Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.
Solved
Getting ID after log-in timed out - Classic asp
Posted on 2016-08-27
Hi all,
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->
<%
Dim iStatus, conn, str, sPage
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Preparing values for validation
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("User") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("User")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDate = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfName = RSDatabase("Name")
felteClass = RSDatabase("Class")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Date = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Wrong username orr password!<br>If the problem continues contact our admin @t <a href=mailto:email.dk>email</a>."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Username: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="forgot_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Forgot password?</a></center>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE User ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<div data-role="footer">
<h1><%= school %></h1>
</div>
</div>
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
14
7-
2
23 Comments
Take this
the second part of the code should take your hidden variable
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
and on the page that processes the form
response.redirect(request.
the general idea is, when a page pops the login form. you pipe the HTTP_REFERER into it.
so the return page will always be the page from before the login link.
you would probably want to add some sender domain mitigation as shown above
you don't want google to send users to the login form to return them to google
this is only an example written out with no asp.net debugger or compiler
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
sPage = Request.servervariables("HTTP_REFERER")
if len(spage)>0 then
if tolower(substr(sPage,4,1)) = "s" then 'parse https:// domains
select case substr(substr(spage,7),int(instr(substr(spage,7),"/"))-1
case "www.example.com" 'trusted domain
case "ww2.example.com" 'trusted domain
case "ww3.example.com" 'trusted domain
case else
spage="http://www.mysite.com" 'terminate all unknown domains to the root of our domain
end select
else ' parse http:// domains
select case substr(substr(spage,6),int(instr(substr(spage,6),"/"))-1
case "www.example.com" 'trusted domain
case "ww2.example.com" 'trusted domain
case "ww3.example.com" 'trusted domain
case else
spage="http://www.mysite.com" 'terminate all unknown domains to the root of our domain
end select
else
spage="http://www.mysite.com" ' trap no referer
end if
the second part of the code should take your hidden variable
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
and on the page that processes the form
response.redirect(request.
the general idea is, when a page pops the login form. you pipe the HTTP_REFERER into it.
so the return page will always be the page from before the login link.
you would probably want to add some sender domain mitigation as shown above
you don't want google to send users to the login form to return them to google
this is only an example written out with no asp.net debugger or compiler
Hi Scobber,
Sorry for the delay in my response! Your solution - however cool - does not solve my problem.
Consider this: A user is assigned a task. This results in a text message to the user that show something like this: URL/your_task.asp?ID=28
When the user clicks this link they are prompted to log in. When doing so succesfully they are redirected to URL/your_task.asp but since the page does not have the ID (28) any longer, it fails. See my problem? Maybe I wasn't clear. From my point of view your solution does not work in this case, as the user may not have opened any webpage prior to this, so what would they be redirected to? Not URL/your_task.asp?ID=28...
Maybe I misunderstood, coding is not my strong side.
Sorry for the delay in my response! Your solution - however cool - does not solve my problem.
Consider this: A user is assigned a task. This results in a text message to the user that show something like this: URL/your_task.asp?ID=28
When the user clicks this link they are prompted to log in. When doing so succesfully they are redirected to URL/your_task.asp but since the page does not have the ID (28) any longer, it fails. See my problem? Maybe I wasn't clear. From my point of view your solution does not work in this case, as the user may not have opened any webpage prior to this, so what would they be redirected to? Not URL/your_task.asp?ID=28...
Maybe I misunderstood, coding is not my strong side.
I'll do a simulation on an asp server here tonight
There are a few server variables we can look at.
If you view source in the login page after the ?id redirect what is stored in the hidden var on the login form?
There are a few server variables we can look at.
If you view source in the login page after the ?id redirect what is stored in the hidden var on the login form?
I tried your code and got the following:
Expected ')'
login.asp, line 18.
Line 18 reads as follows: select case substr(substr(spage,6),int
Expected ')'
login.asp, line 18.
Line 18 reads as follows: select case substr(substr(spage,6),int
Just wanted to past the code for your reference. I have tried adding ) where requested, but then other problems arise. Hope you can help - I think your solution might work!
<%
Dim iStatus, conn, str, sPage
sPage = Request.servervariables("HTTP_REFERER")
if len(spage)>0 then
if tolower(substr(sPage,4,1)) = "s" then 'parse https:// domains
select case substr(substr(spage,7),int(instr(substr(spage,7),"/"))-1
case "www.example.com" 'trusted domain
case "ww2.example.com" 'trusted domain
case "ww3.example.com" 'trusted domain
case else
spage="http://www.mysite.com" 'terminate all unknown domains to the root of our domain
end select
else ' parse http:// domains
select case substr(substr(spage,6),int(instr(substr(spage,6),"/"))-1
case "www.example.com" 'trusted domain
case "ww2.example.com" 'trusted domain
case "ww3.example.com" 'trusted domain
case else
spage="http://www.mysite.com" 'terminate all unknown domains to the root of our domain
end select
else
spage="http://www.mysite.com" ' trap no referer
end if
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis du har glemt dit password kan det blive sendt til dig."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Brugernavn: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" data-inline="true" data-icon="lock" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="glemt_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Glemt password?</a></center>
Active 1 day ago
so..
1. is that mean when there is session timeout, task_show.asp?id=32 will be redirected to login.asp?
2. do you want the querystring to be added to login page, like login.asp?redirectpage_id=
1. is that mean when there is session timeout, task_show.asp?id=32 will be redirected to login.asp?
2. do you want the querystring to be added to login page, like login.asp?redirectpage_id=
1. When a user clicks on task_show.asp?id=32 and session is timed out they are redirected to login.asp and if login is succesful sPage = task_show.asp (which fails because that page requires an id to work).
2. If it works - then yes to your first suggestion! The issue is that some of my users access cases directly from their mobile phone. So task_show.asp?id=28 results in task_show.asp after login = error.
2. If it works - then yes to your first suggestion! The issue is that some of my users access cases directly from their mobile phone. So task_show.asp?id=28 results in task_show.asp after login = error.
Active 1 day ago
just some quick test...
1. in your task_show.asp, add:
2, then in login.asp, assign the sPage using:
and then see if existing logic was able to make the redirection to the destination page after user has successfully logged in.
1. in your task_show.asp, add:
if IsEmpty(Session("login")) Then
Server.transfer("login.asp")
end if
2, then in login.asp, assign the sPage using:
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
and then see if existing logic was able to make the redirection to the destination page after user has successfully logged in.
I pasted like this in original code:
Tried logging into show_task.asp?id=12
I was redirected to show_task.asp without the id being queried. Requested code was added to show_task as well.
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->
<%
Dim iStatus, conn, str, sPage
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis du har glemt dit password kan det blive sendt til dig."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Brugernavn: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" data-inline="true" data-icon="lock" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="glemt_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Glemt password?</a></center>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE Bruger ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<div data-role="footer">
<h1><%= skole %></h1>
</div>
</div>
Tried logging into show_task.asp?id=12
I was redirected to show_task.asp without the id being queried. Requested code was added to show_task as well.
Active 1 day ago
what if in login.asp, try change:
make sure the value of sPage is not being overwritten.
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
make sure the value of sPage is not being overwritten.
I have unhidden the hidden input showing sPage in line 97 of my original code and pasted your suggestion. Login.asp still works, but the value of sPage is shown as: /3-0/login.asppage=/3-0/vi
Code is now like this:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"-->
<%
Dim iStatus, conn, str, sPage
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis problemet fortsætter, kontakt venligst <a href=mailto:support@fejlmeld-alt.dk>webmasteren</a>."
conn.close
set conn = nothing
End If
End If
%>
<title>Login til fejlmeldingscenteret</title>
<meta name="robots" content=" noindex, nofollow">
<link type="text/css" href="style.css" title="std" rel="stylesheet">
</head>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<Table>
<br><br><FORM NAME="f" ACTION="login.asp" METHOD=POST>
<INPUT TYPE=text NAME="page" VALUE="<% =sPage %>">
<TABLE BORDER="1" CELLPADDING="0" CELLSPACING="0" width="300" ALIGN=CENTER bordercolor="#000000">
<TR>
<td align="center"><H4><center><b>Login til fejlmeldingscenteret</b></center></FONT></td>
</TR>
<tr><td>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="10" ALIGN=CENTER bordercolor="#000000">
<TR>
<TD VALIGN=MIDDLE>
<h4>Brugernavn: </font></TD>
<TD VALIGN=TOP>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>"></TD>
</TR>
<TR>
<TD VALIGN=MIDDLE>
<h4>Password: </font></TD>
<TD ALIGN=LEFT VALIGN=TOP>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15></TD>
</TR>
<TR>
<TR> <TD COLSPAN=2 ALIGN=CENTER>
<input type="Submit" name="Login" value="Login"></TD>
</TR>
<TR>
<TD COLSPAN=2 VALIGN=TOP ALIGN=CENTER>
</TR>
</TABLE>
</td></tr>
</table>
</FORM><%
If str <> "" Then
Response.Write "<TABLE BGCOLOR=#FFFFFF ALIGN=CENTER width=300 BORDER=1 cellpadding=5 cellspacing=0 bordercolor=#000000><TR><TD>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</TD></TR></TABLE>" & vbCrLf
End If
%><br><br>
<a href="glemt_password.asp">Glemt password?</a>
</td>
</table>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE Bruger ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
Active 1 day ago
how's the codes in show_task.asp looks like? did you amend according to my previous suggestion?
show_task.asp (it's in danish but code isn't ;-) Too much hazzle translating.
<!--#include file="db/database_read.inc"--><!--#include file="db/adgang.inc"--><!--#include file="Include/link.inc"--><!--#include file="close_access.inc"-->
<html>
<head>
<!--#include file="Include/meta.asp"-->
</head>
<body>
<%
Id = Request.querystring("Id")
%><div data-role="page" id="pageone" data-theme="<%= theme %>">
<div data-role="header">
<h1>Sagshistorik - Sagsnummer <%= id %></h1>
</div>
<%
if IsEmpty(Session("login")) Then
Server.transfer("login.asp")
end if
Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" Fejlmelding " &_
" WHERE " &_
" Id = " & Id & " " &_
" ORDER BY Datomodtaget DESC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
id = RSDatabase("Id")
navn = RSDatabase("Navn")
Lokale = RSDatabase("Lokale")
Email = RSDatabase("Email")
tlf = RSDatabase("tlf")
Udstyr = RSDatabase("Udstyr")
filepath = RSDatabase("filepath")
Beskrivelse = RSDatabase("Beskrivelse")
Datomodtaget = RSDatabase("Datomodtaget")
Datoafsluttet = RSDatabase("Datoafsluttet")
Status = RSDatabase ("Status")
Bemaerkninger = RSDatabase("bemaerkninger")
Sagsnr = RSDatabase("Sagsnr")
If Status = "Modtaget" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: red; color: white;' data-ajax='false'>Status: Modtaget</a>"
If Status = "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: green; color: white;' data-ajax='false'>Status:<br>Afsluttet</a>"
If Status <> "Modtaget" AND Status <> "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: yellow; color: black;' data-ajax='false'>Status: " & Status & "</a>"
If filepath = "-" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='_blank'>Se fil</a>"
End if
If filepath = "" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='blank'>Se fil</a>"
End if
If Email = "noreply@fejlmeld-it.dk" Then
Email_vis = ""
Else
Email_vis = Email
End if
If Lokale = "" Then
lokalevis = ""
Else
lokalevis = "Lokale/Placering: " & Lokale & ""
End if
%>
<div data-role="main" class="ui-content">
<div data-role="collapsible">
<h1>Kontaktinfo</h1>
<p><u>Navn</u></p>
<p><%= navn %></p>
<p><%= Email_vis %></p>
<p><%= tlf %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgavestatus</h1>
<p><%= StatusSag %><%= filnavn %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgaveinfo</h1>
<p><u><%= matrikel %></u></p>
<p><%= Institution %><br><%= Lokalevis %></p>
<p><u>Udstyr</u></p>
<p><%= udstyr %></p>
<p><u>Fejlbeskrivelse</u></p>
<p><%= beskrivelse %></p>
<p><u>Bemærkninger</u></p>
<p><%= bemaerkninger %></p>
<a href="tilfoej_fil_adm.asp?id=<%= id %>" class="ui-btn ui-icon-arrow-u ui-btn-inline ui-btn-icon-left" data-ajax="false">Upload ny fil</a>
<a href="opd_fejlmelding.asp?id=<%= id %>" class="ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left" data-ajax="false"> Opdatér opgaven</a></div>
</div>
<center><a href="administration.asp" class="ui-btn ui-btn-inline" data-ajax="false">Tilbage til administrationssiden</a></center>
<center><h3>Sagshistorik</h3></center>
<% Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" idFejlmelding " &_
" WHERE " &_
" cid = " & Id & " " &_
" ORDER BY Id ASC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
Do While Not RSDatabase.EOF
id = RSDatabase("Id")
admin1 = RSDatabase("Admin")
navn1 = RSDatabase("Navn")
udstyr1 = RSDatabase("Udstyr")
Lokale1 = RSDatabase("Lokale")
filepath1 = RSDatabase("filepath")
Beskrivelse1 = RSDatabase("Beskrivelse")
Datoafsluttet1 = RSDatabase("Datoafsluttet")
Status1 = RSDatabase ("Status")
Bemaerkninger1 = RSDatabase("bemaerkninger")
Sagsnr1 = RSDatabase("Sagsnr")
If filepath1 = "-" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " data-ajax='false'>Se fil</a>"
End if
If filepath1 = "" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " class='ui-btn' data-ajax='false'>Se fil</a></td>"
End if
If Lokale1 = "" Then
lokalevis1 = ""
Else
lokalevis1 = "Lokale/Placering: " & Lokale1 & ""
End if
If Admin1 = "" Then
showname = "" & navn1 & ""
Else
showname = Admin1
End if%><%
If Datoafsluttet = "0000-00-00 00:00:00" Then Datoafsluttet1 = "<font color=000000>Fejlfinding afventer"
If Status1 = "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: red; color: white;'><H1><b>Modtaget:<br></b>" & Datoafsluttet1 & "</H1>"
If Status1 = "Afsluttet" Then StatusSag1 = "<div data-role='collapsible' style='background: green; color: white;'><H1><b>Afsluttet:</b><br>" & Datoafsluttet1 & "</H1>"
If Status1 <> "Afsluttet" AND Status <> "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: yellow; color: black;'><H1><b>" & Status1 & ":</b><br>" & Datoafsluttet1 & "</H1>"
%><%
Response.write "" & Statussag1 & "<p><b><br>" & Lokalevis1 & "</b></p><p><b><u>Udstyr:</U><br>" & Udstyr1 & "</b></p><p><b><u>Fejlbeskrivelse:</U><br>" & Beskrivelse1 & "</b></p><p><b><u>Bemærkninger:</U><br>" & Bemaerkninger1 & "</b></p><p>" & filnavn1 & "</p></div>"
RSDatabase.MoveNext
Loop
%>
</table>
Active 1 day ago
it's weird as it works for me at my end...
anyway, let's try other alternative by using a Session variable. you can make a backup and try this:
login.asp:
anyway, let's try other alternative by using a Session variable. you can make a backup and try this:
login.asp:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"-->
<%
Dim iStatus, conn, str, sPage
sPage = Session("redirectPage")
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
conn.close
set conn = nothing
if Request.Form("sPage") <> "" then
Response.Redirect Request.Form("sPage")
else
Response.Redirect "yourDefaultpage.asp"
end if
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis problemet fortsætter, kontakt venligst <a href=mailto:support@fejlmeld-alt.dk>webmasteren</a>."
conn.close
set conn = nothing
End If
End If
%>
<title>Login til fejlmeldingscenteret</title>
<meta name="robots" content=" noindex, nofollow">
<link type="text/css" href="style.css" title="std" rel="stylesheet">
</head>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<Table>
<br><br><FORM NAME="f" ACTION="login.asp" METHOD=POST>
<INPUT TYPE=text NAME="page" VALUE="<% =sPage %>">
<TABLE BORDER="1" CELLPADDING="0" CELLSPACING="0" width="300" ALIGN=CENTER bordercolor="#000000">
<TR>
<td align="center"><H4><center><b>Login til fejlmeldingscenteret</b></center></FONT></td>
</TR>
<tr><td>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="10" ALIGN=CENTER bordercolor="#000000">
<TR>
<TD VALIGN=MIDDLE>
<h4>Brugernavn: </font></TD>
<TD VALIGN=TOP>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>"></TD>
</TR>
<TR>
<TD VALIGN=MIDDLE>
<h4>Password: </font></TD>
<TD ALIGN=LEFT VALIGN=TOP>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15></TD>
</TR>
<TR>
<TR> <TD COLSPAN=2 ALIGN=CENTER>
<input type="Submit" name="Login" value="Login"></TD>
</TR>
<TR>
<TD COLSPAN=2 VALIGN=TOP ALIGN=CENTER>
</TR>
</TABLE>
</td></tr>
</table>
</FORM><%
If str <> "" Then
Response.Write "<TABLE BGCOLOR=#FFFFFF ALIGN=CENTER width=300 BORDER=1 cellpadding=5 cellspacing=0 bordercolor=#000000><TR><TD>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</TD></TR></TABLE>" & vbCrLf
End If
%><br><br>
<a href="glemt_password.asp">Glemt password?</a>
</td>
</table>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE Bruger ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<!--#include file="db/database_read.inc"--><!--#include file="db/adgang.inc"--><!--#include file="Include/link.inc"--><!--#include file="close_access.inc"-->
<html>
<head>
<!--#include file="Include/meta.asp"-->
</head>
<body>
<%
Id = Request.querystring("Id")
%><div data-role="page" id="pageone" data-theme="<%= theme %>">
<div data-role="header">
<h1>Sagshistorik - Sagsnummer <%= id %></h1>
</div>
<%
if IsEmpty(Session("login")) Then
Session("redirectPage") = "show_task.asp?id=" & Id
response.redirect "login.asp"
end if
Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" Fejlmelding " &_
" WHERE " &_
" Id = " & Id & " " &_
" ORDER BY Datomodtaget DESC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
id = RSDatabase("Id")
navn = RSDatabase("Navn")
Lokale = RSDatabase("Lokale")
Email = RSDatabase("Email")
tlf = RSDatabase("tlf")
Udstyr = RSDatabase("Udstyr")
filepath = RSDatabase("filepath")
Beskrivelse = RSDatabase("Beskrivelse")
Datomodtaget = RSDatabase("Datomodtaget")
Datoafsluttet = RSDatabase("Datoafsluttet")
Status = RSDatabase ("Status")
Bemaerkninger = RSDatabase("bemaerkninger")
Sagsnr = RSDatabase("Sagsnr")
If Status = "Modtaget" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: red; color: white;' data-ajax='false'>Status: Modtaget</a>"
If Status = "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: green; color: white;' data-ajax='false'>Status:<br>Afsluttet</a>"
If Status <> "Modtaget" AND Status <> "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: yellow; color: black;' data-ajax='false'>Status: " & Status & "</a>"
If filepath = "-" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='_blank'>Se fil</a>"
End if
If filepath = "" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='blank'>Se fil</a>"
End if
If Email = "noreply@fejlmeld-it.dk" Then
Email_vis = ""
Else
Email_vis = Email
End if
If Lokale = "" Then
lokalevis = ""
Else
lokalevis = "Lokale/Placering: " & Lokale & ""
End if
%>
<div data-role="main" class="ui-content">
<div data-role="collapsible">
<h1>Kontaktinfo</h1>
<p><u>Navn</u></p>
<p><%= navn %></p>
<p><%= Email_vis %></p>
<p><%= tlf %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgavestatus</h1>
<p><%= StatusSag %><%= filnavn %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgaveinfo</h1>
<p><u><%= matrikel %></u></p>
<p><%= Institution %><br><%= Lokalevis %></p>
<p><u>Udstyr</u></p>
<p><%= udstyr %></p>
<p><u>Fejlbeskrivelse</u></p>
<p><%= beskrivelse %></p>
<p><u>Bemærkninger</u></p>
<p><%= bemaerkninger %></p>
<a href="tilfoej_fil_adm.asp?id=<%= id %>" class="ui-btn ui-icon-arrow-u ui-btn-inline ui-btn-icon-left" data-ajax="false">Upload ny fil</a>
<a href="opd_fejlmelding.asp?id=<%= id %>" class="ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left" data-ajax="false"> Opdatér opgaven</a></div>
</div>
<center><a href="administration.asp" class="ui-btn ui-btn-inline" data-ajax="false">Tilbage til administrationssiden</a></center>
<center><h3>Sagshistorik</h3></center>
<% Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" idFejlmelding " &_
" WHERE " &_
" cid = " & Id & " " &_
" ORDER BY Id ASC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
Do While Not RSDatabase.EOF
id = RSDatabase("Id")
admin1 = RSDatabase("Admin")
navn1 = RSDatabase("Navn")
udstyr1 = RSDatabase("Udstyr")
Lokale1 = RSDatabase("Lokale")
filepath1 = RSDatabase("filepath")
Beskrivelse1 = RSDatabase("Beskrivelse")
Datoafsluttet1 = RSDatabase("Datoafsluttet")
Status1 = RSDatabase ("Status")
Bemaerkninger1 = RSDatabase("bemaerkninger")
Sagsnr1 = RSDatabase("Sagsnr")
If filepath1 = "-" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " data-ajax='false'>Se fil</a>"
End if
If filepath1 = "" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " class='ui-btn' data-ajax='false'>Se fil</a></td>"
End if
If Lokale1 = "" Then
lokalevis1 = ""
Else
lokalevis1 = "Lokale/Placering: " & Lokale1 & ""
End if
If Admin1 = "" Then
showname = "" & navn1 & ""
Else
showname = Admin1
End if%><%
If Datoafsluttet = "0000-00-00 00:00:00" Then Datoafsluttet1 = "<font color=000000>Fejlfinding afventer"
If Status1 = "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: red; color: white;'><H1><b>Modtaget:<br></b>" & Datoafsluttet1 & "</H1>"
If Status1 = "Afsluttet" Then StatusSag1 = "<div data-role='collapsible' style='background: green; color: white;'><H1><b>Afsluttet:</b><br>" & Datoafsluttet1 & "</H1>"
If Status1 <> "Afsluttet" AND Status <> "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: yellow; color: black;'><H1><b>" & Status1 & ":</b><br>" & Datoafsluttet1 & "</H1>"
%><%
Response.write "" & Statussag1 & "<p><b><br>" & Lokalevis1 & "</b></p><p><b><u>Udstyr:</U><br>" & Udstyr1 & "</b></p><p><b><u>Fejlbeskrivelse:</U><br>" & Beskrivelse1 & "</b></p><p><b><u>Bemærkninger:</U><br>" & Bemaerkninger1 & "</b></p><p>" & filnavn1 & "</p></div>"
RSDatabase.MoveNext
Loop
%>
</table>
It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
Could it be related to the include file ./base.inc? in login.asp?
Code in that looks like this:
Could it be related to the include file ./base.inc? in login.asp?
Code in that looks like this:
<!--#Include File="db/database.inc"--><%
Dim sPath
sPath = StrReverse(Request.ServerVariables("SCRIPT_NAME"))
sPath = StrReverse(Mid(sPath, InStr(1, sPath, "/")))
sPath = strConnect
%>
Active 1 day ago
sorry, in task_show.asp (not show_task.asp), you should have this instead:
>>It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
in your login.asp, you should check if your page is "posted back", only if it's yes then do the verification.
if IsEmpty(Session("login")) Then
Session("redirectPage") = "task_show.asp?id=" & Id
response.redirect "login.asp"
end if
>>It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
in your login.asp, you should check if your page is "posted back", only if it's yes then do the verification.
No luck... :-( I don't know how to check if my page is posted back, but here's another idea:
The include file adgang.inc triggers the login.asp page. It is included on all protected pages. It looks like this:
The include file adgang.inc triggers the login.asp page. It is included on all protected pages. It looks like this:
<%
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Adgang "
Set RSDatabase = DATABASE.Execute(SQLStr)
adgang = RSDatabase("ADMIN")
%><%
If Session("login") < adgang Then
Response.Redirect "login.asp?page=" & Request.ServerVariables("URL")
end if
%>
<%
RSDatabase.Close
Set RSDatabase = Nothing
%>
I think I got it!
Changed adgang.inc to:
Testing more thoroughly now...
Changed adgang.inc to:
<% userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Adgang "
Set RSDatabase = DATABASE.Execute(SQLStr)
adgang = RSDatabase("ADMIN")
%><%
If Session("login") < adgang Then
Response.Redirect "login.asp?page=" & Request.ServerVariables("URL") & "?" & Request.Querystring
end if
%>
<%
RSDatabase.Close
Set RSDatabase = Nothing
%>
Testing more thoroughly now...
Test succesful - THAT was the problem.
However - I would never have entered that line of thought without your help, so I'll put yours and Scobbers solutions as assisted solutions, ok?
However - I would never have entered that line of thought without your help, so I'll put yours and Scobbers solutions as assisted solutions, ok?
Featured Post
Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I recently decide that I needed a way to make my pages scream on the net. While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests."
I got to thinking, hey, I use more than one…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses
Course of the Month7 days, 3 hours left to enroll
704 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.