Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Open)
 admin_login.asp
 New Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Carefree
Advanced Member

Philippines
4206 Posts

Posted - 15 April 2015 :  18:59:43  Show Profile  Reply with Quote
I discovered a problem in "admin_login.asp" caused by it truncating querystrings of target URLs. Anything after the first query has been deleted. In order to fix it, I added another variable and some elseif routines.

"admin_login.asp"


<%
'#################################################################################
'## Snitz Forums 2000 v3.4.07
'#################################################################################
'## Copyright (C) 2000-14 Michael Anderson, Pierre Gorissen,
'##                       Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_func_secure.asp" -->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" -->
<%
If mLev < 1 Then
	Response.Write	"<p align=""center"">You must first login to the forum.  Redirecting ....<meta http-equiv=""refresh"" content=""2; url=login.asp"">"
End If
If Request("target") > "" Then
	strTarget = Mid(Request.ServerVariables("Query_String"),8,Len(Request.ServerVariables("Query_String"))-7)
	If Request("tgt") > "" Then
		strTgt = Mid(Request.ServerVariables("Query_String"),5,Len(Request.ServerVariables("Query_String"))-4)
	Else
		strTgt = strTarget
	End If
End If
if strAuthType <> "db" then
	call NTauthenticate()
	if (ChkAccountReg() = "1") then
		call NTUser()
	end if
	Response.Write	"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href="""
	if strTarget = "" then
		Response.Write	"admin_home.asp"
	elseif strTgt > "" Then
		Response.Write	strTgt
	else
		Response.Write	strTarget
	end if
	Response.Write	""">Click here to Continue</a></font></p>" & vbNewLine
	Response.Write	"      <meta http-equiv=""Refresh"" content=""2; URL="
	if strTarget = "" then
		Response.Write	"admin_home.asp"
	elseif strTgt > "" Then
		Response.Write	strTgt
	else
		Response.Write	strTarget
	end if
	Response.Write	""">" & vbNewline
	WriteFooterShort
	Response.End
end if
On Error Resume Next
Response.Write	"      <table border=""0"" width=""100%"" align=""center"">" & vbNewLine & _
		"        <tr>" & vbNewLine & _
		"          <td width=""33%"" align=""left"" nowrap><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>" & vbNewLine & _
		"          " & getCurrentIcon(strIconFolderOpen,"All Forums","") & " <a href=""default.asp"">All Forums</a><br />" & vbNewLine & _
		"          " & getCurrentIcon(strIconBar,"","") & getCurrentIcon(strIconFolderOpenTopic,"Admin Login","") & " Admin Login<br /></font></td>" & vbNewLine & _
		"        </tr>" & vbNewLine & _
		"      </table>" & vbNewLine

fName = strDBNTFUserName
If fName="" Then fName = strDBNTUserName
fPassword = ChkString(Request.Form("Password"), "SQLString")

RequestMethod = Request.ServerVariables("Request_method")
strTarget = trim(chkString(request("target"),"SQLString"))

if RequestMethod = "POST" Then
	strEncodedPassword = sha256("" & fPassword)

	'## Forum_SQL
	strSql = "SELECT MEMBER_ID "
	strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
	strSql = strSql & " WHERE M_NAME = '" & trim(fName) & "' AND "
	strSql = strSql & "       M_PASSWORD = '" & trim(strEncodedPassword) & "' AND "
	strSql = strSql & "       M_LEVEL > 2 AND M_STATUS = 1"
	Set dbRs = my_Conn.Execute(strSql)

	If not(dbRS.EOF) and ChkQuoteOk(fName) and ChkQuoteOk(strEncodedPassword) Then

		Response.Write	"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Login was successful!</font></p>" & vbNewLine
		Session(strCookieURL & "Approval") = "15916941253"
		Response.Write	"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href="""
		if strTarget = "" then
			Response.Write	"admin_home.asp"
		elseif strTgt > "" Then
			Response.Write	strTgt
		else
			Response.Write	strTarget
		end if
		Response.Write	""">Click here to Continue</a></font></p>" & vbNewLine

		Response.Write	"      <meta http-equiv=""Refresh"" content=""2; URL="
		if strTarget = "" then
			Response.Write	"admin_home.asp"
		elseif strTgt > "" Then
			Response.Write	strTgt
		else
			Response.Write	strTarget
		end if
		Response.Write	""">" & vbNewline & _
				"      <br />"
		dbrs.Close
		Set dbrs=Nothing
		WriteFooter
		Response.End
	else
		Response.Write	"      <center>" & vbNewLine & _
				"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """ color=""" & strHiLiteFontColor & """>Access denied.</font></p>" & vbNewLine & _
				"      <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>If you think you have reached this message in error, please try again.</font></p>" & vbNewLine & _
				"      </center>" & vbNewLine
	end if
	Set dbrs=Nothing
end if
bgcolor=""" & strPopUpBorderColor & """
Response.Write	"      <form action=""admin_login.asp?tgt=" & strTgt &""" method=""post"" id=""Form1"" name=""Form1"">" & vbNewLine & _
		"      <input type=""hidden"" value=""" & strTarget & """ name=""target"">" & vbNewLine & _
		"      <table border=""0"" cellspacing=""0"" cellpadding=""0"" align=""center"">" & vbNewLine & _
		"        <tr>" & vbNewLine & _
		"          <td bgcolor=""" & strPopUpBorderColor & """>" & vbNewLine & _
		"            <table border=""0"" cellspacing=""1"" cellpadding=""0"" align=""center"">" & vbNewLine & _
		"              <tr>" & vbNewLine & _
		"                <td align=""center"" colspan=""2"" bgcolor=""" & strHeadCellColor & """><b><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """ color=""" & strHeadFontColor & """>Admin Login</font></b></td>" & vbNewLine & _
		"              </tr>" & vbNewLine & _
		"              <tr>" & vbNewLine & _
		"                <td align=""right"" bgcolor=""" & strPopupTableColor & """ nowrap><b><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """> UserName: </font></b></td>" & vbNewLine & _
		"                <td bgcolor=""" & strPopupTableColor & """><input type=""text"" name=""Name"" style=""width:150px;""></td>" & vbNewLine & _
		"              </tr>" & vbNewLine & _
		"              <tr>" & vbNewLine & _
		"                <td align=""right"" bgcolor=""" & strPopupTableColor & """ nowrap><b><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>Password: </font></b></td>" & vbNewLine & _
		"                <td bgcolor=""" & strPopupTableColor & """><input type=""Password"" name=""Password"" style=""width:150px;""></td>" & vbNewLine & _
		"              </tr>" & vbNewLine & _
		"              <tr>" & vbNewLine & _
		"                <td colspan=""2"" bgcolor=""" & strPopupTableColor & """ align=""center""><input type=""submit"" value=""Login"" id=""Submit1"" name=""Submit1""></td>" & vbNewLine & _
		"              </tr>" & vbNewLine & _
		"            </table>" & vbNewLine & _
		"          </td>" & vbNewLine & _
		"        </tr>" & vbNewLine & _
		"      </table>" & vbNewLine & _
		"      </form>" & vbNewLine
WriteFooter
%>

HuwR
Forum Admin

United Kingdom
20577 Posts

Posted - 16 April 2015 :  06:10:35  Show Profile  Visit HuwR's Homepage
Um, that code does not look anything like the standard admin_login.asp

MVC .net dev/test site | MVC .net running on Raspberry Pi
Go to Top of Page

Carefree
Advanced Member

Philippines
4206 Posts

Posted - 16 April 2015 :  11:13:46  Show Profile
I had to change it so it would work. Now it will retain the entire querystring. I forgot to mention, the redirect in all the admin pages should be changed as well to this:


	Response.Redirect "admin_login.asp?target=" & scriptname(ubound(scriptname))& "?" & Request.ServerVariables("Query_String")


Without those two changes, you can see the problem behavior in this manner. First, logout. Then login but not into admin area. Finally, try going to this URL: admin_moderators.asp?forum=1&UserID=2

It will cut off everything after asp. With the change to the redirection (but without the new login page), it will cutoff everything after forum=1.

Edited by - Carefree on 16 April 2015 14:54:22
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20577 Posts

Posted - 16 April 2015 :  15:07:19  Show Profile  Visit HuwR's Homepage
Ok, I see what you mean, although since it only ever redirects to scriptname I would say it is not strictly a bug as it was never coded to pass the query string. but agree it would be better if it did.

MVC .net dev/test site | MVC .net running on Raspberry Pi
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.11 seconds. Powered By: Snitz Forums 2000 Version 3.4.07