| Author |
 Topic  |
|
|
jcm001
Starting Member
45 Posts |
 Posted - 03 May 2005 : 18:51:47
|
I was interested in controlling traffic to certain pages accessible through web links I set up in the forums on my site. So, I pulled together the following code (some from Snitz Search and some (a lot) through trial and error) that when placed in a targeted page redirects the visitor to a no-access page (in this case: air_no_access.asp) if their records are not appropriately marked. This requires that a new field be added to the FORUM_MEMBERS table (in this case: M_SUB_STATE) that when coded with the value 1 allows access otherwise it denies access. It seems to work....
<%
Const MSubState = 1
Username = Request.Cookies("Snitz00User")("Name")
sSQL = "SELECT M_SUB_STATE FROM FORUM_MEMBERS WHERE M_NAME = '" & Username & "'"
Set rsPvtMem = Server.CreateObject("ADODB.Recordset")
rsPvtMem.Open(sSQL),my_Conn
If MSubState = rsPvtMem("M_SUB_STATE") Then
End If
If MSubState <> rsPvtMem("M_SUB_STATE") Then
Response.Redirect "air_no_access.asp"
End If
my_Conn.Close
Set my_Conn = Nothing
%>
My question: Was this written correctly? It seems to work, but I am not really all that familiar with the way the software interacts with the database and controls resources. Is this code going to end up being a memory hog and crash my forums if traffic increases? Are there security issues I should consider? Thx for any response.
Edit: Also - Will it make it too difficult to upgrade when a new Snitz version comes along?
|
Edited by - jcm001 on 04 May 2005 10:40:46 |
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 04 May 2005 : 10:52:36
|
Note: I'm assuming below that you have already included config.asp, inc_header.asp, etc. in the new page.intState=0
if mlev>0 then
strPassword=trim(request.cookies(strUniqueId&"User")("Password"))
sSQL="SELECT M_SUB_STATE FROM FORUM_MEMBERS WHERE M_NAME='"&strDBNTUsername&"' AND M_PASSWORD='"&strPassword&"' AND M_STATUS=1"
set rsPvtMem=server.createobject("ADODB.Recordset")
rsPvtMem.open(sSQL),my_Conn,adOpenForwardOnly,adLockReadOnly,adCmdText
if not (rsPvtMem.eof or rsPvtMem) then intState=clng(rsPvtMem("M_SUB_STATE"))
rsPvtMem.close
set rsPvtMem=nothing
end if
if intState<>1 then
my_Conn.close
set my_Conn=nothing
response.redirect "air_no_access.asp"
end if
Your page contents go here |
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
Edited by - Shaggy on 04 May 2005 11:57:15 |
 |
|
|
jcm001
Starting Member
45 Posts |
Posted - 04 May 2005 : 11:51:56
|
| Thx Shaggy. I'll take a look at trying this out over the next week. |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 04 May 2005 : 11:57:32
|
You're welcome. 
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
jcm001
Starting Member
45 Posts |
Posted - 30 May 2005 : 10:58:46
|
I tried to implement this today. It successfully pulls in the header, but produces then produces the error message:
Microsoft VBScript runtime error '800a000d'
Type mismatch
/forum/air_new_page_2.asp, line 62 (highlighted in red below)
intState=0
if mlev>0 then
strPassword=trim(request.cookies(strUniqueId&"User")("Password"))
sSQL="SELECT M_SUB_STATE FROM FORUM_MEMBERS WHERE M_NAME='"&strDBNTUsername&"' AND M_PASSWORD='"&strPassword&"' AND M_STATUS=1"
set rsPvtMem=server.createobject("ADODB.Recordset")
rsPvtMem.open(sSQL),my_Conn,adOpenForwardOnly,adLockReadOnly,adCmdText
if not (rsPvtMem.eof or rsPvtMem) then intState=clng(rsPvtMem("M_SUB_STATE"))
rsPvtMem.close
set rsPvtMem=nothing
end if
if intState<>1 then
my_Conn.close
set my_Conn=nothing
response.redirect "air_no_access.asp"
end if
Your page contents go here
Any thoughts? |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 30 May 2005 : 11:01:18
|
Change rsPvtMem.eof or rsPvtMem to rsPvtMem.eof or rsPvtMem.bof. Don't know where that bof disappeared to, sorry 'bout that.
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
Edited by - Shaggy on 30 May 2005 11:01:31 |
|
|
|
jcm001
Starting Member
45 Posts |
Posted - 30 May 2005 : 15:21:27
|
As always: thank you very much for your assistance Shaggy. I made the change, and it seems that the code's instructions are actually followed from beginning to end. However, from what i can tell, the user is always redirected through to the air_no_access page. I looked at the code and it seems as if there is a line missing after "rsPvtMem.open(sSQL),my_Conn,adOpenForwardOnly,adLockReadOnly,adCmdText" that actually assigns intState to 1 in the case where mLev > 0 . E.g., something along the line of "intstate is equal to the value contained in the rsPvtMem object? Any suggestions?
|
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 31 May 2005 : 05:07:22
|
That's actually on the following line which checks to make sure you don't have an empty recordset before assingning the value in M_SUB_STATE to the intState variable. Only reason I can see for your problem is that the member is not logged in or they have a value of 0 for M_SUB_STATE.
Try using a response.write on a random string to ensure that mlev>0 and you do not have an empty recordset.
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
jcm001
Starting Member
45 Posts |
Posted - 31 May 2005 : 12:02:42
|
| Most excellent! Thank you! I got it to work. |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 31 May 2005 : 12:11:48
|
You're welcome What was the problem?
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
jcm001
Starting Member
45 Posts |
Posted - 31 May 2005 : 13:27:00
|
| To tell you the truth...I'm not sure. I think it had to do with the way the M_SUB_STATE field was being called from the database in lines three and four. I blended in some of the syntax I had used in my old script with the one you had presented and it works. Woo-Hoo! My guess is that my database might have had something to do with it? I'm using MySQL as opposed to MS SQL. |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 01 June 2005 : 05:19:51
|
Weird! Well, at least it's working now
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
Tastech
Starting Member
Australia
2 Posts |
Posted - 19 June 2005 : 11:19:50
|
Hi JCM001
Could we see the finalised code please. I'd find this usefull as well.
Tastech |
Cheers
Tastech |
|
|
| |
Topic |
|
Topic Locked
