How can I prevent this from happening? For example when the asp
application works in a public terminal where we don't want successive
users to know the login password and user name of the previous ones?
We have 2 domains for internal purposes: one for users (have to login
and domain has SSL) and another for sponsors (have to login and domain
does NOT have SSL).
Now when a user logs in and there are pages that have info from the
sponsors domain, users are asked to login again with a warning message
saying if they want to see secure and nonsecure information. How can
I bypass the second login? Is there something I can do in active
directory, IIS, or ASP to not have the second login appear?
Does anyone have a script that will allow me to extract the current
user's logon to a Win2k machine?
Can I take my visitors windows login names?
View Replies View RelatedI want to redirect my user to another page.With ASP (not .Net) and IIS 5.0,under windows 2000 server.We have installed the component WinHTTP that is used to manipulate http
requests.
We want to automatically identify the user through his Windows login/pwd(NTML) He does not need to type it.How do i get the login/pwd from windows, and perfom an authentificationcontrol?then how do i set up a cookie in the client computer?
Is it possible toget the username of a visitor on his Windows 95/98/ME etc... machine?, I know it's posible for NT logiin bu tis it for 9x?, If so would anyone mind explaining how it's done?
View Replies View RelatedI would like to know how I can programmtically retrieve the windows login
id? This is a asp.net application.
I'm writing one asp page and developing application for intranet...
I just need to know when if anyone executes this scripts, i need to find out his windows login information (only username on which they are currently logged in)..
I tried below code but its giving me machine name instead of username..
<%
Dim X
set X = createobject("WSCRIPT.Network")
dim U
U=x.UserName
Response.write "Logged In User is: " & U
%>
I have succesfully captured the users login detail, but I now have a new problem I have assigned the login to a Session Variable, however when I come to use the string stored in the variable it excludes the which seperates the domain from the user name, it should be :DOMAINUSERNAME , but I am getting DOMAINUSERNAME which really is a pain. Anybody know why this is happening and how I can overcome it ?
View Replies View RelatedMost people cancel the "allow anonymous user" and IIS will automatically popup the user login dialog. Not me. I want anonymous users to be able to do somethings. Then, if they want to do more, they can to go to a "login page".
This used to be my own ASP page. Now I dont want that. Instead I want the Windows login dialog to popup. How do I do that. How do I in my ASP page cause the Windows Login dialog to popup. I am running on Win2K server.
I am running an application in Windows Server 2003. The clients with Windows XP Professional will access the application through the web browser. Can I know how can I grab the Windows login information like username DOMAINUSER1 from the client and apply it to the login credential in my application?
View Replies View RelatedBasically I have a site where the administrator adds new students to a college system. This code just adds a new student to the database. When they are added a username is generated by taking the first letter of the forename and the first from the surname and joining them to the date.
(ie, James Brown would generate JB2005) Obviously some people will have the same initials so i'm trying to get all the records from the student table in my database that has the first two letters as the student I'm trying to add and adding the value of the count of that recordset before the date of the new students initials. (ie, if Jane Bennett was added the username would be JB12005 because there is already a user with the initials JB in the database)
At the moment if i add a new member to the database, the fields are populated but the count of the recordset is not added so I end up with duplicate usernames. I'm not sure if the recordset is even being filled or whether the recordcount is not working. Code:
I have an access dbase that holds and an expiry date. I need to compare the expiry date with the current date and if it is later than the current date it will allow access (if the username password is correct of course)otherwise it will display an error message saying that membership has expired.
View Replies View RelatedWhat's the best way to implement a secure passwords. The passwords already exist but i want the users to then change them.
View Replies View RelatedI am tryin to create a database of users for my system,each user is given a username based on their own name(surname and first name), however if 2 users with the same or similar name enter their details they will be given the same username,for example john drew would return drewj as thier username, so would jack drew, when a new user is entering their details how do i check that the username generated for them does not already exist,i.e i need to compare the username generated for the new user with all usernames already held in the database,if the username does already exist i want to add a digit to the end of the username how is this done using asp?
View Replies View RelatedI just wanted to share it with you guys and ask your opinions. Code:
View Replies View RelatedI'm using if for when the user deletes a record from the database. People using the website try and delete more than one record at a t time by placing commas between the IDnumber ie. 1,2,5,9 etc.
This creates an error. So instead of this error appearing, how can I get a small alert box telling hte user he/or she has entered the wrong data type?
The code for the form is :-
Is there a script that change email adrdresses to prevent SPAM.
ex: ticul@myprovider.com
I want it to appear like this on my webpage ticul@xxxxxxx.com or something that look like this
In ASP classic pages,I want to know if it's possible to prevent
session variables from becoming zero length strings? I have tried
setting the Session.Timeout to a large value, but alwas, after 20
minutes, my session variable times out. I also tried setting the
session timeout in IIS manager to a high value, but this did no good
either.I just want to allow one particular session variable to last a long
time.
I have a permission tracking app that I am working on, and I have made the insert page for it. I am having issues on how to prevent duplicates from getting entered.
Currently the interface for the app has a mixture of select boxes, list boxes and checkboxes. The form submits the page to processAIMR.asp and then does the inserting. I am using a loop to insert a new record for each checkbox checked or listbox entry selected. Code:
Does anyone know how to prevent the browser from automatically adding the password to a form after a user name is entered? I need to be able to over ride the brower setting so turning off the option in IE is not really a solution.
View Replies View RelatedI have a form that sends info to a preview page, then to a thank you page. The thank you page gets the data passed from the rpeview page and sends an email.
How can I prevent the user from refreshing the page, so it doesn't send the email again.
I would like to prevent a user from logging in with their user/password combination on a different computer or even a different browser window, if they are already logged in. I have a login page, from which I use a DB check to verify user/password info. Also, I have a bit loggedIN field in the DB, which I use to see if they are currently logged in; if so, I prevent them from logging in a second time.
Unless they click the "Log Out" button, then the DB value does not get changed. Any suggestions as to how I can log them out, even if they simply close the browser window or jump to a different page?
For instance here's a simple select statement Code:
("SELECT a, b,c d, e, f FROM Table WHERE a = "&CInt(j)&" and c= 0")
j is a dimmed variable which is a and it's numeric. Is the above protected against any non numeric instances? Like j=2,345..i've tested this and it works i'm just trying to see if i've covered all my tracks.
How do people go about preventing the user from submitting a form for a 2nd time? For example, the user submits a form, clicks on the back button, and the submits the form again. I have used various techniques in the past (depending on circumstances) but I'd be interested in the techniques you guys currently use.
View Replies View RelatedIs there a way in ASP to prevent including the same file more than once?
Example:
dbutil.asp needs constants.asp, so I include constants.asp inside dbutil.asp.
transact.asp also needs constants.asp, so I include constants.asp inside transact.asp.
transact.asp doesn't need stuff in dbutil.asp, and dbutil.asp doesn't need stuff in transact.asp.
Then later I might have a main.asp that needs both dbutil.asp and transact.asp. So I include them both. However, the constants.asp will be found to be included twice!
What can I do to creatively prevent multiple inclusion of the same file in ASP? I know how to do it in C and C++, but I can't apply that to ASP, it seems.
I have created an Intranet in my office using ASP (of course). Within it is a booking system, allowing booking of conference rooms, digital camera and other equipment. It works perfectly...almost, as there is no way to prevent double bookings.
I really don't know where to begin with this one. All bookings go to an Access DB, into a single table. The bookings have a start time and an end time (24hr).
I would like it so that when the user submits the form, if there is a clash in times instead of saying, thanks for your booking, to redirect them back to the booking page saying there is already a booking for this time and that I am very sorry!
I guess I have to check some value in access and return the info back to the webpage before it chooses where to redirect the user.
I am developing a Simple ASP Website with a login page. I want to
know how can I change Session ID after login and also Close the current
Session after User closes the Window or gets logged out of the Website. So
that every time user logs in into the website, Session ID will be unique.
My client received an email from a user who mentioned that by accident they had been typing (over the querystring I guess), and the url had become:
default.asp?pageid='asd
They then received a SQL Server error message.
My client contacted their webhost, who came back to them promptly and talked of 'SQL Injection', they said that we would need to secure the code as well as the permissions on the database(which I believe they have done)..
This is something I had over looked, and started to write a fix for a couple of nights ago...but I dont think its 100%....
Basically I now do this at the top of my default.asp page ...
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form injection attacks? I'm looking for good routines I can reuse on all of my form processing pages.
View Replies View RelatedI am building a website to pull data from a remote https site using xmlhttp. The data from the https site is behind a login screen. I can successfully get through the login screen with:
set objXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP")
objXMLHTTP.Open "POST", "https://website.com/validate-login2.asp", false
objXMLHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXMLHTTP.Send "Username=uname&password=pwd&company=O"
That works great - but then, when I try to go to the next page (where the data is that I want to pull) - I use the same process and I get kicked back out to the login screen? Could there be some cookies, referer, strings being passed normally that I am not including in my second request - How do i find out for sure?
I have used the software IETrace and it looks like some cookies being passed, but how do I know for sure if (and what exactly) it is using?
I want to login to a page using MSXML2.ServerXMLHTTP.4.0 or an object like this, I must send the form variables needed to login when I try to login to the page. But the problem is, that the page looks like a exe file (not a asp file or php file or what ever). The name of the page I try to login is something like "/pw?/session/login", nothing more, without extension. I have tried the code with a normal asp file with session registration and login process and it worked, but not with this file.
View Replies View RelatedSSL cert on our site is for www.mydomain.com.
When you enter our site with just mydomain.com (without the www) and then proceed to a section of the site that is https, the user receives a cert warning since mydomain.com doesn't match up with www.mydomain.com.
What is the easiest way to globally and seamlessly redirect users from mydomain.com to www.mydomain.com to prevent this? The site has about 3000 pages so changing every page with request_querystring isn't really an option.
It would be great if it would work off of child pages too, i.e., mydomain.com/somepage.asp would also redirect to www.mydomain.com/somepage.asp.