Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Include file 2

Status
Not open for further replies.
stevedi

stevedi

Programmer
Aug 23, 2002
23
US
Hi,

I have this website where a small portion of the site should only be available to certain users. I'm using using a database to store UserIDs. I have a login form which checks if they are in the db, if so allows them to the first page and stores the UserID as a session variable. The thing is that if other users some how know the URLs of these pages (like in the history)they can gain access. I though I would use an include asp file which compares the userID (session variable) with the valid users in the db and place it in the pages I want to protect. I called it Checkuser.asp. The first page is a framed page I put the include file at the top of the page before the <html> as such <!--#include file=&quot;Checkuser.asp&quot;-->. It does the checking but fails to write the html if the inc file permits access. If I replace the inc file with the script contained in the inc file it works. Any thoughts would be appreciated.

SteveDi
<%
Option Explicit
Const adStateClosed = &H00000000
Const adStateOpen = &H00000001

Dim adoCon
Dim ConStr
Dim adoFindUser
Dim strAccessDB
Dim UserID
Dim strFindUser

On Error Resume Next

UserID = Session(&quot;UserID&quot;)

strAccessDB = &quot;../fpdb/actedms&quot;

Set adoCon = Server.CreateObject(&quot;ADODB.Connection&quot;)
Set adoFindUser = Server.CreateObject(&quot;ADODB.Recordset&quot;)

ConStr=&quot;DRIVER={Microsoft Access Driver (*.mdb)};&quot;
ConStr = ConStr & &quot;DBQ=&quot; & server.mappath(strAccessDB)

adoCon.open ConStr

strFindUser = &quot;SELECT UserID FROM UserNames WHERE UserID = '&quot; & UserID & &quot;'&quot;

adoFindUser.Open strFindUser, adoCon

If adoFindUser.eof Then
'if no user is found then redirect to login
Response.Redirect&quot;Login.htm&quot;
Else
'do nothing and continue writing the page
End If

Set adoFindUser = Nothing

If adoCon.State = adStateOpen Then
adoCon.Close
End If

Set adoCon = Nothing
%>
 
Sort by date Sort by votes
You can't include a .asp file as the include happens before the script is run.

Use this instead...

<%
whichfile= &quot;your_filename.asp&quot;
Call ReadDisplayFile(whichfile)


SUB ReadDisplayFile(FileToRead)
whichfile=server.mappath(FileToRead)
Set fs = CreateObject(&quot;Scripting.FileSystemObject&quot;)
Set thisfile = fs.OpenTextFile(whichfile, 1, False)
tempSTR=thisfile.readall
response.write tempSTR
thisfile.Close
set thisfile=nothing
set fs=nothing
end sub
%> Steve Davis
hey.you@hahaha.com.au

Me? I can't even spell ASP!
 
Upvote 0 Downvote
Another option would be to use Server.Execute(filename) where filename is a string containing the filename. This statement executes the specified file (using a path relative to the currently executing script) from inside your first file and then returns back to your first file to finish. Any output from your Executed file is appended to the buffer when the file is executed, exactly as if you had included it.

-Tarwn [sub]01010100 01101001 01100101 01110010 01101110 01101111 01101011 00101110 01100011 01101111 01101101 [/sub]
[sup]29 3K 10 3D 3L 3J 3K 10 32 35 10 3E 39 33 35 10 3K 3F 10 38 31 3M 35 10 36 3I 35 35 10 3K 39 3D 35 10 1Q 19[/sup]
Get better results for your questions: faq333-2924
Frequently Asked ASP Questions: faq333-3048
 
Upvote 0 Downvote
Tarwn and Steve,

Thanks for the responses. It tried the Server.Execute and put it at the top of the page before the <html> tag. it executes and returns to the original page but doesn't write the html. This page has 2 frames in it. I tested the Server.execute on a nonframed page and it worked. Could the fact that is a framed page have something to do with it?

Thanks again,

SteveDi
 
Upvote 0 Downvote
If your trying to execute it in the page that has the actual frameset and frame tags you won't see content, only the frames. Do a view source and see if it is there.

-Tarwn [sub]01010100 01101001 01100101 01110010 01101110 01101111 01101011 00101110 01100011 01101111 01101101 [/sub]
[sup]29 3K 10 3D 3L 3J 3K 10 32 35 10 3E 39 33 35 10 3K 3F 10 38 31 3M 35 10 36 3I 35 35 10 3K 39 3D 35 10 1Q 19[/sup]
Get better results for your questions: faq333-2924
Frequently Asked ASP Questions: faq333-3048
 
Upvote 0 Downvote
Tarwn,

I've got it. In the asp (A) file I was executing in the server.execute I left the html, header, body etc tags in. So when I viewed the source per your suggestion I saw tags for that page and the originating page (B). I took all the tags out of the asp (A) then it worked. Make sense?

Thanks again for your help.

SteveDi
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
READ TEXT FILE BASED ON VARIABLE 1
Replies
2
Views
190
guitarzan
guitarzan
DiDYRO_
  • Locked
  • Question
How do I make a VBS file that can collect dialog-type answers in a local .log file?
Replies
0
Views
159
DiDYRO_
DiDYRO_
BobJury
  • Locked
  • Question
File Upload with pure ASP
Replies
2
Views
118
xwb
xwb
Kirkcudbright
  • Locked
  • Question
File upload code has stopped working
Replies
5
Views
96
ChrisHirst
ChrisHirst
JScannell
  • Locked
  • Question
Creating Excel files in Classic ASP on an intranet
Replies
5
Views
277
ggriffit
ggriffit

Part and Inventory Search

Sponsor

Back
Top