Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.
Getting ID after log-in timed out - Classic asp
Hi all,
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->
<%
Dim iStatus, conn, str, sPage
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Preparing values for validation
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("User") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("User")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDate = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfName = RSDatabase("Name")
felteClass = RSDatabase("Class")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Date = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Wrong username orr password!<br>If the problem continues contact our admin @t <a href=mailto:email.dk>email</a>."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Username: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="forgot_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Forgot password?</a></center>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE User ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<div data-role="footer">
<h1><%= school %></h1>
</div>
</div>
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Hi Scobber,
Sorry for the delay in my response! Your solution - however cool - does not solve my problem.
Consider this: A user is assigned a task. This results in a text message to the user that show something like this: URL/your_task.asp?ID=28
When the user clicks this link they are prompted to log in. When doing so succesfully they are redirected to URL/your_task.asp but since the page does not have the ID (28) any longer, it fails. See my problem? Maybe I wasn't clear. From my point of view your solution does not work in this case, as the user may not have opened any webpage prior to this, so what would they be redirected to? Not URL/your_task.asp?ID=28...
Maybe I misunderstood, coding is not my strong side.
Sorry for the delay in my response! Your solution - however cool - does not solve my problem.
Consider this: A user is assigned a task. This results in a text message to the user that show something like this: URL/your_task.asp?ID=28
When the user clicks this link they are prompted to log in. When doing so succesfully they are redirected to URL/your_task.asp but since the page does not have the ID (28) any longer, it fails. See my problem? Maybe I wasn't clear. From my point of view your solution does not work in this case, as the user may not have opened any webpage prior to this, so what would they be redirected to? Not URL/your_task.asp?ID=28...
Maybe I misunderstood, coding is not my strong side.
I'll do a simulation on an asp server here tonight
There are a few server variables we can look at.
If you view source in the login page after the ?id redirect what is stored in the hidden var on the login form?
There are a few server variables we can look at.
If you view source in the login page after the ?id redirect what is stored in the hidden var on the login form?
I tried your code and got the following:
Expected ')'
login.asp, line 18.
Line 18 reads as follows: select case substr(substr(spage,6),int
Expected ')'
login.asp, line 18.
Line 18 reads as follows: select case substr(substr(spage,6),int
Just wanted to past the code for your reference. I have tried adding ) where requested, but then other problems arise. Hope you can help - I think your solution might work!
<%
Dim iStatus, conn, str, sPage
sPage = Request.servervariables("HTTP_REFERER")
if len(spage)>0 then
if tolower(substr(sPage,4,1)) = "s" then 'parse https:// domains
select case substr(substr(spage,7),int(instr(substr(spage,7),"/"))-1
case "www.example.com" 'trusted domain
case "ww2.example.com" 'trusted domain
case "ww3.example.com" 'trusted domain
case else
spage="http://www.mysite.com" 'terminate all unknown domains to the root of our domain
end select
else ' parse http:// domains
select case substr(substr(spage,6),int(instr(substr(spage,6),"/"))-1
case "www.example.com" 'trusted domain
case "ww2.example.com" 'trusted domain
case "ww3.example.com" 'trusted domain
case else
spage="http://www.mysite.com" 'terminate all unknown domains to the root of our domain
end select
else
spage="http://www.mysite.com" ' trap no referer
end if
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis du har glemt dit password kan det blive sendt til dig."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Brugernavn: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" data-inline="true" data-icon="lock" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="glemt_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Glemt password?</a></center>
so..
1. is that mean when there is session timeout, task_show.asp?id=32 will be redirected to login.asp?
2. do you want the querystring to be added to login page, like login.asp?redirectpage_id=
1. is that mean when there is session timeout, task_show.asp?id=32 will be redirected to login.asp?
2. do you want the querystring to be added to login page, like login.asp?redirectpage_id=
1. When a user clicks on task_show.asp?id=32 and session is timed out they are redirected to login.asp and if login is succesful sPage = task_show.asp (which fails because that page requires an id to work).
2. If it works - then yes to your first suggestion! The issue is that some of my users access cases directly from their mobile phone. So task_show.asp?id=28 results in task_show.asp after login = error.
2. If it works - then yes to your first suggestion! The issue is that some of my users access cases directly from their mobile phone. So task_show.asp?id=28 results in task_show.asp after login = error.
just some quick test...
1. in your task_show.asp, add:
2, then in login.asp, assign the sPage using:
and then see if existing logic was able to make the redirection to the destination page after user has successfully logged in.
1. in your task_show.asp, add:
if IsEmpty(Session("login")) Then
Server.transfer("login.asp")
end if
2, then in login.asp, assign the sPage using:
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
and then see if existing logic was able to make the redirection to the destination page after user has successfully logged in.
I pasted like this in original code:
Tried logging into show_task.asp?id=12
I was redirected to show_task.asp without the id being queried. Requested code was added to show_task as well.
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->
<%
Dim iStatus, conn, str, sPage
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis du har glemt dit password kan det blive sendt til dig."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Brugernavn: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" data-inline="true" data-icon="lock" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="glemt_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Glemt password?</a></center>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE Bruger ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<div data-role="footer">
<h1><%= skole %></h1>
</div>
</div>
Tried logging into show_task.asp?id=12
I was redirected to show_task.asp without the id being queried. Requested code was added to show_task as well.
what if in login.asp, try change:
make sure the value of sPage is not being overwritten.
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
make sure the value of sPage is not being overwritten.
I have unhidden the hidden input showing sPage in line 97 of my original code and pasted your suggestion. Login.asp still works, but the value of sPage is shown as: /3-0/login.asppage=/3-0/vi
Code is now like this:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"-->
<%
Dim iStatus, conn, str, sPage
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis problemet fortsætter, kontakt venligst <a href=mailto:support@fejlmeld-alt.dk>webmasteren</a>."
conn.close
set conn = nothing
End If
End If
%>
<title>Login til fejlmeldingscenteret</title>
<meta name="robots" content=" noindex, nofollow">
<link type="text/css" href="style.css" title="std" rel="stylesheet">
</head>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<Table>
<br><br><FORM NAME="f" ACTION="login.asp" METHOD=POST>
<INPUT TYPE=text NAME="page" VALUE="<% =sPage %>">
<TABLE BORDER="1" CELLPADDING="0" CELLSPACING="0" width="300" ALIGN=CENTER bordercolor="#000000">
<TR>
<td align="center"><H4><center><b>Login til fejlmeldingscenteret</b></center></FONT></td>
</TR>
<tr><td>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="10" ALIGN=CENTER bordercolor="#000000">
<TR>
<TD VALIGN=MIDDLE>
<h4>Brugernavn: </font></TD>
<TD VALIGN=TOP>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>"></TD>
</TR>
<TR>
<TD VALIGN=MIDDLE>
<h4>Password: </font></TD>
<TD ALIGN=LEFT VALIGN=TOP>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15></TD>
</TR>
<TR>
<TR> <TD COLSPAN=2 ALIGN=CENTER>
<input type="Submit" name="Login" value="Login"></TD>
</TR>
<TR>
<TD COLSPAN=2 VALIGN=TOP ALIGN=CENTER>
</TR>
</TABLE>
</td></tr>
</table>
</FORM><%
If str <> "" Then
Response.Write "<TABLE BGCOLOR=#FFFFFF ALIGN=CENTER width=300 BORDER=1 cellpadding=5 cellspacing=0 bordercolor=#000000><TR><TD>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</TD></TR></TABLE>" & vbCrLf
End If
%><br><br>
<a href="glemt_password.asp">Glemt password?</a>
</td>
</table>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE Bruger ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
show_task.asp (it's in danish but code isn't ;-) Too much hazzle translating.
<!--#include file="db/database_read.inc"--><!--#include file="db/adgang.inc"--><!--#include file="Include/link.inc"--><!--#include file="close_access.inc"-->
<html>
<head>
<!--#include file="Include/meta.asp"-->
</head>
<body>
<%
Id = Request.querystring("Id")
%><div data-role="page" id="pageone" data-theme="<%= theme %>">
<div data-role="header">
<h1>Sagshistorik - Sagsnummer <%= id %></h1>
</div>
<%
if IsEmpty(Session("login")) Then
Server.transfer("login.asp")
end if
Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" Fejlmelding " &_
" WHERE " &_
" Id = " & Id & " " &_
" ORDER BY Datomodtaget DESC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
id = RSDatabase("Id")
navn = RSDatabase("Navn")
Lokale = RSDatabase("Lokale")
Email = RSDatabase("Email")
tlf = RSDatabase("tlf")
Udstyr = RSDatabase("Udstyr")
filepath = RSDatabase("filepath")
Beskrivelse = RSDatabase("Beskrivelse")
Datomodtaget = RSDatabase("Datomodtaget")
Datoafsluttet = RSDatabase("Datoafsluttet")
Status = RSDatabase ("Status")
Bemaerkninger = RSDatabase("bemaerkninger")
Sagsnr = RSDatabase("Sagsnr")
If Status = "Modtaget" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: red; color: white;' data-ajax='false'>Status: Modtaget</a>"
If Status = "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: green; color: white;' data-ajax='false'>Status:<br>Afsluttet</a>"
If Status <> "Modtaget" AND Status <> "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: yellow; color: black;' data-ajax='false'>Status: " & Status & "</a>"
If filepath = "-" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='_blank'>Se fil</a>"
End if
If filepath = "" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='blank'>Se fil</a>"
End if
If Email = "noreply@fejlmeld-it.dk" Then
Email_vis = ""
Else
Email_vis = Email
End if
If Lokale = "" Then
lokalevis = ""
Else
lokalevis = "Lokale/Placering: " & Lokale & ""
End if
%>
<div data-role="main" class="ui-content">
<div data-role="collapsible">
<h1>Kontaktinfo</h1>
<p><u>Navn</u></p>
<p><%= navn %></p>
<p><%= Email_vis %></p>
<p><%= tlf %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgavestatus</h1>
<p><%= StatusSag %><%= filnavn %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgaveinfo</h1>
<p><u><%= matrikel %></u></p>
<p><%= Institution %><br><%= Lokalevis %></p>
<p><u>Udstyr</u></p>
<p><%= udstyr %></p>
<p><u>Fejlbeskrivelse</u></p>
<p><%= beskrivelse %></p>
<p><u>Bemærkninger</u></p>
<p><%= bemaerkninger %></p>
<a href="tilfoej_fil_adm.asp?id=<%= id %>" class="ui-btn ui-icon-arrow-u ui-btn-inline ui-btn-icon-left" data-ajax="false">Upload ny fil</a>
<a href="opd_fejlmelding.asp?id=<%= id %>" class="ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left" data-ajax="false"> Opdatér opgaven</a></div>
</div>
<center><a href="administration.asp" class="ui-btn ui-btn-inline" data-ajax="false">Tilbage til administrationssiden</a></center>
<center><h3>Sagshistorik</h3></center>
<% Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" idFejlmelding " &_
" WHERE " &_
" cid = " & Id & " " &_
" ORDER BY Id ASC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
Do While Not RSDatabase.EOF
id = RSDatabase("Id")
admin1 = RSDatabase("Admin")
navn1 = RSDatabase("Navn")
udstyr1 = RSDatabase("Udstyr")
Lokale1 = RSDatabase("Lokale")
filepath1 = RSDatabase("filepath")
Beskrivelse1 = RSDatabase("Beskrivelse")
Datoafsluttet1 = RSDatabase("Datoafsluttet")
Status1 = RSDatabase ("Status")
Bemaerkninger1 = RSDatabase("bemaerkninger")
Sagsnr1 = RSDatabase("Sagsnr")
If filepath1 = "-" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " data-ajax='false'>Se fil</a>"
End if
If filepath1 = "" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " class='ui-btn' data-ajax='false'>Se fil</a></td>"
End if
If Lokale1 = "" Then
lokalevis1 = ""
Else
lokalevis1 = "Lokale/Placering: " & Lokale1 & ""
End if
If Admin1 = "" Then
showname = "" & navn1 & ""
Else
showname = Admin1
End if%><%
If Datoafsluttet = "0000-00-00 00:00:00" Then Datoafsluttet1 = "<font color=000000>Fejlfinding afventer"
If Status1 = "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: red; color: white;'><H1><b>Modtaget:<br></b>" & Datoafsluttet1 & "</H1>"
If Status1 = "Afsluttet" Then StatusSag1 = "<div data-role='collapsible' style='background: green; color: white;'><H1><b>Afsluttet:</b><br>" & Datoafsluttet1 & "</H1>"
If Status1 <> "Afsluttet" AND Status <> "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: yellow; color: black;'><H1><b>" & Status1 & ":</b><br>" & Datoafsluttet1 & "</H1>"
%><%
Response.write "" & Statussag1 & "<p><b><br>" & Lokalevis1 & "</b></p><p><b><u>Udstyr:</U><br>" & Udstyr1 & "</b></p><p><b><u>Fejlbeskrivelse:</U><br>" & Beskrivelse1 & "</b></p><p><b><u>Bemærkninger:</U><br>" & Bemaerkninger1 & "</b></p><p>" & filnavn1 & "</p></div>"
RSDatabase.MoveNext
Loop
%>
</table>
it's weird as it works for me at my end...
anyway, let's try other alternative by using a Session variable. you can make a backup and try this:
login.asp:
anyway, let's try other alternative by using a Session variable. you can make a backup and try this:
login.asp:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"-->
<%
Dim iStatus, conn, str, sPage
sPage = Session("redirectPage")
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
conn.close
set conn = nothing
if Request.Form("sPage") <> "" then
Response.Redirect Request.Form("sPage")
else
Response.Redirect "yourDefaultpage.asp"
end if
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis problemet fortsætter, kontakt venligst <a href=mailto:support@fejlmeld-alt.dk>webmasteren</a>."
conn.close
set conn = nothing
End If
End If
%>
<title>Login til fejlmeldingscenteret</title>
<meta name="robots" content=" noindex, nofollow">
<link type="text/css" href="style.css" title="std" rel="stylesheet">
</head>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<Table>
<br><br><FORM NAME="f" ACTION="login.asp" METHOD=POST>
<INPUT TYPE=text NAME="page" VALUE="<% =sPage %>">
<TABLE BORDER="1" CELLPADDING="0" CELLSPACING="0" width="300" ALIGN=CENTER bordercolor="#000000">
<TR>
<td align="center"><H4><center><b>Login til fejlmeldingscenteret</b></center></FONT></td>
</TR>
<tr><td>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="10" ALIGN=CENTER bordercolor="#000000">
<TR>
<TD VALIGN=MIDDLE>
<h4>Brugernavn: </font></TD>
<TD VALIGN=TOP>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>"></TD>
</TR>
<TR>
<TD VALIGN=MIDDLE>
<h4>Password: </font></TD>
<TD ALIGN=LEFT VALIGN=TOP>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15></TD>
</TR>
<TR>
<TR> <TD COLSPAN=2 ALIGN=CENTER>
<input type="Submit" name="Login" value="Login"></TD>
</TR>
<TR>
<TD COLSPAN=2 VALIGN=TOP ALIGN=CENTER>
</TR>
</TABLE>
</td></tr>
</table>
</FORM><%
If str <> "" Then
Response.Write "<TABLE BGCOLOR=#FFFFFF ALIGN=CENTER width=300 BORDER=1 cellpadding=5 cellspacing=0 bordercolor=#000000><TR><TD>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</TD></TR></TABLE>" & vbCrLf
End If
%><br><br>
<a href="glemt_password.asp">Glemt password?</a>
</td>
</table>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE Bruger ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<!--#include file="db/database_read.inc"--><!--#include file="db/adgang.inc"--><!--#include file="Include/link.inc"--><!--#include file="close_access.inc"-->
<html>
<head>
<!--#include file="Include/meta.asp"-->
</head>
<body>
<%
Id = Request.querystring("Id")
%><div data-role="page" id="pageone" data-theme="<%= theme %>">
<div data-role="header">
<h1>Sagshistorik - Sagsnummer <%= id %></h1>
</div>
<%
if IsEmpty(Session("login")) Then
Session("redirectPage") = "show_task.asp?id=" & Id
response.redirect "login.asp"
end if
Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" Fejlmelding " &_
" WHERE " &_
" Id = " & Id & " " &_
" ORDER BY Datomodtaget DESC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
id = RSDatabase("Id")
navn = RSDatabase("Navn")
Lokale = RSDatabase("Lokale")
Email = RSDatabase("Email")
tlf = RSDatabase("tlf")
Udstyr = RSDatabase("Udstyr")
filepath = RSDatabase("filepath")
Beskrivelse = RSDatabase("Beskrivelse")
Datomodtaget = RSDatabase("Datomodtaget")
Datoafsluttet = RSDatabase("Datoafsluttet")
Status = RSDatabase ("Status")
Bemaerkninger = RSDatabase("bemaerkninger")
Sagsnr = RSDatabase("Sagsnr")
If Status = "Modtaget" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: red; color: white;' data-ajax='false'>Status: Modtaget</a>"
If Status = "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: green; color: white;' data-ajax='false'>Status:<br>Afsluttet</a>"
If Status <> "Modtaget" AND Status <> "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: yellow; color: black;' data-ajax='false'>Status: " & Status & "</a>"
If filepath = "-" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='_blank'>Se fil</a>"
End if
If filepath = "" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='blank'>Se fil</a>"
End if
If Email = "noreply@fejlmeld-it.dk" Then
Email_vis = ""
Else
Email_vis = Email
End if
If Lokale = "" Then
lokalevis = ""
Else
lokalevis = "Lokale/Placering: " & Lokale & ""
End if
%>
<div data-role="main" class="ui-content">
<div data-role="collapsible">
<h1>Kontaktinfo</h1>
<p><u>Navn</u></p>
<p><%= navn %></p>
<p><%= Email_vis %></p>
<p><%= tlf %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgavestatus</h1>
<p><%= StatusSag %><%= filnavn %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgaveinfo</h1>
<p><u><%= matrikel %></u></p>
<p><%= Institution %><br><%= Lokalevis %></p>
<p><u>Udstyr</u></p>
<p><%= udstyr %></p>
<p><u>Fejlbeskrivelse</u></p>
<p><%= beskrivelse %></p>
<p><u>Bemærkninger</u></p>
<p><%= bemaerkninger %></p>
<a href="tilfoej_fil_adm.asp?id=<%= id %>" class="ui-btn ui-icon-arrow-u ui-btn-inline ui-btn-icon-left" data-ajax="false">Upload ny fil</a>
<a href="opd_fejlmelding.asp?id=<%= id %>" class="ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left" data-ajax="false"> Opdatér opgaven</a></div>
</div>
<center><a href="administration.asp" class="ui-btn ui-btn-inline" data-ajax="false">Tilbage til administrationssiden</a></center>
<center><h3>Sagshistorik</h3></center>
<% Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" idFejlmelding " &_
" WHERE " &_
" cid = " & Id & " " &_
" ORDER BY Id ASC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
Do While Not RSDatabase.EOF
id = RSDatabase("Id")
admin1 = RSDatabase("Admin")
navn1 = RSDatabase("Navn")
udstyr1 = RSDatabase("Udstyr")
Lokale1 = RSDatabase("Lokale")
filepath1 = RSDatabase("filepath")
Beskrivelse1 = RSDatabase("Beskrivelse")
Datoafsluttet1 = RSDatabase("Datoafsluttet")
Status1 = RSDatabase ("Status")
Bemaerkninger1 = RSDatabase("bemaerkninger")
Sagsnr1 = RSDatabase("Sagsnr")
If filepath1 = "-" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " data-ajax='false'>Se fil</a>"
End if
If filepath1 = "" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " class='ui-btn' data-ajax='false'>Se fil</a></td>"
End if
If Lokale1 = "" Then
lokalevis1 = ""
Else
lokalevis1 = "Lokale/Placering: " & Lokale1 & ""
End if
If Admin1 = "" Then
showname = "" & navn1 & ""
Else
showname = Admin1
End if%><%
If Datoafsluttet = "0000-00-00 00:00:00" Then Datoafsluttet1 = "<font color=000000>Fejlfinding afventer"
If Status1 = "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: red; color: white;'><H1><b>Modtaget:<br></b>" & Datoafsluttet1 & "</H1>"
If Status1 = "Afsluttet" Then StatusSag1 = "<div data-role='collapsible' style='background: green; color: white;'><H1><b>Afsluttet:</b><br>" & Datoafsluttet1 & "</H1>"
If Status1 <> "Afsluttet" AND Status <> "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: yellow; color: black;'><H1><b>" & Status1 & ":</b><br>" & Datoafsluttet1 & "</H1>"
%><%
Response.write "" & Statussag1 & "<p><b><br>" & Lokalevis1 & "</b></p><p><b><u>Udstyr:</U><br>" & Udstyr1 & "</b></p><p><b><u>Fejlbeskrivelse:</U><br>" & Beskrivelse1 & "</b></p><p><b><u>Bemærkninger:</U><br>" & Bemaerkninger1 & "</b></p><p>" & filnavn1 & "</p></div>"
RSDatabase.MoveNext
Loop
%>
</table>
It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
Could it be related to the include file ./base.inc? in login.asp?
Code in that looks like this:
Could it be related to the include file ./base.inc? in login.asp?
Code in that looks like this:
<!--#Include File="db/database.inc"--><%
Dim sPath
sPath = StrReverse(Request.ServerVariables("SCRIPT_NAME"))
sPath = StrReverse(Mid(sPath, InStr(1, sPath, "/")))
sPath = strConnect
%>
sorry, in task_show.asp (not show_task.asp), you should have this instead:
>>It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
in your login.asp, you should check if your page is "posted back", only if it's yes then do the verification.
if IsEmpty(Session("login")) Then
Session("redirectPage") = "task_show.asp?id=" & Id
response.redirect "login.asp"
end if
>>It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
in your login.asp, you should check if your page is "posted back", only if it's yes then do the verification.
No luck... :-( I don't know how to check if my page is posted back, but here's another idea:
The include file adgang.inc triggers the login.asp page. It is included on all protected pages. It looks like this:
The include file adgang.inc triggers the login.asp page. It is included on all protected pages. It looks like this:
<%
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Adgang "
Set RSDatabase = DATABASE.Execute(SQLStr)
adgang = RSDatabase("ADMIN")
%><%
If Session("login") < adgang Then
Response.Redirect "login.asp?page=" & Request.ServerVariables("URL")
end if
%>
<%
RSDatabase.Close
Set RSDatabase = Nothing
%>
I think I got it!
Changed adgang.inc to:
Testing more thoroughly now...
Changed adgang.inc to:
<% userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Adgang "
Set RSDatabase = DATABASE.Execute(SQLStr)
adgang = RSDatabase("ADMIN")
%><%
If Session("login") < adgang Then
Response.Redirect "login.asp?page=" & Request.ServerVariables("URL") & "?" & Request.Querystring
end if
%>
<%
RSDatabase.Close
Set RSDatabase = Nothing
%>
Testing more thoroughly now...
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Test succesful - THAT was the problem.
However - I would never have entered that line of thought without your help, so I'll put yours and Scobbers solutions as assisted solutions, ok?
However - I would never have entered that line of thought without your help, so I'll put yours and Scobbers solutions as assisted solutions, ok?
It solved the issue - however I would never have entered that line of thought without input from Ryan or Scobber.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP
From novice to tech pro — start learning today.
-
Business CommunicationCertification: PMI RMP Project Management Institute Risk Management… 113 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2016… 224 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
Open in new window
Change to thisOpen in new window
the second part of the code should take your hidden variable
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
and on the page that processes the form
response.redirect(request.
the general idea is, when a page pops the login form. you pipe the HTTP_REFERER into it.
so the return page will always be the page from before the login link.
you would probably want to add some sender domain mitigation as shown above
you don't want google to send users to the login form to return them to google
this is only an example written out with no asp.net debugger or compiler