Cannot delete file using ASP form

[eNerGiZer0101]

Dear reader,

I am faced with a problem when deleting a file from a file from the hard drive of my web server. I will post the forms that I have programmed:

The first form's is name toDelete_files.asp

<html>
<body>
<h2 align=center>Delete Files</h2>
<%
Dim Conn, Rs, sql
set Conn = server.createobject("adodb.connection")
set rs = server.createobject("adodb.recordset")
Conn.open = "DRIVER={MYSQL Connector/ODBC v5};SERVER=localhost;DATABASE=inse6120project;UID=root;PWD=root; OPTION=3; PORT=1433;"
sql= "SELECT * FROM files;"
Rs.Open sql, Conn
Response.Write "<FORM name='Delete' method='post' action='deleteFiles.asp'>"
Response.Write "<table align=center border=1 cellspacing=0>"
Response.Write "<tr>"&"<th></th>"&"<th align='center'>"&"File Name"&"</th>"&"<th align='center'>"&"Description"&"</th>"&"</tr>"
Do While not Rs.EOF
Response.Write ("<tr>")
Response.Write ("<td>"&"<input type='radio' name='ID' value="&Rs("file_number")&">"&"</td>")
Response.Write ("<td>"&Rs("file_name")&"</td>")
Response.Write ("<td>"&Rs("description")&"</td>")
Response.Write ("</tr>")
Rs.MoveNext
Loop
Response.Write("<tr>"&"<td colspan='3' align='center'>"&"<input type ='submit' name='submit' value='Delete' onClick='return validate();'>"&"</td>"&"</tr>")
Response.Write "</table>"
Response.Write "</form>"
Rs.Close
Set Rs = Nothing
Set Conn = Nothing
%>
</body>
</html>

This next form is where I found the error:
The form's name is deleteFiles.asp


<%
Dim ID
Dim fs
Dim FName
ID = Request.Form("ID")
if ID="" then
Response.Write "You did not select a name to delete!"
Else
Dim Conn
Dim Rs
Dim sql
Set Conn = Server.CreateObject("ADODB.Connection")
Set Rs = Server.CreateObject("ADODB.Recordset")
Conn.Open "DRIVER={MYSQL Connector/ODBC v5};SERVER=localhost;DATABASE=inse6120project;UID=root;PWD=root; OPTION=3; PORT=1433;"

sql= "SELECT file_name, fpath FROM files WHERE file_number='" & ID & "'"
Rs.Open sql, Conn
FName = Rs.Fields.Item("fpath") & Rs.Fields.Item("file_name")
Response.Write (FName)
Rs.Close

Set fs=Server.CreateObject("Scripting.FileSystemObject")

if fs.FileExists(FName) then
Response.write "hello"
fs.DeleteFile(FName)
end if
set fs=nothing

sql= "Delete FROM files WHERE file_number='" & ID & "'"
Rs.Open sql, Conn
Conn.Close
Set Conn = Nothing
Response.Write "Successfully Deleted"
End If
%>

I have put a response.write "hello" before the line that is causing the error. The error when submitting the delete button from the toDelete_files.asp page is :

Object expected
Line 4
URL toDelete_files.asp

I don't think there is an error with the toDelete_files.asp page but it is from the deleteFiles.asp page.

For clarity, the line that is giving the error is :
fs.DeleteFile(FName)

When I comment the line the form deletes the entry in the DB but I need for it to delete the file...

Can someone please help me with this?

Thank you in advance,

Liam

 

[Sheco]

I usually see the "Object expected" when I mistype the name of an object variable or if On Error Resume Next is on and I accidentally comment out the row with Server.CreateObject ...

Anyway, one thing to remember when deleting files is that the default user account for ASP has very few permissions to alter anything on the web server and no permissions on any other machine on your network.

So, depending on the actual location of the file you want to delete, you may need to either give the IUSR_MachineName account more privilages, use a different accouont for anonymous access, or even disable anonymous access altogether depending on your application specifics.

 

[eNerGiZer0101]

I looked at the permissions in IIS and put then to read and write. Also the user that is doing the deletion is a Administrator and this user has full control. I have no clue what the solution is but I'm pretty sure it's not a permission issue. One thing that I don't understand is that usually when there is a problem with a script it displays the error in a different page. This error is a window prompt from Internet explorer and telling that an object is expected in the toDelete_files.asp page but I found the error in the DeleteFiles.asp page when it does the Deletion.

 

[Sheco]

Something else is clearly wrong here.

If an ASP named Foo.asp contains an HTML form ...

... and that HTML form submits to a second page named Bar.asp

... submitting the form should only lead to an error in Bar.asp .... if you see an error in Foo.asp then the form is not submitting properly.

There must be a problem in either the form tag's action property or its onSubmit event or maybe in the submit button's onClick event.

 

[MoLaker]

Is IIS set to permit Anonymous users? If so, then your "Administrator" user is probably not seen by IIS as that user, but rather as IUSR_MachineName. Whatever user is recognized, that user must have "Delete" or "Change" permissions. Just "Read" and "Write" will not permit deleting of a file.

 

[Sheco]

Oh, I read his reply to mean that he had replaced the default account with Administrator so that all ASP is executed as Administrator. An OK way to test but bad security idea to go live this way...

 

[eNerGiZer0101]

After looking through my toDelete.asp form I noticed there was an onCLick event so by deleting it the page loads without the error message.

The problem now is that after selecting the file to delete the page keeps loading. I let it load for 10 minutes and still does not finish the load. For somereason there are nor error messages but the files does not delete because the page keeps on loading.

I am running IIS from XP Pro. (IIS 5.1). For some reason I did not find how not to set to permit Anonymous users if it is selected.

 

[MoLaker]

Look under Adminstrative Tools | Internet Information Services then Properties of Default Web Site in Tab "Directory Security" then Edit button for "Anonymous Access and Authentication Control". (whew!) Uncheck "Anonymous Access". Note: this may require the user to have to log in if "Integrated Windows Authentication" checkbox at the bottom is not checked.

 

[MoLaker]

Which page keeps loading? Are you saying toDelete.asp never quits loading or is it deleteFiles.asp?

 

[Sheco]

No error?

At times like these you just gotta find where it is getting hung up.

Insert these two lines near the top of deleteFiles.asp:
[tt]Response.Write "Got this far at " & Now
Response.End
[/tt]


If it runs then move it down a few lines so more of the page executes and then run it again. Keep doing this until you find which line is causing the script to hang up.

 

[eNerGiZer0101]

The line that is causing the page the keep loading without a response is :

fs.DeleteFile(FName)

This line is found in the deleteFiles.asp page.

 

[MoLaker]

Just to verify...

Who is the logged on user? IUSR_MachineName or ???
If you are unsure, do a

response.write Request.ServerVariables("LOGON_USER")

Do it in ToDelete.asp so you can see it before encountering the error.

Does that user have Change or Delete permissions for the directory AND file that you are trying to delete?

Is the file read-only, by chance? If so, you need to add the "force" parameter to the delete statement fs.DeleteFile(FName,True)

Another issue which may cause you problem later...
I recommend you place the statement that deletes the record in the database within the If Then statement that actually deletes the file - unless you want to delete the record regardless of whether or not you delete the file.

 

[eNerGiZer0101]

The user who is doing this delete is Administrator and this user had full control over the file and folder.

 

[MoLaker]

Quote: "The user who is doing this delete is Administrator and this user had full control over the file and folder."

And Anonymous Access is unchecked in IIS configuration?

Don't mean to be anal here, but even if you are logged onto Windows as Administrator you will still be IUSR_machinename within IIS if Anonymous Access is still checked. Of course, if you confirmed it with the command Request.ServerVariables("LOGON_USER"), then I'll not ask again.