| Author |
 Topic  |
|
Rocket468
New Member
USA
57 Posts |
 Posted - 07 November 2005 : 13:16:26
|
I had OneWayMule help me with my guestbook question and I saw his profile view mod and thought It would be perfect to replace my page counter on a page of mine. This would keep me from getting false counts. I have been playing with it and I am missing something :( I would greatly aprciate any help. Thanks.
here is the page I am trying to redo his mod to work on.
http://www.professionalhouseplan.com/plan_details.asp?id=1
user test
pass test
test is id 13
Here is the txt of my code, If i did something funny fill free to point it out I am very new to coding and web development. The page count is at the very bottom.
http://www.professionalhouseplan.com/plan_details.asp.txt
so instead of the members MEMBERS.M_PAGE_VIEWS I am trying to save it in the table plan_details with the field finalPlanScore
Each plan is uploaded by a "designer" which would basicly be the who's profile your looking at.
'############# PROFILE VIEWS MOD #########
If getMemberID(strDBNTUserName) <> ChkString(rs_block_user("Designer")) Then
lastviewid = Request.Cookies(strCookieURL & "lastviewid")
If lastviewid = "" Then lastviewid = -1
If ChkString(lastviewid) <> ChkString(rs_block_user("Designer")) Then
'update page views
sql_block_user = "Update plan_details"
sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1"
sql_block_user = sql_block_user & " WHERE MEMBER_ID=" & rs_block_user("Designer")
my_Conn.Execute(strSql)
Response.Cookies(strCookieURL & "lastviewid") = ChkString(rs_block_user("Designer"))
Response.Cookies(strCookieURL & "lastviewid").Expires = dateadd("d",1,now())
End If
End If
'############# PROFILE VIEWS MOD #########
|
|
Edited by - Rocket468 on 07 November 2005 14:07:57 |
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 07 November 2005 : 15:24:00
|
Yea, thats exactly what I am looking for. It also checks that guest are not hitting refresh?
I don't know how to post structer.
I deleted all the default shn version of snits so its 192kb.
http://www.professionalhouseplan.com/db.mdb
What I have above am i even on the right track? |
|
Edited by - Rocket468 on 07 November 2005 15:36:22 |
 |
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
Posted - 07 November 2005 : 15:46:58
|
OK, first of all, I noticed some security issues in your code.
I highly recomment validating the querystring in the following code:
IF REQUEST("id")<>"" THEN
DIM footings
dim designer
dim sqlfootings
dim rsfootings
SET rs_footings = Server.CreateObject("ADODB.Recordset")
sql_footings = "SELECT * FROM plan_Footings WHERE plan_id = " & REQUEST("id")
rs_footings.open sql_footings,my_Conn,3,3
Dim sql_block_user
Dim rs_block_user
DIM planType
SET rs_block_user = Server.CreateObject("ADODB.Recordset")
sql_block_user = "select * from plan_details where plan_id = " & REQUEST("id")
rs_block_user.open sql_block_user,my_Conn,3,3
Here's my solution:
intID = Request.QueryString("id")
If Not isNumeric(intID) or trim(intID) = "" Then
Response.Redirect("default.asp")
Else
intID = CLng(intID)
DIM footings
dim designer
dim sqlfootings
dim rsfootings
SET rs_footings = Server.CreateObject("ADODB.Recordset")
sql_footings = "SELECT * FROM plan_Footings WHERE plan_id = " & intiD
rs_footings.open sql_footings,my_Conn,3,3
Dim sql_block_user
Dim rs_block_user
DIM planType
SET rs_block_user = Server.CreateObject("ADODB.Recordset")
sql_block_user = "select * from plan_details where plan_id = " & intID
rs_block_user.open sql_block_user,my_Conn,3,3
Now here's the views code, simply replace the code block in your file with this one:
'############# PROFILE VIEWS MOD #########
If getMemberID(strDBNTUserName) <> ChkString(rs_block_user("Designer")) Then
lastplanviewid = Request.Cookies(strCookieURL & "lastplanviewid")
If lastplanviewid = "" Then lastplanviewid = -1
If ChkString(lastplanviewid) <> ChkString(rs_block_user("Designer")) Then
'update page views
sql_block_user = "Update plan_details"
sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1"
sql_block_user = sql_block_user & " WHERE plan_id=" & intID
my_Conn.Execute(strSql)
Response.Cookies(strCookieURL & "lastplanviewid") = intID
Response.Cookies(strCookieURL & "lastplanviewid").Expires = dateadd("d",1,now())
End If
End If
'############# PROFILE VIEWS MOD #########
If you have any questions, feel free to ask. |
My MODs:
Birthdays - Custom Policy - F.A.Q. Administration - Forum Rules - Guestbook
Links Manager - MyOwnGoogle - Profile Views - Search Log - WebSearch
Useful stuff:
Forum and MOD Installation - MOD Installation Guide - Snitz v3.4.05 Readme - Free ASP Hosts - Support Snitz
|
|
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 07 November 2005 : 16:14:54
|
I will go thru all my other pages and fix the validating the querystring. I have that on afew of my pages. Most eveything I have done is from the how to websites, that I have played with.
I updated your fixes on the page already. The lastviewed is worken, I see it putting up the last page up. It just does not add to the counter on the first vist, that I can see. Is this right for updating sql_block_user = "Update plan_details" I may not have that right |
|
|
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 07 November 2005 : 16:49:46
|
| I was saying that it does not seem to be doing sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1 porton the first time when I am loged on as user test Or its not actualy updating the db. |
|
Edited by - Rocket468 on 07 November 2005 16:51:36 |
|
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
Posted - 07 November 2005 : 16:59:58
|
Aahh.. change this
'############# PROFILE VIEWS MOD #########
If getMemberID(strDBNTUserName) <> ChkString(rs_block_user("Designer")) Then
lastplanviewid = Request.Cookies(strCookieURL & "lastplanviewid")
If lastplanviewid = "" Then lastplanviewid = -1
If ChkString(lastplanviewid) <> ChkString(rs_block_user("Designer")) Then
'update page views
sql_block_user = "Update plan_details"
sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1"
sql_block_user = sql_block_user & " WHERE plan_id=" & intID
my_Conn.Execute(strSql)
Response.Cookies(strCookieURL & "lastplanviewid") = intID
Response.Cookies(strCookieURL & "lastplanviewid").Expires = dateadd("d",1,now())
End If
End If
'############# PROFILE VIEWS MOD #########
to
'############# PROFILE VIEWS MOD #########
If getMemberID(strDBNTUserName) <> ChkString(rs_block_user("Designer")) Then
lastplanviewid = Request.Cookies(strCookieURL & "lastplanviewid")
If lastplanviewid = "" Then lastplanviewid = -1
If ChkString(lastplanviewid) <> ChkString(rs_block_user("Designer")) Then
'update page views
sql_block_user = "Update plan_details"
sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1"
sql_block_user = sql_block_user & " WHERE plan_id=" & intID
my_Conn.Execute(sql_block_user)
Response.Cookies(strCookieURL & "lastplanviewid") = intID
Response.Cookies(strCookieURL & "lastplanviewid").Expires = dateadd("d",1,now())
End If
End If
'############# PROFILE VIEWS MOD ######### |
My MODs:
Birthdays - Custom Policy - F.A.Q. Administration - Forum Rules - Guestbook
Links Manager - MyOwnGoogle - Profile Views - Search Log - WebSearch
Useful stuff:
Forum and MOD Installation - MOD Installation Guide - Snitz v3.4.05 Readme - Free ASP Hosts - Support Snitz
|
|
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 07 November 2005 : 17:21:20
|
Ok, now the counter is adding, I can't belive i missed that one.
But it is adding on refresh and when getMemberID(strDBNTUserName)=ChkString(rs_block_user("Designer"))
I realy do apriciate you taking your time and helping me. I owe you one. |
|
|
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
Posted - 07 November 2005 : 17:28:45
|
quote:
Ok, now the counter is adding, I can't belive i missed that one.
But it is adding on refresh and when getMemberID(strDBNTUserName)=ChkString(rs_block_user("Designer"))
Oh, haven't noticed that one.
Replace
'############# PROFILE VIEWS MOD #########
If getMemberID(strDBNTUserName) <> ChkString(rs_block_user("Designer")) Then
lastplanviewid = Request.Cookies(strCookieURL & "lastplanviewid")
If lastplanviewid = "" Then lastplanviewid = -1
If ChkString(lastplanviewid) <> ChkString(rs_block_user("Designer")) Then
'update page views
sql_block_user = "Update plan_details"
sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1"
sql_block_user = sql_block_user & " WHERE plan_id=" & intID
my_Conn.Execute(sql_block_user)
Response.Cookies(strCookieURL & "lastplanviewid") = intID
Response.Cookies(strCookieURL & "lastplanviewid").Expires = dateadd("d",1,now())
End If
End If
'############# PROFILE VIEWS MOD #########
with
'############# PROFILE VIEWS MOD #########
If getMemberID(strDBNTUserName) <> rs_block_user("Designer") Then
lastplanviewid = Request.Cookies(strCookieURL & "lastplanviewid")
If lastplanviewid = "" Then lastplanviewid = -1
If ChkString(lastplanviewid) <> rs_block_user("Designer") Then
'update page views
sql_block_user = "Update plan_details"
sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1"
sql_block_user = sql_block_user & " WHERE plan_id=" & intID
my_Conn.Execute(sql_block_user)
Response.Cookies(strCookieURL & "lastplanviewid") = intID
Response.Cookies(strCookieURL & "lastplanviewid").Expires = dateadd("d",1,now())
End If
End If
'############# PROFILE VIEWS MOD #########
quote:
I realy do apriciate you taking your time and helping me. I owe you one.
No problem.  |
My MODs:
Birthdays - Custom Policy - F.A.Q. Administration - Forum Rules - Guestbook
Links Manager - MyOwnGoogle - Profile Views - Search Log - WebSearch
Useful stuff:
Forum and MOD Installation - MOD Installation Guide - Snitz v3.4.05 Readme - Free ASP Hosts - Support Snitz
|
|
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 07 November 2005 : 17:44:09
|
That fixed the designer being able to add to count but non logged in can still add to count with refresh. I think I am on the right track but its no go.
'############# PROFILE VIEWS MOD #########
If getMemberID(strDBNTUserName) <> rs_block_user("Designer") Then
lastplanviewid = Request.Cookies(strCookieURL & "lastplanviewid")
If lastplanviewid = "" Then lastplanviewid = -1
If ChkString(lastplanviewid) <> & intID Then
'update page views
sql_block_user = "Update plan_details"
sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1"
sql_block_user = sql_block_user & " WHERE plan_id=" & intID
my_Conn.Execute(sql_block_user)
Response.Cookies(strCookieURL & "lastplanviewid") = intID
Response.Cookies(strCookieURL & "lastplanviewid").Expires = dateadd("d",1,now())
End If
End If
'############# PROFILE VIEWS MOD ######### |
|
|
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
Posted - 07 November 2005 : 17:52:05
|
OK, looks like I should get some sleep... 
Anyway, give this a try:
'############# PROFILE VIEWS MOD #########
If getMemberID(strDBNTUserName) <> rs_block_user("Designer") Then
lastplanviewid = Request.Cookies(strCookieURL & "lastplanviewid")
If lastplanviewid = "" Then lastplanviewid = -1
If Clng(lastplanviewid) <> & intID Then
'update page views
sql_block_user = "Update plan_details"
sql_block_user = sql_block_user & " SET finalPlanScore = finalPlanScore + 1"
sql_block_user = sql_block_user & " WHERE plan_id=" & intID
my_Conn.Execute(sql_block_user)
Response.Cookies(strCookieURL & "lastplanviewid") = intID
Response.Cookies(strCookieURL & "lastplanviewid").Expires = dateadd("d",1,now())
End If
End If
'############# PROFILE VIEWS MOD ######### |
My MODs:
Birthdays - Custom Policy - F.A.Q. Administration - Forum Rules - Guestbook
Links Manager - MyOwnGoogle - Profile Views - Search Log - WebSearch
Useful stuff:
Forum and MOD Installation - MOD Installation Guide - Snitz v3.4.05 Readme - Free ASP Hosts - Support Snitz
|
Edited by - OneWayMule on 07 November 2005 17:52:29 |
|
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 07 November 2005 : 18:01:00
|
| Everthing works now :) thank you so much. 1 more check mark on my list of hundreds to having this website done. |
|
|
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 08 November 2005 : 02:08:59
|
Do You know any good links that discuss this security? I spent all night fixen most of them. Most all of them are exactly like the one you showed me. This one I have spent a couple hours on and I am pretty much stuck. It's
This is my orginal.
IF (REQUEST("planNum"))<>"" THEN
ForPlan = (REQUEST("planNum") )
sET rs_block_user = Server.CreateObject("ADODB.Recordset")
sql_block_user = "SELECT * FROM plan_details WHERE Plan_No LIKE '%" & REQUEST("planNum") & "%' ORDER BY " & sortBy
elseif (request("des"))<>"" THEN
forplan = "Designers Plan"
SET rs_block_user = Server.CreateObject("ADODB.Recordset")
sql_block_user = "SELECT * FROM plan_details WHERE designer LIKE '%" & REQUEST("des") & "%' ORDER BY " & sortBy
else
Response.Redirect("default.asp")
end if
This is what I have so far. But it seems like any way i play with the <> or = or the Not, Something does not work.
intpn = Request("planNum")
intdes = Request("des")
if intdes <> "" or isNumeric(intdes) or trim(intdes) <> "" Then
forplan = (intdes)
SET rs_block_user = Server.CreateObject("ADODB.Recordset")
sql_block_user = "SELECT * FROM plan_details WHERE designer LIKE '%" & CLng(intdes) & "%' ORDER BY " & sortBy
else if intpn <> "" or isNumeric(intpn) or trim(intpn) <> "" Then
ForPlan = (intpn)
sET rs_block_user = Server.CreateObject("ADODB.Recordset")
sql_block_user = "SELECT * FROM plan_details WHERE Plan_No LIKE '%" & CLng(intpn) & "%' ORDER BY " & sortBy
else
Response.Redirect("default.asp")
end if
end if
|
|
|
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 08 November 2005 : 15:21:45
|
from searchen around I find it's called sql injection. I will read up more on it.
I got the code figured out. I just need to stare at it for awhile longer.
Thanks again for your help. |
|
|
|
|
Topic |
|
Topic Locked
