I've been researching this for a majority of the day and can't find the answer. I am relatively new to stackoverflow. Is there a certain etiquette for asking a number of questions (I've asked three in the last few days)?
Anyways,
Here is the code in a codebehind file. It executes a script systeminfo.vbs, and that is working fine. But in the script I have some variables assigned.
Dim WshShell = CreateObject("WScript.Shell")
WshShell.Run("wscript.exe c:\systeminfo.vbs")
vbscript
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colSettings
dim osName
osName = objOperatingSystem.Name
Wscript.Echo "OS Name: " & objOperatingSystem.Name
dim osVer
osVer = objOperatingSystem.Version
Wscript.Echo "Version: " & objOperatingSystem.Version
Wscript.Echo "Service Pack: " & _
objOperatingSystem.ServicePackMajorVersion _
& "." & objOperatingSystem.ServicePackMinorVersion
Wscript.Echo "OS Name: " & objOperatingSystem.SizeStoredInPagingFiles
Next
I want to use osName and osVer and put the values into a label on the ASP side.
I understand that osName and osVer are simple examples, but I just need to figure out the concept of putting variables from a VBScript into ASP. My client has multiple VBScripts they use on a daily basis and I need to automate those scripts and produce a report saying if it failed or not.
Thank you for the help.
David,
As a person new to Stack Overflow myself, I was happy to find this very comprehensive FAQ for Stack Exchange sites. See the 3rd question "Is there a limit on how many questions I can ask?" for an answer to your first inquiry.
Regarding the heart of your question, I agree with #Ramhound that using a log file to exchange information between your WSH/VBScript script and your ASP.NET page is a feasible approach.
What you need is the Scripting.FileSystemObject. Here is a comprehensive WSH reference as a downloadable Windows help file.
Hint: as the download page advises at the bottom, to unblock the help page, 1) Right click on script56.chm, 2) Choose Properties, and 3) Click on "Unblock."
You'll find an intro to FileSystemObject under the heading "Script Runtime."
One more suggestion: since you'll be running this script via ASP.NET in a multi-user environment, you may find you'll need to create a log file per user or per page access. If that is the case, you'll need to generate a temporary file name for each log file to avoid name collisions with other log files. To generate your temporary file, see GetTempName in the WSH reference.
I have legacy ASP classic website. If I dump all the application variables using
For Each item In Application.Contents
Response.Write item & " = " & Application(item)
Response.Write "<br>"
Next
They are all initialized but there is no global.asa file in this application.
Where else the initialization code might be?
just add this code in any .asp file and add this file as a top usercontrol in every page so you will get this variable on all pages
session is the other option , you can assign all variable in session and can access in any page (I do not recommend this.)
I'm having some trouble reading the ASP.NET cookie from a Classic ASP file. Here is the code i'm using:
First off, I have the ASP.NET site setup in IIS. I setup an Application in the ASP.NET site and directed it to another folder in inetpub. This Application is called '/classicasp' because its all classic asp inside that application.
In the .aspx file, it is executing this code:
Response.Cookies["testcookie"].Path = "/classicasp";
Response.Cookies["testcookie"].Value = "test";
In the .asp file, it is executing this code:
<%
for each cookie in Request.Cookies
Response.Write( cookie & "=" & Request.Cookies(cookie) & "Path:" &
"<br>")
next
%>
But the .asp page is empty, there are no results displayed on the page from this For Next statement.. Any help on why this is happening? I think i followed instructions and am doing this how its supposed to be, but i guess not..
try
dim x,y
for each x in Request.Cookies
response.write("<p>")
if Request.Cookies(x).HasKeys then
for each y in Request.Cookies(x)
response.write(x & ":" & y & "=" & Request.Cookies(x)(y))
response.write("<br />")
next
else
Response.Write(x & "=" & Request.Cookies(x) & "<br />")
end if
response.write "</p>"
next
I think this is what you are looking for:
Updating ASP cookie from ASP.NET (vice versa)
Is there any kind of online "quick" asp/vbscript test tool? It's a pain to load up a test page, put all the stuff in, when I just want to test some ASP VBScript.
Yes, they are called .vbs files. These files are plain text files with a .vbs extenstion. You can run them from the command line. There are some minor differences, just google vbs or WSCript.
One of the most annoying issues is you cannot use response.write instead you use WScript.Echo. This displays the result in a windows style popup messagebox. So, if you use it in a loop to display values, you will have to close the box once for each value that is displayed. Can be a pain. I just contcatonate the results and display one message.
For example save the below code as myloop.vbs
Dim strMsg
Dim i
strMsg = ""
for i = 1 to 10
strMsg = strMsg & CStr(i) & vbCrLf
next
WScript.Echo strMsg
Double-click on myloop.vbs and it runs.
This is a pretty cool way to test out a concept without having to create an asp page and load it on the server.
I realize this isn't a very good/correct answer, but I typically use VB6 (Visual Studio 6) as a quick interactive debuggable VBScript-equivalent testbed. Some syntax is different (CreateObject), and you need to add certain references to your "Default" testing project, but it does allow me to answer any question about type conversions etc within a few seconds (VB6 startup time + type/paste time + F5) rather than the few minutes it will take me to set up an ASP page, and even worse start up ASP debugging, which as of VS2008 and Windows 2003 is just a huge pain.
I have a site running Classic-ASP and on the login page I would like to delay the response to a failed login attempt (by like 10 seconds) to help prevent brute force attacks on accounts.
Quick google searches show some hacks using SQL server queries that seem hack-tastic.
Is there a good way to do this in classic asp?
I am not going to answer your specific question, as many have already done so, but there are far better ways of preventing brute force attacks.
For instance:
Why not lock a specific session or IP address out after say 5 (being generous here) failed login attempts? You could lock it out for say 10 minutes. You could even write a "401 Unauthorized" HTTP status and then simply end the response with Response.End.
In a similar fashion, but not even linked to failed logins, you could block requests for the login page more than X times in Y seconds for a specific IP, UserAgent and other client features - ensuring kind of a 'unique' client.
Ignore IP address (it is easily spoofed and can be a proxy server IP), and simply detect the automation of the login attempt. X number of failed logins within Y seconds for a specific username/email address, block it for that username for a set period of time, and end the response.
Just saying there are other options than putting unnecessary load on your server by locking some resources and waiting.
Obviously, doing this at the hardware layer - firewalls etc. would be the preferred option.
There is another approach, but keep in mind the aforementioned caveats about unessecarily consumed resources. Here is an approach though
Sub DelayResponse(numberOfseconds)
Dim WshShell
Set WshShell=Server.CreateObject("WScript.Shell")
WshShell.Run "waitfor /T " & numberOfSecond & "SignalThatWontHappen", , True
End Sub
There is the WScript.Sleep method for general purpose VBScript, however, this won't work in the context of ASP.
There are a number of other mechanisms you can use to achieve this, however, they're all effectively "workarounds" as there's no built-in way to cleanly cause an ASP page (running VBScript) to pause itself.
See here:
How do I make my ASP page pause or 'sleep'?
To specifically answer your question of:
Is there a good way to do this in
classic asp?
No. There's no good way to do this, and there's only the "hack-tastic" hacks that can be used, however they bring with them all sorts of side-effects and caveats. (See the last part of the "How do I make my ASP page pause or 'sleep'?" link for a specific memory eating, page faulting nasty side-effect.)
You can use :
<html>
<head>
<title>Sleep</title>
</head>
<body>
<%
function Sleep(seconds)
set oShell = CreateObject("Wscript.Shell")
cmd = "%COMSPEC% /c timeout " & seconds & " /nobreak"
oShell.Run cmd,0,1
End function
Sleep(5)
response.write("End")
%>
</body>
</html>
There is no simple way to do so in pure ASP.
Either SQL WAITFOR, or create simple ActiveX component in VB (or anything) that sleeps.
Note that this will increase load on the server. Sleeping requests keep memory and connections consumed for nothing.
<%
set shell = CreateObject("WScript.Shell")
t1 = timer()
sleep(5)
t2 = timer()
response.write "waited "& t2-t1 &" secs"
function sleep(seconds)
if seconds>=1 then shell.popup "pausing",seconds,"pause",64
end function
%>
Other approach to avoid brute force attacks without using IP restrictions is to offer a captcha after the second fail attempt for the same user. This is the way Google do it.
There is the Response.Buffer option that you can use to tell it to delay returning the response until the page has completed processing, so you could perhaps combine that with some kind of timeout in the script, but it would not be especially elegant especially as VBScript doesn't really offer you a way of asking threads to sleep so you can end up thrashing the CPU.
Maybe better to use a server-side session and javascript on the client, so the client delays the request and the server will only send the response after the expected delay is over. That should provide some server-side safeguards and be useable for users who aren't trying to mess around with your system...
I'm using this:
function sleep(scs)
Dim lo_wsh, ls_cmd
Set lo_wsh = CreateObject( "WScript.Shell" )
ls_cmd = "%COMSPEC% /c ping -n " & 1 + scs & " 127.0.0.1>nul"
lo_wsh.Run ls_cmd, 0, True
End Function
sleep(5) 'wait for 5 seconds
Bye :-)
For those using MySQL, you can do the following :
Sub SleepMysql(n)
'Define Query
Dim SqlStr : SqlStr = "DO SLEEP(" & n & ")"
'Run Query
Dim rsTemp : Set rsTemp = YourDatabaseConnection.Execute(SqlStr)
'Release resources
Set rsTemp = Nothing
End Sub 'SleepMysql
Of all of the ideas - I liked Dercsár's answer - here's my implementation of a wait that I found works well. - requires your application to have access to a SQL server:
<%
' ASP Script to example to wait
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open strConnString ' your connection to sql server here...
Response.write("Waiting for 15 seconds...." & now() & "<BR>")
Call subWaitTime("00:00:15")
' Wait 15 seconds
Response.write("ok - Done" & now() & "<BR>")
conn.close
set conn = nothing
'---- Utility sub to wait
Sub subWaitTime(sTime)
' Call subWaitTime with number of Hours:Minutes:Seconds to delay
sqlWaitTime = "WAITFOR DELAY " & fnSqlStr(sTime)
conn.Execute(sqlWaitTime) '
End Sub
%>
In response to the “delay the response” part of your question:
dim SecondsToWait : SecondsToWait = 4
dim StartTime : StartTime = Time()
Do Until
DateDiff("s", StartTime, Time(), 0, 0) > SecondsToWait
Loop
Pure Classic ASP without SQL and WScript Shell, but for debug delay purposes only. This is a snippet for testing (very helupful), but it does not address the “good way” part of your question
This answer for the sake of completeness and for people looking for (debug) delays. Failed login attempts should not be handled like this.
Another way you can delay asp response by using this code.
Sub MyDelay(NumberOfSeconds)
Dim DateTimeResume
DateTimeResume= DateAdd("s", NumberOfSeconds, Now())
Do Until (Now() > DateTimeResume)
Loop
End Sub
Call this function by using this code.
Call MyDelay(5)
Just redirect to a randomly named large image that takes the desired amount of seconds to load.