| Author |
 Topic  |
|
Dave Goldman
New Member
USA
65 Posts |
 Posted - 26 August 2009 : 14:56:36
|
| Sweet, thank you very much HuwR. That did the trick! |
 |
|
|
Dave Goldman
New Member
USA
65 Posts |
Posted - 26 August 2009 : 15:23:30
|
Ok, Podge, better yet. I have found a way to redirect everything. Is there a way I can just easily remove the username and password boxes from the inc_header.asp and put an a href to redirect to the login.asp page which is using ssl? If i can get this working, I am set!
TIA |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
Podge
Support Moderator
Ireland
3775 Posts |
Posted - 26 August 2009 : 19:36:04
|
Change line 337 of a default inc_header.asp from
Response.Write " <form action=""" & Request.ServerVariables("URL") & """ method=""post"" id=""form1"" name=""form1"">" & vbNewLine & _
to
Response.Write " <form action=""https://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL") & """ method=""post"" id=""form1"" name=""form1"">" & vbNewLine & _
This is a stock v3.4.07 inc_header.asp with the change
<%
'#################################################################################
'## Snitz Forums 2000 v3.4.07
'#################################################################################
'## Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen,
'## Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################
%>
<!--#INCLUDE FILE="inc_func_common.asp" -->
<%
if strShowTimer = "1" then
'### start of timer code
Dim StopWatch(19)
sub StartTimer(x)
StopWatch(x) = timer
end sub
function StopTimer(x)
EndTime = Timer
'Watch for the midnight wraparound...
if EndTime < StopWatch(x) then
EndTime = EndTime + (86400)
end if
StopTimer = EndTime - StopWatch(x)
end function
StartTimer 1
'### end of timer code
end if
strArchiveTablePrefix = strTablePrefix & "A_"
strScriptName = request.servervariables("script_name")
strReferer = chkString(request.servervariables("HTTP_REFERER"),"refer")
if Application(strCookieURL & "down") then
if not Instr(strScriptName,"admin_") > 0 then
Response.redirect("down.asp")
end if
end if
if strPageBGImageURL = "" then
strTmpPageBGImageURL = ""
elseif Instr(strPageBGImageURL,"/") > 0 or Instr(strPageBGImageURL,"\") > 0 then
strTmpPageBGImageURL = " background=""" & strPageBGImageURL & """"
else
strTmpPageBGImageURL = " background=""" & strImageUrl & strPageBGImageURL & """"
end if
If strDBType = "" then
Response.Write "<html>" & vbNewLine & _
"<head>" & vbNewline & _
"<title>" & strForumTitle & "</title>" & vbNewline
'## START - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<meta name=""copyright"" content=""This Forum code is Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen, Huw Reddick and Richard Kinser, Non-Forum Related code is Copyright (C) " & strCopyright & """>" & vbNewline
'## END - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "</head>" & vbNewLine & _
"<body" & strTmpPageBGImageURL & " bgColor=""" & strPageBGColor & """ text=""" & strDefaultFontColor & """ link=""" & strLinkColor & """ aLink=""" & strActiveLinkColor & """ vLink=""" & strVisitedLinkColor & """>" & vbNewLine & _
"<table border=""0"" cellspacing=""0"" cellpadding=""5"" width=""50%"" height=""40%"" align=""center"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td bgColor=""#9FAFDF"" align=""center""><p><font face=""Verdana, Arial, Helvetica"" size=""2"">" & _
"<b>There has been a problem...</b><br /><br />" & _
"Your <b>strDBType</b> is not set, please edit your <b>config.asp</b><br />to reflect your database type." & _
"</font></p></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""Verdana, Arial, Helvetica"" size=""2"">" & _
"<a href=""default.asp"" target=""_top"">Click here to retry.</a></font></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"</body>" & vbNewLine & _
"</html>" & vbNewLine
Response.End
end if
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open strConnString
if (strAuthType = "nt") then
call NTauthenticate()
if (ChkAccountReg() = "1") then
call NTUser()
end if
end if
if strGroupCategories = "1" then
if Request.QueryString("Group") = "" then
if Request.Cookies(strCookieURL & "GROUP") = "" Then
Group = 2
else
Group = cLng(Request.Cookies(strCookieURL & "GROUP"))
end if
else
Group = cLng(Request.QueryString("Group"))
end if
'set default
Session(strCookieURL & "GROUP_ICON") = "icon_group_categories.gif"
Session(strCookieURL & "GROUP_IMAGE") = strTitleImage
'Forum_SQL - Group exists ?
strSql = "SELECT GROUP_ID, GROUP_NAME, GROUP_ICON, GROUP_IMAGE "
strSql = strSql & " FROM " & strTablePrefix & "GROUP_NAMES "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rs2 = my_Conn.Execute (strSql)
if rs2.EOF or rs2.BOF then
Group = 2
strSql = "SELECT GROUP_ID, GROUP_NAME, GROUP_ICON, GROUP_IMAGE "
strSql = strSql & " FROM " & strTablePrefix & "GROUP_NAMES "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rs2 = my_Conn.Execute (strSql)
end if
Session(strCookieURL & "GROUP_NAME") = rs2("GROUP_NAME")
if instr(rs2("GROUP_ICON"), ".") then
Session(strCookieURL & "GROUP_ICON") = rs2("GROUP_ICON")
end if
if instr(rs2("GROUP_IMAGE"), ".") then
Session(strCookieURL & "GROUP_IMAGE") = rs2("GROUP_IMAGE")
end if
rs2.Close
set rs2 = nothing
Response.Cookies(strCookieURL & "GROUP") = Group
Response.Cookies(strCookieURL & "GROUP").Expires = dateAdd("d", intCookieDuration, strForumTimeAdjust)
if Session(strCookieURL & "GROUP_IMAGE") <> "" then
strTitleImage = Session(strCookieURL & "GROUP_IMAGE")
end if
end if
strDBNTUserName = Request.Cookies(strUniqueID & "User")("Name")
strDBNTFUserName = trim(chkString(Request.Form("Name"),"SQLString"))
if strDBNTFUserName = "" then strDBNTFUserName = trim(chkString(Request.Form("User"),"SQLString"))
if strAuthType = "nt" then
strDBNTUserName = Session(strCookieURL & "userID")
strDBNTFUserName = Session(strCookieURL & "userID")
end if
if strRequireReg = "1" and strDBNTUserName = "" then
if not Instr(strScriptName,"register.asp") > 0 and _
not Instr(strScriptName,"password.asp") > 0 and _
not Instr(strScriptName,"faq.asp") > 0 and _
not Instr(strScriptName,"login.asp") > 0 then
scriptname = split(request.servervariables("SCRIPT_NAME"),"/")
if Request.QueryString <> "" then
Response.Redirect("login.asp?target=" & lcase(scriptname(ubound(scriptname))) & "?" & Request.QueryString)
else
Response.Redirect("login.asp?target=" & lcase(scriptname(ubound(scriptname))))
end if
end if
end if
select case Request.Form("Method_Type")
case "login"
strEncodedPassword = sha256("" & Request.Form("Password"))
select case chkUser(strDBNTFUserName, strEncodedPassword,-1)
case 1, 2, 3, 4
Call DoCookies(Request.Form("SavePassword"))
strLoginStatus = 1
case else
strLoginStatus = 0
end select
case "logout"
Call ClearCookies()
end select
if trim(strDBNTUserName) <> "" and trim(Request.Cookies(strUniqueID & "User")("Pword")) <> "" then
chkCookie = 1
mLev = cLng(chkUser(strDBNTUserName, Request.Cookies(strUniqueID & "User")("Pword"),-1))
chkCookie = 0
else
MemberID = -1
mLev = 0
end if
if mLev = 4 and strEmailVal = "1" and strRestrictReg = "1" and strEmail = "1" then
'## Forum_SQL - Get membercount from DB
strSql = "SELECT COUNT(MEMBER_ID) AS U_COUNT FROM " & strMemberTablePrefix & "MEMBERS_PENDING WHERE M_APPROVE = " & 0
set rs = Server.CreateObject("ADODB.Recordset")
rs.open strSql, my_Conn
if not rs.EOF then
User_Count = cLng(rs("U_COUNT"))
else
User_Count = 0
end if
rs.close
set rs = nothing
end if
Response.Write "<html>" & vbNewline & vbNewline & _
"<head>" & vbNewline & _
"<title>" & GetNewTitle(strScriptName) & "</title>" & vbNewline
'## START - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<meta name=""copyright"" content=""This Forum code is Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen, Huw Reddick and Richard Kinser, Non-Forum Related code is Copyright (C) " & strCopyright & """>" & vbNewline
'## END - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<script language=""JavaScript"" type=""text/javascript"">" & vbNewLine & _
"<!-- hide from JavaScript-challenged browsers" & vbNewLine & _
"function openWindow(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=400')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow2(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=450')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow3(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=450,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow4(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=525')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow5(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=450,height=525,scrollbars=yes,toolbars=yes,menubar=yes,resizable=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow6(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=500,height=450,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindowHelp(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=470,height=200,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"// done hiding -->" & vbNewLine & _
"</script>" & vbNewLine & _
"<style type=""text/css"">" & vbNewLine & _
"<!--" & vbNewLine & _
"a:link {color:" & strLinkColor & ";text-decoration:" & strLinkTextDecoration & "}" & vbNewLine & _
"a:visited {color:" & strVisitedLinkColor & ";text-decoration:" & strVisitedTextDecoration & "}" & vbNewLine & _
"a:hover {color:" & strHoverFontColor & ";text-decoration:" & strHoverTextDecoration & "}" & vbNewLine & _
"a:active {color:" & strActiveLinkColor & ";text-decoration:" & strActiveTextDecoration & "}" & vbNewLine & _
".spnMessageText a:link {color:" & strForumLinkColor & ";text-decoration:" & strForumLinkTextDecoration & "}" & vbNewLine & _
".spnMessageText a:visited {color:" & strForumVisitedLinkColor & ";text-decoration:" & strForumVisitedTextDecoration & "}" & vbNewLine & _
".spnMessageText a:hover {color:" & strForumHoverFontColor & ";text-decoration:" & strForumHoverTextDecoration & "}" & vbNewLine & _
".spnMessageText a:active {color:" & strForumActiveLinkColor & ";text-decoration:" & strForumActiveTextDecoration & "}" & vbNewLine & _
".spnSearchHighlight {background-color:" & strSearchHiLiteColor & "}" & vbNewLine & _
"input.radio {background:" & strPopUpTableColor & ";color:#000000}" & vbNewLine & _
"-->" & vbNewLine & _
"</style>" & vbNewLine & _
"</head>" & vbNewLine & _
vbNewLine & _
"<body" & strTmpPageBGImageURL & " bgColor=""" & strPageBGColor & """ text=""" & strDefaultFontColor & """ link=""" & strLinkColor & """ aLink=""" & strActiveLinkColor & """ vLink=""" & strVisitedLinkColor & """>" & vbNewLine & _
"<a name=""top""></a>" & vbNewLine & _
vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""100%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td valign=""top"" width=""50%""><a href=""default.asp"" tabindex=""-1"">" & getCurrentIcon(strTitleImage & "||",strForumTitle,"") & "</a></td>" & vbNewLine & _
" <td align=""center"" valign=""top"" width=""50%"">" & vbNewLine & _
" <table border=""0"" cellPadding=""2"" cellSpacing=""0"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><b>" & strForumTitle & "</b></font></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine
call sForumNavigation()
Response.Write "</font></td>" & vbNewLine & _
" </tr>" & vbNewLine
select case Request.Form("Method_Type")
case "login"
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine
if strLoginStatus = 0 then
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Your username and/or password were incorrect.</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please either try again or register for an account.</font></p>" & vbNewLine
else
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged on successfully!</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine
end if
Response.Write "<meta http-equiv=""Refresh"" content=""2; URL=" & strReferer & """>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""" & strReferer & """>Back To Forum</font></a></p>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td>" & vbNewLine
WriteFooter
Response.End
case "logout"
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged out successfully!</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine & _
"<meta http-equiv=""Refresh"" content=""2; URL=default.asp"">" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""default.asp"">Back To Forum</font></a></p>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td>" & vbNewLine
WriteFooter
Response.End
end select
if (mlev = 0) then
if not(Instr(Request.ServerVariables("Path_Info"), "register.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "pop_profile.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "search.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "login.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "password.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "faq.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "post.asp") > 0) then
Response.Write " <form action=""http://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL") & """ method=""post"" id=""form1"" name=""form1"">" & vbNewLine & _
" <input type=""hidden"" name=""Method_Type"" value=""login"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center"">" & vbNewLine & _
" <table>" & vbNewLine & _
" <tr>" & vbNewLine
if (strAuthType = "db") then
Response.Write " <td><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><b>Username:</b></font><br />" & vbNewLine & _
" <input type=""text"" name=""Name"" size=""10"" maxLength=""25"" value=""""></td>" & vbNewLine & _
" <td><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><b>Password:</b></font><br />" & vbNewLine & _
" <input type=""password"" name=""Password"" size=""10"" maxLength=""25"" value=""""></td>" & vbNewLine & _
" <td valign=""bottom"">" & vbNewLine
if strGfxButtons = "1" then
Response.Write " <input src=""" & strImageUrl & "button_login.gif"" type=""image"" border=""0"" value=""Login"" id=""submit1"" name=""Login"">" & vbNewLine
else
Response.Write " <input type=""submit"" value=""Login"" id=""submit1"" name=""submit1"">" & vbNewLine
end if
Response.Write " </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td colspan=""3"" align=""left""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine & _
" <input type=""checkbox"" name=""SavePassWord"" value=""true"" tabindex=""-1"" CHECKED><b> Save Password</b></font></td>" & vbNewLine
else
if (strAuthType = "nt") then
Response.Write " <td><font face=""" & strDefaultFontFace & """ size=""1"" color=""" & strHiLiteFontColor & """>Please <a href=""register.asp"" tabindex=""-1"">register</a> to post in these Forums</font></td>" & vbNewLine
end if
end if
Response.Write " </tr>" & vbNewLine
if (lcase(strEmail) = "1") then
Response.Write " <tr>" & vbNewLine & _
" <td colspan=""3"" align=""left""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine & _
" <a href=""password.asp""" & dWStatus("Choose a new password if you have forgotten your current one...") & " tabindex=""-1"">Forgot your "
if strAuthType = "nt" then Response.Write("Admin ")
Response.Write "Password?</a>" & vbNewLine
if (lcase(strNoCookies) = "1") then
Response.Write " |" & vbNewLine & _
" <a href=""admin_home.asp""" & dWStatus("Access the Forum Admin Functions...") & " tabindex=""-1"">Admin Options</a>" & vbNewLine
end if
Response.Write " <br /><br /></font></td>" & vbNewLine & _
" </tr>" & vbNewLine
end if
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </form>" & vbNewLine
end if
else
Response.Write " <form action=""" & Request.ServerVariables("URL") & """ method=""post"" id=""form2"" name=""form2"">" & vbNewLine & _
" <input type=""hidden"" name=""Method_Type"" value=""logout"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center"">" & vbNewLine & _
" <table>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>You are logged on as<br />"
if strAuthType="nt" then
Response.Write "<b>" & Session(strCookieURL & "username") & " (" & Session(strCookieURL & "userid") & ")</b></font></td>" & vbNewLine & _
" <td> "
else
if strAuthType = "db" then
Response.Write "<b>" & profileLink(ChkString(strDBNTUserName, "display"),MemberID) & "</b></font></td>" & vbNewLine & _
" <td>"
if strGfxButtons = "1" then
Response.Write "<input src=""" & strImageUrl & "button_logout.gif"" type=""image"" border=""0"" value=""Logout"" id=""submit1"" name=""Logout"" tabindex=""-1"">"
else
Response.Write "<input type=""submit"" value=""Logout"" id=""submit1"" name=""submit1"" tabindex=""-1"">"
end if
end if
end if
Response.Write "</td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine
if (mlev = 4) or (lcase(strNoCookies) = "1") then
Response.Write " <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><a href=""admin_home.asp""" & dWStatus("Access the Forum Admin Functions...") & " tabindex=""-1"">Admin Options</a>"
if mLev = 4 and (strEmailVal = "1" and strRestrictReg = "1" and strEmail = "1" and User_Count > 0) then Response.Write(" | <a href=""admin_accounts_pending.asp""" & dWStatus("(" & User_Count & ") Member(s) awaiting approval") & " tabindex=""-1"">(" & User_Count & ") Member(s) awaiting approval</a>")
Response.Write "<br /><br /></font></td>" & vbNewLine & _
" </tr>" & vbNewLine
end if
Response.Write " </form>" & vbNewLine
end if
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine
'########### GROUP Categories ########### %>
<!--#INCLUDE FILE="inc_groupjump_to.asp" -->
<% '######## GROUP Categories ##############
Response.Write " <tr>" & vbNewLine & _
" <td>" & vbNewLine
sub sForumNavigation()
' DEM --> Added code to show the subscription line
if strSubscription > 0 and strEmail = "1" then
if mlev > 0 then
strSql = "SELECT COUNT(*) AS MySubCount FROM " & strTablePrefix & "SUBSCRIPTIONS"
strSql = strSql & " WHERE MEMBER_ID = " & MemberID
set rsCount = my_Conn.Execute (strSql)
if rsCount.BOF or rsCount.EOF then
' No Subscriptions found, do nothing
MySubCount = 0
rsCount.Close
set rsCount = nothing
else
MySubCount = rsCount("MySubCount")
rsCount.Close
set rsCount = nothing
end if
if mLev = 4 then
strSql = "SELECT COUNT(*) AS SubCount FROM " & strTablePrefix & "SUBSCRIPTIONS"
set rsCount = my_Conn.Execute (strSql)
if rsCount.BOF or rsCount.EOF then
' No Subscriptions found, do nothing
SubCount = 0
rsCount.Close
set rsCount = nothing
else
SubCount = rsCount("SubCount")
rsCount.Close
set rsCount = nothing
end if
end if
else
SubCount = 0
MySubCount = 0
end if
else
SubCount = 0
MySubCount = 0
end if
Response.Write " <a href=""" & strHomeURL & """" & dWStatus("Homepage") & " tabindex=""-1""><acronym title=""Homepage"">Home</acronym></a>" & vbNewline & _
" |" & vbNewline
if strUseExtendedProfile then
Response.Write " <a href=""pop_profile.asp?mode=Edit""" & dWStatus("Edit your personal profile...") & " tabindex=""-1""><acronym title=""Edit your personal profile..."">Profile</acronym></a>" & vbNewline
else
Response.Write " <a href=""javascript:openWindow3('pop_profile.asp?mode=Edit')""" & dWStatus("Edit your personal profile...") & " tabindex=""-1""><acronym title=""Edit your personal profile..."">Profile</acronym></a>" & vbNewline
end if
if strAutoLogon <> "1" then
if strProhibitNewMembers <> "1" then
Response.Write " |" & vbNewline & _
" <a href=""register.asp""" & dWStatus("Register to post to our forum...") & " tabindex=""-1""><acronym title=""Register to post to our forum..."">Register</acronym></a>" & vbNewline
end if
end if
Response.Write " |" & vbNewline & _
" <a href=""active.asp""" & dWStatus("See what topics have been active since your last visit...") & " tabindex=""-1""><acronym title=""See what topics have been active since your last visit..."">Active Topics</acronym></a>" & vbNewline
' DEM --> Start of code added to show subscriptions if they exist
if (strSubscription > 0) then
if mlev = 4 and SubCount > 0 then
Response.Write " |" & vbNewline & _
" <a href=""subscription_list.asp?MODE=all""" & dWStatus("See all current subscriptions") & " tabindex=""-1""><acronym title=""See all current subscriptions"">All Subscriptions</acronym></a>" & vbNewline
end if
if MySubCount > 0 then
Response.Write " |" & vbNewline & _
" <a href=""subscription_list.asp""" & dWStatus("See all of your subscriptions") & " tabindex=""-1""><acronym title=""See all of your subscriptions"">My Subscriptions</acronym></a>" & vbNewline
end if
end if
' DEM --> End of Code added to show subscriptions if they exist
Response.Write " |" & vbNewline & _
" <a href=""members.asp""" & dWStatus("Current members of these forums...") & " tabindex=""-1""><acronym title=""Current members of these forums..."">Members</acronym></a>" & vbNewline & _
" |" & vbNewline & _
" <a href=""search.asp"
if Request.QueryString("FORUM_ID") <> "" then Response.Write("?FORUM_ID=" & cLng(Request.QueryString("FORUM_ID")))
Response.Write """" & dWStatus("Perform a search by keyword, date, and/or name...") & " tabindex=""-1""><acronym title=""Perform a search by keyword, date, and/or name..."">Search</acronym></a>" & vbNewline & _
" |" & vbNewline & _
" <a href=""faq.asp""" & dWStatus("Answers to Frequently Asked Questions...") & " tabindex=""-1""><acronym title=""Answers to Frequently Asked Questions..."">FAQ</acronym></a>"
end sub
if strGroupCategories = "1" then
if Session(strCookieURL & "GROUP_NAME") = "" then
GROUPNAME = " Default Groups "
else
GROUPNAME = Session(strCookieURL & "GROUP_NAME")
end if
'Forum_SQL - Get Groups
strSql = "SELECT GROUP_ID, GROUP_CATID "
strSql = strSql & " FROM " & strTablePrefix & "GROUPS "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rsgroups = Server.CreateObject("ADODB.Recordset")
rsgroups.Open strSql, my_Conn, adOpenForwardOnly, adLockReadOnly, adCmdText
if rsgroups.EOF then
recGroupCatCount = ""
else
allGroupCatData = rsgroups.GetRows(adGetRowsRest)
recGroupCatCount = UBound(allGroupCatData, 2)
end if
rsgroups.Close
set rsgroups = nothing
end if
%>
I cannot fully test it locally without an SSL cert. All it really does is redirect the login form to a secure connection. The javascript redirect (after a successful or unsuccessful login) should redirect back to an unsecure page where the user is logged in. Let me know if you have any problems with it. |
Podge.
The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)
My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board
Warning: The post above or below may contain nuts. |
Edited by - Podge on 26 August 2009 19:38:08 |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 27 August 2009 : 05:44:16
|
You'd also need to make similar changes in admin_login.asp, login.asp and pop_profile.asp.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
Dave Goldman
New Member
USA
65 Posts |
Posted - 27 August 2009 : 09:34:19
|
| All complete. I was able to change the inc_header file to add the redirects and now everytihng works perfectly!!! Thanks guys!! |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
Dave Goldman
New Member
USA
65 Posts |
Posted - 27 August 2009 : 10:43:22
|
| I can do that, do you know what the other page is that needs to be secured? the whole idea is that I want to stop the password from being sniffed on the network. If you can enter the password in the input box as soon as you hit the logon button its on the wire. The only way to secure that is to have that page ssl enabled. |
Edited by - Dave Goldman on 27 August 2009 10:45:24 |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
Posted - 27 August 2009 : 11:37:41
|
| Not correct I'm afraid. This page has no sensitive information on it at all. When a user enters the username & password on that page they enter it into their browser. The username/password is only transmitted on a network when the user clicks "submit" or "login" and it is at this point that the username/password combination is transported to the destination in the <form action="whatever"> tag. As long as the destination is secured i.e. beginning with https:// then the browser will encrypt the username/password before transmission using the public key in your ssl cert and send it to the server which will decrypt the message using a private key. |
Podge.
The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)
My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board
Warning: The post above or below may contain nuts. |
|
|
|
Dave Goldman
New Member
USA
65 Posts |
Posted - 27 August 2009 : 12:25:06
|
Ok, cool. So let me ask you this. If I unsecure the login.asp page they users can enter there data which is what we want. What is the destination page that I have to secure so I can stop the transmit on the network, then redirect back to http. What I am trying to avoid is having the entire site ssl and then people putting images up there and getting the security popups, as well as trying to maintain security for logins.
Great reply btw!! and thanks! |
Edited by - Dave Goldman on 27 August 2009 12:26:30 |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
Posted - 28 August 2009 : 06:46:33
|
Every page of the forum must be accessible via http:// or https:// and you just need the small code change above for it to work. If you want to prevent the security popups for mixed content you just need to include a check in topic.asp that redirects to an unsecure connection if it detects a secure one. Something like this (completely untested);if instr (lcase(Request.ServerVariables("HTTP_HOST")), "https://") then response.redirect ("http://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL") & "?" & Request.ServerVariables("QUERY_STRING"))
What you are doing now will work but it just adds an extra click for the user to login i.e. they cannot enter their username & password on any page, they must go to login.asp and there is no redirect back to an unsecure connection. |
Podge.
The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)
My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board
Warning: The post above or below may contain nuts. |
|
|
|
Dave Goldman
New Member
USA
65 Posts |
Posted - 28 August 2009 : 09:30:26
|
| You Rock!! I will test this out and let you know how it works. Thank you so much!! |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
Topic |
|
|
|
HTTPS login
. Neither is Shaggy, he's right about the other login & profile pages but we should get this working first.