| Author |
 Topic  |
|
Classicmotorcycling
Development Team Leader
Australia
2084 Posts |
 Posted - 30 June 2008 : 22:37:37
|
Rolling on from this MOD over 6 years ago: Greeting Card Mod
I have re-written the Greeting Card to now work off the Forum database and a few other things including easy to install (being 1 out 10 and 1 being the easiest). I have included 10 Greeting Cards to get you started and all appears to work fine on Access & MSSQL.
I have also made it work using the forums inc_mail.asp so there is no need for a special mail component.
You can download it from: Greeting Card Mod 3.6
Enjoy...   < |
Cheers,
David Greening |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 01 July 2008 : 04:40:48
|
| I have removed the link until the code for this mod is sanitised against SQL injection, currently it is not. I found several request variables in the _preview.asp file that were not being sanitised prior to using in a query.< |
 |
|
|
Classicmotorcycling
Development Team Leader
Australia
2084 Posts |
Posted - 01 July 2008 : 06:59:30
|
HuwR,
I have rechecked the code and made the changes now it should be right on all the files. Do you want to put the link back up?
< |
Cheers,
David Greening |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 01 July 2008 : 07:03:41
|
| did you also check greeting_cards_get.asp ? I think that had some vulnerabilities too< |
|
|
|
Classicmotorcycling
Development Team Leader
Australia
2084 Posts |
Posted - 01 July 2008 : 07:17:12
|
| All files where chaecked and the zip updated...< |
Cheers,
David Greening |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 01 July 2008 : 07:28:32
|
ok great  feel free to put the link back up< |
|
|
|
texanman
Junior Member
United States
410 Posts |
Posted - 01 July 2008 : 18:50:44
|
Hi,
I am getting this error message when I click on "Cards" in the Admin Section.
Microsoft OLE DB Provider for SQL Server error '80040e14'
Incorrect syntax near '*'.
/greeting_cards_clean.asp, line 92
line 92: set rs = conn.execute (strsql)
The two lines above it are:
strSQL = "DELETE * FROM " & strTablePrefix & "GREETING_SENT WHERE SENTDATE" _
& "< #" & rev & "#;"
Any idea what the problem is?
Thanks
< |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
mdelcour2000
Junior Member
United States
133 Posts |
Posted - 01 July 2008 : 19:18:21
|
| VERY IMPRESSIVE!< |
http://lacledeforum.com/
"Never get so busy doing the work of the kingdom that you forget who the King is" |
|
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
|
texanman
Junior Member
United States
410 Posts |
Posted - 01 July 2008 : 20:37:08
|
quote:
Originally posted by ruirib
Remove the '*', so that the SQL statement is "DELETE FROM " &...
Thanks ruirib
Tried that but still gives the same error  < |
|
|
|
Carefree
Advanced Member
Philippines
4207 Posts |
Posted - 01 July 2008 : 21:01:37
|
quote:
Originally posted by leatherlips
When I go into General Settings and click "Send Config" I get this error:
You need to put in a SMTP Server
Back
Please enter the greetings URL!
Back
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/forumtest/greeting_cards_docard.asp, line 188
In greeting_cards_docard.asp, lines 166-170, replace with:
Sub general
mailserver = strMailServer
url = strForumURL
myname = Request.Form("myname")
days = Request.form("days")
lines 188-191, replace with:
rs("mailserver") = strMailServer
rs("url") = strForumURL
rs("myname") = Request.Form("myname")
rs("days") = Request.form("days")
That should fix your problem.< |
|
|
|
leatherlips
Senior Member
USA
1838 Posts |
|
|
mdelcour2000
Junior Member
United States
133 Posts |
Posted - 01 July 2008 : 21:46:48
|
ok, when I try to delete a card, that I added, I am getting this error:
Microsoft VBScript compilation error '800a0401'
Expected end of statement
/default/greeting_cards_remcardcat.asp, line 109
cat = trim(chkStringRequest("catid"),"SQLString"))
-------------------------------------------------^
< |
http://lacledeforum.com/
"Never get so busy doing the work of the kingdom that you forget who the King is" |
|
|
|
Carefree
Advanced Member
Philippines
4207 Posts |
Posted - 01 July 2008 : 22:34:58
|
quote:
Originally posted by leatherlips
It took out some of the error. Now it only says this:
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/forumtest/greeting_cards_docard.asp, line 188
Line 188 is:
rs("mailserver") = strMailServer
Try this one, think it'll do it.
greeting_cards_docard.txt< |
|
|
|
Carefree
Advanced Member
Philippines
4207 Posts |
Posted - 01 July 2008 : 22:37:29
|
quote:
Originally posted by mdelcour2000
ok, when I try to delete a card, that I added, I am getting this error:
Microsoft VBScript compilation error '800a0401'
Expected end of statement
/default/greeting_cards_remcardcat.asp, line 109
cat = trim(chkStringRequest("catid"),"SQLString"))
-------------------------------------------------^
That one's rather obvious, there are differing quantities of opening and closing parentheses. Eliminate the final closing parenthesis.< |
|
|
|
Topic |
|
Greeting Card Mod 3.6 (RC1)
