Problem with ASP security 2

[jisoo22]

Hello people!

I've implemented a simple login/password security system for my website. Here's the problem, in any of the other pages aside from the login page, I tried to put in a little bit of VBScript that will redirect the user to the login page if they had not logged in yet. But when I test them, I get this error:


Response object error 'ASP 0156 : 80004005'

Header Error

/Sales/add.asp, line 82

The HTTP headers are already written to the client browser. Any HTTP header modifications must be made before writing page content.


Does anyone know what this means? I'm running on Windows 98SE with PWS and IE 5.0.

Thanks,
Jisoo22

P.S. Here's the code I used:

<%
If Session(&quot;LoggedIn&quot = &quot;TRUE&quot; Then
'Do nothing
Else
'User is not logged in, generate error.
Response.Redirect &quot;Default.asp&quot;
End If
%>

 

[Extentec]

You are not allowed to redirect once you have written anything to the client. You have to do the redirect before sending out or writing any HTML to the browser. There are a couple of options.

1) Easiest -- besure login check is the third thing on your page:
(assuming the inlclude file writes no html, i.e. all the code is enclosed in functions and is called later in the page)

<@LANGUAGE=VBScript>
<!-- #include file='myfile.asp'-->
<%
If Session(&quot;LoggedIn&quot = &quot;TRUE&quot; Then
'Do nothing
Else
'User is not logged in, generate error.
Response.Redirect &quot;Default.asp&quot;
End If
%>

2) Better from a programing standpoint -- use response.buffer = true which forces all the HTML to be heald at the server until the respsone.flush method is called at the end of the page.

<@LANGUAGE=VBScript>
<!-- #include file='myfile.asp'-->
<%
Option Explicit
Response.Buffer = True

If Session(&quot;LoggedIn&quot = &quot;TRUE&quot; Then
'Do nothing
Else
'User is not logged in, generate error.
Response.Redirect &quot;Default.asp&quot;
End If
%>

<!-- ALL HTML CODE HERE -->

<%
Response.Flush
%>

http://www.onti.net

 

[Ovatvvon]

actually, you can redirect after writing to the client. You have to enable buffering though throug IIS, or programmically. I believe programmically, you need to enter <%Response.buffer = true%>, but I'm not positive of the format.

Just so you know you can do it though either one of those ways, and you know what to investigate now if you want to do it programmically so it's for one page only rather than a whole site as it will be if you set it through IIS.

That should fix your problem! Let me know.
-Ovatvvon :-Q

 

[Extentec]

When the server processes a Response.Write it streams data to the client. When Response.Buffer is set to true the server holds all the respsonse.write output and any other HTML you have coded until the response.flush is called or the end of the page is reached ( flush is called implicitly).

By setting the buffer to true it prevents the server from writing to the client thus when a response.redirect is encountered the server can redirect the browser. If you write to the client (buffer=false) you can't redirect from the server unless you call response.clear to remove what was written.

You can set buffers at the page level (like above) or change the default in IIS. Also note that the default for IIS 5 is buffer = true so this will be less of an issue on a W2K server.

Just thought I'd clarify

http://www.onti.net

 

[jisoo22]

Hey thanks a heap guys, this really helps a lot! I have one more question, do any of you know how to make an effective search page with ASP? I have something I made with Dreamweaver Ultradev, a search page that pulls up a list of whatever is related to the parameters. Problem is that it's very touch and go. I have three fields for parameters to search by but when I use any of them, I get mixed results. I.E. If I search by a record number, it pulls up ALL records. Or if I search by a name, that name is case-sensitive =P Can anyone help or point me to a good tutorial?

Thanks,
Jisoo22

 

[link9]

well, as far as the case sensitivity, you can use the function, ucase(colName) to make it all upper case (which you can then search on), or conversely, lcase(colName)

So for example, if I wanted to find all records in a table called 'people' that had the word, 'Paul', in a column called, 'fName', I might say this:

SELECT * FROM people WHERE ucase(fName) = 'PAUL'

As far as searching by record number and your query returning all records... I would need to see the query you are using to offer any advice. That definitely smells.

If the case sensitivity thing doesn't help, then post the query you are trying to use to search by record number and let's pop the hood.


Paul Prewett

 

[jisoo22]

I'm posting the code for the search page below, but I warn you that it's really hairy since there's all that canned code by Dreamweaver UltraDev. I hope you can make heads or tails of this because I can't!

Thanks,
Jisoo22

<%@LANGUAGE=&quot;VBSCRIPT&quot;%> <%

Dim Recordset1__varCompany
Recordset1__varCompany = &quot;%&quot;
if(Request.QueryString(&quot;Company&quot <> &quot;&quot then Recordset1__varCompany = Request.QueryString(&quot;Company&quot

Dim Recordset1__varName
Recordset1__varName = &quot;%&quot;
if(Request.QueryString(&quot;Name&quot <> &quot;&quot then Recordset1__varName = Request.QueryString(&quot;Name&quot

Dim Recordset1__varID
Recordset1__varID = &quot;%&quot;
if(Request.QueryString(&quot;Contact ID&quot <> &quot;&quot then Recordset1__varID = Request.QueryString(&quot;Contact ID&quot

%> <%
set Recordset1 = Server.CreateObject(&quot;ADODB.Recordset&quot
Recordset1.ActiveConnection = &quot;dsn=sales2;&quot;
Recordset1.Source = &quot;SELECT Contact_ID, Name, Company FROM Main_Info WHERE Company LIKE '&quot; + Replace(Recordset1__varCompany, &quot;'&quot;, &quot;''&quot + &quot;' AND Name LIKE '&quot; + Replace(Recordset1__varName, &quot;'&quot;, &quot;''&quot + &quot;' AND Contact_ID LIKE '&quot; + Replace(Recordset1__varID, &quot;'&quot;, &quot;''&quot + &quot;'&quot;
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 3
Recordset1.Open
Recordset1_numRows = 0
%><%
Dim Repeat1__numRows
Repeat1__numRows = 10
Dim Repeat1__index
Repeat1__index = 0
Recordset1_numRows = Recordset1_numRows + Repeat1__numRows
%> <%
' *** Recordset Stats, Move To Record, and Go To Record: declare stats variables

' set the record count
Recordset1_total = Recordset1.RecordCount

' set the number of rows displayed on this page
If (Recordset1_numRows < 0) Then
Recordset1_numRows = Recordset1_total
Elseif (Recordset1_numRows = 0) Then
Recordset1_numRows = 1
End If

' set the first and last displayed record
Recordset1_first = 1
Recordset1_last = Recordset1_first + Recordset1_numRows - 1

' if we have the correct record count, check the other stats
If (Recordset1_total <> -1) Then
If (Recordset1_first > Recordset1_total) Then Recordset1_first = Recordset1_total
If (Recordset1_last > Recordset1_total) Then Recordset1_last = Recordset1_total
If (Recordset1_numRows > Recordset1_total) Then Recordset1_numRows = Recordset1_total
End If
%> <%
' *** Recordset Stats: if we don't know the record count, manually count them

If (Recordset1_total = -1) Then

' count the total records by iterating through the recordset
Recordset1_total=0
While (Not Recordset1.EOF)
Recordset1_total = Recordset1_total + 1
Recordset1.MoveNext
Wend

' reset the cursor to the beginning
If (Recordset1.CursorType > 0) Then
Recordset1.MoveFirst
Else
Recordset1.Requery
End If

' set the number of rows displayed on this page
If (Recordset1_numRows < 0 Or Recordset1_numRows > Recordset1_total) Then
Recordset1_numRows = Recordset1_total
End If

' set the first and last displayed record
Recordset1_first = 1
Recordset1_last = Recordset1_first + Recordset1_numRows - 1
If (Recordset1_first > Recordset1_total) Then Recordset1_first = Recordset1_total
If (Recordset1_last > Recordset1_total) Then Recordset1_last = Recordset1_total

End If
%> <%
' *** Move To Record and Go To Record: declare variables

Set MM_rs = Recordset1
MM_rsCount = Recordset1_total
MM_size = Recordset1_numRows
MM_uniqueCol = &quot;&quot;
MM_paramName = &quot;&quot;
MM_offset = 0
MM_atTotal = false
MM_paramIsDefined = false
If (MM_paramName <> &quot;&quot Then
MM_paramIsDefined = (Request.QueryString(MM_paramName) <> &quot;&quot
End If
%> <%
' *** Move To Record: handle 'index' or 'offset' parameter

if (Not MM_paramIsDefined And MM_rsCount <> 0) then

' use index parameter if defined, otherwise use offset parameter
r = Request.QueryString(&quot;index&quot
If r = &quot;&quot; Then r = Request.QueryString(&quot;offset&quot
If r <> &quot;&quot; Then MM_offset = Int(r)

' if we have a record count, check if we are past the end of the recordset
If (MM_rsCount <> -1) Then
If (MM_offset >= MM_rsCount Or MM_offset = -1) Then ' past end or move last
If ((MM_rsCount Mod MM_size) > 0) Then ' last page not a full repeat region
MM_offset = MM_rsCount - (MM_rsCount Mod MM_size)
Else
MM_offset = MM_rsCount - MM_size
End If
End If
End If

' move the cursor to the selected record
i = 0
While ((Not MM_rs.EOF) And (i < MM_offset Or MM_offset = -1))
MM_rs.MoveNext
i = i + 1
Wend
If (MM_rs.EOF) Then MM_offset = i ' set MM_offset to the last possible record

End If
%> <%
' *** Move To Record: if we dont know the record count, check the display range

If (MM_rsCount = -1) Then

' walk to the end of the display range for this page
i = MM_offset
While (Not MM_rs.EOF And (MM_size < 0 Or i < MM_offset + MM_size))
MM_rs.MoveNext
i = i + 1
Wend

' if we walked off the end of the recordset, set MM_rsCount and MM_size
If (MM_rs.EOF) Then
MM_rsCount = i
If (MM_size < 0 Or MM_size > MM_rsCount) Then MM_size = MM_rsCount
End If

' if we walked off the end, set the offset based on page size
If (MM_rs.EOF And Not MM_paramIsDefined) Then
If (MM_offset > MM_rsCount - MM_size Or MM_offset = -1) Then
If ((MM_rsCount Mod MM_size) > 0) Then
MM_offset = MM_rsCount - (MM_rsCount Mod MM_size)
Else
MM_offset = MM_rsCount - MM_size
End If
End If
End If

' reset the cursor to the beginning
If (MM_rs.CursorType > 0) Then
MM_rs.MoveFirst
Else
MM_rs.Requery
End If

' move the cursor to the selected record
i = 0
While (Not MM_rs.EOF And i < MM_offset)
MM_rs.MoveNext
i = i + 1
Wend
End If
%> <%
' *** Move To Record: update recordset stats

' set the first and last displayed record
Recordset1_first = MM_offset + 1
Recordset1_last = MM_offset + MM_size
If (MM_rsCount <> -1) Then
If (Recordset1_first > MM_rsCount) Then Recordset1_first = MM_rsCount
If (Recordset1_last > MM_rsCount) Then Recordset1_last = MM_rsCount
End If

' set the boolean used by hide region to check if we are on the last record
MM_atTotal = (MM_rsCount <> -1 And MM_offset + MM_size >= MM_rsCount)
%> <%
' *** Go To Record and Move To Record: create strings for maintaining URL and Form parameters

' create the list of parameters which should not be maintained
MM_removeList = &quot;&index=&quot;
If (MM_paramName <> &quot;&quot Then MM_removeList = MM_removeList & &quot;&&quot; & MM_paramName & &quot;=&quot;
MM_keepURL=&quot;&quot;:MM_keepForm=&quot;&quot;:MM_keepBoth=&quot;&quot;:MM_keepNone=&quot;&quot;

' add the URL parameters to the MM_keepURL string
For Each Item In Request.QueryString
NextItem = &quot;&&quot; & Item & &quot;=&quot;
If (InStr(1,MM_removeList,NextItem,1) = 0) Then
MM_keepURL = MM_keepURL & NextItem & Server.URLencode(Request.QueryString(Item))
End If
Next

' add the Form variables to the MM_keepForm string
For Each Item In Request.Form
NextItem = &quot;&&quot; & Item & &quot;=&quot;
If (InStr(1,MM_removeList,NextItem,1) = 0) Then
MM_keepForm = MM_keepForm & NextItem & Server.URLencode(Request.Form(Item))
End If
Next

' create the Form + URL string and remove the intial '&' from each of the strings
MM_keepBoth = MM_keepURL & MM_keepForm
if (MM_keepBoth <> &quot;&quot Then MM_keepBoth = Right(MM_keepBoth, Len(MM_keepBoth) - 1)
if (MM_keepURL <> &quot;&quot Then MM_keepURL = Right(MM_keepURL, Len(MM_keepURL) - 1)
if (MM_keepForm <> &quot;&quot Then MM_keepForm = Right(MM_keepForm, Len(MM_keepForm) - 1)

' a utility function used for adding additional parameters to these strings
Function MM_joinChar(firstItem)
If (firstItem <> &quot;&quot Then
MM_joinChar = &quot;&&quot;
Else
MM_joinChar = &quot;&quot;
End If
End Function
%> <%
' *** Move To Record: set the strings for the first, last, next, and previous links

MM_keepMove = MM_keepBoth
MM_moveParam = &quot;index&quot;

' if the page has a repeated region, remove 'offset' from the maintained parameters
If (MM_size > 0) Then
MM_moveParam = &quot;offset&quot;
If (MM_keepMove <> &quot;&quot Then
params = Split(MM_keepMove, &quot;&&quot
MM_keepMove = &quot;&quot;
For i = 0 To UBound(params)
nextItem = Left(params(i), InStr(params(i),&quot;=&quot - 1)
If (StrComp(nextItem,MM_moveParam,1) <> 0) Then
MM_keepMove = MM_keepMove & &quot;&&quot; & params(i)
End If
Next
If (MM_keepMove <> &quot;&quot Then
MM_keepMove = Right(MM_keepMove, Len(MM_keepMove) - 1)
End If
End If
End If

' set the strings for the move to links
If (MM_keepMove <> &quot;&quot Then MM_keepMove = MM_keepMove & &quot;&&quot;
urlStr = Request.ServerVariables(&quot;URL&quot & &quot;?&quot; & MM_keepMove & MM_moveParam & &quot;=&quot;
MM_moveFirst = urlStr & &quot;0&quot;
MM_moveLast = urlStr & &quot;-1&quot;
MM_moveNext = urlStr & Cstr(MM_offset + MM_size)
prev = MM_offset - MM_size
If (prev < 0) Then prev = 0
MM_movePrev = urlStr & Cstr(prev)
%>
<html>
<head>
<title>Search Results...</title>
<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;>
</head>
<body bgcolor=&quot;#FFFFFF&quot;>
<font face=&quot;Arial, Helvetica, sans-serif&quot; size=&quot;7&quot;>Results so far:</font><br>
<br>
<table width=&quot;75%&quot; border=&quot;1&quot; align=&quot;left&quot;>
<tr>
<td width=&quot;31%&quot;><font face=&quot;Arial, Helvetica, sans-serif&quot;>Contact ID</font></td>
<td width=&quot;33%&quot;><font face=&quot;Arial, Helvetica, sans-serif&quot;>Name</font></td>
<td width=&quot;36%&quot;><font face=&quot;Arial, Helvetica, sans-serif&quot;>Company</font></td>
</tr>
</table>
<br>
<br>
<%
While ((Repeat1__numRows <> 0) AND (NOT Recordset1.EOF))
%>
<table width=&quot;75%&quot; border=&quot;0&quot; align=&quot;left&quot;>
<tr>
<td width=&quot;31%&quot;><font face=&quot;Arial, Helvetica, sans-serif&quot;><A HREF=&quot;detail.asp?<%= MM_keepNone & MM_joinChar(MM_keepNone) & &quot;Contact_ID=&quot; & Recordset1.Fields.Item(&quot;Contact_ID&quot.Value %>&quot;><%=(Recordset1.Fields.Item(&quot;Contact_ID&quot.Value)%></A></font></td>
<td width=&quot;33%&quot;><font face=&quot;Arial, Helvetica, sans-serif&quot;><%=(Recordset1.Fields.Item(&quot;Name&quot.Value)%></font></td>
<td width=&quot;36%&quot;><font face=&quot;Arial, Helvetica, sans-serif&quot;><%=(Recordset1.Fields.Item(&quot;Company&quot.Value)%></font></td>
</tr>
</table>
<br>
<br>
<%
Repeat1__index=Repeat1__index+1
Repeat1__numRows=Repeat1__numRows-1
Recordset1.MoveNext()
Wend
%> <br>
<br>
<A HREF=&quot;<%=MM_moveFirst%>&quot;><font face=&quot;Arial, Helvetica, sans-serif&quot;>First</font></A>
<font face=&quot;Arial, Helvetica, sans-serif&quot;><A HREF=&quot;<%=MM_movePrev%>&quot;>Previous</A>
<A HREF=&quot;<%=MM_moveNext%>&quot;>Next</A>
<A HREF=&quot;<%=MM_moveLast%>&quot;>Last</A>
Records <%=(Recordset1_first)%>
- <%=(Recordset1_last)%>
of <%=(Recordset1_total)%>
</font>
</body>
</html>

 

[shaddow]

Send me an email if u need an example of mine...
________
George, M
email : shaddow11_ro@yahoo.com