IPN is now disabled Need help deciphering the asp code - asp-classic

Paypal has been sending emails warning IPN is failing.
I've not made any changes to my code, and it is really old code.... has been working for 5+ years.... been so long that I've had to do anything on this site.
I searched the server logs for more information... this is what I found repeatedly
|35|80040e14|Syntax_error_(missing_operator)_in_query_expression_'OrderID='.
I checked the code on the ipn page of the site, and I'm stumped.
Nothing is changed but it stopped working
This is line 34 thru 36 of the code of the ipn page:
MM_Cmd.CommandText = "UPDATE Orders SET txn_id='" & txn_id & "',payment_status='" & payment_status & "' WHERE OrderID=" & Item_number
MM_Cmd.Execute
end function
UPDATE:
Here is the full code that shows Item_number:
<%
str = Request.Form & "&cmd=_notify-validate"
' post back to PayPal system to validate
set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
objHttp.open "POST", "https://www.paypal.com/cgi-bin/webscr", false
objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
objHttp.Send str
' assign posted variables to local variables
Item_number = Request("item_number")
Payment_status = Request("payment_status")
Txn_id = Request("txn_id")
if (objHttp.status <> 200 ) then
' HTTP error handling
elseif (objHttp.responseText = "VERIFIED") then
if Payment_status = "Completed" then 'only update database if the response text is verified and the payment complete
UpdateOrder
end if
elseif (objHttp.responseText = "INVALID") then
' log for manual investigation
else
' error
end if
set objHttp = nothing
function UpdateOrder
'on error resume next
Set MM_Cmd = Server.CreateObject("ADODB.Command")
MM_Cmd.ActiveConnection = MM_CharonCart_STRING
MM_Cmd.CommandText = "UPDATE Orders SET txn_id='" & txn_id & "',payment_status='" & payment_status & "' WHERE OrderID=" & Item_number
MM_Cmd.Execute
end function
%>

The problem is with your variable Item_number. There's a small chance that if you rewrite the end of your query as
... where OrderID=" & Cint(Item_number)
then you will solve your problem, however you probably need to look at the code which assigns a value to Item_number

Related

Classic ASP Paypal IPN Refund

Trying to troubleshoot some legacy Classic ASP Paypal IPN code. The legacy code works perfectly for Selling products. However, processing a REFUND from the Paypal account seems to be causing some issue for Paypal IPN. The IPN listener receives the Refund IPN message and processes the business logic correctly, marking the transaction Refunded. But, Paypal still marks the transaction IPN History as "Retrying" for some reason. Below is the sample code from GitHub that was used to create the IPN listener we're troubleshooting.
Does the post back to Paypal need to be different for Selling vs Refunding?
Any help is greatly appreciated. Cheers
<%#LANGUAGE="VBScript"%>
<%
Dim Item_name, Item_number, Payment_status, Payment_amount
Dim Txn_id, Receiver_email, Payer_email
Dim objHttp, str
' read post from PayPal system and add 'cmd'
str = Request.Form & "&cmd=_notify-validate"
' post back to PayPal system to validate
set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
' set objHttp = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0")
' set objHttp = Server.CreateObject("Microsoft.XMLHTTP")
objHttp.open "POST", "https://www.paypal.com/cgi-bin/webscr", false
objHttp.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
objHttp.Send str
' assign posted variables to local variables
Item_name = Request.Form("item_name")
Item_number = Request.Form("item_number")
Payment_status = Request.Form("payment_status")
Payment_amount = Request.Form("mc_gross")
Payment_currency = Request.Form("mc_currency")
Txn_id = Request.Form("txn_id")
Receiver_email = Request.Form("receiver_email")
Payer_email = Request.Form("payer_email")
' Check notification validation
if (objHttp.status <> 200 ) then
' HTTP error handling
elseif (objHttp.responseText = "VERIFIED") then
' check that Payment_status=Completed and other variables
Execute business process code, mark transaction Completed or Refunded from payment_status works successfully
elseif (objHttp.responseText = "INVALID") then
' log for manual investigation
else
' error
end if
set objHttp = nothing%>
The postback to PayPal does not influence whether an IPN is marked as successfully received. The postback step is for your own verification that the IPN is from PayPal.
For an IPN to be successfully received, the HTTP response status must be 200 OK.

GetCurrentUserName() is causing crash in MS Access 2010

I am running Windows 7 Professional. I have an MS Access frontend to an MS Access backend. The form that opens at the start of opening the frontend causes the app to crash.
Here is the code:
Private Sub Form_Open(Cancel As Integer)
Dim strMyDir As String
Dim intPos As Integer
Dim rst As dao.Recordset
Dim strSQL As String
Dim rstWhatsNew As dao.Recordset
DoCmd.ShowToolbar "Database", acToolbarNo
DoCmd.ShowToolbar "Toolbox", acToolbarNo
DoCmd.ShowToolbar "Form View", acToolbarNo
If Application.GetOption("ShowWindowsInTaskbar") = -1 Then
Application.SetOption "ShowWindowsInTaskbar", 0
End If
If DLookup("Locked", "luLockOut") <> 0 Then
MsgBox "Database is being worked on. Please try back in a couple minutes.", vbInformation, " "
DoCmd.Quit
Else
strSQL = "Select * From tblLastLogins Where UserName = '" & GetCurrentUserName() & "'"
This is where I have traced the error to: GetCurrentUserName()
Set rst = CurrentDb.OpenRecordset(strSQL)
With rst
If Not .EOF Then
.Edit
strSQL = "Select WhatsNewID From tblWhatsNew Where DateAdded >= #" & !LastLoginDate & "#"
Set rstWhatsNew = CurrentDb.OpenRecordset(strSQL)
While Not rstWhatsNew.EOF
DoCmd.OpenForm "frmWhatsNew", , , , , acDialog, rstWhatsNew!WhatsNewID
rstWhatsNew.MoveNext
Wend
rstWhatsNew.Close
Set rstWhatsNew = Nothing
Else
.AddNew
!UserName = GetCurrentUserName()
End If
!LastLoginDate = Now()
!IsLoggedIn = -1
Me.txtLastLoginID = !LastLoginID
.Update
.Close
End With
Set rst = Nothing
DoCmd.OpenForm "frmPrivacyNote"
Debug.Print Me.txtLastLoginID
End If
I need to track the username, so if GetCurrentUserName() is outdated, what is the current syntax?
Further follow up. I could not find data on Bing for GetCurrentUserName(), for good reason. It is a function within a MOD, so I need to figure out why the MOD is not getting called, or is malfunctioning.
After further delving, I found a Referenced MDB that has another function created by one of our users that is the cause of this error.
This is currently not an issue of MS Access working incorrectly. It is an issue with user created code.
GetCurrentUserName() is not defined by Access, so you should have looked at (and posted) its code.
If you are looking for the Windows user name, use this function:
Public Function GetUserName() As String
' GetUserName = Environ("USERNAME")
' Environ("USERNAME") is easily spoofed, see comment by HansUp
GetUserName = CreateObject("WScript.Network").UserName
End Function
Source
The link below would suggest that
CurrentUser()
is the function
CurrentUser()
Andre, thank you very much for the insight! I found this link:
http://www.codeproject.com/Articles/1422/Getting-User-Information-Using-WSH-and-VBScript
Dim objNet
On Error Resume Next
'In case we fail to create object then display our custom error
Set objNet = CreateObject("WScript.NetWork")
If Err.Number <> 0 Then 'If error occured then display notice
MsgBox "Don't be Shy." & vbCRLF &_
"Do not press ""No"" If your browser warns you."
Document.Location = "UserInfo.html"
'Place the Name of the document.
'It will display again
End If
Dim strInfo
strInfo = "User Name is " & objNet.UserName & vbCrLf & _
"Computer Name is " & objNet.ComputerName & vbCrLf & _
"Domain Name is " & objNet.UserDomain
MsgBox strInfo
Set objNet = Nothing 'Destroy the Object to free the Memory

Google reCAPTCHA Validation Issue (accepts anything including blank)

I'm attempting to implement Google's reCAPTCHA on a Classic ASP site and am attempting to follow the guidelines outline here:
https://developers.google.com/recaptcha/docs/asp
Following the instructions on that page, I've added this code to the top of the page that contains the form:
<%
recaptcha_challenge_field = Request("recaptcha_challenge_field")
recaptcha_response_field = Request("recaptcha_response_field")
recaptcha_public_key = "<font color=red>your_public_key</font>" ' your public key
recaptcha_private_key = "<font color=red>your_private_key</font>" ' your private key
' returns the HTML for the widget
function recaptcha_challenge_writer()
recaptcha_challenge_writer = _
"<script type=""text/javascript"">" & _
"var RecaptchaOptions = {" & _
" theme : 'red'," & _
" tabindex : 0" & _
"};" & _
"</script>" & _
"<script type=""text/javascript"" src=""http://www.google.com/recaptcha/api/challenge?k=" & recaptcha_public_key & """></script>" & _
"<noscript>" & _
"<iframe src=""http://www.google.com/recaptcha/api/noscript?k=" & recaptcha_public_key & """ frameborder=""1""></iframe><br>" & _
"<textarea name=""recaptcha_challenge_field"" rows=""3""cols=""40""></textarea>" & _
"<input type=""hidden"" name=""recaptcha_response_field""value=""manual_challenge"">" & _
"</noscript>"
end function
' returns "" if correct, otherwise it returns the error response
function recaptcha_confirm(rechallenge,reresponse)
Dim VarString
VarString = _
"privatekey=" & recaptcha_private_key & _
"&remoteip=" & Request.ServerVariables("REMOTE_ADDR") & _
"&challenge=" & rechallenge & _
"&response=" & reresponse
Dim objXmlHttp
Set objXmlHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
objXmlHttp.open "POST", "http://www.google.com/recaptcha/api/verify", False
objXmlHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXmlHttp.send VarString
Dim ResponseString
ResponseString = split(objXmlHttp.responseText, vblf)
Set objXmlHttp = Nothing
if ResponseString(0) = "true" then
'They answered correctly
recaptcha_confirm = ""
else
'They answered incorrectly
recaptcha_confirm = ResponseString(1)
end if
end function
server_response = ""
newCaptcha = True
if (recaptcha_challenge_field <> "" or recaptcha_response_field <> "") then
server_response = recaptcha_confirm(recaptcha_challenge_field, recaptcha_response_field)
newCaptcha = False
end if
%>
Also per that page, I've added this code to the form itself to generate the reCAPTCHA widget:
<% if server_response <> "" or newCaptcha then %>
<% if newCaptcha = False then %>
<!-- An error occurred -->
Wrong!
<% end if %>
<%=recaptcha_challenge_writer()%>
<% else %>
<!-- The solution was correct -->
Correct!
<%end if%>
I can get the CAPTCHA to display properly, but it isn't verifying - it will accept any answer including being left blank. I believe some of the code needs to be added to my script that actually handles the data, but am not sure which code or where to put it.
I've tried moving portions of the above code that appear to be for validation purposes to the script that processes the responses and generates an e-mail, but have had no luck there either.
The for page can be viewed here:
http://www.onlyproforma.com/mktimg/landingPage_ResultsFirst4_CAPTCHA.asp
I am aware there are other options, but I would like to get this one working if possible.
Any help is greatly appreciated.
I had a similar issue especially with the NEW reCAPTCHA tick functionality. If you look at the reCAPTCHA admin site which gives you your public and private (secret) keys, you'll see that the server side integration URL to verify, is different from the code above. In the code above, the verify URL is _http://www.google.com/recaptcha/api/verify whereas the verify URL supplied by the reCAPTCHA admin page is _https://www.google.com/recaptcha/api/siteverify. Very different.
Also, the parameters required are different. In the above code, there is a call for Request("recaptcha_challenge_field") and Request("recaptcha_response_field"). Yet the new reCAPTCHA verify only requires the response field. But even that has changed! It is now request.form("g-recaptcha-response").
Granted, the code that you are using above comes straight from Google themselves (https://developers.google.com/recaptcha/old/docs/asp). But it appears that this code is outdated, especially if you consider that it is filed in a directory called OLD.
So this is what worked for me!
Dim recaptcha_secret
recaptcha_secret = "your secret code"
Dim sendstring
sendstring = _
"https://www.google.com/recaptcha/api/siteverify?" & _
"secret=" & recaptcha_secret & _
"&response=" & request.form("g-recaptcha-response")
Set objXML = Server.CreateObject("MSXML2.ServerXMLHTTP")
objXML.Open "GET", sendstring , false
objXML.Send()
The code below reads the response from Google. The reply comes back as a JSON object, but I cannot read or process the JSON response on the server-side and I could not find an easy method.
So the workaround was to search for the string 'true'. If it returned TRUE (positive) then the reCAPTCHA was confirmed. If it does not return TRUE, then the response is essentially
FALSE and the reCAPTCHA was not submitted correctly.
It is ugly but it works:
if instr(objXML.responseText,"true") then
response.redirect "to an appropriate page"
else
response.redirect "to an appropriate page"
end if
Maybe there is a neater way to read the Google reply, but I have tested it and it works for me.
The full code then would look like this:
<%
Dim recaptcha_secret
recaptcha_secret = "your secret code"
Dim sendstring
sendstring = _
"https://www.google.com/recaptcha/api/siteverify?" & _
"secret=" & recaptcha_secret & _
"&response=" & request.form("g-recaptcha-response")
Set objXML = Server.CreateObject("MSXML2.ServerXMLHTTP")
objXML.Open "GET", sendstring , false
objXML.Send()
if instr(objXML.responseText,"true") then
response.redirect "to an appropriate page"
else
response.redirect "to an appropriate page"
end if
%>
The following code will go in the page where the form is posted. i.e. in your case L_Landing_actionJCR.asp
<% if server_response <> "" then %>
Wrong!
<% else %>
Correct!
<% else %>

Converting SMTP Mailer to CDOSYS in classic ASP for contact form

I am currently in the process of updating many test sites on an old server so that they won't break when the old server gets discontinued in the next couple months. The contact form for one site in particular is already broken. When a user clicks on submit after filling in their information, they are presented with this error:
Server object error 'ASP 0177 : 800401f3'
Server.CreateObject Failed
/contactsubmit.asp, line 79
800401f3
Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
Mailer.FromName = "Web Visitor"
If request("email") <> "" then
Mailer.replyto = request("email")
Else
Mailer.replyto = "noEmailEntered#domain.com"
End If
Mailer.FromAddress = "my#email.com"
Mailer.RemoteHost = "hostserver"
If TempTest = TRUE then
Else
Mailer.AddRecipient siteOwner, ContactEmail
If ContactCC <> "" then
Mailer.AddCC siteOwner, ContactCC
End If
End If
If DesignerEmail <> "" then
Mailer.AddBCC DesignerEmail, DesignerEmail
End If
Mailer.Subject = siteOwner & " Contact Form"
Mailer.ContentType = "text/html"
Mailer.BodyText = strBody
If Mailer.SendMail then
response.redirect "contact.asp?sent=yes"
Else
response.redirect "contact.asp?sent=no"
End If
I was told that SMTP isn't the way that emails need to get sent anymore so I tried changing it all to CDOSYS. But the funny thing is, there are a lot more sites on this server that I have tested using the same SMTP code that work.
Changes using CDOSYS:
Set Mailer = Server.CreateObject("CDO.Message")
Mailer.From = "Web Visitor <my#email.com>"
If request("email") <> "" then
Mailer.ReplyTo = request("email")
Else
Mailer.ReplyTo = "noEmailEntered#domain.com"
End If
Mailer.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "hostserver"
If TempTest = TRUE then
Else
Mailer.AddRecipient siteOwner, ContactEmail
If ContactCC <> "" then
Mailer.Cc siteOwner, ContactCC
End If
End If
If DesignerEmail <> "" then
Mailer.Bcc DesignerEmail, DesignerEmail
End If
Mailer.Subject = siteOwner & " Contact Form"
Mailer.HTMLBody = strBody
If Mailer.Send then
response.redirect "contact.asp?sent=yes"
Else
response.redirect "contact.asp?sent=no"
End If
But now I get this error:
Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method: 'Mailer.AddRecipient'
/contactsubmit.asp, line 89
I have tried changing it to Mailer.Add and to Mailer.AddAddress with no luck. Does anyone know how I can get around this error and hopefully get this to work? I've never worked with mail servers before so I apologize if this is an easy fix, but I've searched for the past 3 hours and can't come up with a good alternative to .AddRecipient.
The CDO.Message object simply has the string properties of To, Cc and Bcc to which you assign a standard semi-colon delimited list of smtp email addresses for example:
"Joe Bloggs" <joeB#somecompany.com>; "Fred Smith" <fSmith#smiths.co.uk>
Try to execute the below simplest way of sending mail using CDO and then take the relevant fields from it and apply to your script:
Set myMail=CreateObject("CDO.Message")
myMail.Subject="Sending email with CDO"
myMail.From="mymail#mydomain.com"
myMail.To="someone#somedomain.com"
myMail.TextBody="This is a message."
myMail.Send
set myMail=nothing
As you can see the way to add recipient is like this:
myMail.To="someone#somedomain.com"
You can see more examples here
Hope this helps.

vbscript/asp msxml.xmlhttp.6.0 Error Only on First Try

I have asp/vbscript code that posts an XML body to a web api, and received back an XML response.
In a browser, (new session) on the first load, it errors out, and this is the message:
err.source = msxml6.dll, err.number = -2146697208 - The download of the specified resource has failed.
On reloading the page, it works, and it works every single time after that until the session times out.
What could be happening here?
The Code is below - fairly standard.
Dim oXmlHttp : Set oXmlHttp = CreateObject("MSXML2.XMLHTTP.6.0")
On Error Resume Next
oXmlHttp.Open "POST", sUri, False
oXmlHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
oXmlHttp.Send(sRequest)
If Err Then
response.write "err.source = " & err.Source & ", err.number = " & err.number & " - [" & err.Description & "]"
End If
On Error Goto 0
The first thing you should do is stop using XMLHTTP and use ServerXMLHTTP instead. The XMLHTTP is not safe for use in the server context.

Resources