies("username") 'get the cookie

if request.form("password")<>"" then  ' test if form submit
     ' create recordset of users
     sql = "SELECT password, userLevel from table users WHERE user_id ="&userID 
     ' assume recordset called rsUser is created
     
     if not rsUser.bof or not rsUser.eof then
          session("LoggedInUser")=userID
          session("UserLevel")=rsUser("userLevel")
          else ' set logged in session info to nothing
          session("LoggedInUser")=""
          session("UserLevel")=""   
     end if

end if

%>
<form>
<input name="password">
<button type="submit">Submit</button>
</form>

Open in new window

Notice no need to have the user id in a hidden field because we already have the cookie.

and what happens if there is no cookie, or it just hasn't been set yet? that's what the code looked like from the original question. this solution makes too many assumptions and seems to be go off on a tangent on what the OP was asking...
Avatar of Tim

ASKER

Thank you all for contributing thus far.

Optimally what I am looking to do is not involve the user at all.

I would like to get the current logged in user (by grabbing an environmental variable) from the users machine and using that to modifying my page. Is this possible without the users intervention?

Would I need an ActiveX for this or is there another option?
how does the user log in? through Active Directory? if so, you can do

request.servervariables("LOGON_USER")

to get the current logged in user. This assumes that anonymous login is turned off in IIS
Avatar of Tim

ASKER

Hi Big Monty, Thanks

My site uses a service account currently, so the user is not prompted to login to the site, but Anonymous logon is also not turned on.

Is there a way to enable Basic Authentication on a page by page basis?
I believe Request.ServerVariables("LOGON_USER") will work for you. try creating a simple script like this:

Response.Write Request.ServerVariables("LOGON_USER")

if you get the service account, then you know that's the right server variable
no split on the points?

sheesh! i answered a bunch of your secondary questions and gave good advice on how to handle the passing of the variable