| Author |
 Topic  |
|
|
Lukeod
Starting Member
9 Posts |
 Posted - 06 January 2008 : 20:52:27
|
Hello,
I am planning to use Snitz as a makeshift server logging software to keep track of changes made to our servers (have 110 odd).
Basically, there will be a logon script run at each site, which detects the IP address, and opens a server-specific forum. This way, techs can see at a glance recent changes made to the server.
I've done some testing and it is working well. However having to log on to post is a bit of a pain. Because we are not worried about security (will be using IIS based security), i would like to ideally have a drop down list of users for when you make a post, with no passwords. Because the techs will rarley go to the 'home' page, they will only log on at the 'posting' stage, rather than using the 'log on' feature at the home page.
So basically when you go to post, the password field is removed and the username is a drop down list much the same a the 'Font' field, where you select you're name.
How can this be best achieved?
Thankyou in advance
Luke O'Donnell |
|
|
weeweeslap
Senior Member
USA
1077 Posts |
Posted - 06 January 2008 : 21:27:53
|
| you could have everyone have the same password and on the password field you can have it prefilled by adding a value into the value part of the login script and just have you type the username and since the password is already filled in, pwd wont be a problem. As for username you can script something to pull all usernames from the db and list them in alphabetical order and simply drop down and chose, pwd field is automatically filled and go? |
coaster crazy |
 |
|
|
Lukeod
Starting Member
9 Posts |
Posted - 06 January 2008 : 21:42:48
|
Hmm that would work, however we unfortunatly do not have anyone who can really code ASP very well. I can do a little myself, however it'd be a lot of trial and error.
Anyone have any clues on the best approach to coding it, or if there is a way to completley remove user authentication for posts, so that anyone can post without being logged on?
Or if i can pass the username and password via scripting (cookies on 110 odd servers would be messy), it'd work too. It possible? Or can i modify the 'Post.asp' to say 'This is the username and this is the password'?
Thanks
Luke |
Edited by - Lukeod on 06 January 2008 21:45:11 |
|
|
|
Lukeod
Starting Member
9 Posts |
Posted - 07 January 2008 : 00:29:04
|
Can i, as part of my logon script on each server, copy across a cookie before launching the site which automatically logs the user on? Do the cookies have an inbuilt 'Timeout', and if so can i remove it?
Thanks
Luke |
|
|
|
Lukeod
Starting Member
9 Posts |
Posted - 08 January 2008 : 22:47:40
|
I tried this:
-On Computer 'A' log in with 'remember me' selected.
-Copied the cookie to computer 'B', renaming the cookie name prefix to match the user's name
-Opened IE and went to the forum. Use was not logged on. I recreated the cookie on computer 'B' and compared it to Computer 'A'.
The only difference was a few seemingly random strings. I'm going to assume that one reperesents the Date / time / expiry date and another is a unique 'cookieID' which must get also copied to the SQL server for comparing when it checks the cookie?
I also searched for info and found that cookie handling is done by 'Inc-header.asp'. I had a look in there and i'm afraid i cannot really make much sense of the cookie code (due to lack of coding knowlege). Is it possible to remove some / all the checks, so if the username and password inside the cookie are correct, it'll log you on despite any of the other fields being incorrect / not present.
Many thanks,
Luke |
|
|
|
Lukeod
Starting Member
9 Posts |
Posted - 08 January 2008 : 23:11:51
|
Alternativly, can i 'Hardcode' a username and password into the forum?
I imagine the following is a rough outline to how the forum handles cookies:
1)it checks if a cookie is present
2)runs some checks to see if the cookie is valid
3)if it is, then it'd assign the username and password to their own variables
4)runs the variables against the SQL server to see if they are valid, if so then log them on.
I imagine it'd be possible to comment out steps 1 and 2, and to statically assign a username and password to the variables, like:
strUsername = "admin"
strPassword= [password hash]
I've had a look and cant quite figure out the logic behind the code, can anyone point out where i could do the above in the code?
Thanks
Luke |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 09 January 2008 : 06:46:30
|
Cookie handling is done by the "doCookies" function (or something like that... I haven't had my coffee yet) in inc_func_common.asp
I think you may want to look more towards the NT Authentication and see if you can grab the machine name instead of the logged in user. I'd have to look at the NT Authentication code (also in inc_func_common.asp) a little closer when I get to work today. |
|
|
|
Lukeod
Starting Member
9 Posts |
Posted - 09 January 2008 : 18:48:39
|
Thanks for the reply,
The problem with NT authentication, is that currently each site is it's own domain (with an identical domain name making trust's impossible). Currently looking at a Cental AD, but in the meantime NT wont be possible because the majority of the sites arent part of the domain the server is on.
I have sort of come up with what i wanted. I modified the 'Post.asp' to fill in the 'Username' and 'Password' fields. At around line 550, i entered the username and password inside the 'Value' of "input name=""UserName"" and "input name=""Password"" fields. I also changed the "Type" from (type=""text"") to (type=""hidden"").
So what this effectivly does, is if the user is not logged on, instead of showing the 'Username' and 'Password' fields up between 'Screensize' and 'Format Mode' of the posting pane, it looks normal but the boxes are there and filled put but hidden from view.
This is very close to what i want in that it circumvents the need to log on without having to muck around with cookies too much.
To make it perfect for what i want, i would like to unhide the 'Username' field and turn it into a drop down list which gets it's values from the SQL database. I think the code for the drop down list is somthing like:
<select id="Username" >
<option>
[Calls SQL query here]
</option>
</select>
Going to poke around the sites code and try and nut out how it forms a SQL query and executes it.
Cheers
Luke |
|
|
|
Lukeod
Starting Member
9 Posts |
Posted - 09 January 2008 : 19:28:36
|
Hmm well i've got my SQL Query:
strSqlUser = "SELECT M_USERNAME FROM FORUM_MEMBERS"
I just don't know how to *bind* the drop down list to a data source, i can do it using Visual Studio 2008 Web Developer, but the code generated seems to be VB or somthing, I can't find anything in the headers of the pages referencing a Script Language.
Do i have to run the query, write the values to an array and then set the <option> values to reference the array? There a much easier way of doing it?
Had a look through the websites code to see if there were any examples of a drop down list which gets its values from a Query, only one i could find was in "inc_jump_to.asp". However i cannot actually see where it writes the values from the query to the drop down list, I expected to see some sort of "until [query].EOF" type statement in there somewhere. Looks to me like it gets the values, then closes the connection, whithout writing it anywhere.
Anyone have any advice / some code?
Thanks
Luke |
|
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 09 January 2008 : 21:43:58
|
Tested this make sure M_Username is populated otherwise you'll get a large blank list. You may want to use M_Name.
|
|
|
| |
Topic |
|
Topic Locked
