I've got a little script (VBS) to change website attribute of all users :
dim objOU, objUser
objOU="OU=Users,DC=mysociety,DC=local"
Set objOU = GetObject("LDAP://" & objOU)
on error resume next
For each objUser in objOU
If objUser.Class="user" Then
Set objUser = GetObject("LDAP://" & objUser.distinguishedName)
objUser.Put "wWWHomePage", "http://mysite.mysociety.local/Person.aspx?accountname=mysociety\" & objUser.mailNickname
objUser.setInfo
if err.number <> 0 then
wscript.echo "Error processing " & objUser.givenName & ":" & err.number & ", " & err.Description
err.clear
end if
End if
Next
So my problem is that if I precise my objOU up to deepest directories it works perfectly. But it is not a recursive script and with this code it doesn't work because of subdirectories.
I am a very beginner with VBS, could you help me to make this script recursive ?
Thank you by advance and excuse me for my poor English
This task can be accomplished very efficiently using threads. In one thread, execute a search
wherein the base object is that point in the directory information tree (DIT) below which all
the entries that must be modified are stored. Use whole subtree for the search scope and a
filter that narrows the search results to just the entries that require modification. Use the
OID 1.1 for the list of requested attributes (this will cause the directory server to return
only distinguished names). Assuming the directory administrator allows this search - it may be
denied for resource reasons or security reasons or other reasons - as the search results arrive,
use another thread to construct the modifications on the distinguished names that are being
returned in the search thread. For maximum efficiency, use multiple threads to make the
modifications and use the appropriate concurrence mechanisms for your API.
see also
LDAP: Programming practices
LDAP: Search Best practices
Related
I have inherited a classic ASP application. There are various things that need tidying-up but I am forced to do things gradually (I can't do a wholesale change of every script).
There are places in the system with hard-coded urls. Some scripts have to be changed before promoting to live so that the test web root name is changed to the live web root name. I am looking at ways to avoid this (essentially working out the server programmatically).
It isn't difficult. A simple check on Request("SERVER_NAME") and this sort of thing:
appName = Request.ServerVariables("SCRIPT_NAME")
i = InStr(2, appName, "/") 'keep initial "/"
If i > 0 Then
appName = Left(appName, i)
End If
This in an "everywhere-included" script will do the trick. Then just set up a global variable to hold the full "http(s)://server/app/" or a function to MakeUrlAbsolute() and off you go.
However, this smells a bit suspect to me. Wouldn't this be better stored at application level? This suggests setting it up in Global.asa, something like:
Sub Application_OnStart()
Application("WebRoot") = ...
End Sub
But now I can't get hold of the SERVER_NAME so I'm reduced to having 2 different Global.asa files (one per environment).
Is this my only choice? Work it out on every request or hard-code in Application_OnStart?
Perhaps using Session_OnStart would be a compromise. Or is there some clever trick to access information in Application_OnStart? Perhaps people go with the hard-coding because Global.asa doesn't change often.
my method for ADO Connection looks like this.
'Servername for Application Root Drive
Select Case Left(Request.ServerVariables("PATH_TRANSLATED"), 1)
Case "c" strSrvr = "80.212.207.211" 'my remote server ip
Case Else strSrvr = "(local)" 'local Sql instance (my project on D: drive)
End Select
strConn = "Driver={SQL Server};Server="& strSrvr &";uid=DBUSER;pwd=MYPASS;database=MYDATABASE"
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open(strConn)
I've been researching this for a majority of the day and can't find the answer. I am relatively new to stackoverflow. Is there a certain etiquette for asking a number of questions (I've asked three in the last few days)?
Anyways,
Here is the code in a codebehind file. It executes a script systeminfo.vbs, and that is working fine. But in the script I have some variables assigned.
Dim WshShell = CreateObject("WScript.Shell")
WshShell.Run("wscript.exe c:\systeminfo.vbs")
vbscript
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colSettings
dim osName
osName = objOperatingSystem.Name
Wscript.Echo "OS Name: " & objOperatingSystem.Name
dim osVer
osVer = objOperatingSystem.Version
Wscript.Echo "Version: " & objOperatingSystem.Version
Wscript.Echo "Service Pack: " & _
objOperatingSystem.ServicePackMajorVersion _
& "." & objOperatingSystem.ServicePackMinorVersion
Wscript.Echo "OS Name: " & objOperatingSystem.SizeStoredInPagingFiles
Next
I want to use osName and osVer and put the values into a label on the ASP side.
I understand that osName and osVer are simple examples, but I just need to figure out the concept of putting variables from a VBScript into ASP. My client has multiple VBScripts they use on a daily basis and I need to automate those scripts and produce a report saying if it failed or not.
Thank you for the help.
David,
As a person new to Stack Overflow myself, I was happy to find this very comprehensive FAQ for Stack Exchange sites. See the 3rd question "Is there a limit on how many questions I can ask?" for an answer to your first inquiry.
Regarding the heart of your question, I agree with #Ramhound that using a log file to exchange information between your WSH/VBScript script and your ASP.NET page is a feasible approach.
What you need is the Scripting.FileSystemObject. Here is a comprehensive WSH reference as a downloadable Windows help file.
Hint: as the download page advises at the bottom, to unblock the help page, 1) Right click on script56.chm, 2) Choose Properties, and 3) Click on "Unblock."
You'll find an intro to FileSystemObject under the heading "Script Runtime."
One more suggestion: since you'll be running this script via ASP.NET in a multi-user environment, you may find you'll need to create a log file per user or per page access. If that is the case, you'll need to generate a temporary file name for each log file to avoid name collisions with other log files. To generate your temporary file, see GetTempName in the WSH reference.
I am currently in a situation where I have to make some additions to an application written in classic ASP using server-side JScript on IIS.
The additions that I need to make involve adding a series of includes to the server-side code to extend the application's capabilities. However, the inc files may not exist on the server in all cases, so I need the application to fall back to the existing behavior (ignore the includes) if the files do not exist, rather than generating an error.
I know that this can't be accomplished using if statements in the JScript code because of the way that SSI works, and have not come across any ways of dynamically including the code on the server side, where the files may not exist.
Does anyone know of a way to accomplish this in classic ASP? Any help would be much appreciated.
Here's a script to dynamically include asp files:
<%
' **** Dynamic ASP include v.2
function fixInclude(content)
out=""
if instr(content,"#include ")>0 then
response.write "Error: include directive not permitted!"
response.end
end if
content=replace(content,"<"&"%=","<"&"%response.write ")
pos1=instr(content,"<%")
pos2=instr(content,"%"& ">")
if pos1>0 then
before= mid(content,1,pos1-1)
before=replace(before,"""","""""")
before=replace(before,vbcrlf,""""&vbcrlf&"response.write vbcrlf&""")
before=vbcrlf & "response.write """ & before & """" &vbcrlf
middle= mid(content,pos1+2,(pos2-pos1-2))
after=mid(content,pos2+2,len(content))
out=before & middle & fixInclude(after)
else
content=replace(content,"""","""""")
content=replace(content,vbcrlf,""""&vbcrlf&"response.write vbcrlf&""")
out=vbcrlf & "response.write """ & content &""""
end if
fixInclude=out
end function
Function getMappedFileAsString(byVal strFilename)
Dim fso,td
Set fso = Server.CreateObject("Scripting.FilesystemObject")
Set ts = fso.OpenTextFile(Server.MapPath(strFilename), 1)
getMappedFileAsString = ts.ReadAll
ts.close
Set ts = nothing
Set fso = Nothing
End Function
execute (fixInclude(getMappedFileAsString("included.asp")))
%>
The last line (the one starting with "execute") is equivalent to an "include" directive, with the difference that it can be included inside an "if" statement (dynamic include).
Bye
If you are really brave, you can read the contents of the file and then Eval() it.
But you will have not real indication of line numbers if anything goes wrong in the included code.
As a potentially better alternative: Can you not create some sanity check code in global.asa to create the include files as blanks if they do not exist?
Put simply, no. Why would the files not exist? Can you not at least have empty files present?
What you could do is something like this:
Use Scripting.FileSystemObject to detect the presence of the files
Use Server.Exeecute to "include" the files, or at least execute the code.
The only problem is that the files cannot share normal program scope variables.
The solution to this turned out to be to use thomask's suggestion to include the files and to set a session variable with a reference to "me" as per http://www.aspmessageboard.com/showthread.php?t=229532 to allow me to have access to the regular program scope variables.
(I've registered because of this, but can't seem to associate my registered account with my unregistered account)
I have a site running Classic-ASP and on the login page I would like to delay the response to a failed login attempt (by like 10 seconds) to help prevent brute force attacks on accounts.
Quick google searches show some hacks using SQL server queries that seem hack-tastic.
Is there a good way to do this in classic asp?
I am not going to answer your specific question, as many have already done so, but there are far better ways of preventing brute force attacks.
For instance:
Why not lock a specific session or IP address out after say 5 (being generous here) failed login attempts? You could lock it out for say 10 minutes. You could even write a "401 Unauthorized" HTTP status and then simply end the response with Response.End.
In a similar fashion, but not even linked to failed logins, you could block requests for the login page more than X times in Y seconds for a specific IP, UserAgent and other client features - ensuring kind of a 'unique' client.
Ignore IP address (it is easily spoofed and can be a proxy server IP), and simply detect the automation of the login attempt. X number of failed logins within Y seconds for a specific username/email address, block it for that username for a set period of time, and end the response.
Just saying there are other options than putting unnecessary load on your server by locking some resources and waiting.
Obviously, doing this at the hardware layer - firewalls etc. would be the preferred option.
There is another approach, but keep in mind the aforementioned caveats about unessecarily consumed resources. Here is an approach though
Sub DelayResponse(numberOfseconds)
Dim WshShell
Set WshShell=Server.CreateObject("WScript.Shell")
WshShell.Run "waitfor /T " & numberOfSecond & "SignalThatWontHappen", , True
End Sub
There is the WScript.Sleep method for general purpose VBScript, however, this won't work in the context of ASP.
There are a number of other mechanisms you can use to achieve this, however, they're all effectively "workarounds" as there's no built-in way to cleanly cause an ASP page (running VBScript) to pause itself.
See here:
How do I make my ASP page pause or 'sleep'?
To specifically answer your question of:
Is there a good way to do this in
classic asp?
No. There's no good way to do this, and there's only the "hack-tastic" hacks that can be used, however they bring with them all sorts of side-effects and caveats. (See the last part of the "How do I make my ASP page pause or 'sleep'?" link for a specific memory eating, page faulting nasty side-effect.)
You can use :
<html>
<head>
<title>Sleep</title>
</head>
<body>
<%
function Sleep(seconds)
set oShell = CreateObject("Wscript.Shell")
cmd = "%COMSPEC% /c timeout " & seconds & " /nobreak"
oShell.Run cmd,0,1
End function
Sleep(5)
response.write("End")
%>
</body>
</html>
There is no simple way to do so in pure ASP.
Either SQL WAITFOR, or create simple ActiveX component in VB (or anything) that sleeps.
Note that this will increase load on the server. Sleeping requests keep memory and connections consumed for nothing.
<%
set shell = CreateObject("WScript.Shell")
t1 = timer()
sleep(5)
t2 = timer()
response.write "waited "& t2-t1 &" secs"
function sleep(seconds)
if seconds>=1 then shell.popup "pausing",seconds,"pause",64
end function
%>
Other approach to avoid brute force attacks without using IP restrictions is to offer a captcha after the second fail attempt for the same user. This is the way Google do it.
There is the Response.Buffer option that you can use to tell it to delay returning the response until the page has completed processing, so you could perhaps combine that with some kind of timeout in the script, but it would not be especially elegant especially as VBScript doesn't really offer you a way of asking threads to sleep so you can end up thrashing the CPU.
Maybe better to use a server-side session and javascript on the client, so the client delays the request and the server will only send the response after the expected delay is over. That should provide some server-side safeguards and be useable for users who aren't trying to mess around with your system...
I'm using this:
function sleep(scs)
Dim lo_wsh, ls_cmd
Set lo_wsh = CreateObject( "WScript.Shell" )
ls_cmd = "%COMSPEC% /c ping -n " & 1 + scs & " 127.0.0.1>nul"
lo_wsh.Run ls_cmd, 0, True
End Function
sleep(5) 'wait for 5 seconds
Bye :-)
For those using MySQL, you can do the following :
Sub SleepMysql(n)
'Define Query
Dim SqlStr : SqlStr = "DO SLEEP(" & n & ")"
'Run Query
Dim rsTemp : Set rsTemp = YourDatabaseConnection.Execute(SqlStr)
'Release resources
Set rsTemp = Nothing
End Sub 'SleepMysql
Of all of the ideas - I liked Dercsár's answer - here's my implementation of a wait that I found works well. - requires your application to have access to a SQL server:
<%
' ASP Script to example to wait
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open strConnString ' your connection to sql server here...
Response.write("Waiting for 15 seconds...." & now() & "<BR>")
Call subWaitTime("00:00:15")
' Wait 15 seconds
Response.write("ok - Done" & now() & "<BR>")
conn.close
set conn = nothing
'---- Utility sub to wait
Sub subWaitTime(sTime)
' Call subWaitTime with number of Hours:Minutes:Seconds to delay
sqlWaitTime = "WAITFOR DELAY " & fnSqlStr(sTime)
conn.Execute(sqlWaitTime) '
End Sub
%>
In response to the “delay the response” part of your question:
dim SecondsToWait : SecondsToWait = 4
dim StartTime : StartTime = Time()
Do Until
DateDiff("s", StartTime, Time(), 0, 0) > SecondsToWait
Loop
Pure Classic ASP without SQL and WScript Shell, but for debug delay purposes only. This is a snippet for testing (very helupful), but it does not address the “good way” part of your question
This answer for the sake of completeness and for people looking for (debug) delays. Failed login attempts should not be handled like this.
Another way you can delay asp response by using this code.
Sub MyDelay(NumberOfSeconds)
Dim DateTimeResume
DateTimeResume= DateAdd("s", NumberOfSeconds, Now())
Do Until (Now() > DateTimeResume)
Loop
End Sub
Call this function by using this code.
Call MyDelay(5)
Just redirect to a randomly named large image that takes the desired amount of seconds to load.
I want to write some stats to a text file every time a person loads a page. But every once in awhile I am getting at 'Could Not Open File, Already in use' type of error. I can not 100% replicate this error it is very erratic. My code is
Public Sub WriteStats(ByVal ad_id As Integer)
Dim ad_date As String = Now.Year & Now.Month
Dim FILENAME As String = Server.MapPath("text/BoxedAds.txt")
Dim objStreamWriter As StreamWriter
objStreamWriter = File.AppendText(FILENAME)
objStreamWriter.WriteLine(ad_id & ";" & ad_date)
objStreamWriter.Close()
End Sub
My question is, how can I lock and unlock the file so I stop getting the erratic errors?
Thanks
If two or more requests hit your web server at roughly the same time, they will all try to open the same file. You will need to create unique file names for each request.
Public Sub WriteStats(ByVal ad_id As Integer)
Dim ad_date As String = Now.Year & Now.Month
Dim FILENAME As String = Server.MapPath("text/BoxedAds.txt")
Dim index As Integer
Using fs As New IO.FileStream(FILENAME, IO.FileMode.Append, IO.FileAccess.Write, IO.FileShare.ReadWrite), _
tl As New TextWriterTraceListener(fs)
index = Trace.Listeners.Add(tl)
Trace.WriteLine(ad_id & ";" & ad_date)
Trace.Listeners(index).Flush()
Trace.Flush()
End Using
Trace.Listeners.RemoveAt(index)
End Sub
Three important things here:
Use of IO.FileShare.ReadWrite to allow multiple writers on the file at once.
The Using statement to make sure the stream is closed immediately, even if an exception occurs. This will minimize collisions
The TextWriterTraceListener will create a temp file for your if it can't open the file you request, to make sure the message isn't lost.
You will have to handle the exception and build some handling to re-try writing to the file after a short random interval.
If you get too much contention then it might make more sense to log it to a table in a database and create a process to export to a file (if its still needed)
I haven't had any trouble with short info using:
File.AppendAllText(path, info);
Regarding the comment on it causing locks, from reflector it uses the same options explained very well by Joel. It does not use the trace writer, so it won't output to a temp file in the case of high load / large content causing trouble.
If the info is large, you really want separate files. For high load, I would go with Joel's suggestion and create a temp file, which can be alternatively done by catching the exception on File.AppendAllText, and using the same File.AppeandAllText with a unique filename.