vbscript not retrieving all server variables - asp.net

I have a website that was written in VBSCRIPT that I am moving over to VB.NET. Until I have time to get to rewriting some pages/applications, I would like to update some of the code so they work a bit better. I am trying to grab a server variable on the VBSCRIPT page that contains our username from the enterprise login.
I have 2 test pages here, one with language="VB" at the top and the other language="VBSCRIPT".
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Server Variables</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<%
For Each var In Request.ServerVariables
Response.Write("<b>" + var + "</b>= " + Request.ServerVariables(var) + "<br />")
Next
%>
</div>
</form>
</body>
</html>
The VBSCRIPT page will list variables with no data when they have data on the VB page and in ALL_HTTP. Is there any way I can get VBSCRIPT to gather the correct info for all the server variables?
Thank You
EDIT: These are the variables that vary between VB and VBS
AUTH_USER, REMOTE_USER - logged in user on VBS, iis_anon on VB
REMOTE_PORT - not listed in VBS
The following are listed in VBS, but have no data
HTTP_SERVER_PROTOCOL
HTTP_SM_TRANSACTIONID
HTTP_SM_CLIENT_IP
HTTP_REQUEST_METHOD
HTTP_SM_SDOMAIN
HTTP_SM_REALM
HTTP_SM_REALMOID
HTTP_SM_AUTHTYPE
HTTP_SM_AUTHREASON
HTTP_SM_UNIVERSALID
HTTP_SM_AUTHDIROID
HTTP_SM_AUTHDIRNAME
HTTP_SM_AUTHDIRSERVER
HTTP_SM_AUTHDIRNAMESPACE
HTTP_SM_USER
HTTP_SM_USERDN
HTTP_SM_SERVERSESSIONID
HTTP_SM_SERVERSESSIONSPEC
HTTP_SM_TIMETOEXPIRE
HTTP_SM_SERVERIDENTITYSPEC
HTTP_REMOTE_USER
Also there is a custom on I wish to get that is used for our enterprise authentication.

I've had this issue before with custom HTTP headers that have underscores in the raw header name (which can be seen in the ALL_RAW server variable). The HTTP_ converts underscores to dashes (e.g., HTTP_USER_AGENT corresponds to an actual header called User-Agent). In order to retrieve the values of any headers that have underscores in their names, you have to use the HEADER_ prefix, which will search for the exact header name (e.g., HEADER_USER_AGENT will search for a header called User_Agent).
By the way, this blog post offers some more background information on why there are two prefixes.

here a classic ASP page i have running on various IIS versions.
For the user, i have this in most of my projects which makes userinfo available on the server and client side. If you are on a domain replace DMAIN with yours, otherwise you can drop the replace.
NTLM security has to be enabled (windows authentication) on your IIS site, no anonymous access.
The list of servarvariables returned by this code is different depending on OS and IIS versions, enabled features, settings etc. Some keys will have empty values, so eg REMOTE_PORT is not avaiable on mine (i use the standard 80 port) but SERVER_PORT is.
<%
Dim user
user = Replace(uCase(Request.ServerVariables("AUTH_USER")), "DOMAIN\", "")
%>
<script type="text/javascript">var user = <%=user%></script>
Here the contents of servervariables.asp
<html>
<%#language=VBScript%>
<%
With Response
.Expires=-1
.Clear
End With
dim teller
response.write "<h1>Servervariables</h1>"
response.write "<table>"
teller = 1
for each subkey in Request.Servervariables
response.write "<tr><td>"
response.write teller
response.write "</td><td>"
response.write (Request.Servervariables.Key(teller))
response.write "</td><td>"
response.write (Request.Servervariables.Item(teller))
response.write "</td></tr>"
teller = teller + 1
next
response.write "</table>"
response.write request.servervariables("path_translated") & "<br>"
response.write "USER cookie:" & Request.Cookies("USER") & "<br>"
response.write "USER Sessionvariable:" & Session("USER") & "<br>"
%>
</html>

Related

classic asp verify the server result

I am trying to check or unchecked the check-boxes depends upon the data results that comes from server. But I cannot use below code correctly where I am doing wrong?
<%
Dim AFTER_SAVE, IN_VIEW, Y
Dim SQL, Data
SQL = " SELECT code, name, value FROM mytable WHERE code = '" & User & "'"
Data = Data(SQL)
%>
<%If IsArray(Data) Then%>
<%If ((Data(1,0) = "AFTER_SAVE") AND (Data(2,0) = "Y")) Then %>
document.getElementById("chkSave").checked == true;
<%End If%>
<% If ((Data(1,0) = "IN_VIEW") AND (Data(2,0) = "Y")) Then %>
document.getElementById("chkVIEW").checked == true;
<%End If%>
<%End If%>
You're trying to combine server-side code with client-side code in a very strange way. Sometimes, it's necessary to do that (i.e. use server-side VBScript to write client-side Javascript), but if I'm understanding your intent correctly, it's not needed here.
Basically, if this is actually a classic ASP page, then somewhere on that page you're generating the checkboxes in question. So all you need to do is put your database call somewhere before that, and then when you generate the checkboxes, you can output a checked='checked', or not, depending.
Note that I have no clue what Data = Data(SQL) is supposed to mean. There's no way for it to be valid VBScript code - parentheses are for arrays, but a string is not a valid array index, and then to assign it to itself like that? Anyway, I'm ignoring that part.
<html>
<head>
<%
Dim AFTER_SAVE, IN_VIEW
Dim SQL, RS, Conn
Dim User
'...blah blah blah, give a value to User, set up your DB connection, etc. etc....
SQL = "SELECT code, name, [value] FROM mytable WHERE code = '" & User & "'"
'- ("value" is a reserved keyword in SQL, hence the brackets)
Set RS = Server.Createobject("ADODB.Recordset")
RS.Open SQL, Conn, 1, 2 '- this is rather handwavy and unlikely to actually
'- work as-is; use the options and connection methods that make sense for you
Do Until RS.EOF
'- I have no idea how your data is set up; this may make no sense.
'- The idea is, read the checkbox states from your database, and
'- stick them in variables for later reference.
Select Case RS("name")
Case "AFTER_SAVE" AFTER_SAVE = RS("value")
Case "IN_VIEW" IN_VIEW = RS("value")
End Select
RS.Movenext
Loop
RS.Close
Set RS = Nothing
%>
</head>
<body>
<form method="post" action="myformhandler.asp">
<!-- form fields and stuff -->
<input type="checkbox" name="chkSave" id="chkSave" <%
If AFTER_SAVE = "Y" Then Response.Write "checked='checked'"
%> value="Y"><label for="chkSave">After save</label>
<input type="checkbox" name="chkView" id="chkView" <%
If IN_VIEW = "Y" Then Response.Write "checked='checked'"
%> value="Y"><label for="chkView">In view</label>
<!-- more form stuff -->
</form>
</body>
</html>

index service in classic asp "No such interface supported"

I want to use Microsoft indexing service to search a folder which includes the static pages, the following is the source code.
<html>
<%
' This section sets the various configuration variables
formscope="/"
pagesize = 5000
maxrecords=5000
searchstring=request.form("query")
catalogtosearch="cat"
searchrankorder="rank[d]"
origsearch=searchstring
%>
<%
'This section performs the query
dim q
dim util
set q=server.createobject("ixsso.query")
set util=server.createobject("ixsso.util")
q.query=searchstring
q.catalog=catalogtosearch
q.sortby=searchrankorder
q.columns="doctitle, filename, size, write, rank, directory, path"
q.maxrecords=maxrecords
%>
<%
'This section displays the results
set rs=q.createrecordset("nonsequential")
rs.pagesize=pagesize
response.write"<p>Your search for <b>" & origsearch & "</bproduced "
if rs.recordcount=0 then response.write "no results"
if rs.recordcount=1 then response.write "1 result: "
if rs.recordcount>1 then response.write(rs.recordcount) & " results: "
%>
<table border=1><tr><td><b>Title</b></td><td><b>Filename</b></td><td><b>Date / Time</b></td><td><b>Size</b></td><td><b>Relevance</b></td><td><b>Directory</b></td></tr>
<%
do while not rs.EOF
response.write "<tr><td>" & rs("doctitle") & "</td><td>" & "" & rs("filename") & "" & "</td><td>" & rs("write") & "</td><td>" & rs("size") & "</td><td>" & rs("rank") & "</td><td>" & rs("directory") & "</td></tr>"
rs.movenext
loop
response.write "</table>"
set rs=nothing
set q=nothing
set util=nothing
%>
</body>
</html>
I have added a catalog in computer -> management -> indexing service, and under cat catalog, I also add the directory, but when I run the script above there is an error:
CreateRecordset error '80004002'
No such interface supported
/cat/SearchResults.asp, line 31
Anyone knows what is the error? Thanks.
as my original anwser was deleted for some obscure reason i try to answer your question again.
as you could see in this link "You can’t use IXSSO to query an Index Server catalog after you install hotfix 2698365 in Windows 7 or Windows Server 2008 R2".
i copy the text from the linked page to my anwser because #Mario wants that:
SYMPTOMS:
After you install update 2698365 on a computer that is running Windows 7 or Windows Server 2008 R2, you cannot query an Index Server catalog by using the IXSSO component. Specifically, when you try to call the IXSSO.Query.CreateRecordset method, you receive an error message that resembles the following:
No such interface supported -2147467262
CAUSE:
"This issue occurs because an old installation of ActiveX Data Objects (ADO) is removed after you install update 2698365."
RESOLUTION:
install the hotfix from the linked site

classic asp send mail

I am using this code to send email using classic ASP:
Set oJMail = Server.CreateObject("JMail.SMTPMail")
with oJMail
.Sender = "myemail"
.SenderName = "Me"
.AddRecipient "some email"
.Subject = "some subject"
.Body = "Name: " & fname & " Email:" & email & "Phone: " & phone
end with
oJMail.ServerAddress = "mysmtp:25"
oJMail.Execute
Set oJMail = Nothing
But the server keep throwing this error:
Microsoft JScript compilation error '800a03ec'
Expected ';'
/index.asp, line 108
Set oJMail = Server.CreateObject("JMail.SMTPMail")
----^
Can it be something to do with my page header?
<%# Language="javascript" %>
Yes, that looks like VBScript code, in which case you'd want your page header to have:
<%# Language="VBScript" %>
Of course, this causes problems if the rest of your page is already written in JavaScript.

ASP Link with parameter not passing

Sometimes a link with a parameter will bring up the parameter and sometimes it won't. If I have IE open and doing things in other tabs and try to click the link with the parameter in it, it will come up to the main screen. If I click the link without IE open, it goes to the site with the parameter. Please help!
Sample Link: http://ServerName/time_and_attendance/?timesheet_id=7489
Code below:
<!--#INCLUDE virtual="/time_and_attendance/i_time_attendance_header.asp" -->
<%
'---------------------------------------------------------------------------------------------------------------------
'JFV 6-10-2010: Will need these lines uncommented and inserted above the '<!--#INCLUDE' line
' to be used in the alternate e-mail configuration
'<!--METADATA TYPE="typelib" UUID="CD000000-8B95-11D1-82DB-00C04FB1625D" NAME="CDO for Windows 2000 Type Library" -->
'<!--METADATA TYPE="typelib" UUID="00000205-0000-0010-8000-00AA006D2EA4" NAME="ADODB Type Library" -->
'---------------------------------------------------------------------------------------------------------------------
%>
<%
'If there is not a timesheet id send user back to their employee page
If Request("timesheet_id")<>"" Then
my_employees_timesheet_id=Request("timesheet_id")
RedirectUrl="my_employees_timesheet.asp?timesheet_id="&Request("timesheet_id")
'Response.Write my_employees_timesheet_id
Else
Response.Redirect("default.asp")
End If
%>
You should be using Request.Querystring instead of simply Request, and Trim the value before using it.
Also, dim a variable and retrieve the parameter into the variable first.
dim ts_id
ts_id = trim(request.querystring("timesheet_id"))
If ts_id <>"" Then
my_employees_timesheet_id=ts_id
RedirectUrl="my_employees_timesheet.asp?timesheet_id="&ts_id
'Response.Write my_employees_timesheet_id
Else
Response.Redirect("default.asp")
End If

ASP How do I insert a username into a table?

I'm struggling with my code below, I'm reading the logged on users username and trying to insert their name into a SQL table called licenses, the table contains 2 columns 1 contains license numbers the other is all nulls at the moment but a username should be inserted along side one when this page loads. Currently the page just loops constantly and nothing is inserted into the table. The user inside connection1.asp does have read/write access to the database.
Any ideas? Thanks
<%#LANGUAGE="VBSCRIPT" LCID=1033%>
<%
aName = Split(Request.ServerVariables("LOGON_USER"), "\")
user = aName(UBound(aName))
user = UCase(user)
Erase aName
%>
<!--#include file="Connections/connection1.asp" -->
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_connection1_STRING
Recordset1.Source = "SELECT * FROM Licenses2 WHERE userid = '" & user & "';"
Recordset1.Open()
%>
<HTML><HEAD></HEAD>
<BODY leftmargin="5" onLoad="setTimeout('reloadFunction()',500000)">
<% Do While NOT Recordset1.EOF %>
<% strUserName =(Recordset1.Fields.Item("userid").Value)%>
<% response.write strUserName %>'s Serial Number:
<% strSerial =(Recordset1.Fields.Item("serial").Value)%>
<% response.write strSerial %>
<% Recordset1.movenext %>
<% loop %>
<%
If strUserName = user then
'record found do nothing
'response.write "user found"
else
adoCon.Execute = "SET ROWCOUNT 1; UPDATE Licenses2 SET userid = '" & user & "' WHERE userid = 'NULL';"
Response.AddHeader "Refresh", "3"
End if
%>
</BODY>
</HTML>
<%
Recordset1.Close()
Set Recordset1 = Nothing
Set Recordset2 = Nothing
%>
If the user is NOT found, should you be doing an INSERT instead of UPDATE?
If the UPDATE is correct, change the last NULL ... remove the quotes. Right now you are comparing a STRING value of 'NULL' instead of the value NULL and it should be IS NULL
SET ROWCOUNT 1; UPDATE Licenses2 SET userid = '" & user & "' WHERE userid IS NULL;
Also, see if you can comment out the <BODY ... > tag and create a new one without the RELOADFUNCTION and see if that makes a difference.
Lastly, read up on SQL Injection because your code is prone to Injection attacks. Search on StackOverflow.com for SQL Injection and you will find plenty of explanations, examples and cures.
Check if LOGON_USER is actually returning any data. If you have IIS security set to 'Anonymous' access then this will not be populated with anything.
Your code would also be potentially prone to SQL injection attacks.

Resources