|
cory_booth
Starting Member
Bhutan
13 Posts |
 Posted - 07 April 2006 : 09:31:21
|
Hey!
OK, I see this topic being discussed from time to time, but it always seems to die off...
Here is an ASP login code I have compiled from many tips... The question I have is...
Why doesn't this script log the user in automatically?
Isn't the cookie generated properly?
<%
Response.expires = 0
Response.expiresabsolute = Now() - 1
Response.addHeader "pragma", "no-cache"
Response.addHeader "cache-control", "private"
Response.CacheControl = "no-cache"
Session.Timeout = 30
'Required by the LDAP server with password verification
on error resume next
'If the .asp?action=99 then kill the login session
sAction = request.querystring("action")
if sAction=99 then
Session("ldap_login") = ""
sAction=0
End If
'The superuser for getting controlled items
SUPERBROKER = "test.test"
SUPERBROKERPWD = "password"
'If the session login is already set - skip all this
If Session("ldap_login") = "login" Then
Response.Redirect "default.asp"
End If
If Request.Form("submit") = "Login" Then
bValidPwd = False
'Form ID Fields
sUserName = request.form("userid")
sPassWord = request.form("passwd")
'Check for null values
If Len(sUserName) = 0 Or Len(sPassWord) = 0 Then
ErrorLvl=1
bValidPwd=False
End If
'If no nulls then ping the LDAP for Error Response and thus password validation
If Len(sUserName) > 0 or Len(sPassWord) > 0 Then
LDAPServer = "LDAP://directory.ldap.com:636/"
dnUserName = "cn=" & sUserName & ",ou=People,ou=Company,ou=Domain,o=Domain,c=US"
Set oLDAP = GetObject("LDAP:")
Set oContainer = oLDAP.OpenDSObject(LDAP & dnUserName, dnUserName, sPassWord, 2)
If Err.Number = 0 Then
bValidPwd = True
ErrorLvl=0
Else
ErrorLvl = 2
bValidPwd = False
End If
'End The LDAP Authentication
End If
'End the Text Box Login
End If
'Superbroker validation
If ErrorLvl = 0 Then
dnAdmin = "cn=" & SUPERBROKER & ",ou=administrators,ou=Company,ou=Domain,o=Domain,c=US"
Server = "LDAP://directory.ldap.com:636/"
dnUserName = "cn=" & sUserName & ",ou=People,ou=Company,ou=Domain,o=Domain,c=US"
Set oLDAP = GetObject("LDAP:")
Set oContainer = oLDAP.OpenDSObject(Server & dnUserName, dnAdmin, SUPERBROKERPWD, 2)
SSN = oContainer.Get("SSN")
Email = oContainer.Get("mail")
First = oContainer.Get("givenname")
Last = oContainer.Get("sn")
Name = First & " " & Last
'Check for Valid Info
If Len(Name) = 0 Or Len(Email) = 0 Then
ErrorLvl = 4 ' No info from LDAP server
End If
'End Superbroker validation
End If
If IsNull(ErrorLvl) Then
Session("ewmsg") = ""
End If
'Do Final Checks
If ErrorLvl=1 then
Session ("ewmsg") = "Your login or password was blank."
End If
If ErrorLvl=2 then
Session ("ewmsg") = "You ID and/or password were incorrect. Please check your entries and try again."
End If
If Errorlvl = 4 then
Session("ewmsg") = "The retrieval of your information failed, you can not continue."
End If
'Final Validation and Session establishment
If ErrorLvl = 0 and bValidPwd = True Then
'Write the session cookie
'Connect to Snitz-db by using strConnString
strConnString = "*****")
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_header.asp" -->
<%
'Do I need this I I use an external LDAP server?
%>
<!--#INCLUDE FILE="inc_sha256.asp"-->
<%
Dim objRS, intIDForNewRecord
'If Len(Session("Snitz"))=0 then
'OK I need to add a If rs.EOF to make sure I don't write the user in the DB twice....
Set objRS = Server.CreateObject ("ADODB.Recordset")
objRS.Open "Forum_Members", strConnString , adOpenStatic, adLockOptimistic, adCmdTable
objRS.MoveLast
'intIDForNewRecord = objRS("Member_ID") + 1
objRS.AddNew ' add a new record
objRS("M_EMAIL")=Email
objRS("M_NAME") = Name
objRS("M_COUNTRY")="USA"
objRS("M_FIRSTNAME")= First
objRS("M_LASTNAME")= Last
strEncodedPassword = sha256("" & trim(sPassWord))
objRS("M_Password") = strEncodedPassword
objRS.Update
objRS.Close
Set objRS = Nothing
'What is significant about the sPassword within the cookie???
call doCookies(sPassWord)
end if
' this is Snitz-code used by call doCookies above
sub doCookies(fSavePassWord)
if strSetCookieToForum = 0 then
Response.Cookies(strUniqueID & "User").Path = strCookieURL
else
Response.Cookies(strUniqueID & "User").Path = "/"
end if
Response.Cookies(strUniqueID & "User")("Name") = sUserName
Response.Cookies(strUniqueID & "User")("Pword") = strEncodedPassword
Response.Cookies(strUniqueID & "User").Expires = dateAdd("d", intCookieDuration, strForumTimeAdjust)
end sub
response.redirect "default.asp"
End If
'Nothing? Then do the login routine
%>
<html>
<head>
<title>Online Authentication</title>
</head>
<body bgcolor="EAEAD5" leftmargin="0" topmargin="0" marginheight="0" marginwidth="0">
<tr>
<td><b><center><font color="darkred">Online Authentication</font></center></b></td>
</tr>
<center>
<body bgcolor="#EAEAD5">
<table border="1" cellpadding="0" cellspacing="0" bgcolor="#EAEAD5">
<tbody><tr><td bgcolor="#EAEAD5" width="709">
<table width="70%" align="center">
<tr><td>
<font face="Verdana" color="black" size="2">
<center><strong>Welcome to the Website.<br>
</strong>
<font size="1">This site is intended for use System Managers and Maintainers.
</center></strong></font></td></tr></table>
<%
If Session("ewmsg") <> "" Then
%>
<p><center><font color="red" size="1"><%= Session("ewmsg") %></center></font></p>
<%
Session("ewmsg") = "" ' Clear message
End If
%>
<form action="ldap.asp" method="post">
<div align="center">
<p align="center"><font color="darkred" size="1">
<strong>Please enter your User ID and Password</strong>
</font></p></div>
<table align="center" border="0" bgcolor="#006400">
<tr><td>
<p><b><font face="Verdana" size="1" color="white">Userid</font></b></p></td>
<td><input name="userid" size="28"></td>
</tr>
<tr><td>
<b><font face="Verdana" size="1" color="white">Password</font></b></td>
<td><input type="password" name="passwd" size="28"></td>
</tr>
<tr><td colspan="2"><center>
<input type="submit" value="Login" name="submit"> <input type="reset" value="Reset" name="Reset">
</td></tr></table><br></td></tr></center>
<tr><td width="707" align="right">
<center><font face="Verdana"><font size="1"><font color="black">
</td>
</tr>
</tbody>
</table>
</body>
</html> |
quote:
why did you not post this at Snitz?
The main reasons why this was not posted at Snitz and why I might not post the bugs I find
directly at Snitz anymore are the ways "ruirib and HuwR" take pleasure to criticize just about
anything I post and seem to resent the fact that I want to improve and correct Snitz which, I agree,
serve as the original base for my own Forum.
These are some of the actions I find unacceptable:
ruirib and HuwR take fun to Delete some of my topics, of my replies, locked or move my topic.
A topic posted last week from me to Davio in "Help: MOD Implementation" Forum as been deleted.
Two replies in my topic as been deleted about a bug on snitz topic page:
http://forum.snitz.com/forum/topic.asp?whichpage=5.96&TOPIC_ID=44136#372029
A Fix to texanman as been deleted (first reply to texanman subject):
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=66162
One of my Multi-Language Topic on Snitz has disappeared last night
Multi-Language and Multi-Language Skin3D
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=40765
etc...
3 times I changed my password and the day after the same game start.
Since I send to HuwR a donation of $200 on December 22, 2006
this guy HuwR has never stop to pick on every thing I post on the Snitz Forum.
I have even received from HuwR and ruirib an e-mail threatening to ban me from Snitz Forum :
Hello
You received the following message from: ruirib (ruirib@ruirib.net)
At: http://forum.snitz.com/forum/
It was a pleasure to have you there, hope you enjoyed the ride ;).
And don't try to sneak in...
Goodbye ;).
Hey as_shole, I know it’s Davio who is a member at your forums, gonna lock him out too |
|
Topic Locked
