| Author |
 Topic  |
|
cory_booth
Starting Member
Bhutan
13 Posts |
 Posted - 07 April 2006 : 09:37:14
|
Hey...
Trying to renew interest in this post:
I have compiled what I think is a self - contained ldap login which I hope will eventually log the
user into snitz....
Question...
Since I am able to write user's record into the member table and generate the cookie...
Why isn't the user marked "logged in" when this routine completes and then passes off to
default.asp?
<%
Response.expires = 0
Response.expiresabsolute = Now() - 1
Response.addHeader "pragma", "no-cache"
Response.addHeader "cache-control", "private"
Response.CacheControl = "no-cache"
Session.Timeout = 30
'Required by the LDAP server with password verification
on error resume next
'If the .asp?action=99 then kill the login session
sAction = request.querystring("action")
if sAction=99 then
Session("ldap_login") = ""
sAction=0
End If
'The superuser for getting controlled items
SUPERBROKER = "test.test"
SUPERBROKERPWD = "password"
'If the session login is already set - skip all this
If Session("ldap_login") = "login" Then
Response.Redirect "default.asp"
End If
If Request.Form("submit") = "Login" Then
bValidPwd = False
'Form ID Fields
sUserName = request.form("userid")
sPassWord = request.form("passwd")
'Check for null values
If Len(sUserName) = 0 Or Len(sPassWord) = 0 Then
ErrorLvl=1
bValidPwd=False
End If
'If no nulls then ping the LDAP for Error Response and thus password validation
If Len(sUserName) > 0 or Len(sPassWord) > 0 Then
LDAPServer = "LDAP://directory.ldap.com:636/"
dnUserName = "cn=" & sUserName & ",ou=People,ou=Company,ou=Domain,o=Domain,c=US"
Set oLDAP = GetObject("LDAP:")
Set oContainer = oLDAP.OpenDSObject(LDAP & dnUserName, dnUserName, sPassWord, 2)
If Err.Number = 0 Then
bValidPwd = True
ErrorLvl=0
Else
ErrorLvl = 2
bValidPwd = False
End If
'End The LDAP Authentication
End If
'End the Text Box Login
End If
'Superbroker validation
If ErrorLvl = 0 Then
dnAdmin = "cn=" & SUPERBROKER & ",ou=administrators,ou=Company,ou=Domain,o=Domain,c=US"
Server = "LDAP://directory.ldap.com:636/"
dnUserName = "cn=" & sUserName & ",ou=People,ou=Company,ou=Domain,o=Domain,c=US"
Set oLDAP = GetObject("LDAP:")
Set oContainer = oLDAP.OpenDSObject(Server & dnUserName, dnAdmin, SUPERBROKERPWD, 2)
SSN = oContainer.Get("SSN")
Email = oContainer.Get("mail")
First = oContainer.Get("givenname")
Last = oContainer.Get("sn")
Name = First & " " & Last
'Check for Valid Info
If Len(Name) = 0 Or Len(Email) = 0 Then
ErrorLvl = 4 ' No info from LDAP server
End If
'End Superbroker validation
End If
If IsNull(ErrorLvl) Then
Session("ewmsg") = ""
End If
'Do Final Checks
If ErrorLvl=1 then
Session ("ewmsg") = "Your login or password was blank."
End If
If ErrorLvl=2 then
Session ("ewmsg") = "You ID and/or password were incorrect. Please check your entries and try again."
End If
If Errorlvl = 4 then
Session("ewmsg") = "The retrieval of your information failed, you can not continue."
End If
'Final Validation and Session establishment
If ErrorLvl = 0 and bValidPwd = True Then
'Write the session cookie
'Connect to Snitz-db by using strConnString
strConnString = "*****")
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_header.asp" -->
<%
'Do I need this I I use an external LDAP server?
%>
<!--#INCLUDE FILE="inc_sha256.asp"-->
<%
Dim objRS, intIDForNewRecord
'If Len(Session("Snitz"))=0 then
'OK I need to add a If rs.EOF to make sure I don't write the user in the DB twice....
Set objRS = Server.CreateObject ("ADODB.Recordset")
objRS.Open "Forum_Members", strConnString , adOpenStatic, adLockOptimistic, adCmdTable
objRS.MoveLast
'intIDForNewRecord = objRS("Member_ID") + 1
objRS.AddNew ' add a new record
objRS("M_EMAIL")=Email
objRS("M_NAME") = Name
objRS("M_COUNTRY")="USA"
objRS("M_FIRSTNAME")= First
objRS("M_LASTNAME")= Last
strEncodedPassword = sha256("" & trim(sPassWord))
objRS("M_Password") = strEncodedPassword
objRS.Update
objRS.Close
Set objRS = Nothing
'What is significant about the sPassword within the cookie???
call doCookies(sPassWord)
end if
' this is Snitz-code used by call doCookies above
sub doCookies(fSavePassWord)
if strSetCookieToForum = 0 then
Response.Cookies(strUniqueID & "User").Path = strCookieURL
else
Response.Cookies(strUniqueID & "User").Path = "/"
end if
Response.Cookies(strUniqueID & "User")("Name") = sUserName
Response.Cookies(strUniqueID & "User")("Pword") = strEncodedPassword
Response.Cookies(strUniqueID & "User").Expires = dateAdd("d", intCookieDuration, strForumTimeAdjust)
end sub
response.redirect "default.asp"
End If
'Nothing? Then do the login routine
%>
<html>
<head>
<title>Online Authentication</title>
</head>
<body bgcolor="EAEAD5" leftmargin="0" topmargin="0" marginheight="0" marginwidth="0">
<tr>
<td><b><center><font color="darkred">Online Authentication</font></center></b></td>
</tr>
<center>
<body bgcolor="#EAEAD5">
<table border="1" cellpadding="0" cellspacing="0" bgcolor="#EAEAD5">
<tbody><tr><td bgcolor="#EAEAD5" width="709">
<table width="70%" align="center">
<tr><td>
<font face="Verdana" color="black" size="2">
<center><strong>Welcome to the Website.<br>
</strong>
<font size="1">This site is intended for use System Managers and Maintainers.
</center></strong></font></td></tr></table>
<%
If Session("ewmsg") <> "" Then
%>
<p><center><font color="red" size="1"><%= Session("ewmsg") %></center></font></p>
<%
Session("ewmsg") = "" ' Clear message
End If
%>
<form action="ldap.asp" method="post">
<div align="center">
<p align="center"><font color="darkred" size="1">
<strong>Please enter your User ID and Password</strong>
</font></p></div>
<table align="center" border="0" bgcolor="#006400">
<tr><td>
<p><b><font face="Verdana" size="1" color="white">Userid</font></b></p></td>
<td><input name="userid" size="28"></td>
</tr>
<tr><td>
<b><font face="Verdana" size="1" color="white">Password</font></b></td>
<td><input type="password" name="passwd" size="28"></td>
</tr>
<tr><td colspan="2"><center>
<input type="submit" value="Login" name="submit"> <input type="reset" value="Reset" name="Reset">
</td></tr></table><br></td></tr></center>
<tr><td width="707" align="right">
<center><font face="Verdana"><font size="1"><font color="black">
</td>
</tr>
</tbody>
</table>
</body>
</html> |
quote:
why did you not post this at Snitz?
The main reasons why this was not posted at Snitz and why I might not post the bugs I find
directly at Snitz anymore are the ways "ruirib and HuwR" take pleasure to criticize just about
anything I post and seem to resent the fact that I want to improve and correct Snitz which, I agree,
serve as the original base for my own Forum.
These are some of the actions I find unacceptable:
ruirib and HuwR take fun to Delete some of my topics, of my replies, locked or move my topic.
A topic posted last week from me to Davio in "Help: MOD Implementation" Forum as been deleted.
Two replies in my topic as been deleted about a bug on snitz topic page:
http://forum.snitz.com/forum/topic.asp?whichpage=5.96&TOPIC_ID=44136#372029
A Fix to texanman as been deleted (first reply to texanman subject):
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=66162
One of my Multi-Language Topic on Snitz has disappeared last night
Multi-Language and Multi-Language Skin3D
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=40765
etc...
3 times I changed my password and the day after the same game start.
Since I send to HuwR a donation of $200 on December 22, 2006
this guy HuwR has never stop to pick on every thing I post on the Snitz Forum.
I have even received from HuwR and ruirib an e-mail threatening to ban me from Snitz Forum :
Hello
You received the following message from: ruirib (ruirib@ruirib.net)
At: http://forum.snitz.com/forum/
It was a pleasure to have you there, hope you enjoyed the ride ;).
And don't try to sneak in...
Goodbye ;).
Hey as_shole, I know it’s Davio who is a member at your forums, gonna lock him out too |
 |
|
|
curt0
Starting Member
5 Posts |
Posted - 31 July 2006 : 21:05:34
|
I would like to integrate a discussion forum to my website.
To those people who have done this: How many hours or days of work does it take?
To Snitz: Is there a comprehensive page that has full instructions on how to do this?
Explanation of what I like to do:
My website uses ASP and SQL Server. I already have a user database, registration and sign-in. There should be single-sign-on. That is, if the user signs in through one of my pages, he should be also signed in for the forum. If he signs in through the forum page, he should also be signed into my website. If it's a new registration of a visitor, the registration should be handled on my page and after registration, the user should be automatically signed into my website and into the forum. From reading the threads on this forum about integration, it looks like it's a very complicated process. Almost prohibitively complicated. |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 31 July 2006 : 21:36:15
|
Using SQL Server you have probably the easiest scenario of all, since you can just create a view that will be used as the FORUM_MEMBERS table and then add INSTEAD OF triggers to keep this table updated. If you know how to write an INSTEAD of TRIGGER and know how Snitz handles login, it's definitely not complicated.
P.S.: You should have started a new topic. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
arnneisp
Starting Member
5 Posts |
Posted - 05 October 2006 : 08:29:31
|
Hi,
I've tried to follow Roger's sample. Using Access DB is simple.
My ASP updates the FORUM_MEMBERS, creates the Cookies, but when I redirect to default.asp, I still have to Login. The page does not recognize the settings.
Any idea ? Hint & Tip ?
Thanks. |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
arnneisp
Starting Member
5 Posts |
Posted - 06 October 2006 : 03:04:48
|
I beleive I do. Here is the code:
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_header_short.asp" -->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<%
Dim objRS, intIDForNewRecord
strConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../db/snitz_forums_2000.mdb")
Set objRS = Server.CreateObject ("ADODB.Recordset")
objRS.CursorType = 1
objRS.LockType = 3
objRS.Open "SELECT * FROM Forum_Members", strConnString
'objRS.MoveLast
'intIDForNewRecord = objRS("Member_ID") + 1
'response.write "About to add"
objRS.AddNew ' add a new record
objRS("M_EMAIL")=myContactEmail
objRS("M_NAME") = LoginName
objRS("M_USERNAME") = LoginName
objRS("M_COUNTRY")=myCountry
objRS("M_FIRSTNAME")= Wrd(myContactName,1)
objRS("M_LASTNAME")= Wrd(myContactName,2)
strEncodedPassword = sha256("" & trim(pass))
objRS("M_Password") = strEncodedPassword
objRS.Update
'response.write err
objRS.Close
Set objRS = Nothing
call doCookies(pass)
Session("Snitz")="OK"
' this is Snitz-code used by call doCookies above
sub doCookies(fSavePassWord)
if strSetCookieToForum = 0 then
Response.Cookies(strUniqueID & "User").Path = strCookieURL
else
Response.Cookies(strUniqueID & "User").Path = "/"
end if
Response.Cookies(strUniqueID & "User")("Name") = sUserName
Response.Cookies(strUniqueID & "User")("Pword") = strEncodedPassword
Response.Cookies(strUniqueID & "User").Expires = dateAdd("d", intCookieDuration, strForumTimeAdjust)
end sub
function Wrd(txt,no)
i=instr(trim(txt) & " "," ")
if i>0 then
if no = 1 then
Wrd = mid(txt,1,i-1)
else
Wrd = trim(mid(txt,i+1))
end if
else
if no = 1 then
Wrd = trim(txt)
else
Wrd = ""
end if
end if
end function
response.redirect "default.asp"
%> |
|
|
|
arnneisp
Starting Member
5 Posts |
Posted - 06 October 2006 : 03:11:16
|
OK !!! I found my problem.
I should have changed sUserName to LoginName in the doCookies sub.
It now works !!!
Many thanks for the help.
Cheers,
Arnnei |
|
|
|
Roger Fredriksson
Average Member
Sweden
556 Posts |
Posted - 06 October 2006 : 04:58:27
|
 |
rf/www.avgifter.com |
|
|
|
Roger Fredriksson
Average Member
Sweden
556 Posts |
Posted - 05 November 2006 : 16:41:06
|
Do you have a login/registration for your photo gallery?
If not I think it´s enough to just put
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_header_short.asp" -->
<!--#INCLUDE FILE="inc_sha256.asp"-->
in the gallery files and use the value of mlev (mlev=1 for logged in visitors, do a search for mlev to see what other values means ) to decide whether the visitor is allowed to access the gallery page or not. That is the technique I use for my non-Snitz pages and it works great.
|
rf/www.avgifter.com |
Edited by - Roger Fredriksson on 05 November 2006 16:42:24 |
|
|
|
chrigou
Starting Member
Bhutan
1 Posts |
Posted - 26 November 2007 : 02:37:38
|
The integration seemed not to work with the last version 3.4.06...
Here is my code that works well for me, I mean if you have the UserName and Password of an already existing member in the forum, you can bypass the login form of snitz like this:
<%@LANGUAGE="VBSCRIPT"%>
<%
strConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("/path/snitz_forums_2000.mdb") '## MS Access 2000 using virtual path
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<%
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open strConnString
%>
<!--#INCLUDE FILE="inc_func_common.asp"-->
<%
dim retourChk, myUserName, myPassword
myUserName = "Toto" ' from your database
myPassword = "pwdpwd" ' from your database
strEncodedPassword = sha256(myPassword)
retourChk = chkUser(myUserName, strEncodedPassword, -1)
select case retourChk
case 1, 2, 3, 4
strDBNTUserName = myUserName
Call DoCookies(true)
strLoginStatus = 1
case else
strLoginStatus = 0
end select
my_Conn.Close
set my_Conn = nothing
Response.Redirect("default.asp")
%>
WARNING: this code MUST be in the same directory of the forum to works !
|
quote:
why did you not post this at Snitz?
The main reasons why this was not posted at Snitz and why I might not post the bugs I find
directly at Snitz anymore are the ways "ruirib and HuwR" take pleasure to criticize just about
anything I post and seem to resent the fact that I want to improve and correct Snitz which, I agree,
serve as the original base for my own Forum.
These are some of the actions I find unacceptable:
ruirib and HuwR take fun to Delete some of my topics, of my replies, locked or move my topic.
A topic posted last week from me to Davio in "Help: MOD Implementation" Forum as been deleted.
Two replies in my topic as been deleted about a bug on snitz topic page:
http://forum.snitz.com/forum/topic.asp?whichpage=5.96&TOPIC_ID=44136#372029
A Fix to texanman as been deleted (first reply to texanman subject):
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=66162
One of my Multi-Language Topic on Snitz has disappeared last night
Multi-Language and Multi-Language Skin3D
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=40765
etc...
3 times I changed my password and the day after the same game start.
Since I send to HuwR a donation of $200 on December 22, 2006
this guy HuwR has never stop to pick on every thing I post on the Snitz Forum.
I have even received from HuwR and ruirib an e-mail threatening to ban me from Snitz Forum :
Hello
You received the following message from: ruirib (ruirib@ruirib.net)
At: http://forum.snitz.com/forum/
It was a pleasure to have you there, hope you enjoyed the ride ;).
And don't try to sneak in...
Goodbye ;).
Hey as_shole, I know it’s Davio who is a member at your forums, gonna lock him out too |
Edited by - chrigou on 26 November 2007 02:38:53 |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 26 November 2007 : 09:14:24
|
| There's also the Universal Login MOD that can be found over at SnitzBitz. |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
Topic |
|
|
|
Topic Locked
