HTTPS login
Snitz™ Forums 2000https://forum.snitz.com/forumTopic/Posts/68519?pagenum=1
05 November 2025, 02:32
Topic
SiSL
HTTPS login
11 April 2009, 05:36
HTTPS login
11 April 2009, 05:36
Anyone tried such feature with Snitz?
I feel it is an obligation now for me considering number of methods to sniff networks and/or especially Wi-Fi or outdoor wi-fi accesses if you have certificate for it.
At least on plain text sendings like login screen. If anyone tried, please do let me know.
I feel it is an obligation now for me considering number of methods to sniff networks and/or especially Wi-Fi or outdoor wi-fi accesses if you have certificate for it.
At least on plain text sendings like login screen. If anyone tried, please do let me know.
Replies ...
HuwR
11 April 2009, 13:41
11 April 2009, 13:41
it should simply be a matter of having an SSL certificate, there is nothing in the forum that would prevent use of https
SiSL
11 April 2009, 14:11
11 April 2009, 14:11
So basically, I'll change action part of forms that sends to login to https, and referer as back to http and it works, right? I mean no problems on cookies placement or sessions during this. IF so, that's super, thank you.
Podge
13 April 2009, 07:21
13 April 2009, 07:21
I did it some years ago but I changed it back. Some users had problems logging in because their browsers didn't support SSL.
Dave Goldman
24 August 2009, 15:31
Hey guys, do you know which data you changed to get this to work. I have a cert on my web site, however when people try to put pictures in their signature they get the danm IE security warning.
TIA
Dave
24 August 2009, 15:31
Originally posted by Podge
I did it some years ago but I changed it back. Some users had problems logging in because their browsers didn't support SSL.
Hey guys, do you know which data you changed to get this to work. I have a cert on my web site, however when people try to put pictures in their signature they get the danm IE security warning.
TIA
Dave
AnonJr
24 August 2009, 16:45
24 August 2009, 16:45
If the pictures are on a site with a regular HTTP:// address, then they will get a warning about "mixed content" (or something to that effect). They can permanently dismiss the warning, but there is nothing you can do about it on your end.
Carefree
25 August 2009, 06:47
25 August 2009, 06:47
To eliminate the issue with pictures and "mixed content", simply have them upload the photos and link to them from your secured site.
Podge
25 August 2009, 07:15
25 August 2009, 07:15
Surely only the username and password needs to be sent to a secure page? After login I used to redirect the user back to a http:// address (not https://).
Do you want your users to view all of the pages on your forum via SSL?
Do you want your users to view all of the pages on your forum via SSL?
Dave Goldman
25 August 2009, 08:55
25 August 2009, 08:55
I was trying to find a way to alter the code so I can just secure just the logon, but had to settle for the entire site for now to protect everyene. Does anyone have the code changes handy for that? If someone does, that would be GREAT!!
Podge
25 August 2009, 11:42
25 August 2009, 11:42
Can you post a link to a text version of your inc_header.asp ?
Also, I need to know your forum url and the url to your secure server.
Also, I need to know your forum url and the url to your secure server.
Dave Goldman
25 August 2009, 11:55
25 August 2009, 11:55
Hey Podge, thanks for your time.
The forum url is: https://TheGunnersAcademy.com/forum
and I hope you dont mind me pasting the inc_header.asp output here. After we make the changes I can delete this output and just put what we did.
The forum url is: https://TheGunnersAcademy.com/forum
and I hope you dont mind me pasting the inc_header.asp output here. After we make the changes I can delete this output and just put what we did.
Code:
if strShowTimer = "1" then
'### start of timer code
Dim StopWatch(19)
sub StartTimer(x)
StopWatch(x) = timer
end sub
function StopTimer(x)
EndTime = Timer
'Watch for the midnight wraparound...
if EndTime < StopWatch(x) then
EndTime = EndTime + (86400)
end if
StopTimer = EndTime - StopWatch(x)
end function
StartTimer 1
'### end of timer code
end if
strArchiveTablePrefix = strTablePrefix & "A_"
strScriptName = request.servervariables("script_name")
strReferer = chkString(request.servervariables("HTTP_REFERER"),"refer")
if Application(strCookieURL & "down") then
if not Instr(strScriptName,"admin_") > 0 then
Response.redirect("down.asp")
end if
end if
if strPageBGImageURL = "" then
strTmpPageBGImageURL = ""
elseif Instr(strPageBGImageURL,"/") > 0 or Instr(strPageBGImageURL,"\") > 0 then
strTmpPageBGImageURL = " background=""" & strPageBGImageURL & """"
else
strTmpPageBGImageURL = " background=""" & strImageUrl & strPageBGImageURL & """"
end if
If strDBType = "" then
Response.Write "<html>" & vbNewLine & _
"<head>" & vbNewline & _
"<title>" & strForumTitle & "</title>" & vbNewline
'## START - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<meta name=""copyright"" content=""This Forum code is Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen, Huw Reddick and Richard Kinser, Non-Forum Related code is Copyright (C) " & strCopyright & """>" & vbNewline
'## END - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "</head>" & vbNewLine & _
"<body" & strTmpPageBGImageURL & " bgColor=""" & strPageBGColor & """ text=""" & strDefaultFontColor & """ link=""" & strLinkColor & """ aLink=""" & strActiveLinkColor & """ vLink=""" & strVisitedLinkColor & """>" & vbNewLine & _
"<table border=""0"" cellspacing=""0"" cellpadding=""5"" width=""50%"" height=""40%"" align=""center"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td bgColor=""#9FAFDF"" align=""center""><p><font face=""Verdana, Arial, Helvetica"" size=""2"">" & _
"<b>There has been a problem...</b><br /><br />" & _
"Your <b>strDBType</b> is not set, please edit your <b>config.asp</b><br />to reflect your database type." & _
"</font></p></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""Verdana, Arial, Helvetica"" size=""2"">" & _
"<a href=""default.asp"" target=""_top"">Click here to retry.</a></font></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"</body>" & vbNewLine & _
"</html>" & vbNewLine
Response.End
end if
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open strConnString
if (strAuthType = "nt") then
call NTauthenticate()
if (ChkAccountReg() = "1") then
call NTUser()
end if
end if
if strGroupCategories = "1" then
if Request.QueryString("Group") = "" then
if Request.Cookies(strCookieURL & "GROUP") = "" Then
Group = 2
else
Group = cLng(Request.Cookies(strCookieURL & "GROUP"))
end if
else
Group = cLng(Request.QueryString("Group"))
end if
'set default
Session(strCookieURL & "GROUP_ICON") = "icon_group_categories.gif"
Session(strCookieURL & "GROUP_IMAGE") = strTitleImage
'Forum_SQL - Group exists ?
strSql = "SELECT GROUP_ID, GROUP_NAME, GROUP_ICON, GROUP_IMAGE "
strSql = strSql & " FROM " & strTablePrefix & "GROUP_NAMES "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rs2 = my_Conn.Execute (strSql)
if rs2.EOF or rs2.BOF then
Group = 2
strSql = "SELECT GROUP_ID, GROUP_NAME, GROUP_ICON, GROUP_IMAGE "
strSql = strSql & " FROM " & strTablePrefix & "GROUP_NAMES "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rs2 = my_Conn.Execute (strSql)
end if
Session(strCookieURL & "GROUP_NAME") = rs2("GROUP_NAME")
if instr(rs2("GROUP_ICON"), ".") then
Session(strCookieURL & "GROUP_ICON") = rs2("GROUP_ICON")
end if
if instr(rs2("GROUP_IMAGE"), ".") then
Session(strCookieURL & "GROUP_IMAGE") = rs2("GROUP_IMAGE")
end if
rs2.Close
set rs2 = nothing
Response.Cookies(strCookieURL & "GROUP") = Group
Response.Cookies(strCookieURL & "GROUP").Expires = dateAdd("d", intCookieDuration, strForumTimeAdjust)
if Session(strCookieURL & "GROUP_IMAGE") <> "" then
strTitleImage = Session(strCookieURL & "GROUP_IMAGE")
end if
end if
strDBNTUserName = Request.Cookies(strUniqueID & "User")("Name")
strDBNTFUserName = trim(chkString(Request.Form("Name"),"SQLString"))
if strDBNTFUserName = "" then strDBNTFUserName = trim(chkString(Request.Form("User"),"SQLString"))
if strAuthType = "nt" then
strDBNTUserName = Session(strCookieURL & "userID")
strDBNTFUserName = Session(strCookieURL & "userID")
end if
if strRequireReg = "1" and strDBNTUserName = "" then
if not Instr(strScriptName,"register.asp") > 0 and _
not Instr(strScriptName,"password.asp") > 0 and _
not Instr(strScriptName,"faq.asp") > 0 and _
not Instr(strScriptName,"login.asp") > 0 then
scriptname = split(request.servervariables("SCRIPT_NAME"),"/")
if Request.QueryString <> "" then
Response.Redirect("login.asp?target=" & lcase(scriptname(ubound(scriptname))) & "?" & Request.QueryString)
else
Response.Redirect("login.asp?target=" & lcase(scriptname(ubound(scriptname))))
end if
end if
end if
select case Request.Form("Method_Type")
case "login"
strEncodedPassword = sha256("" & Request.Form("Password"))
select case chkUser(strDBNTFUserName, strEncodedPassword,-1)
case 1, 2, 3, 4
Call DoCookies(Request.Form("SavePassword"))
strLoginStatus = 1
case else
strLoginStatus = 0
end select
case "logout"
Call ClearCookies()
end select
if trim(strDBNTUserName) <> "" and trim(Request.Cookies(strUniqueID & "User")("Pword")) <> "" then
chkCookie = 1
mLev = cLng(chkUser(strDBNTUserName, Request.Cookies(strUniqueID & "User")("Pword"),-1))
chkCookie = 0
else
MemberID = -1
mLev = 0
end if
if mLev = 4 and strEmailVal = "1" and strRestrictReg = "1" and strEmail = "1" then
'## Forum_SQL - Get membercount from DB
strSql = "SELECT COUNT(MEMBER_ID) AS U_COUNT FROM " & strMemberTablePrefix & "MEMBERS_PENDING WHERE M_APPROVE = " & 0
set rs = Server.CreateObject("ADODB.Recordset")
rs.open strSql, my_Conn
if not rs.EOF then
User_Count = cLng(rs("U_COUNT"))
else
User_Count = 0
end if
rs.close
set rs = nothing
end if
Response.Write "<html>" & vbNewline & vbNewline & _
"<head>" & vbNewline & _
"<title>" & GetNewTitle(strScriptName) & "</title>" & vbNewline
'## START - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<meta name=""copyright"" content=""This Forum code is Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen, Huw Reddick and Richard Kinser, Non-Forum Related code is Copyright (C) " & strCopyright & """>" & vbNewline
'## END - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<script language=""JavaScript"" type=""text/javascript"">" & vbNewLine & _
"<!-- hide from JavaScript-challenged browsers" & vbNewLine & _
"function openWindow(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=400')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow2(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=450')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow3(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=450,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow4(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=525')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow5(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=450,height=525,scrollbars=yes,toolbars=yes,menubar=yes,resizable=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow6(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=500,height=450,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindowHelp(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=470,height=200,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"// done hiding -->" & vbNewLine & _
"</script>" & vbNewLine & _
"<style type=""text/css"">" & vbNewLine & _
"<!--" & vbNewLine & _
"a:link {color:" & strLinkColor & ";text-decoration:" & strLinkTextDecoration & "}" & vbNewLine & _
"a:visited {color:" & strVisitedLinkColor & ";text-decoration:" & strVisitedTextDecoration & "}" & vbNewLine & _
"a:hover {color:" & strHoverFontColor & ";text-decoration:" & strHoverTextDecoration & "}" & vbNewLine & _
"a:active {color:" & strActiveLinkColor & ";text-decoration:" & strActiveTextDecoration & "}" & vbNewLine & _
".spnMessageText a:link {color:" & strForumLinkColor & ";text-decoration:" & strForumLinkTextDecoration & "}" & vbNewLine & _
".spnMessageText a:visited {color:" & strForumVisitedLinkColor & ";text-decoration:" & strForumVisitedTextDecoration & "}" & vbNewLine & _
".spnMessageText a:hover {color:" & strForumHoverFontColor & ";text-decoration:" & strForumHoverTextDecoration & "}" & vbNewLine & _
".spnMessageText a:active {color:" & strForumActiveLinkColor & ";text-decoration:" & strForumActiveTextDecoration & "}" & vbNewLine & _
".spnSearchHighlight {background-color:" & strSearchHiLiteColor & "}" & vbNewLine & _
"input.radio {background:" & strPopUpTableColor & ";color:#000000}" & vbNewLine & _
"-->" & vbNewLine & _
"</style>" & vbNewLine & _
"</head>" & vbNewLine & _
vbNewLine & _
"<body" & strTmpPageBGImageURL & " bgColor=""" & strPageBGColor & """ text=""" & strDefaultFontColor & """ link=""" & strLinkColor & """ aLink=""" & strActiveLinkColor & """ vLink=""" & strVisitedLinkColor & """>" & vbNewLine & _
"<a name=""top""></a>" & vbNewLine & _
vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""100%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td valign=""top"" width=""50%""><a href=""default.asp"" tabindex=""-1"">" & getCurrentIcon(strTitleImage & "||",strForumTitle,"") & "</a></td>" & vbNewLine & _
" <td align=""center"" valign=""top"" width=""50%"">" & vbNewLine & _
" <table border=""0"" cellPadding=""2"" cellSpacing=""0"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><b>" & strForumTitle & "</b></font></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine
call sForumNavigation()
Response.Write "</font></td>" & vbNewLine & _
" </tr>" & vbNewLine
select case Request.Form("Method_Type")
case "login"
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine
if strLoginStatus = 0 then
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Your username and/or password were incorrect.</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please either try again or register for an account.</font></p>" & vbNewLine
else
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged on successfully!</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine
end if
Response.Write "<meta http-equiv=""Refresh"" content=""2; URL=" & strReferer & """>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""" & strReferer & """>Back To Forum</font></a></p>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td>" & vbNewLine
WriteFooter
Response.End
case "logout"
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged out successfully!</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine & _
"<meta http-equiv=""Refresh"" content=""2; URL=default.asp"">" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""default.asp"">Back To Forum</font></a></p>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td>" & vbNewLine
WriteFooter
Response.End
end select
if (mlev = 0) then
if not(Instr(Request.ServerVariables("Path_Info"), "register.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "pop_profile.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "search.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "login.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "password.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "faq.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "post.asp") > 0) then
Response.Write " <form action=""" & Request.ServerVariables("URL") & """ method=""post"" id=""form1"" name=""form1"">" & vbNewLine & _
" <input type=""hidden"" name=""Method_Type"" value=""login"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center"">" & vbNewLine & _
" <table>" & vbNewLine & _
" <tr>" & vbNewLine
if (strAuthType = "db") then
Response.Write " <td><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><b>Username:</b></font><br />" & vbNewLine & _
" <input type=""text"" name=""Name"" size=""10"" maxLength=""25"" value=""""></td>" & vbNewLine & _
" <td><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><b>Password:</b></font><br />" & vbNewLine & _
" <input type=""password"" name=""Password"" size=""10"" maxLength=""25"" value=""""></td>" & vbNewLine & _
" <td valign=""bottom"">" & vbNewLine
if strGfxButtons = "1" then
Response.Write " <input src=""" & strImageUrl & "button_login.gif"" type=""image"" border=""0"" value=""Login"" id=""submit1"" name=""Login"">" & vbNewLine
else
Response.Write " <input type=""submit"" value=""Login"" id=""submit1"" name=""submit1"">" & vbNewLine
end if
Response.Write " </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td colspan=""3"" align=""left""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine & _
" <input type=""checkbox"" name=""SavePassWord"" value=""true"" tabindex=""-1"" CHECKED><b> Save Password</b></font></td>" & vbNewLine
else
if (strAuthType = "nt") then
Response.Write " <td><font face=""" & strDefaultFontFace & """ size=""1"" color=""" & strHiLiteFontColor & """>Please <a href=""register.asp"" tabindex=""-1"">register</a> to post in these Forums</font></td>" & vbNewLine
end if
end if
Response.Write " </tr>" & vbNewLine
if (lcase(strEmail) = "1") then
Response.Write " <tr>" & vbNewLine & _
" <td colspan=""3"" align=""left""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine & _
" <a href=""password.asp""" & dWStatus("Choose a new password if you have forgotten your current one...") & " tabindex=""-1"">Forgot your "
if strAuthType = "nt" then Response.Write("Admin ")
Response.Write "Password?</a>" & vbNewLine
if (lcase(strNoCookies) = "1") then
Response.Write " |" & vbNewLine & _
" <a href=""admin_home.asp""" & dWStatus("Access the Forum Admin Functions...") & " tabindex=""-1"">Admin Options</a>" & vbNewLine
end if
Response.Write " <br /><br /></font></td>" & vbNewLine & _
" </tr>" & vbNewLine
end if
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </form>" & vbNewLine
end if
else
Response.Write " <form action=""" & Request.ServerVariables("URL") & """ method=""post"" id=""form2"" name=""form2"">" & vbNewLine & _
" <input type=""hidden"" name=""Method_Type"" value=""logout"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center"">" & vbNewLine & _
" <table>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>You are logged on as<br />"
if strAuthType="nt" then
Response.Write "<b>" & Session(strCookieURL & "username") & " (" & Session(strCookieURL & "userid") & ")</b></font></td>" & vbNewLine & _
" <td> "
else
if strAuthType = "db" then
Response.Write "<b>" & profileLink(ChkString(strDBNTUserName, "display"),MemberID) & "</b></font></td>" & vbNewLine & _
" <td>"
if strGfxButtons = "1" then
Response.Write "<input src=""" & strImageUrl & "button_logout.gif"" type=""image"" border=""0"" value=""Logout"" id=""submit1"" name=""Logout"" tabindex=""-1"">"
else
Response.Write "<input type=""submit"" value=""Logout"" id=""submit1"" name=""submit1"" tabindex=""-1"">"
end if
end if
end if
Response.Write "</td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine
if (mlev = 4) or (lcase(strNoCookies) = "1") then
Response.Write " <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><a href=""admin_home.asp""" & dWStatus("Access the Forum Admin Functions...") & " tabindex=""-1"">Admin Options</a>"
if mLev = 4 and (strEmailVal = "1" and strRestrictReg = "1" and strEmail = "1" and User_Count > 0) then Response.Write(" | <a href=""admin_accounts_pending.asp""" & dWStatus("(" & User_Count & ") Member(s) awaiting approval") & " tabindex=""-1"">(" & User_Count & ") Member(s) awaiting approval</a>")
Response.Write "<br /><br /></font></td>" & vbNewLine & _
" </tr>" & vbNewLine
end if
Response.Write " </form>" & vbNewLine
end if
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine
'########### GROUP Categories ########### %>
<!--#INCLUDE FILE="inc_groupjump_to.asp" -->
<% '######## GROUP Categories ##############
Response.Write " <tr>" & vbNewLine & _
" <td>" & vbNewLine
sub sForumNavigation()
' DEM --> Added code to show the subscription line
if strSubscription > 0 and strEmail = "1" then
if mlev > 0 then
strSql = "SELECT COUNT(*) AS MySubCount FROM " & strTablePrefix & "SUBSCRIPTIONS"
strSql = strSql & " WHERE MEMBER_ID = " & MemberID
set rsCount = my_Conn.Execute (strSql)
if rsCount.BOF or rsCount.EOF then
' No Subscriptions found, do nothing
MySubCount = 0
rsCount.Close
set rsCount = nothing
else
MySubCount = rsCount("MySubCount")
rsCount.Close
set rsCount = nothing
end if
if mLev = 4 then
strSql = "SELECT COUNT(*) AS SubCount FROM " & strTablePrefix & "SUBSCRIPTIONS"
set rsCount = my_Conn.Execute (strSql)
if rsCount.BOF or rsCount.EOF then
' No Subscriptions found, do nothing
SubCount = 0
rsCount.Close
set rsCount = nothing
else
SubCount = rsCount("SubCount")
rsCount.Close
set rsCount = nothing
end if
end if
else
SubCount = 0
MySubCount = 0
end if
else
SubCount = 0
MySubCount = 0
end if
Response.Write " <a href=""" & strHomeURL & """" & dWStatus("Homepage") & " tabindex=""-1""><acronym title=""Homepage"">Home</acronym></a>" & vbNewline & _
" |" & vbNewline
if strUseExtendedProfile then
Response.Write " <a href=""pop_profile.asp?mode=Edit""" & dWStatus("Edit your personal profile...") & " tabindex=""-1""><acronym title=""Edit your personal profile..."">Profile</acronym></a>" & vbNewline
else
Response.Write " <a href=""javascript:openWindow3('pop_profile.asp?mode=Edit')""" & dWStatus("Edit your personal profile...") & " tabindex=""-1""><acronym title=""Edit your personal profile..."">Profile</acronym></a>" & vbNewline
end if
if strAutoLogon <> "1" then
if strProhibitNewMembers <> "1" then
Response.Write " |" & vbNewline & _
" <a href=""register.asp""" & dWStatus("Register to post to our forum...") & " tabindex=""-1""><acronym title=""Register to post to our forum..."">Register</acronym></a>" & vbNewline
end if
end if
Response.Write " |" & vbNewline & _
" <a href=""active.asp""" & dWStatus("See what topics have been active since your last visit...") & " tabindex=""-1""><acronym title=""See what topics have been active since your last visit..."">Active Topics</acronym></a>" & vbNewline
' DEM --> Start of code added to show subscriptions if they exist
if (strSubscription > 0) then
if mlev = 4 and SubCount > 0 then
Response.Write " |" & vbNewline & _
" <a href=""subscription_list.asp?MODE=all""" & dWStatus("See all current subscriptions") & " tabindex=""-1""><acronym title=""See all current subscriptions"">All Subscriptions</acronym></a>" & vbNewline
end if
if MySubCount > 0 then
Response.Write " |" & vbNewline & _
" <a href=""subscription_list.asp""" & dWStatus("See all of your subscriptions") & " tabindex=""-1""><acronym title=""See all of your subscriptions"">My Subscriptions</acronym></a>" & vbNewline
end if
end if
' DEM --> End of Code added to show subscriptions if they exist
Response.Write " |" & vbNewline & _
" <a href=""members.asp""" & dWStatus("Current members of these forums...") & " tabindex=""-1""><acronym title=""Current members of these forums..."">Members</acronym></a>" & vbNewline & _
" |" & vbNewline & _
" <a href=""search.asp"
if Request.QueryString("FORUM_ID") <> "" then Response.Write("?FORUM_ID=" & cLng(Request.QueryString("FORUM_ID")))
Response.Write """" & dWStatus("Perform a search by keyword, date, and/or name...") & " tabindex=""-1""><acronym title=""Perform a search by keyword, date, and/or name..."">Search</acronym></a>" & vbNewline & _
" |" & vbNewline & _
" <a href=""faq.asp""" & dWStatus("Answers to Frequently Asked Questions...") & " tabindex=""-1""><acronym title=""Answers to Frequently Asked Questions..."">FAQ</acronym></a>"
'########### STATs LINK ###########
if mLev = 3 then
Response.Write " |" & vbNewline & _
" <a href=""member_stats.asp""" & dWStatus("Site Statistics") & " tabindex=""-1"">Site Statistics</a>" & vbNewLine
end if
'########### STATs LINK ###########
end sub
if strGroupCategories = "1" then
if Session(strCookieURL & "GROUP_NAME") = "" then
GROUPNAME = " Default Groups "
else
GROUPNAME = Session(strCookieURL & "GROUP_NAME")
end if
'Forum_SQL - Get Groups
strSql = "SELECT GROUP_ID, GROUP_CATID "
strSql = strSql & " FROM " & strTablePrefix & "GROUPS "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rsgroups = Server.CreateObject("ADODB.Recordset")
rsgroups.Open strSql, my_Conn, adOpenForwardOnly, adLockReadOnly, adCmdText
if rsgroups.EOF then
recGroupCatCount = ""
else
allGroupCatData = rsgroups.GetRows(adGetRowsRest)
recGroupCatCount = UBound(allGroupCatData, 2)
end if
rsgroups.Close
set rsgroups = nothing
end if
%>
Podge
26 August 2009, 09:53
26 August 2009, 09:53
You should use scrollcode tags if posting large amounts of code (I would've edited your post but I don't have permission).
What is the unsecure url to your forum? i.e. over http:// not https://
What is the unsecure url to your forum? i.e. over http:// not https://
Dave Goldman
26 August 2009, 10:46
http://www.TheGunnersAcademy.com/Forum. Right now it is only accepting ssl, however I can turn that off if needed..
26 August 2009, 10:46
Originally posted by Podge
You should use scrollcode tags if posting large amounts of code (I would've edited your post but I don't have permission).
What is the unsecure url to your forum? i.e. over http:// not https://
http://www.TheGunnersAcademy.com/Forum. Right now it is only accepting ssl, however I can turn that off if needed..
Podge
26 August 2009, 11:29
26 August 2009, 11:29
You will need to be able to access the forum via http:// and https://
i.e. these both work
http://www.thegunnersacademy.com/
https://www.thegunnersacademy.com/
Can you set it up so that the forum is accessible via both these urls?
http://www.thegunnersacademy.com/Forum/default.asp
https://www.thegunnersacademy.com/Forum/default.asp
i.e. these both work
http://www.thegunnersacademy.com/
https://www.thegunnersacademy.com/
Can you set it up so that the forum is accessible via both these urls?
http://www.thegunnersacademy.com/Forum/default.asp
https://www.thegunnersacademy.com/Forum/default.asp
Dave Goldman
26 August 2009, 11:54
26 August 2009, 11:54
ok, i have disabled ssl for the main forum. I also was able to enable ssl for the register page. So now the site is accessable via both links. Now i just need to secure the login information.
Also, can you please tell me what the div tags are so i can modify that post?
Thanks
Also, can you please tell me what the div tags are so i can modify that post?
Thanks
HuwR
26 August 2009, 13:06
I think you mean the [scrollcode][/scrollcode] tags
26 August 2009, 13:06
Also, can you please tell me what the div tags are so i can modify that post?
I think you mean the [scrollcode][/scrollcode] tags
Dave Goldman
26 August 2009, 14:56
26 August 2009, 14:56
Sweet, thank you very much HuwR. That did the trick!
Dave Goldman
26 August 2009, 15:23
26 August 2009, 15:23
Ok, Podge, better yet. I have found a way to redirect everything. Is there a way I can just easily remove the username and password boxes from the inc_header.asp and put an a href to redirect to the login.asp page which is using ssl? If i can get this working, I am set!
TIA
TIA
Podge
26 August 2009, 19:13
26 August 2009, 19:13
You don't want to remove the username/password boxes. I'll have an inc_header.asp that will do the job for you soon. Its a simple change now that you can access the forum via ssl or not.
Podge
26 August 2009, 19:36
26 August 2009, 19:36
Change line 337 of a default inc_header.asp from
to
This is a stock v3.4.07 inc_header.asp with the change
I cannot fully test it locally without an SSL cert. All it really does is redirect the login form to a secure connection. The javascript redirect (after a successful or unsuccessful login) should redirect back to an unsecure page where the user is logged in. Let me know if you have any problems with it.
Code:
Response.Write " <form action=""" & Request.ServerVariables("URL") & """ method=""post"" id=""form1"" name=""form1"">" & vbNewLine & _to
Code:
Response.Write " <form action=""https://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL") & """ method=""post"" id=""form1"" name=""form1"">" & vbNewLine & _This is a stock v3.4.07 inc_header.asp with the change
Code:
<%
'#################################################################################
'## Snitz Forums 2000 v3.4.07
'#################################################################################
'## Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen,
'## Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################
%>
<!--#INCLUDE FILE="inc_func_common.asp" -->
<%
if strShowTimer = "1" then
'### start of timer code
Dim StopWatch(19)
sub StartTimer(x)
StopWatch(x) = timer
end sub
function StopTimer(x)
EndTime = Timer
'Watch for the midnight wraparound...
if EndTime < StopWatch(x) then
EndTime = EndTime + (86400)
end if
StopTimer = EndTime - StopWatch(x)
end function
StartTimer 1
'### end of timer code
end if
strArchiveTablePrefix = strTablePrefix & "A_"
strScriptName = request.servervariables("script_name")
strReferer = chkString(request.servervariables("HTTP_REFERER"),"refer")
if Application(strCookieURL & "down") then
if not Instr(strScriptName,"admin_") > 0 then
Response.redirect("down.asp")
end if
end if
if strPageBGImageURL = "" then
strTmpPageBGImageURL = ""
elseif Instr(strPageBGImageURL,"/") > 0 or Instr(strPageBGImageURL,"\") > 0 then
strTmpPageBGImageURL = " background=""" & strPageBGImageURL & """"
else
strTmpPageBGImageURL = " background=""" & strImageUrl & strPageBGImageURL & """"
end if
If strDBType = "" then
Response.Write "<html>" & vbNewLine & _
"<head>" & vbNewline & _
"<title>" & strForumTitle & "</title>" & vbNewline
'## START - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<meta name=""copyright"" content=""This Forum code is Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen, Huw Reddick and Richard Kinser, Non-Forum Related code is Copyright (C) " & strCopyright & """>" & vbNewline
'## END - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "</head>" & vbNewLine & _
"<body" & strTmpPageBGImageURL & " bgColor=""" & strPageBGColor & """ text=""" & strDefaultFontColor & """ link=""" & strLinkColor & """ aLink=""" & strActiveLinkColor & """ vLink=""" & strVisitedLinkColor & """>" & vbNewLine & _
"<table border=""0"" cellspacing=""0"" cellpadding=""5"" width=""50%"" height=""40%"" align=""center"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td bgColor=""#9FAFDF"" align=""center""><p><font face=""Verdana, Arial, Helvetica"" size=""2"">" & _
"<b>There has been a problem...</b><br /><br />" & _
"Your <b>strDBType</b> is not set, please edit your <b>config.asp</b><br />to reflect your database type." & _
"</font></p></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""Verdana, Arial, Helvetica"" size=""2"">" & _
"<a href=""default.asp"" target=""_top"">Click here to retry.</a></font></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"</body>" & vbNewLine & _
"</html>" & vbNewLine
Response.End
end if
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open strConnString
if (strAuthType = "nt") then
call NTauthenticate()
if (ChkAccountReg() = "1") then
call NTUser()
end if
end if
if strGroupCategories = "1" then
if Request.QueryString("Group") = "" then
if Request.Cookies(strCookieURL & "GROUP") = "" Then
Group = 2
else
Group = cLng(Request.Cookies(strCookieURL & "GROUP"))
end if
else
Group = cLng(Request.QueryString("Group"))
end if
'set default
Session(strCookieURL & "GROUP_ICON") = "icon_group_categories.gif"
Session(strCookieURL & "GROUP_IMAGE") = strTitleImage
'Forum_SQL - Group exists ?
strSql = "SELECT GROUP_ID, GROUP_NAME, GROUP_ICON, GROUP_IMAGE "
strSql = strSql & " FROM " & strTablePrefix & "GROUP_NAMES "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rs2 = my_Conn.Execute (strSql)
if rs2.EOF or rs2.BOF then
Group = 2
strSql = "SELECT GROUP_ID, GROUP_NAME, GROUP_ICON, GROUP_IMAGE "
strSql = strSql & " FROM " & strTablePrefix & "GROUP_NAMES "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rs2 = my_Conn.Execute (strSql)
end if
Session(strCookieURL & "GROUP_NAME") = rs2("GROUP_NAME")
if instr(rs2("GROUP_ICON"), ".") then
Session(strCookieURL & "GROUP_ICON") = rs2("GROUP_ICON")
end if
if instr(rs2("GROUP_IMAGE"), ".") then
Session(strCookieURL & "GROUP_IMAGE") = rs2("GROUP_IMAGE")
end if
rs2.Close
set rs2 = nothing
Response.Cookies(strCookieURL & "GROUP") = Group
Response.Cookies(strCookieURL & "GROUP").Expires = dateAdd("d", intCookieDuration, strForumTimeAdjust)
if Session(strCookieURL & "GROUP_IMAGE") <> "" then
strTitleImage = Session(strCookieURL & "GROUP_IMAGE")
end if
end if
strDBNTUserName = Request.Cookies(strUniqueID & "User")("Name")
strDBNTFUserName = trim(chkString(Request.Form("Name"),"SQLString"))
if strDBNTFUserName = "" then strDBNTFUserName = trim(chkString(Request.Form("User"),"SQLString"))
if strAuthType = "nt" then
strDBNTUserName = Session(strCookieURL & "userID")
strDBNTFUserName = Session(strCookieURL & "userID")
end if
if strRequireReg = "1" and strDBNTUserName = "" then
if not Instr(strScriptName,"register.asp") > 0 and _
not Instr(strScriptName,"password.asp") > 0 and _
not Instr(strScriptName,"faq.asp") > 0 and _
not Instr(strScriptName,"login.asp") > 0 then
scriptname = split(request.servervariables("SCRIPT_NAME"),"/")
if Request.QueryString <> "" then
Response.Redirect("login.asp?target=" & lcase(scriptname(ubound(scriptname))) & "?" & Request.QueryString)
else
Response.Redirect("login.asp?target=" & lcase(scriptname(ubound(scriptname))))
end if
end if
end if
select case Request.Form("Method_Type")
case "login"
strEncodedPassword = sha256("" & Request.Form("Password"))
select case chkUser(strDBNTFUserName, strEncodedPassword,-1)
case 1, 2, 3, 4
Call DoCookies(Request.Form("SavePassword"))
strLoginStatus = 1
case else
strLoginStatus = 0
end select
case "logout"
Call ClearCookies()
end select
if trim(strDBNTUserName) <> "" and trim(Request.Cookies(strUniqueID & "User")("Pword")) <> "" then
chkCookie = 1
mLev = cLng(chkUser(strDBNTUserName, Request.Cookies(strUniqueID & "User")("Pword"),-1))
chkCookie = 0
else
MemberID = -1
mLev = 0
end if
if mLev = 4 and strEmailVal = "1" and strRestrictReg = "1" and strEmail = "1" then
'## Forum_SQL - Get membercount from DB
strSql = "SELECT COUNT(MEMBER_ID) AS U_COUNT FROM " & strMemberTablePrefix & "MEMBERS_PENDING WHERE M_APPROVE = " & 0
set rs = Server.CreateObject("ADODB.Recordset")
rs.open strSql, my_Conn
if not rs.EOF then
User_Count = cLng(rs("U_COUNT"))
else
User_Count = 0
end if
rs.close
set rs = nothing
end if
Response.Write "<html>" & vbNewline & vbNewline & _
"<head>" & vbNewline & _
"<title>" & GetNewTitle(strScriptName) & "</title>" & vbNewline
'## START - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<meta name=""copyright"" content=""This Forum code is Copyright (C) 2000-09 Michael Anderson, Pierre Gorissen, Huw Reddick and Richard Kinser, Non-Forum Related code is Copyright (C) " & strCopyright & """>" & vbNewline
'## END - REMOVAL, MODIFICATION OR CIRCUMVENTING THIS CODE WILL VIOLATE THE SNITZ FORUMS 2000 LICENSE AGREEMENT
Response.Write "<script language=""JavaScript"" type=""text/javascript"">" & vbNewLine & _
"<!-- hide from JavaScript-challenged browsers" & vbNewLine & _
"function openWindow(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=400')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow2(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=450')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow3(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=450,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow4(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=400,height=525')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow5(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=450,height=525,scrollbars=yes,toolbars=yes,menubar=yes,resizable=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindow6(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=500,height=450,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"function openWindowHelp(url) {" & vbNewLine & _
" popupWin = window.open(url,'new_page','width=470,height=200,scrollbars=yes')" & vbNewLine & _
"}" & vbNewLine & _
"// done hiding -->" & vbNewLine & _
"</script>" & vbNewLine & _
"<style type=""text/css"">" & vbNewLine & _
"<!--" & vbNewLine & _
"a:link {color:" & strLinkColor & ";text-decoration:" & strLinkTextDecoration & "}" & vbNewLine & _
"a:visited {color:" & strVisitedLinkColor & ";text-decoration:" & strVisitedTextDecoration & "}" & vbNewLine & _
"a:hover {color:" & strHoverFontColor & ";text-decoration:" & strHoverTextDecoration & "}" & vbNewLine & _
"a:active {color:" & strActiveLinkColor & ";text-decoration:" & strActiveTextDecoration & "}" & vbNewLine & _
".spnMessageText a:link {color:" & strForumLinkColor & ";text-decoration:" & strForumLinkTextDecoration & "}" & vbNewLine & _
".spnMessageText a:visited {color:" & strForumVisitedLinkColor & ";text-decoration:" & strForumVisitedTextDecoration & "}" & vbNewLine & _
".spnMessageText a:hover {color:" & strForumHoverFontColor & ";text-decoration:" & strForumHoverTextDecoration & "}" & vbNewLine & _
".spnMessageText a:active {color:" & strForumActiveLinkColor & ";text-decoration:" & strForumActiveTextDecoration & "}" & vbNewLine & _
".spnSearchHighlight {background-color:" & strSearchHiLiteColor & "}" & vbNewLine & _
"input.radio {background:" & strPopUpTableColor & ";color:#000000}" & vbNewLine & _
"-->" & vbNewLine & _
"</style>" & vbNewLine & _
"</head>" & vbNewLine & _
vbNewLine & _
"<body" & strTmpPageBGImageURL & " bgColor=""" & strPageBGColor & """ text=""" & strDefaultFontColor & """ link=""" & strLinkColor & """ aLink=""" & strActiveLinkColor & """ vLink=""" & strVisitedLinkColor & """>" & vbNewLine & _
"<a name=""top""></a>" & vbNewLine & _
vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""100%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td valign=""top"" width=""50%""><a href=""default.asp"" tabindex=""-1"">" & getCurrentIcon(strTitleImage & "||",strForumTitle,"") & "</a></td>" & vbNewLine & _
" <td align=""center"" valign=""top"" width=""50%"">" & vbNewLine & _
" <table border=""0"" cellPadding=""2"" cellSpacing=""0"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><b>" & strForumTitle & "</b></font></td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine
call sForumNavigation()
Response.Write "</font></td>" & vbNewLine & _
" </tr>" & vbNewLine
select case Request.Form("Method_Type")
case "login"
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine
if strLoginStatus = 0 then
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Your username and/or password were incorrect.</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Please either try again or register for an account.</font></p>" & vbNewLine
else
Response.Write "<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged on successfully!</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine
end if
Response.Write "<meta http-equiv=""Refresh"" content=""2; URL=" & strReferer & """>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""" & strReferer & """>Back To Forum</font></a></p>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td>" & vbNewLine
WriteFooter
Response.End
case "logout"
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>You logged out successfully!</font></p>" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """>Thank you for your participation.</font></p>" & vbNewLine & _
"<meta http-equiv=""Refresh"" content=""2; URL=default.asp"">" & vbNewLine & _
"<p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """><a href=""default.asp"">Back To Forum</font></a></p>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td>" & vbNewLine
WriteFooter
Response.End
end select
if (mlev = 0) then
if not(Instr(Request.ServerVariables("Path_Info"), "register.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "pop_profile.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "search.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "login.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "password.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "faq.asp") > 0) and _
not(Instr(Request.ServerVariables("Path_Info"), "post.asp") > 0) then
Response.Write " <form action=""http://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL") & """ method=""post"" id=""form1"" name=""form1"">" & vbNewLine & _
" <input type=""hidden"" name=""Method_Type"" value=""login"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center"">" & vbNewLine & _
" <table>" & vbNewLine & _
" <tr>" & vbNewLine
if (strAuthType = "db") then
Response.Write " <td><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><b>Username:</b></font><br />" & vbNewLine & _
" <input type=""text"" name=""Name"" size=""10"" maxLength=""25"" value=""""></td>" & vbNewLine & _
" <td><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><b>Password:</b></font><br />" & vbNewLine & _
" <input type=""password"" name=""Password"" size=""10"" maxLength=""25"" value=""""></td>" & vbNewLine & _
" <td valign=""bottom"">" & vbNewLine
if strGfxButtons = "1" then
Response.Write " <input src=""" & strImageUrl & "button_login.gif"" type=""image"" border=""0"" value=""Login"" id=""submit1"" name=""Login"">" & vbNewLine
else
Response.Write " <input type=""submit"" value=""Login"" id=""submit1"" name=""submit1"">" & vbNewLine
end if
Response.Write " </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td colspan=""3"" align=""left""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine & _
" <input type=""checkbox"" name=""SavePassWord"" value=""true"" tabindex=""-1"" CHECKED><b> Save Password</b></font></td>" & vbNewLine
else
if (strAuthType = "nt") then
Response.Write " <td><font face=""" & strDefaultFontFace & """ size=""1"" color=""" & strHiLiteFontColor & """>Please <a href=""register.asp"" tabindex=""-1"">register</a> to post in these Forums</font></td>" & vbNewLine
end if
end if
Response.Write " </tr>" & vbNewLine
if (lcase(strEmail) = "1") then
Response.Write " <tr>" & vbNewLine & _
" <td colspan=""3"" align=""left""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>" & vbNewLine & _
" <a href=""password.asp""" & dWStatus("Choose a new password if you have forgotten your current one...") & " tabindex=""-1"">Forgot your "
if strAuthType = "nt" then Response.Write("Admin ")
Response.Write "Password?</a>" & vbNewLine
if (lcase(strNoCookies) = "1") then
Response.Write " |" & vbNewLine & _
" <a href=""admin_home.asp""" & dWStatus("Access the Forum Admin Functions...") & " tabindex=""-1"">Admin Options</a>" & vbNewLine
end if
Response.Write " <br /><br /></font></td>" & vbNewLine & _
" </tr>" & vbNewLine
end if
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </form>" & vbNewLine
end if
else
Response.Write " <form action=""" & Request.ServerVariables("URL") & """ method=""post"" id=""form2"" name=""form2"">" & vbNewLine & _
" <input type=""hidden"" name=""Method_Type"" value=""logout"">" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center"">" & vbNewLine & _
" <table>" & vbNewLine & _
" <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """>You are logged on as<br />"
if strAuthType="nt" then
Response.Write "<b>" & Session(strCookieURL & "username") & " (" & Session(strCookieURL & "userid") & ")</b></font></td>" & vbNewLine & _
" <td> "
else
if strAuthType = "db" then
Response.Write "<b>" & profileLink(ChkString(strDBNTUserName, "display"),MemberID) & "</b></font></td>" & vbNewLine & _
" <td>"
if strGfxButtons = "1" then
Response.Write "<input src=""" & strImageUrl & "button_logout.gif"" type=""image"" border=""0"" value=""Logout"" id=""submit1"" name=""Logout"" tabindex=""-1"">"
else
Response.Write "<input type=""submit"" value=""Logout"" id=""submit1"" name=""submit1"" tabindex=""-1"">"
end if
end if
end if
Response.Write "</td>" & vbNewLine & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine
if (mlev = 4) or (lcase(strNoCookies) = "1") then
Response.Write " <tr>" & vbNewLine & _
" <td align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strFooterFontSize & """><a href=""admin_home.asp""" & dWStatus("Access the Forum Admin Functions...") & " tabindex=""-1"">Admin Options</a>"
if mLev = 4 and (strEmailVal = "1" and strRestrictReg = "1" and strEmail = "1" and User_Count > 0) then Response.Write(" | <a href=""admin_accounts_pending.asp""" & dWStatus("(" & User_Count & ") Member(s) awaiting approval") & " tabindex=""-1"">(" & User_Count & ") Member(s) awaiting approval</a>")
Response.Write "<br /><br /></font></td>" & vbNewLine & _
" </tr>" & vbNewLine
end if
Response.Write " </form>" & vbNewLine
end if
Response.Write " </table>" & vbNewLine & _
" </td>" & vbNewLine & _
" </tr>" & vbNewLine & _
"</table>" & vbNewLine & _
"<table align=""center"" border=""0"" cellPadding=""0"" cellSpacing=""0"" width=""95%"">" & vbNewLine
'########### GROUP Categories ########### %>
<!--#INCLUDE FILE="inc_groupjump_to.asp" -->
<% '######## GROUP Categories ##############
Response.Write " <tr>" & vbNewLine & _
" <td>" & vbNewLine
sub sForumNavigation()
' DEM --> Added code to show the subscription line
if strSubscription > 0 and strEmail = "1" then
if mlev > 0 then
strSql = "SELECT COUNT(*) AS MySubCount FROM " & strTablePrefix & "SUBSCRIPTIONS"
strSql = strSql & " WHERE MEMBER_ID = " & MemberID
set rsCount = my_Conn.Execute (strSql)
if rsCount.BOF or rsCount.EOF then
' No Subscriptions found, do nothing
MySubCount = 0
rsCount.Close
set rsCount = nothing
else
MySubCount = rsCount("MySubCount")
rsCount.Close
set rsCount = nothing
end if
if mLev = 4 then
strSql = "SELECT COUNT(*) AS SubCount FROM " & strTablePrefix & "SUBSCRIPTIONS"
set rsCount = my_Conn.Execute (strSql)
if rsCount.BOF or rsCount.EOF then
' No Subscriptions found, do nothing
SubCount = 0
rsCount.Close
set rsCount = nothing
else
SubCount = rsCount("SubCount")
rsCount.Close
set rsCount = nothing
end if
end if
else
SubCount = 0
MySubCount = 0
end if
else
SubCount = 0
MySubCount = 0
end if
Response.Write " <a href=""" & strHomeURL & """" & dWStatus("Homepage") & " tabindex=""-1""><acronym title=""Homepage"">Home</acronym></a>" & vbNewline & _
" |" & vbNewline
if strUseExtendedProfile then
Response.Write " <a href=""pop_profile.asp?mode=Edit""" & dWStatus("Edit your personal profile...") & " tabindex=""-1""><acronym title=""Edit your personal profile..."">Profile</acronym></a>" & vbNewline
else
Response.Write " <a href=""javascript:openWindow3('pop_profile.asp?mode=Edit')""" & dWStatus("Edit your personal profile...") & " tabindex=""-1""><acronym title=""Edit your personal profile..."">Profile</acronym></a>" & vbNewline
end if
if strAutoLogon <> "1" then
if strProhibitNewMembers <> "1" then
Response.Write " |" & vbNewline & _
" <a href=""register.asp""" & dWStatus("Register to post to our forum...") & " tabindex=""-1""><acronym title=""Register to post to our forum..."">Register</acronym></a>" & vbNewline
end if
end if
Response.Write " |" & vbNewline & _
" <a href=""active.asp""" & dWStatus("See what topics have been active since your last visit...") & " tabindex=""-1""><acronym title=""See what topics have been active since your last visit..."">Active Topics</acronym></a>" & vbNewline
' DEM --> Start of code added to show subscriptions if they exist
if (strSubscription > 0) then
if mlev = 4 and SubCount > 0 then
Response.Write " |" & vbNewline & _
" <a href=""subscription_list.asp?MODE=all""" & dWStatus("See all current subscriptions") & " tabindex=""-1""><acronym title=""See all current subscriptions"">All Subscriptions</acronym></a>" & vbNewline
end if
if MySubCount > 0 then
Response.Write " |" & vbNewline & _
" <a href=""subscription_list.asp""" & dWStatus("See all of your subscriptions") & " tabindex=""-1""><acronym title=""See all of your subscriptions"">My Subscriptions</acronym></a>" & vbNewline
end if
end if
' DEM --> End of Code added to show subscriptions if they exist
Response.Write " |" & vbNewline & _
" <a href=""members.asp""" & dWStatus("Current members of these forums...") & " tabindex=""-1""><acronym title=""Current members of these forums..."">Members</acronym></a>" & vbNewline & _
" |" & vbNewline & _
" <a href=""search.asp"
if Request.QueryString("FORUM_ID") <> "" then Response.Write("?FORUM_ID=" & cLng(Request.QueryString("FORUM_ID")))
Response.Write """" & dWStatus("Perform a search by keyword, date, and/or name...") & " tabindex=""-1""><acronym title=""Perform a search by keyword, date, and/or name..."">Search</acronym></a>" & vbNewline & _
" |" & vbNewline & _
" <a href=""faq.asp""" & dWStatus("Answers to Frequently Asked Questions...") & " tabindex=""-1""><acronym title=""Answers to Frequently Asked Questions..."">FAQ</acronym></a>"
end sub
if strGroupCategories = "1" then
if Session(strCookieURL & "GROUP_NAME") = "" then
GROUPNAME = " Default Groups "
else
GROUPNAME = Session(strCookieURL & "GROUP_NAME")
end if
'Forum_SQL - Get Groups
strSql = "SELECT GROUP_ID, GROUP_CATID "
strSql = strSql & " FROM " & strTablePrefix & "GROUPS "
strSql = strSql & " WHERE GROUP_ID = " & Group
set rsgroups = Server.CreateObject("ADODB.Recordset")
rsgroups.Open strSql, my_Conn, adOpenForwardOnly, adLockReadOnly, adCmdText
if rsgroups.EOF then
recGroupCatCount = ""
else
allGroupCatData = rsgroups.GetRows(adGetRowsRest)
recGroupCatCount = UBound(allGroupCatData, 2)
end if
rsgroups.Close
set rsgroups = nothing
end if
%>I cannot fully test it locally without an SSL cert. All it really does is redirect the login form to a secure connection. The javascript redirect (after a successful or unsuccessful login) should redirect back to an unsecure page where the user is logged in. Let me know if you have any problems with it.
Shaggy
27 August 2009, 05:44
27 August 2009, 05:44
You'd also need to make similar changes in admin_login.asp, login.asp and pop_profile.asp.
Dave Goldman
27 August 2009, 09:34
27 August 2009, 09:34
All complete. I was able to change the inc_header file to add the redirects and now everytihng works perfectly!!! Thanks guys!!
Podge
27 August 2009, 10:01
27 August 2009, 10:01
Do you have a test login ?
I think you could make it easier on your users. For example, this page does not need to be viewed over a secure connection, the page the username and password are submitted to should be secure i.e. the next page.
What you have done will work fine but it just adds another step to the login process.
I think you could make it easier on your users. For example, this page does not need to be viewed over a secure connection, the page the username and password are submitted to should be secure i.e. the next page.
What you have done will work fine but it just adds another step to the login process.
Dave Goldman
27 August 2009, 10:43
27 August 2009, 10:43
I can do that, do you know what the other page is that needs to be secured? the whole idea is that I want to stop the password from being sniffed on the network. If you can enter the password in the input box as soon as you hit the logon button its on the wire. The only way to secure that is to have that page ssl enabled.
Podge
27 August 2009, 11:37
27 August 2009, 11:37
Not correct I'm afraid. This page has no sensitive information on it at all. When a user enters the username & password on that page they enter it into their browser. The username/password is only transmitted on a network when the user clicks "submit" or "login" and it is at this point that the username/password combination is transported to the destination in the <form action="whatever"> tag. As long as the destination is secured i.e. beginning with https:// then the browser will encrypt the username/password before transmission using the public key in your ssl cert and send it to the server which will decrypt the message using a private key.
Dave Goldman
27 August 2009, 12:25
27 August 2009, 12:25
Ok, cool. So let me ask you this. If I unsecure the login.asp page they users can enter there data which is what we want. What is the destination page that I have to secure so I can stop the transmit on the network, then redirect back to http. What I am trying to avoid is having the entire site ssl and then people putting images up there and getting the security popups, as well as trying to maintain security for logins.
Great reply btw!! and thanks!
Great reply btw!! and thanks!
Podge
28 August 2009, 06:46
28 August 2009, 06:46
Every page of the forum must be accessible via http:// or https:// and you just need the small code change above for it to work. If you want to prevent the security popups for mixed content you just need to include a check in topic.asp that redirects to an unsecure connection if it detects a secure one. Something like this (completely untested);
What you are doing now will work but it just adds an extra click for the user to login i.e. they cannot enter their username & password on any page, they must go to login.asp and there is no redirect back to an unsecure connection.
Code:
if instr (lcase(Request.ServerVariables("HTTP_HOST")), "https://") then response.redirect ("http://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL") & "?" & Request.ServerVariables("QUERY_STRING"))What you are doing now will work but it just adds an extra click for the user to login i.e. they cannot enter their username & password on any page, they must go to login.asp and there is no redirect back to an unsecure connection.
Dave Goldman
28 August 2009, 09:30
28 August 2009, 09:30
You Rock!! I will test this out and let you know how it works. Thank you so much!!
Podge
28 August 2009, 09:58
28 August 2009, 09:58
I'm not just a pretty face you know 
. Neither is Shaggy, he's right about the other login & profile pages but we should get this working first.
. Neither is Shaggy, he's right about the other login & profile pages but we should get this working first.