Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 Accessing pop_mail.asp without being logged in		  New Topic  Topic Locked
 Printer Friendly
Author  Topic Next Topic  

muzishun
Senior Member

United States
1079 Posts
Posted - 02 July 2005 :  11:35:19  Show Profile  Visit muzishun's Homepage
I found this today when testing a couple other changes I've been making to my forums.

Although the members and pop_profile pages can't be viewed when a user is not logged in, the pop_mail page is still accessible if you type the url into the address bar with a valid member id.

Just change the following lines (at the beginning of pop_mail.asp) from this:
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_sha256.asp" -->
<!--#INCLUDE FILE="inc_header_short.asp" -->
<!--#INCLUDE file="inc_func_member.asp" -->
<% 
if Request.QueryString("ID") <> "" and IsNumeric(Request.QueryString("ID")) = True then
	intMemberID = cLng(Request.QueryString("ID"))
else
	intMemberID = 0
end if

'## Forum_SQL

to this:
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_sha256.asp" -->
<!--#INCLUDE FILE="inc_header_short.asp" -->
<!--#INCLUDE file="inc_func_member.asp" -->
<% 
if strDBNTUserName = "" then
	Response.Write	"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """ color=""" & strHiLiteFontColor & """>There Was A Problem!</font></p>" & vbNewLine & _
			"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """ color=""" & strHiLiteFontColor & """>You must be logged in to send mail from the forums!</font></p>" & vbNewLine & _
			"      <br />" & vbNewLine
	WriteFooterShort
	Response.End
end if
if Request.QueryString("ID") <> "" and IsNumeric(Request.QueryString("ID")) = True then
	intMemberID = cLng(Request.QueryString("ID"))
else
	intMemberID = 0
end if

'## Forum_SQL
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Edited by - Davio on 03 July 2005 18:39:57

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 02 July 2005 :  23:48:07  Show Profile
which version of the forum are you using?

I think you'll find if you try it on this forum (which is running v3.4.05) that it does show an error message about needing to be logged in to send mail.

It could have been showing you a cached page if you had gone to the pop_mail page and then logged out and tried it while logged out. Just forcing a refresh on the page and you'll should get the error message.
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 03 July 2005 :  12:03:18  Show Profile  Visit muzishun's Homepage
I'm running 3.4.05. You're right. After looking through the file a bit more, it does give you an error if you try to send mail without being logged in. I guess I just thought it made more sense to do the check before even displaying the page.

EDIT: Thanks for moving the page, Davio. This is probably a better forum for it.
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Edited by - muzishun on 03 July 2005 23:31:01
Go to Top of Page
   Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.14 seconds. Powered By: Snitz Forums 2000 Version 3.4.07