I discovered a problem in "admin_login.asp" caused by it truncating querystrings of target URLs. Anything after the first query has been deleted. In order to fix it, I added another variable and some elseif routines.
"admin_login.asp"
<%
'#################################################################################
'## Snitz Forums 2000 v3.4.07
'#################################################################################
'## Copyright (C) 2000-14 Michael Anderson, Pierre Gorissen,
'## Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_func_secure.asp" -->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" -->
<%
If mLev < 1 Then
Response.Write "<p align=""center"">You must first login to the forum. Redirecting ....<meta http-equiv=""refresh"" content=""2; url=login.asp"">"
End If
If Request("target") > "" Then
strTarget = Mid(Request.ServerVariables("Query_String"),8,Len(Request.ServerVariables("Query_String"))-7)
If Request("tgt") > "" Then
strTgt = Mid(Request.ServerVariables("Query_String"),5,Len(Request.ServerVariables("Query_String"))-4)
Else
strTgt = strTarget
End If
End If
if strAuthType <> "db" then
call NTauthenticate()
if (ChkAccountReg() = "1") then
call NTUser()
end if
Response.Write " <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href="""
if strTarget = "" then
Response.Write "admin_home.asp"
elseif strTgt > "" Then
Response.Write strTgt
else
Response.Write strTarget
end if
Response.Write """>Click here to Continue</a></font></p>" & vbNewLine
Response.Write " <meta http-equiv=""Refresh"" content=""2; URL="
if strTarget = "" then
Response.Write "admin_home.asp"
elseif strTgt > "" Then
Response.Write strTgt
else
Response.Write strTarget
end if
Response.Write """>" & vbNewline
WriteFooterShort
Response.End
end if
On Error Resume Next
Response.Write " <table border=""0"" width=""100%"" align=""center"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td width=""33%"" align=""left"" nowrap><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>" & vbNewLine & _
" " & getCurrentIcon(strIconFolderOpen,"All Forums","") & " <a href=""default.asp"">All Forums</a><br />" & vbNewLine & _
" " & getCurrentIcon(strIconBar,"","") & getCurrentIcon(strIconFolderOpenTopic,"Admin Login","") & " Admin Login<br /></font></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine
fName = strDBNTFUserName
If fName="" Then fName = strDBNTUserName
fPassword = ChkString(Request.Form("Password"), "SQLString")
RequestMethod = Request.ServerVariables("Request_method")
strTarget = trim(chkString(request("target"),"SQLString"))
if RequestMethod = "POST" Then
strEncodedPassword = sha256("" & fPassword)
'## Forum_SQL
strSql = "SELECT MEMBER_ID "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE M_NAME = '" & trim(fName) & "' AND "
strSql = strSql & " M_PASSWORD = '" & trim(strEncodedPassword) & "' AND "
strSql = strSql & " M_LEVEL > 2 AND M_STATUS = 1"
Set dbRs = my_Conn.Execute(strSql)
If not(dbRS.EOF) and ChkQuoteOk(fName) and ChkQuoteOk(strEncodedPassword) Then
Response.Write " <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Login was successful!</font></p>" & vbNewLine
Session(strCookieURL & "Approval") = "15916941253"
Response.Write " <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href="""
if strTarget = "" then
Response.Write "admin_home.asp"
elseif strTgt > "" Then
Response.Write strTgt
else
Response.Write strTarget
end if
Response.Write """>Click here to Continue</a></font></p>" & vbNewLine
Response.Write " <meta http-equiv=""Refresh"" content=""2; URL="
if strTarget = "" then
Response.Write "admin_home.asp"
elseif strTgt > "" Then
Response.Write strTgt
else
Response.Write strTarget
end if
Response.Write """>" & vbNewline & _
" <br />"
dbrs.Close
Set dbrs=Nothing
WriteFooter
Response.End
else
Response.Write " <center>" & vbNewLine & _
" <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """ color=""" & strHiLiteFontColor & """>Access denied.</font></p>" & vbNewLine & _
" <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>If you think you have reached this message in error, please try again.</font></p>" & vbNewLine & _
" </center>" & vbNewLine
end if
Set dbrs=Nothing
end if
bgcolor=""" & strPopUpBorderColor & """
Response.Write " <form action=""admin_login.asp?tgt=" & strTgt &""" method=""post"" id=""Form1"" name=""Form1"">" & vbNewLine & _
" <input type=""hidden"" value=""" & strTarget & """ name=""target"">" & vbNewLine & _
" <table border=""0"" cellspacing=""0"" cellpadding=""0"" align=""center"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td bgcolor=""" & strPopUpBorderColor & """>" & vbNewLine & _
" <table border=""0"" cellspacing=""1"" cellpadding=""0"" align=""center"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center"" colspan=""2"" bgcolor=""" & strHeadCellColor & """><b><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """ color=""" & strHeadFontColor & """>Admin Login</font></b></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""right"" bgcolor=""" & strPopupTableColor & """ nowrap><b><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """> UserName: </font></b></td>" & vbNewLine & _
" <td bgcolor=""" & strPopupTableColor & """><input type=""text"" name=""Name"" style=""width:150px;""></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""right"" bgcolor=""" & strPopupTableColor & """ nowrap><b><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>Password: </font></b></td>" & vbNewLine & _
" <td bgcolor=""" & strPopupTableColor & """><input type=""Password"" name=""Password"" style=""width:150px;""></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td colspan=""2"" bgcolor=""" & strPopupTableColor & """ align=""center""><input type=""submit"" value=""Login"" id=""Submit1"" name=""Submit1""></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine & _
" </form>" & vbNewLine
WriteFooter
%>
I had to change it so it would work. Now it will retain the entire querystring. I forgot to mention, the redirect in all the admin pages should be changed as well to this:
Without those two changes, you can see the problem behavior in this manner. First, logout. Then login but not into admin area. Finally, try going to this URL: admin_moderators.asp?forum=1&UserID=2
It will cut off everything after asp. With the change to the redirection (but without the new login page), it will cutoff everything after forum=1.
Ok, I see what you mean, although since it only ever redirects to scriptname I would say it is not strictly a bug as it was never coded to pass the query string. but agree it would be better if it did.
Posted - 15 April 2015 : 18:59:43
