How To Protect A File Upload Page With A Login Username Cookie?
I have downloaded a nice upload script from the internet, it works great, but I would like to have it protected,so that only the admin user can use this upload page, I'm getting the following error:
Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method: 'Request.Session'
If I change it in Request.Cookies, that won't work either.....
View Replies
ADVERTISEMENT
Is there anyway for me to make users enter an username and password in order to get access to download a pdf file.
I will have a list of valid usernames and passwords?
View Replies
View Related
How will you know that a username is already login? I have this chat page in which both of you can login with the same username.
View Replies
View Related
First my database consists of a couple tables.MyUsers (records - username, password, tablename)User1 (records - record 1, record2, record3)User2 (records - record 1, record2, record3)
What I have a username and password login. When they login I need asp to look up in a database (table - myusers) and if the username and password match one of the records then take the third record (which is actually a reference to that user own table) and store it in a variable.
I then need to read that users table and display all the info in that table on a new page for only that user to view.
Below are the files that I have. I have been messing around with it with another example so some of the code might be a little misleading....
View Replies
View Related
I am running an application in Windows Server 2003. The clients with Windows XP Professional will access the application through the web browser. Can I know how can I grab the Windows login information like username DOMAINUSER1 from the client and apply it to the login credential in my application?
View Replies
View Related
how to make asp pages that could let people to upload files. I use Macromedia Dreamweaver and there is a form for file field, but it doesn't has any help function on how to do it.
View Replies
View Related
I have 3 ASP pages. Page1 has file upload feature where the user selects a file and clicks on upload button. Page2 takes that uploaded file and process the records to insert into the database. Page3 shows that records from the database. Code:
View Replies
View Related
I'm more of a LAMP person than an ASP/windows type (I'll be honest I haven't got a clue about ASP). Anyway, I'm looking for a way to password protect a file. Normally under a unix box I would just use .htaccess and .htpasswd to use http authentication but I don't have a clue how I would do such a thing under a windows box.
View Replies
View Related
the page is to be able to allow a user to enter a password so as to download documents. It does not meant for any users to download. It is for some specific users. What I want is to send them a password through email, but I want to know who's has downloaded.
View Replies
View Related
I have researched several login scripts and I have a few questions that I haven't been able to find the answers for.
First if of all, my goal is to create a cookie-based, non-SSL, login system. I have many, many users that are going to be logged in for extremely long periods of time, so I absolutely do not wish to use session variables under any circumstances.
I've come across several great algorithms and one-way hash's that seem to work great for encoding the password. However, they all seem to have one thing in common. Once the user successfully "logs in", the site simply sets a cookie using the User ID of the login account. On all password protected pages, the only check that is made is the User ID stored in the cookie- compared to the value in the database.
I'm curious if it is possible for a hacker to create a false cookie on their system, storing simply the UID. Is it possible to do this, or is there some kind of internal OS security that prevents such an action? In other words, if I go to a co-workers computer, review their temp files, find the cookie for the site they're logged into and take the UID... Could I recreate that cookie on my own computer at a later time and gain entry?
This may not be so much of a security issue on a site that only stores a temporary cookie, but what if when they login, I set the cookie to expire after a year? (so they don't have to login every time they visit the site).
I'm not saying this method isn't secure, I guess I'm looking for an explanation. Also, any ideas on where I can obtain more information about creating a login application that's not based on session variables?
View Replies
View Related
We have an intranet which is personalized using a cookie which we set. I have an outside vendor who is developing an application which will live on a seperate server. Is there a way they can read the cookie which we set to log user into their application so that we can make it a seamless transition?
View Replies
View Related
ASP Session/Cookies, Help to Protect Page from Non users I am a beginner and very urgently need some help
I have created a asp page, that takes in a username and password and validates it as follows and then if true continues to the pages requested.
Code:
'Read in the password for the user from the database
If (((Request.Form("txtUser")) = rsCheckUser("User_pass")) and (rsCheckUser("User_lev") = 1) ) Then
'If rsCheckUser("User_level") = 1 Then
'THE ABOVE CHECKS THE INFO IS CORRECT AND IT REDIRECTS TO THE PAGE BELOW and Session=True
'If the password is correct then set the session variable to True
Session("blnIsUserGood") = "True"
'Redirect to the authorised user page and send the users name
Response.Redirect"user_self_update_form.asp?ID=" & rsCheckUser("ID") & ""
'Close Objects before redirecting
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
End If
Now this code takes you to page :Response.Redirect"user_self_update_form.asp?ID=" & rsCheckUser("ID") & ""
Which is something like /project/user_self_update_form.asp?ID=1
Since after the login you do to this, you are allowed to see this page.
But The page user_self_update_form.asp?ID= can also be access if you just put the link on the browser. Lets say i log in as ID 2, and just change the ID to 3 on the address bar in the browser, i will log into someone elses page.
How to i block this from random access and only the SPECIFIC USER?
Code for user_self_update_form.asp (the protected page unless you are logged it):
The Session = False part just does not work here, so if you get this link of someone, you can just get it, and you are not redirected.
<%
'If the session variable is False or does not exsist then redirect the user to the unauthorised user page
If Session("blnIsUserGood") = False or IsNull(Session("blnIsUserGood")) = True then
'Redirect to unathorised user page
Response.Redirect"unauthorised_user_page.htm"
End If
%>
<%
'Dimension variables
Dim adoCon 'Holds the Database Connection Object
Dim rsGuestbook 'Holds the recordset for the record to be updated
Dim strSQL 'Holds the SQL query for the database
Dim lngRecordNo 'Holds the record number to be updated
'Read in the record number to be updated
lngRecordNo = CLng(Request.QueryString("ID"))
and all the other protected into here:
View Replies
View Related
I am building a website to pull data from a remote https site using xmlhttp. The data from the https site is behind a login screen. I can successfully get through the login screen with:
set objXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP")
objXMLHTTP.Open "POST", "https://website.com/validate-login2.asp", false
objXMLHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXMLHTTP.Send "Username=uname&password=pwd&company=O"
That works great - but then, when I try to go to the next page (where the data is that I want to pull) - I use the same process and I get kicked back out to the login screen? Could there be some cookies, referer, strings being passed normally that I am not including in my second request - How do i find out for sure?
I have used the software IETrace and it looks like some cookies being passed, but how do I know for sure if (and what exactly) it is using?
View Replies
View Related
is there any way to protect files or a folder from unauthorised access, i.e.when a variable is false?
e.g.
when variable li = 1 then grant access to folder and files within
when variable li <> 1 then deny access
i have a folder with images and word documents i only want people with the variable set to 1 to be able to access them.is there a way?
View Replies
View Related
I'm creating a set of new user pages for my site. At present I've got a newuser1.asp file which tests if a username exists. On failure (when the username exists) it goes an almost identical copy of the file and the user has to try out a new username and password.
This seems rather inelegant (having to upkeep two files) so I'd like to have just the one page with the failure redirecting back to itself but then displaying appropriate wording ('the username exists.so that I can try to work out an appropriate solution?BTW I'm using ASP VBscript.
View Replies
View Related
We face problems uploading excel (with macros) documents using HTML
File Upload.
The file contents are corrupted while viewing the same. However, we
are able to upload excel (w/o. macros) documents successfully. Is
there anything we have to take care of, while handling uploads of
excel documents with macros?
View Replies
View Related
I want to login to a page using MSXML2.ServerXMLHTTP.4.0 or an object like this, I must send the form variables needed to login when I try to login to the page. But the problem is, that the page looks like a exe file (not a asp file or php file or what ever). The name of the page I try to login is something like "/pw?/session/login", nothing more, without extension. I have tried the code with a normal asp file with session registration and login process and it worked, but not with this file.
View Replies
View Related
i would like to manage to do the following:
in my website there r registered users.
each user has a profile.
i would realy like to help the other users access a certain user profile by:
www.mysite.com/username
rather then
www.mysite.com/viewprofile.asp?user=username
i'v seen that made on serveral websites, how can i do it?
i geuss thats involving giving the server default asp page for parameters or somthing like that...(I am using IIS 5)
View Replies
View Related
Our company has an intranet paging website. It gets all the contact and
group addresses from SQL Server database. The paging is done through
WCTP.
It works properly except for only one group where it asks for username
and passord when the user tries to send a page and does it
successfully. But before I view the status of the page it asks me for
username and password. It asks thrice and then give me an error web
page.
View Replies
View Related
I have an ASP Page that I want to make Username and Password for Viewing it. Can you guide me how can I do this?
View Replies
View Related
I am working with a developer, on two portions to a site, he is working in PHP and my work is done in ASP.
Is it possible for my pages to request data from a cookie that was written by his pages that are PHP but residing on the same server? Just want to make sure before I spend too much time planning out the development on my end.
View Replies
View Related
I have page for user to update his/her details. What i want is after idle for more than 20 mins, the page will redirect to login page automatically. So that the user knows that his/her session already expired and need to login again.
But it doesn't working. This is because if he/she update the details (after idle more than 20 mins), and click the Submit button, it will go to login page and all the data will be lost. Code:
View Replies
View Related
I'm building a multi-langual site, and I want to store the language selected in a cookie. When the querystring contains a "lang" parameter, I'm changing the cookie's value. The valuese represent the language ID in my DB. When no var passed throgh the QueryString, and no cookie found, the system should put the value of the default language in the cookie.
The only problem is the cookie is being erased somehow after the only page I created so far is over. the page itself can access the cookie, but once it's processing is over, the cookie no more exists.
I have no idea why it happenes, nor how should I fix it. I've set the cookies("name").Expires = DateAdd("m", 1, Now()), and checked there is no other access to the cookie. But nada. the cookie still vanish every time.
View Replies
View Related
I have 3 domains, A, B, and C.
I want to put the same JS tag on sites A and B that call an asp page on domain C.
The tag would look like this:
<script language="JavaScript1.1" src="http://secure.C.com/Demo/Intercept.asp"></script>
The ASP page on domain C would write a cookie, in theory the cookie should have permissions for read and writing from site C.
Something like this:
Response.Cookies("Name").Expires = Date() + 365
Response.Cookies(SurveyName).Domain = ".C.com"
Response.Cookies(SurveyName).Path = "/"
In firefox the result is exactly as planned, a cookie is set when a user goes to sites A or B via site C, and using this same approach, I can read the cookie from domains A and B via the JS tag calling the script on site C.
IE does not like this. Sometimes it doesn't even write the cookie, other times the cookie has to be there b/c of resulting actions taken, but when viewing the list of cookies, it's no where to be found. Additionally, I don't seem to be able to read the cookie the same way as firefox is letting me.
I know this can be done, I went to foodnetwork.com (yeah I love to cook), and saw that they were using a metric service that was calling a back end script from the vendors domain, and setting a cookie from that vendors domain, all without the user seeing anything or leaving the foodnetwork.com domain. I've looked at the resulting JS code that is returned from these vendor back end pages, and it has nothing to do with the cookie being set, it's definitely happening server side.
View Replies
View Related
I want to create a cookie that will expire in a few mintues after a user leaves my page so that they can return without having to login again if they were only gone for a few minutes. I tried putting this code in the Page_Unload event but got an error message that cookies not supported here.
....
Sub Page_Unload 'this not working here
Dim objCookie As HttpCookie
objCookie = New HttpCookie("mycookie", "cookie1")
objCookie.expires = DateTime.Now.AddMinutes(2)
Response.Cookies.Add( objCookie )
End Sub
</script>
What is the best place to create a cookie that will only last for a few mintues after leaving a page.
View Replies
View Related
When I use a host file entry to point to the host header of the site
that I have created on a Win2k server running IIS5, a cookie is not
created to hold the session id. The result is that Session_OnStart is
run every time a page is requested.
If I set up a DNS entry on the DNS server it all works fine.
I never noticed this problem before we put in Active Directory so it
may have something to do with that.
I have set "allow per session cookies" to promt(under Custom Secrity
settings in IE) to see if this is being attempted and it is not. So
the browser is not even trying to create the session cookie when using
the host file.
View Replies
View Related
I'm having a problem with the fact that I want to allow image files to be uploaded to a remote web server, as the hosting package the web site is on is IIS6 and has a default file upload size limit of 200kb. As it's a shared hosting package, the default limit cannot be changed for me unfortunately.
Anyway - i need to check the size of the file being uploaded, so i can notify the user and prevent them getting the default Microsoft error message page. The problem is that I can't implement a server side size check which works, using either Request.TotalBytes or load.getFileSize (with "load" being an object of my loader class). It seems that I can't carry out any of these operations when the file size is too large.
View Replies
View Related
I would like to add a facility to my web page which allows users to upload basic files (word, excel, text, gif, jpg etc) to the server.
I know there's a facility to do this using HMTL forms, but I don't know how to handle the file on the server side.
What I think I need is an ASP file running some code to manipulate the filesystemobject, allowing me to receive the file and store it in the filesystem on the server. It would be nice to access some of the file properties too (name, type etc).
I've seen a few custom components online which allow you to do this, but I can't depend on installing them. I need to be able to script it myself.
View Replies
View Related
I would like to use this code on my website to allow simple file uploads from clients. I would like to restrict the file types they can upload. Code:
View Replies
View Related
I had just created a login page called login.asp and proc page login_proc.asp. I'm using MS Access for db. The prob is when I uploaded it into the web, a msg comes up saying 500 Internal Error and could not find login_proc. I have uploaded it dozens of times but it still comes out the same. When I test it in my local server, everything goes smoothly. Can nebody plz help? I'm running out of idea. I feel like jumping off the bridge rite now.
View Replies
View Related
I have existing login page that will check accounts table from my database
if the user is allowed to log on to the system. I use session to save user
variable.
Every page that I will make, I always ask if the session where I
save the user variable exist, and if not, it will redirect to login page. Is
the the best way to control a web application using ASP. If not, can you
give me your thoughts?
View Replies
View Related
I got a web page and I want the user to login everytime he view the page. Something like email where u need to login be4 u can view the inbox. What can I do so that if the user want to go straight into the page I will direct him to the login in page to ask him to login first? Another question is what does this mean?
<!--#include file="setting.asp" -->
View Replies
View Related
Please need your help in writing the cookies code to enter the user automaticly to the comments page with out login if he entered before to the site...
these are the code i wrote but now i need the cookies code to vlaideat if the user enterd before or not (if yes, redirect him to the comments page otherwoise let him login in)
View Replies
View Related