If i had a login page that got user input for username and password, how would i post that information to another page that is gonna be used to store subs and procedures so other pages will include that page so I can minimise the amount of times i type up a connection string.
So I have login.asp which i want to post login credentials to include.asp which will never be opened by if users login details are correct it would then be directed to table.asp. If incorrect it should show an error message in the login.asp page.
I've provided the code for include.asp file which will never be seen by a user below
Dim objCon, SQL, objRS
'Connect to Database
sub connect()
Set objCon = CreateObject("ADODB.Connection")
Set objRS = CreateObject("ADODB.Recordset")
objCon.Open "Provider=SQLOLEDB.1;Password=xxxx;Persist Security Info=True;User ID=xxxx;Initial Catalog=Customer;Data Source=xxxx"
SQL = "SELECT * FROM Customer"
objRS.open SQL, objCon
end sub
sub connectionClose()
objRS.close
objCon.close
end sub
let me post with code tag so it helps.
so u got login.asp,validateLogin.asp, table.asp ( they all got include.asp)
Login.asp post the credentials to validatelogin.asp
once in validatelogin.asp
dim username : username = request.form("username")
dim password: password = request.form("password")
'here for security purpose u will want to replace all the single quote in username and password with 2x single quote (you do that to avoid SQL injection form bots / hackers
username = replace(username ,"'","''")
password = replace(password,"'","''")
sqlValidateUser = "SELECT top 1 * FROM Customer where username='"&&"' and password = ''"
set rsValidateUser = objCon.execute(sqlValidateUser)
if not rsValidateUser.eof then
session("authentified") = "1"
response.redirect("table.asp")
response.end()
else
response.redirect("YOUR_ERROR_PAGE.asp")
response.end()
end if
rsValidateUser.close
then in your include.asp u will want something like :
'Validating if your NOT on login.asp or loginvalidate.asp ... if not Check if your logged in ... if not redirect to error page or login form
if not instr(lcase(request.servervariable("url")),"login.asp") > 0 and not instr(lcase(request.servervariable("url")),"validatelogin.asp") > 0 then
if session("authentified") = "1" then
response.redirect("your_Error_page.asp")
end if
end if
not 100% sure about the include.asp code i did not validate any of it but it should look like that
Under your root folder create an \includes folder.
Within \includes add a "functions.asp" page and put your common data access functions in that page. Include NO HTML - just server side script.
In your authentication page, add #include directives that point to your includes folder: example:
<!-- #include file = "../includes/functions.asp" -->
Then from your auth page you call any functions defined in functions.asp.
Related
I have been stuck in this topic for a long time and I hope someone can help me.
I have an application written in asp classic. I must implement an antiforgery token in the form where I go to validate the data.
My page is composed like this
<% Dim token
token = GetGUID()
Session("token")=token
%>
<html>
<head>
</head>
<boby>
...
...
<form method="post" action="../includes/CENT_FUNCTIONS.ASP">
<input type="hidden" value="<%=Session("token")%> name="token">
</form>
</body>
</html>
As you can see at the top in the asp code when opening the page I generate a GUID that I am going to save in a session variable.
I generate the GUID with this vbs function
FUNCTION GetGUID()
GetGUID = CreateObject("Scriptlet.TypeLib").GUID
END FUNCTION
So I'm going to save the session variable in a hidden field of the form. The action of the form goes to call another asp file where I will go to collect the form data to call a store procedure in the sql database.
The file is written like this
<%
IF Request("token") = Session("token") THEN
ID_CENT=Request.QueryString("ID_CENT")
IDAZIENDA_CENT=Request("IDAZIENDA_CENT")
ELSE
Response.Redirect "../notallowed.asp"
END IF
set command = Server.CreateObject("ADODB.Command")
command.ActiveConnection = conn
command.CommandText = "CAR_CENTRALINI_FUNZIONI"
command.CommandType = adCmdStoredProc
set objParameter = command.CreateParameter ("#ID_CENT", adInteger, adParamInput,,ID_CENT)
command.Parameters.Append objParameter
set objParameter = command.CreateParameter ("#IDAZIENDA_CENT", adInteger, adParamInput,,IDAZIENDA_CENT)
command.Parameters.Append objParameter
command.Execute , , adExecuteNoRecords
Set command=Nothing
Set objParameter=Nothing
Response.Redirect "../Fonia/UT_Fonia_CENTRALINI.asp"
%>
So before collecting the form data I go to check if the token arrived is the same as the one stored in the session variable.
But this comparison that I make in the IF condition always returns false.
Is this way I am using to generate and validate the anti forgery token correct? What am I doing wrong?
Thanks for any replies
i want to make "instagram Direct Message SENDING MECRO"
URL = www.instagram.com/direct/inbox
driver.FindElementByXPath("/html/body/div[1]/section/div/div[2]/div/div/div[1]/div[1]/div/div[3]/button/div/svg").Click
WHEN I open the link, and copy&paste the xpath,
then my code run well
However, after run one time,
run my code again,
then 'NoSuchElementError'... why...? what shoud i do..?
(i also use selenium)
full code :
Sub Sending_DM()
Dim driver As Selenium.ChromeDriver
Dim username As String, Login_ID As String, Login_PW As String
Set driver = New Selenium.ChromeDriver
driver.Start
driver.Wait (2000)
username = Sheet3.Range("B2").Value 'B2 = User ID = username
Login_ID = Sheet3.Range("a1").Value
Login_PW = Sheet3.Range("a2").Value
driver.Get "https://www.instagram.com/" & username
'-----------Login
driver.FindElementByXPath("//*[#id=""loginForm""]/div/div[1]/div/label/input").SendKeys (Login_ID) ' MY INSTAGRAM ID
driver.FindElementByXPath("//*[#id=""loginForm""]/div/div[2]/div/label/input").SendKeys (Login_PW) ' My instagram PW
driver.FindElementByXPath("//*[#id=""loginForm""]/div/div[3]").Click
driver.Wait (4000)
driver.Get "https://www.instagram.com/direct/inbox/"
'-----------Sending DM
driver.FindElementByXPath("/html/body/div[1]/section/div/div[2]/div/div/div[1]/div[1]/div/div[3]/button/div/svg").Click
driver.FindElementByXPath("/html/body/div[6]/div/div/div[2]/div[1]/div/div[2]/input").SendKeys (Sheet3.Range("c1"))
driver.FindElementByXPath("/html/body/div[6]/div/div/div[1]/div/div[2]/div/button/div").Click
driver.Wait (1000)
driver.FindElementByXPath("/html/body/div[1]/section/div/div[2]/div/div/div[2]/div[2]/div/div[2]/div/div/div[2]/textarea").SendKeys (Sheet3.Range("c2").Value) 'Sheet3.range("c2") = recipient ID
driver.FindElementByXPath("/html/body/div[1]/section/div/div[2]/div/div/div[2]/div[2]/div/div[2]/div/div/div[3]/button").Click
Sheet3.Range("d2") = "o" 'Sending Check
End ()
okay we are running into wrong locator issue.
replace this line
driver.FindElementByXPath("/html/body/div[1]/section/div/div[2]/div/div/div[1]/div[1]/div/div[3]/button/div/svg").Click
with this :
driver.FindElementByXPath("/html/body/div[1]/section/div/div[2]/div/div/div[1]/div[1]/div/div[3]/button/div/*").Click
In my asp.net and vb.net web application form ; the drop down list for Main Contact holds a list of names. This list is different for different user who are logged in to the application.
Data are populated by select query from database fields. (select query fetches data by Innerjoining two tables- EmployerUser table & User table. Primary key of User table is ID which is a foreign Key in the EmployerUser table named UserID.)
In Front end ASP.net coding is
<div class="form-element">
<label>
Main contact (required)
</label>
<asp:DropDownList ID="comMainContact" runat="server" CssClass="chosen" EnableViewState="True"
DataTextField="name" DataValueField="id" />
</div>
In Back end VB.net coding for the drop down list is
comMainContact.DataSource = LocalHelper.CachedEmployerUserList(LocalHelper.UserEmployerID)
comMainContact.DataBind()
Public Shared Function CachedEmployerUserList(ByVal employerid As Integer) As DataTable
Dim CacheName As String = "helper_cachedemployeruserlist_" & CStr(employerid)
Dim DataList As DataTable = Nothing
Try
DataList = HttpContext.Current.Cache.Item(CacheName)
Catch
End Try
If DataList Is Nothing Then
DataList = Core.DB.GetData("SELECT [User].id AS 'id', [User].name + ' ' + [User].Surname AS 'name' FROM EmployerUser INNER JOIN [User] ON EmployerUser.userid = [User].id WHERE [User].deleted = 0 AND [User].active = 1 AND [User].emailverified IS NOT NULL AND EmployerUser.employerid = #employerid ORDER BY [User].surname, [User].name", Core.DB.SIP("employerid", employerid))
HttpContext.Current.Cache.Insert(CacheName, DataList, Nothing, DateAdd(DateInterval.Minute, 1, Now), System.Web.Caching.Cache.NoSlidingExpiration)
End If
Dim FinalList As DataTable = DataList.Copy
Return FinalList
End Function
The problem is : This coding does not set a default value for the Main Contact . I want to set a default value in drop down list for the Main Contact. In most of the cases the default value is the user himself. So it would be ideal if the current user is set as default value in the drop down list as well as the user is also able to change value from the drop down list if himself is not the Main Contact.
How can I do that.
I can separately determine who is the currently logged in user.
The coding to determine current user is (Current logged in User can be determined via select query which fetches data from User table.)
Public Class User
Public Shared Function UserFullName(ByVal User As Mypeoplebiz.User, Optional ByVal Title As Boolean = True) As String
If Title Then
Return Core.DB.GetString("SELECT name FROM Title WHERE id = #titleid", Core.DB.SIP("titleid", User.TitleID)) & " " & User.Name & " " & User.Surname
Else
Return User.Name & " " & User.Surname
End If
End Function
End Class
How can I set current user is set as default value in the drop down list and give the user the option of changing value from the drop down list .
Appreciate your help.
Thanks
Set the SelectedValue property of the dropdown list to the username string:
comMainContact.SelectedValue = UserFullName(arguments)
See https://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.listcontrol.selectedvalue(v=vs.110).aspx?cs-save-lang=1&cs-lang=vb#code-snippet-2
The following lines of code solved my problem. So I want to share it if any one have similar problem.
Private strUserName As String = ""
strUserName = Core.DB.GetString("SELECT name + ' '+surname FROM [user] WHERE id = " & LocalHelper.UserID)
comMainContact.DataSource = LocalHelper.CachedEmployerUserList(LocalHelper.UserEmployerID)
comMainContact.DataBind()
comMainContact.SelectedIndex = comMainContact.Items.IndexOf(comMainContact.Items.FindByText(strUserName))
Hope you will find the post useful
Here is my Scenario
I have MS Access DB (MDB file), and work group security file. I have credentials which have all the permit (Administrator user). This DB and MDW file is created on some other computer and i am using it on my computer now.
What I am able to do till now is, I can log in the DB with different user name and password which are existing in the DB. Verified this by using Correct user name and wrong password It give error, but correct credentials it logins.
Now I need to create a interface In Java to basic functionality.
1. Change password of currently logged user.
Change password of current user
Following is my code to change the password
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
String database = "jdbc:odbc:"+"mdbTEST";
// mdbTEST is created in System DNS which uses SECURED.MDW file and
// ExtendedAnsiSQL is set to 1
conn = DriverManager.getConnection(database, "administrator", "hello");
String q = "ALTER USER "+uname+" PASSWORD "+newPass+" '"+oldPass+"'";
stmt = conn.createStatement();
stmt.execute(q);
It returns successful.
But when I try to log in the with the username and new password it says wrong passowrd and even the old password stops working.
Moreover, I tried to read all the username and passwords in the WorkGroup file using some third party software, it shows the new password is updated correctly in the MDW file.
I am using JDK 1.7 on Windows XP 32 bit.
What can be the problem? Am I doing something wrong here?
Thanks in Advance.
If you want to put quotes around the password values to accommodate passwords that contain spaces, you should enclose them in double quotes ("). If you enclose them in single quotes (') then the single quote characters become part of the password. For example, after executing my test code...
import java.sql.*;
public class ulsTest {
public static void main( String args[] )
{
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection conn = DriverManager.getConnection(
"jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};" +
"DBQ=C:\\Users\\Public\\uls\\ulsTest.mdb;" +
"SystemDB=C:\\Users\\Public\\uls\\Security.mdw;" +
"Uid=Gord;" +
"Pwd=obfuscated;" +
"ExtendedAnsiSQL=1;");
String UID = "Tim";
String oldPWD = "oldpassword";
String newPWD = "I like Java";
Statement s = conn.createStatement();
s.execute("ALTER USER " + UID + " PASSWORD \"" + newPWD + "\" \"" + oldPWD + "\"");
// ALTER USER Tim PASSWORD "I like Java" "oldpassword"
System.out.println("User updated.");
s.close();
conn.close();
}
catch( Exception e ) {
e.printStackTrace();
}
}
}
...Tim is able to log in using the new password
I like Java
However, if I change my code to...
s.execute("ALTER USER " + UID + " PASSWORD '" + newPWD + "' '" + oldPWD + "'");
// ALTER USER Tim PASSWORD 'I like Java' 'oldpassword'
...then the single quotes become part of the new password and Tim must type the password...
'I like Java'
...(including the single quotes) to log in.
Side note: I was hoping that a parameterized query might avoid messing with string quoting, but unfortunately the code...
PreparedStatement s = conn.prepareStatement("ALTER USER ? PASSWORD ? ?");
s.setString(1, UID);
s.setString(2, newPWD);
s.setString(3, oldPWD);
s.execute();
...fails with the error:
[Microsoft][ODBC Microsoft Access Driver] Invalid SQL statement; expected 'DELETE', 'INSERT', 'PROCEDURE', 'SELECT', or 'UPDATE'.
The previous DBA here set up some SQL Server Reporting Services Reports to run automatically and email the report to users. When he left his accaount was disabled and now they don't work. The status on the subscription reads:
Failure sending mail: The permissions granted to user
'OURDOMAIN\old_DBA_Username' are insufficient for performing this
operation.
Is there an easy way to change the owner, I have found the Owner field in the RS database in the subscriptions table and have though of just changing that, but don't want to break our production report service?
The other option of course is to create a new subscription and delete the old, but surly there is a better way.
The solution posted here did the trick for me. Basically you midify the subscription owner on the SSRS database directly by running the script below.
DECLARE #OldUserID uniqueidentifier
DECLARE #NewUserID uniqueidentifier
SELECT #OldUserID = UserID FROM dbo.Users WHERE UserName = 'DOMAINA\OldUser'
SELECT #NewUserID = UserID FROM dbo.Users WHERE UserName = 'DOMAINA\NewUser'
UPDATE dbo.Subscriptions SET OwnerID = #NewUserID WHERE OwnerID = #OldUserID
You can do this in Visual Studio in C# as well. Create a web reference to the ReportService2010.asmx on your report server, the along the lines of this.
public class ChangeOwner
{
public string OldOwner { get; set; }
public string NewOwner { get; set; }
public ChangeOwner()
{
}
public void ChangeReportOwner()
{
ReportingService2010 rs = new ReportingService2010();
//set the URL to your report server
rs.Url = "http://youserver/ReportServer/ReportService2010.asmx";
rs.Credentials = System.Net.CredentialCache.DefaultCredentials;
Subscription[] items = rs.ListSubscriptions("/");
foreach(Subscription item in items)
{
if(item.Owner.ToUpper() == this.OldOwner.ToUpper())
{
Console.WriteLine("Updating report " + item.Path + " " + item.Owner);
rs.ChangeSubscriptionOwner(item.SubscriptionID, this.NewOwner);
}
}
}
}
I ran into this issue before and found the answer in this article on Jeremiah Clark's blog.
Gist of it is, you're right on about updating the Owner field in the Subscriptions table of the ReportServer database with the new user.
Worked for me, anyway.
From SQL 2016 onwards, there is a feature in the user interface to replace a subscription owner. The only down side to this is that you have to edit each subscription individually. Not a problem if you only have 1, but if you have dozens you'll want to use one of the other suggestions instead.
Source: https://www.sqlshack.com/report-subscription-changes-sql-server-reporting-services-2016/
Starting with SRSS 2008 R2, you can programmatically change the owner via the ChangeSubscriptionOwner method of the ReportingService2010 web service.
You can call this web service via an .rss script. eg.
' OldOwner - username of owner to replace
' NewOwner - username of new owner
Public Sub Main()
Dim items() As Subscription
items = rs.ListSubscriptions("/")
Dim item as Subscription
For Each item in Items
If (item.Owner.ToUpper() = OldOwner.ToUpper()) Then
Console.WriteLine("Updating report " & item.Path & " " & item.Owner)
rs.ChangeSubscriptionOwner(item.SubscriptionID, newOwner)
End If
Next item
End Sub
And run this using the rs.exe tool like this:
rs.exe -i ChangeSubscriptionOwner.rss -s http://localhost/reportserver -e Mgmt2010 -v NewOwner="domain\newuser" -v OldOwner="domain\olduser"
Can't you modify the subscription?
http://technet.microsoft.com/en-us/library/ms157343.aspx
I had to face the same problem and used reflector to find what the issue was. I have shown the .Net code within ReportingServicesServer.dll which throws this exception in the post below.
http://easybi.wordpress.com/2011/01/22/microsoft-reportingservices-diagnostics-utilities-unknownusernameexception-the-user-or-group-name-is-not-recognized/
As briang suggests above, the solution provided by Jerimiah Clark works. My post details what happens behind the scenes.
You can use the attached stored procedure:
You need to provide the new user you want to assign the subscription to
and the report name that is subscribed
CREATE PROCEDURE [dbo].[SP_ChangeSubscriptionOwner]
(
#userName nvarchar(260),
#ReportName nvarchar(425)
)
/*
Example:
EXEC SP_ChangeSubscriptionOwner '<New user Name>' , '<Report Name>'
The procedure changes the Owner of a subscription to the user enterd as parameter to the procedure
*/
AS
BEGIN
SET NOCOUNT ON
DECLARE #MSG VARCHAR(1000)
IF NOT EXISTS
(
SELECT 1
FROM Users where UserName = #userName
)
SET #MSG = 'User: '+'"'+ #userName + '"'+' doesn''t exist in Users table.'
ELSE
SET #MSG = 'No subscriptions were found to report: '+'"' + #ReportName + '"'+' ,Or the User: '+'"'+ #userName + '"'+' is already the owner of the report subscription.'
update S
set S.OwnerID = U.UserID
FROM Subscriptions S
JOIN Catalog c
on s.Report_OID = c.ItemID
JOIN Users U
ON U.UserName = #userName
where C.Name = #ReportName
AND U.UserID != S.OwnerID
if ##ROWCOUNT = 0
raiserror (#MSG,16,1)
END
ntombela's solution worked for us on SSRS 2016, except that we also had to update ModifiedByID. If we didn't, we were not able to disable/enable subscriptions. We got a pop-up indicating that the now-disabled ID wasn't found. The owner showed the correct username, but the Modified By entry still showed the old ID.
I wouldn't have thought it mattered, but it seemed to for us. On the up side, we stopped seeing the SSRS log file errors like:
ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.UnknownUserNameException: , Microsoft.ReportingServices.Diagnostics.Utilities.UnknownUserNameException: The user or group name 'AD Domain\olddisabledusername' is not recognized.