tag:blogger.com,1999:blog-63627794216077895472024-03-14T00:54:55.472-07:00Classic ASPClassic ASP in a Dot Net WorldBrett Bittkehttp://www.blogger.com/profile/13769758314547799183noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6362779421607789547.post-32749297051538112142008-03-01T10:18:00.000-08:002008-03-01T10:20:06.536-08:00WebTeckerI want to let everyone know. I have a new blog called <a href="http://webtecker.com">WebTecker</a>. Check it out.Brett Bittkehttp://www.blogger.com/profile/13769758314547799183noreply@blogger.com0tag:blogger.com,1999:blog-6362779421607789547.post-16102884317488689822008-01-24T18:43:00.000-08:002008-01-24T19:02:22.955-08:00Send an Email using ASP CDONTSSending an Email in ASP is pretty straight forward. The code is below:<br /><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 480px; height: 114px; text-align: left;">Set objEmail = Server.CreateObject("CDONTS.NewMail")<br />objEmail.to = "to_email@gmail.com"<br />objEmail.From = "your_email@domainname.com"<br />objEmail.Subject = "Subject"<br />objEmail.Body = "Email Body"<br />objEmail.send<br />Set objEmail = nothing<br /></pre><br />There you go thats how you send an email. Now lets break it down!<br /><br />This creates a NewMail object from the CDONTS library.<br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 480px; height: 34px; text-align: left;">Set objEmail = Server.CreateObject("CDONTS.NewMail")</pre> </div>To Property<br />The <b>To</b> property lets you specify who the email is to, rather self explanatory! The property has the following form<br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 480px; height: 34px; text-align: left;">objEmail.to = "to_email@gmail.com"</pre> </div><i> </i>From Property<br />The <b>From</b> property lets you, guess it, specify who the email is from. and it looks like this;<br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 480px; height: 34px; text-align: left;">objEmail.From = "your_email@domainname.com"</pre> </div>Subject Property<br />This is getting rather repitive don't you think? The subject property lets you define the subject and looks, and you may have already guessed, like this;<br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 480px; height: 34px; text-align: left;">objMail.Subject = "Subject"</pre> </div>Body Property<br />Now to the body section. This sets the text of the message, or HTML, which we'll look at soon. And it looks like this;<br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 480px; height: 34px; text-align: left;">objMail.Body = "Email Body"</pre> </div>Almost done we send the email using the Send method.<br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 480px; height: 50px; text-align: left;">objEmail.send</pre> </div>And then we release the resource of the object<br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 480px; height: 34px; text-align: left;">Set objEmail = nothing</pre> </div><br />Thats it to send an email. If you need any other help please post your comments belowBrett Bittkehttp://www.blogger.com/profile/13769758314547799183noreply@blogger.com1tag:blogger.com,1999:blog-6362779421607789547.post-88300687897491549962007-09-12T19:31:00.000-07:002007-09-12T21:25:19.769-07:00Classic ASP Application SecurityIn today’s world security is everything! That’s why I’ll take you through some basic ways to secure your Classic ASP web application.<blockquote> 1. Database Security</blockquote><br /><p>The First thing you need to do is secure your Access Database. Since Access databases can be easily downloaded from the Internet it is always smart practice to put the database in the root directory of the website. This way the Access database won’t be able to be downloaded and you will still be able to access to the database. Below is an example of Database Security.</p><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp0.blogger.com/_YWXly3DfIcA/Rui5dg5QgyI/AAAAAAAAAA8/943hdffvb5o/s1600-h/db_location.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://bp0.blogger.com/_YWXly3DfIcA/Rui5dg5QgyI/AAAAAAAAAA8/943hdffvb5o/s320/db_location.jpg" alt="" id="BLOGGER_PHOTO_ID_5109537693949264674" border="0" /></a><p align="center"><br /></p><br /><p>This is a sample of website directory. Now the site Folder holds your entire site. This includes the Home page, images, and various other pages. Now as you see the database is located outside of the actual site. In order to get this to work you need the URL pointed to the site folder. To connect to the database use the following code.</p><br /><p> dbconn = "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE="<br />dbconn = dbconn & Replace(server.mappath("/"),"website","") &amp;amp;amp;amp;amp;amp; "/database.mdb"<br />set Conn = server.createobject("adodb.connection")<br />Conn.open dbconn </p><blockquote> 2. Login Interface Security Permissions</blockquote><br /><p> Some applications that you create will require multiple Interfaces. This includes a Manager Interface and Employees Interface. You don’t want the Employees to have the same access as the Manager so you need to create multiple interfaces. I will show you an example below. </p><br /><p>The first thing to do is build a database and put it into the root of your website. Following that, open your database and design the tables. Below is the Logins table for this project: </p><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp2.blogger.com/_YWXly3DfIcA/Rui5sA5QgzI/AAAAAAAAABE/-Qz8fT1yQX0/s1600-h/login_table.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://bp2.blogger.com/_YWXly3DfIcA/Rui5sA5QgzI/AAAAAAAAABE/-Qz8fT1yQX0/s320/login_table.jpg" alt="" id="BLOGGER_PHOTO_ID_5109537943057367858" border="0" /></a><p align="center"><br /></p><p>Obviously, the Logins table would require a Username and a Password column, however we also need third column, Status, which would be used to determine the permissions of any particular user. For example, a user with the status of "Manager" would be able to view all information, whereas a user with the status of "Employee" would only be able to see their information.</p><p>You now want to create the first page called index.html</p><br /><p><HTML><br /><HEAD><br /><TITLE>Login</TITLE><br /></HEAD><br /><BODY><br /><FORM ACTION="login.asp" METHOD="post"><br /><TABLE BORDER="0"><br /><TR><br /><TD VALIGN="Top">Username:</TD><br /><TD VALIGN="Top"><INPUT TYPE="text" NAME="txtUsername"></TD><br /></TR><br /><TR><br /><TD VALIGN="Top">Password:</TD><br /><TD VALIGN="Top"><INPUT TYPE="password" NAME="txtPassword"></TD><br /></TR><br /><TR><br /><TD VALIGN="Top"></TD><br /><TD VALIGN="Top"><INPUT TYPE="submit" VALUE="Login"></TD><br /></TR><br /></TABLE><br /></FORM><br /></BODY><br /></HTML></p><p>It is very important that you use the POST method to send the login data, not GET, as users would be able to see passwords in the client's browser history, amongst other things that would pose a major security threat.</p><p>The next file that needs to be created is login.asp, which will process the login information and set the login state. Here's the code.<br /><br /><br /><%<br />‘-------------------------------------------Get Form Fields--------------------------------‘<br />txtUsername = request.form("txtUsername ")<br />txtPassword = request.form("txtPassword ")<br />‘--------------------------------------------Connect to Database-------------------------‘<br />dbconn = "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE="<br />dbconn = dbconn & Replace(server.mappath("/"),"website","") &amp;amp;amp;amp;amp;amp; "/database.mdb"<br />set Conn = server.createobject("adodb.connection")<br />Conn.open dbconn<br />‘-------------------------------------------SQL Statement---------------------------------‘<br />sqlstr = "SELECT Username,Password,Status FROM logins WHERE Username='" & txtUsername &amp;amp;amp;amp;amp;amp; "' AND txtPassword ='" & txtPassword &amp;amp;amp;amp;amp;amp;"'"<br />set rs = Conn.execute(sqlstr)<br />‘-----------------------------------------Check if user exists---------------------------------‘<br />if rs.bof and rs.eof then<br />response.write "<h2><br>Acces denied,sorry.<br>Return to the login screen and try again.</h2>"<br />else<br />‘---------------------------User Exists we will now redirect to Interface-----------------‘<br />Status = rs("Status")<br />if Status = "Manager" then<br />‘--------------------------------------------Manger Interface---------------------------------‘<br />response.write "<h2>Welcome!<br>Click <a href='manager/index.asp'><u>here</u></a> to enter</h2>"<br />else<br />‘----------------------------------------------Employee Interface----------------------------‘<br />response.write "<h2>Welcome!<br>Click <a href='employee/index.asp'><u>here</u></a> to enter</h2>"<br />end if<br />end if<br />%></p><p>The script is fairly basic and simply opens a database, requests a recordset, checks to see if it's empty or not using the EOF(End of Recordset) property (which is true if the recordset is empty), returns errors if appropriate, and allows the user to click to the next page. The next page will take the user to the appropriate interface. </p><p>This is part 1 of creating a Secure Classic ASP Web Application. If you have any questions please post them below.</p>Brett Bittkehttp://www.blogger.com/profile/13769758314547799183noreply@blogger.com2tag:blogger.com,1999:blog-6362779421607789547.post-35308040733643371352007-09-07T19:20:00.000-07:002007-09-07T19:46:19.050-07:00ASP to force HTTPS SSLThere is a couple of different ways of forcing an ASP page to SSL. The first way is to create a custom error page that will redirect the ASP page to an SSL or HTTPS. Another way is to use an include file to redirect every page to an SSL. I will be showing you how to Force an SSL using an ASP include file. This is a very simple and straightforward method and you don’t need to login on the server to configure. Follow the steps below. If you have any questions please leave comments on the bottom of this entry.<ul><li>Copy the code below and paste it into a file named <strong>ssl_force.asp </strong></li></ul><p><strong>Include File. ssl_force.asp</strong></p><br /><p><%<br />if Request.ServerVariables("HTTPS") = "off" then<br />method = Request.ServerVariables("REQUEST_METHOD")<br />srvname = Request.ServerVariables("SERVER_NAME")<br />scrname = Request.ServerVariables("SCRIPT_NAME")<br />sRedirect = "https://" & srvname & scrname<br />sQString = Request.Querystring<br />if Len(sQString) > 0 Then<br />sRedirect = sRedirect & "?" & sQString<br />end if<br />if method = "POST" then<br />Response.Write "<form method=post action=" & sRedirect &amp;amp;amp; " name='f'>"<br />for x = 1 to Request.Form.Count()<br />tname = Request.Form.Key(x)<br />tvalue = Server.HTMLEncode(Request.Form.Item(x))<br />Response.Write "<input type=hidden name=" & tname & " value=""" & tValue &""">" & vbCrLf<br />next<br />Response.Write "<input type=submit value=Go To SSL>"<br />Response.Write "</form>"<br />Response.Write "<script>" & vbCrLf<br />Response.Write "document.f.submit();" & vbCrLf<br />Response.Write "</script>"<br />else<br />Response.Redirect sRedirect<br />end if<br />end if<br />%></p><ul><li>For each page that requires SSL, paste the following code at the top of the page to reference the include file from the previous step:</li></ul><p><!--#include file="functions_db.asp"--></p><ul><br /><li>When each page is browsed, the ASP code that is contained in the include file detects if HTTPS is used. If HTTP is used, the browser will be redirected to the same page by using HTTPS.</li></ul>Brett Bittkehttp://www.blogger.com/profile/13769758314547799183noreply@blogger.com0