micamb
asked on
Getting ID after log-in timed out - Classic asp
Hi all,
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
I have a conundrum for you that I can't get my head around. I have a task system where my customers create tasks and an admin appoints the task to someone. Works fine. However - Part of the webpages are protected by login. Sometimes the admins are working on something else, and the system stands idle for a while, forcing an automatic logout for security reasons. When they then try to click on a webpage pointing to an exact case (i.e. task_show.asp?id=32) they are asked to login - which they do - but in that process the id and the query for it gets lost, and my login-page doesn't seem to support this issue. They are simply redirected to show_task.asp, but as that page requires an ID in order to work, they get an error.
I think the issue is related to sPage, but possibly I need to add more code on the login page as well as page protected by login. Not the best of explanations, but there you go. I've posted my login code below:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->
<%
Dim iStatus, conn, str, sPage
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Preparing values for validation
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("User") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("User")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDate = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfName = RSDatabase("Name")
felteClass = RSDatabase("Class")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Date = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Wrong username orr password!<br>If the problem continues contact our admin @t <a href=mailto:email.dk>email</a>."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Username: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="forgot_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Forgot password?</a></center>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE User ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<div data-role="footer">
<h1><%= school %></h1>
</div>
</div>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'll do a simulation on an asp server here tonight
There are a few server variables we can look at.
If you view source in the login page after the ?id redirect what is stored in the hidden var on the login form?
There are a few server variables we can look at.
If you view source in the login page after the ?id redirect what is stored in the hidden var on the login form?
ASKER
I tried your code and got the following:
Expected ')'
login.asp, line 18.
Line 18 reads as follows: select case substr(substr(spage,6),int (instr(sub str(spage, 6),"/"))-1
Expected ')'
login.asp, line 18.
Line 18 reads as follows: select case substr(substr(spage,6),int
ASKER
Just wanted to past the code for your reference. I have tried adding ) where requested, but then other problems arise. Hope you can help - I think your solution might work!
<%
Dim iStatus, conn, str, sPage
sPage = Request.servervariables("HTTP_REFERER")
if len(spage)>0 then
if tolower(substr(sPage,4,1)) = "s" then 'parse https:// domains
select case substr(substr(spage,7),int(instr(substr(spage,7),"/"))-1
case "www.example.com" 'trusted domain
case "ww2.example.com" 'trusted domain
case "ww3.example.com" 'trusted domain
case else
spage="http://www.mysite.com" 'terminate all unknown domains to the root of our domain
end select
else ' parse http:// domains
select case substr(substr(spage,6),int(instr(substr(spage,6),"/"))-1
case "www.example.com" 'trusted domain
case "ww2.example.com" 'trusted domain
case "ww3.example.com" 'trusted domain
case else
spage="http://www.mysite.com" 'terminate all unknown domains to the root of our domain
end select
else
spage="http://www.mysite.com" ' trap no referer
end if
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis du har glemt dit password kan det blive sendt til dig."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Brugernavn: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" data-inline="true" data-icon="lock" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="glemt_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Glemt password?</a></center>
so..
1. is that mean when there is session timeout, task_show.asp?id=32 will be redirected to login.asp?
2. do you want the querystring to be added to login page, like login.asp?redirectpage_id= 32 when you do session timeout redirection, or you want to keep it clear as login.asp?
1. is that mean when there is session timeout, task_show.asp?id=32 will be redirected to login.asp?
2. do you want the querystring to be added to login page, like login.asp?redirectpage_id=
ASKER
1. When a user clicks on task_show.asp?id=32 and session is timed out they are redirected to login.asp and if login is succesful sPage = task_show.asp (which fails because that page requires an id to work).
2. If it works - then yes to your first suggestion! The issue is that some of my users access cases directly from their mobile phone. So task_show.asp?id=28 results in task_show.asp after login = error.
2. If it works - then yes to your first suggestion! The issue is that some of my users access cases directly from their mobile phone. So task_show.asp?id=28 results in task_show.asp after login = error.
just some quick test...
1. in your task_show.asp, add:
2, then in login.asp, assign the sPage using:
and then see if existing logic was able to make the redirection to the destination page after user has successfully logged in.
1. in your task_show.asp, add:
if IsEmpty(Session("login")) Then
Server.transfer("login.asp")
end if
2, then in login.asp, assign the sPage using:
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
and then see if existing logic was able to make the redirection to the destination page after user has successfully logged in.
ASKER
I pasted like this in original code:
Tried logging into show_task.asp?id=12
I was redirected to show_task.asp without the id being queried. Requested code was added to show_task as well.
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"--><!--#include file="Include/link.inc"-->
<!--#include file="Include/meta.asp"-->
<%
Dim iStatus, conn, str, sPage
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis du har glemt dit password kan det blive sendt til dig."
conn.close
set conn = nothing
End If
End If
%>
</head>
<body>
<div data-role="page" data-theme="<%= theme %>">
<div data-role="header">
<h1>Login</h1>
</div>
<div data-role="main" class="ui-content">
<p>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<FORM NAME="f" ACTION="login.asp" METHOD=POST data-ajax="false">
<INPUT TYPE=hidden NAME="page" VALUE="<% =sPage %>">
<b>Brugernavn: </font>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>">
<b>Password: </font>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15>
<input type="Submit" data-inline="true" data-icon="lock" name="Login" value="Login">
</FORM></p>
</div><%
If str <> "" Then
Response.Write "<button class='ui-btn'>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</button>" & vbCrLf
End If
%><center><a href="glemt_password.asp" class="ui-btn ui-btn-inline" data-ajax="false">Glemt password?</a></center>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE Bruger ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
<div data-role="footer">
<h1><%= skole %></h1>
</div>
</div>
Tried logging into show_task.asp?id=12
I was redirected to show_task.asp without the id being queried. Requested code was added to show_task as well.
what if in login.asp, try change:
make sure the value of sPage is not being overwritten.
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
if IsEmpty(Request.form("page")) Then
sPage = Request("page")
else
sPage = Request.form("page")
End If
to: sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
?make sure the value of sPage is not being overwritten.
ASKER
Giving it a go now...
ASKER
I have unhidden the hidden input showing sPage in line 97 of my original code and pasted your suggestion. Login.asp still works, but the value of sPage is shown as: /3-0/login.asppage=/3-0/vi s_adm.asp - no query for ID (I tried show_task.asp?id=12)
ASKER
Code is now like this:
<!--#include file="./base.inc"--><!--#include file="db/database.inc"--><!--#include file="SqlCheckInclude.asp"--><!--#include file="close_access.inc"-->
<%
Dim iStatus, conn, str, sPage
sPage = Request.ServerVariables("SCRIPT_NAME") & Request.ServerVariables("QUERY_STRING")
str = ""
If NOT IsEmpty(Request.Form("User")) Then
Open_Conn(sPath)
' Her forberedes de indtastede værdier til validering
strUID = Trim(Replace(Request.Form("User"),"'"," "))
strPWD = Trim(Replace(Request.Form("Password"),"'",""))
iStatus = Check_Login(strUID,strPWD)
Session("Bruger") = Request.Form("User")
If iStatus > 0 Then
Set psDATABASE = Server.CreateObject("ADODB.Connection")
psDATABASE.Mode = 3
psDATABASE.Open strConnect
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Users WHERE Bruger = '" & userNow & "'"
Set RSDatabase = psDATABASE.Execute(SQLStr)
feltUser = RSDatabase("UserId")
feltDato = RSDatabase("Dato")
feltStat = RSDatabase("Stat")
feltfNavn = RSDatabase("Navn")
felteNavn = RSDatabase("Klasse")
newStat = feltStat + 1
d = year(now()) & "-" & month(now()) & "-" & day(now()) & " " & time()
IPadr = Request.ServerVariables("REMOTE_ADDR")
newIP = IPadr
psDATABASE.execute("UPDATE " &_
" Users " &_
" SET " &_
" Dato = '" & d & "'," &_
" Stat = '" & newstat & "'," &_
" IPAdr = '" & newIP & "'" &_
" WHERE " &_
" Bruger = '" & userNow & "'" )
RSDatabase.Close
Set RSDatabase = Nothing
psDATABASE.Close
Set psDATABASE = Nothing
Session("login") = iStatus
Response.Redirect sPage
conn.close
set conn = nothing
Else
Session("login") = -1
str = "Forkert brugernavn eller password!<br>Hvis problemet fortsætter, kontakt venligst <a href=mailto:support@fejlmeld-alt.dk>webmasteren</a>."
conn.close
set conn = nothing
End If
End If
%>
<title>Login til fejlmeldingscenteret</title>
<meta name="robots" content=" noindex, nofollow">
<link type="text/css" href="style.css" title="std" rel="stylesheet">
</head>
<div align="center"><BODY onLoad="document.forms.f.User.focus()" bgcolor="#ffffff">
<Table>
<br><br><FORM NAME="f" ACTION="login.asp" METHOD=POST>
<INPUT TYPE=text NAME="page" VALUE="<% =sPage %>">
<TABLE BORDER="1" CELLPADDING="0" CELLSPACING="0" width="300" ALIGN=CENTER bordercolor="#000000">
<TR>
<td align="center"><H4><center><b>Login til fejlmeldingscenteret</b></center></FONT></td>
</TR>
<tr><td>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="10" ALIGN=CENTER bordercolor="#000000">
<TR>
<TD VALIGN=MIDDLE>
<h4>Brugernavn: </font></TD>
<TD VALIGN=TOP>
<INPUT TYPE=TEXT NAME="User" SIZE=15 MAXLENGTH=15 VALUE="<% =Request.Form("User") %>"></TD>
</TR>
<TR>
<TD VALIGN=MIDDLE>
<h4>Password: </font></TD>
<TD ALIGN=LEFT VALIGN=TOP>
<INPUT TYPE=PASSWORD NAME="Password" SIZE=15 MAXLENGTH=15></TD>
</TR>
<TR>
<TR> <TD COLSPAN=2 ALIGN=CENTER>
<input type="Submit" name="Login" value="Login"></TD>
</TR>
<TR>
<TD COLSPAN=2 VALIGN=TOP ALIGN=CENTER>
</TR>
</TABLE>
</td></tr>
</table>
</FORM><%
If str <> "" Then
Response.Write "<TABLE BGCOLOR=#FFFFFF ALIGN=CENTER width=300 BORDER=1 cellpadding=5 cellspacing=0 bordercolor=#000000><TR><TD>" & vbCrLf
Response.Write "<center><H4>" & str & "</FONT></center>" & vbCrLf
Response.Write "</TD></TR></TABLE>" & vbCrLf
End If
%><br><br>
<a href="glemt_password.asp">Glemt password?</a>
</td>
</table>
</div>
</body></html>
<%
Function Check_Login(sUser, sPass)
Dim rs, sql
sql = "SELECT * FROM Users WHERE Bruger ='" & sUser & "' AND Password='" & sPass & "' "
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.open sql, conn, 1, 1
If Rs.EOF Then
Check_Login = -1
Else
Check_Login = CInt(rs.Fields("StatusP"))
End If
rs.close
set rs = nothing
End Function
Function Open_Conn(sBase)
Set conn = Server.CreateObject("ADODB.Connection")
conn.open strConnect,"",""
End Function
%>
how's the codes in show_task.asp looks like? did you amend according to my previous suggestion?
ASKER
show_task.asp (it's in danish but code isn't ;-) Too much hazzle translating.
<!--#include file="db/database_read.inc"--><!--#include file="db/adgang.inc"--><!--#include file="Include/link.inc"--><!--#include file="close_access.inc"-->
<html>
<head>
<!--#include file="Include/meta.asp"-->
</head>
<body>
<%
Id = Request.querystring("Id")
%><div data-role="page" id="pageone" data-theme="<%= theme %>">
<div data-role="header">
<h1>Sagshistorik - Sagsnummer <%= id %></h1>
</div>
<%
if IsEmpty(Session("login")) Then
Server.transfer("login.asp")
end if
Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" Fejlmelding " &_
" WHERE " &_
" Id = " & Id & " " &_
" ORDER BY Datomodtaget DESC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
id = RSDatabase("Id")
navn = RSDatabase("Navn")
Lokale = RSDatabase("Lokale")
Email = RSDatabase("Email")
tlf = RSDatabase("tlf")
Udstyr = RSDatabase("Udstyr")
filepath = RSDatabase("filepath")
Beskrivelse = RSDatabase("Beskrivelse")
Datomodtaget = RSDatabase("Datomodtaget")
Datoafsluttet = RSDatabase("Datoafsluttet")
Status = RSDatabase ("Status")
Bemaerkninger = RSDatabase("bemaerkninger")
Sagsnr = RSDatabase("Sagsnr")
If Status = "Modtaget" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: red; color: white;' data-ajax='false'>Status: Modtaget</a>"
If Status = "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: green; color: white;' data-ajax='false'>Status:<br>Afsluttet</a>"
If Status <> "Modtaget" AND Status <> "Afsluttet" Then StatusSag = "<a href='opd_fejlmelding.asp?id=" & id & "' data-role='button' class='ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left' style='background: yellow; color: black;' data-ajax='false'>Status: " & Status & "</a>"
If filepath = "-" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='_blank'>Se fil</a>"
End if
If filepath = "" Then
filnavn = ""
Else
filnavn = "<a href=files/" & filepath & " class='ui-btn ui-icon-camera ui-btn-inline ui-btn-icon-left' data-ajax='false' target='blank'>Se fil</a>"
End if
If Email = "noreply@fejlmeld-it.dk" Then
Email_vis = ""
Else
Email_vis = Email
End if
If Lokale = "" Then
lokalevis = ""
Else
lokalevis = "Lokale/Placering: " & Lokale & ""
End if
%>
<div data-role="main" class="ui-content">
<div data-role="collapsible">
<h1>Kontaktinfo</h1>
<p><u>Navn</u></p>
<p><%= navn %></p>
<p><%= Email_vis %></p>
<p><%= tlf %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgavestatus</h1>
<p><%= StatusSag %><%= filnavn %></p>
</div>
<div data-role="collapsible" data-collapsed="false">
<h1>Opgaveinfo</h1>
<p><u><%= matrikel %></u></p>
<p><%= Institution %><br><%= Lokalevis %></p>
<p><u>Udstyr</u></p>
<p><%= udstyr %></p>
<p><u>Fejlbeskrivelse</u></p>
<p><%= beskrivelse %></p>
<p><u>Bemærkninger</u></p>
<p><%= bemaerkninger %></p>
<a href="tilfoej_fil_adm.asp?id=<%= id %>" class="ui-btn ui-icon-arrow-u ui-btn-inline ui-btn-icon-left" data-ajax="false">Upload ny fil</a>
<a href="opd_fejlmelding.asp?id=<%= id %>" class="ui-btn ui-icon-edit ui-btn-inline ui-btn-icon-left" data-ajax="false"> Opdatér opgaven</a></div>
</div>
<center><a href="administration.asp" class="ui-btn ui-btn-inline" data-ajax="false">Tilbage til administrationssiden</a></center>
<center><h3>Sagshistorik</h3></center>
<% Set DATABASE = Server.CreateObject("ADODB.Connection")
DATABASE.Open strConnect
'*** Find brugernavn & adgangskode
SQLmaal = _
" SELECT " &_
" * " &_
" FROM " &_
" idFejlmelding " &_
" WHERE " &_
" cid = " & Id & " " &_
" ORDER BY Id ASC "
Set RSDatabase = DATABASE.Execute(SQLmaal)
Do While Not RSDatabase.EOF
id = RSDatabase("Id")
admin1 = RSDatabase("Admin")
navn1 = RSDatabase("Navn")
udstyr1 = RSDatabase("Udstyr")
Lokale1 = RSDatabase("Lokale")
filepath1 = RSDatabase("filepath")
Beskrivelse1 = RSDatabase("Beskrivelse")
Datoafsluttet1 = RSDatabase("Datoafsluttet")
Status1 = RSDatabase ("Status")
Bemaerkninger1 = RSDatabase("bemaerkninger")
Sagsnr1 = RSDatabase("Sagsnr")
If filepath1 = "-" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " data-ajax='false'>Se fil</a>"
End if
If filepath1 = "" Then
filnavn1 = ""
Else
filnavn1 = "<a href=files/" & filepath1 & " class='ui-btn' data-ajax='false'>Se fil</a></td>"
End if
If Lokale1 = "" Then
lokalevis1 = ""
Else
lokalevis1 = "Lokale/Placering: " & Lokale1 & ""
End if
If Admin1 = "" Then
showname = "" & navn1 & ""
Else
showname = Admin1
End if%><%
If Datoafsluttet = "0000-00-00 00:00:00" Then Datoafsluttet1 = "<font color=000000>Fejlfinding afventer"
If Status1 = "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: red; color: white;'><H1><b>Modtaget:<br></b>" & Datoafsluttet1 & "</H1>"
If Status1 = "Afsluttet" Then StatusSag1 = "<div data-role='collapsible' style='background: green; color: white;'><H1><b>Afsluttet:</b><br>" & Datoafsluttet1 & "</H1>"
If Status1 <> "Afsluttet" AND Status <> "Modtaget" Then StatusSag1 = "<div data-role='collapsible' style='background: yellow; color: black;'><H1><b>" & Status1 & ":</b><br>" & Datoafsluttet1 & "</H1>"
%><%
Response.write "" & Statussag1 & "<p><b><br>" & Lokalevis1 & "</b></p><p><b><u>Udstyr:</U><br>" & Udstyr1 & "</b></p><p><b><u>Fejlbeskrivelse:</U><br>" & Beskrivelse1 & "</b></p><p><b><u>Bemærkninger:</U><br>" & Bemaerkninger1 & "</b></p><p>" & filnavn1 & "</p></div>"
RSDatabase.MoveNext
Loop
%>
</table>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
Could it be related to the include file ./base.inc? in login.asp?
Code in that looks like this:
Could it be related to the include file ./base.inc? in login.asp?
Code in that looks like this:
<!--#Include File="db/database.inc"--><%
Dim sPath
sPath = StrReverse(Request.ServerVariables("SCRIPT_NAME"))
sPath = StrReverse(Mid(sPath, InStr(1, sPath, "/")))
sPath = strConnect
%>
sorry, in task_show.asp (not show_task.asp), you should have this instead:
>>It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
in your login.asp, you should check if your page is "posted back", only if it's yes then do the verification.
if IsEmpty(Session("login")) Then
Session("redirectPage") = "task_show.asp?id=" & Id
response.redirect "login.asp"
end if
>>It doesn't seem to get sPage at all now (that field in the form is empty) and redirects me to yourDefaultPage.asp.
in your login.asp, you should check if your page is "posted back", only if it's yes then do the verification.
ASKER
No luck... :-( I don't know how to check if my page is posted back, but here's another idea:
The include file adgang.inc triggers the login.asp page. It is included on all protected pages. It looks like this:
The include file adgang.inc triggers the login.asp page. It is included on all protected pages. It looks like this:
<%
userNow = Session("Bruger")
userUpd = "'" & userNow & "'"
SQLStr = "SELECT * FROM Adgang "
Set RSDatabase = DATABASE.Execute(SQLStr)
adgang = RSDatabase("ADMIN")
%><%
If Session("login") < adgang Then
Response.Redirect "login.asp?page=" & Request.ServerVariables("URL")
end if
%>
<%
RSDatabase.Close
Set RSDatabase = Nothing
%>
Isn't the issue here with response.redirect? Isn't it possible to add querystring variables here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Test succesful - THAT was the problem.
However - I would never have entered that line of thought without your help, so I'll put yours and Scobbers solutions as assisted solutions, ok?
However - I would never have entered that line of thought without your help, so I'll put yours and Scobbers solutions as assisted solutions, ok?
no worries, glad we could make some helps here cheers
ASKER
It solved the issue - however I would never have entered that line of thought without input from Ryan or Scobber.
ASKER
Sorry for the delay in my response! Your solution - however cool - does not solve my problem.
Consider this: A user is assigned a task. This results in a text message to the user that show something like this: URL/your_task.asp?ID=28
When the user clicks this link they are prompted to log in. When doing so succesfully they are redirected to URL/your_task.asp but since the page does not have the ID (28) any longer, it fails. See my problem? Maybe I wasn't clear. From my point of view your solution does not work in this case, as the user may not have opened any webpage prior to this, so what would they be redirected to? Not URL/your_task.asp?ID=28...
Maybe I misunderstood, coding is not my strong side.