one for the web developers - query strings (or not!)
FIXED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: one for the web developers - query strings (or...
03-05-2017 11:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
right, so i have a login page that checks the persons username (and privelidges) and then directs them to the appropriate "home" page, which uses query strings.
so essentially the home page url is blah.asp?id=dfnsdf&id2=dsfkd&id3=dfdsf etc etc
now, for whatever reason the decision is that the home page url should be presented to the end user without those query strings visible.
so i though, use a dummy "home" page with an iframe tag that contains what the real URL. however using query strings would present a problem with that method.
so is there a way of pulling those variables into the dummy home page without using query strings?
as long as i can get the variables into the dummy page i can then use those to populate the required query strings within the iframe tag.
example of script that determines where to direct the user to after login
If strType = "usertype1" Then Response.Redirect"/home1.asp?name=" & strUserName & "&contract=" & strContract & "&displayname=" & strDisplayName ElseIf strType = "usertype2" Then Response.Redirect"/home2.asp?name=" & strUserName & "&displayname=" & strDisplayName ElseIf strType = "usertype3" Then Response.Redirect"/home3.asp?name=" & strUserName & "&display=TODAY" & "&jobtype=ALL" End If
and the iframe tag in the "dummy" home page (this part can't change as the query strings must remain at this point
<iframe width="100%" src="realhome3.asp?name=gipaq&display=display&jobtype=jobtype" style="position: absolute; height: 100%; border: none"></iframe>
Fixed! Go to the fix.
Re: one for the web developers - query strings (or not!)
03-05-2017 12:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Change your form to use the post method.
Re: one for the web developers - query strings (or not!)
03-05-2017 12:07 PM - edited 03-05-2017 12:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
the intial form is already using the post method.
only strUserName comes from the form
Re: one for the web developers - query strings (or not!)
03-05-2017 12:12 PM - edited 03-05-2017 12:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
OK, I'd be inclined to use server side session variables or client side cookies. Using sessions variables can be tricky and need to be properly tracked and scoped. However by using cookies these values are sent to the server on every subsequent request and are IMO easier to manage and maintain, just remember to expire them when the user leaves the site.
Re: one for the web developers - query strings (or not!)
03-05-2017 12:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
the asp script that checks for user/pass etc etc uses session cookies, so if they close the browser session or click logout then it clears the session cookie (it was pre-made script, nothing to do with me that one).
would a client side cookie still permit everything else to use query strings though?
it's just this iframe page that can't use them.
Re: one for the web developers - query strings (or not!)
03-05-2017 12:34 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If you're already using sessions cookies on the server then add your data to the cookie jar. With the cookies in the session you only need a single home page with the appropriate logic to code it for the permissions you have. In your sample output above you redirect a successfully logged in user to the home.asp and inside that it has access to the sessions cookies you've set to create the page with the appropriate content.
Re: one for the web developers - query strings (or not!)
03-05-2017 1:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
you'll see the redirect url contains those query strings - that is the "real" home page.
i need the script that does the redirect pass the required data to the new iframe page, so that the iframe page can then load the real home page using query strings.
Re: one for the web developers - query strings (or not!)
03-05-2017 1:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
You've lost me now, after login what exactly is it you want to happen?
Re: one for the web developers - query strings (or not!)
03-05-2017 1:27 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
user logs in. login scripts checks who they are and redirects them to whatever page they should go to.
that redirect at the moment is a URL with query strings.
what is envisaged is that the redirect actually goes to a "dummy" page that contains an iframe tag.
the url within the iframe tag would load the "real" home page using query strings.
the "dummy" page URL can't use query strings, but still needs to have that data to use in the iframe tag.
Re: one for the web developers - query strings (or not!)
03-05-2017 1:39 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
OK, it’s just got brighter in here. During the login validation process add the variables you need to the session, then redirect the user to the dummy page (dummy.asp), this page then creates the iframe with the correct parameters read from the session vars.
Re: one for the web developers - query strings (or not!)
03-05-2017 2:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
ok that's where it becomes a bit of a dark art there, as the session cookie stuff was pre-made and we just bolt it in where required.
if you could point me in the direction as to where stuff gets added to the session?
<% 'Dimension variables Dim adoCon 'Database Connection Variable Dim strCon 'Holds the Database driver and the path and name of the database Dim rsCheckUser 'Database Recordset Variable Dim strAccessDB 'Holds the Access Database Name Dim strSQL 'Database query sring Dim strUserName 'Holds the user name 'Initalise the strUserName variable strUserName = Request.Form("txtUserName") 'Check the database to see if user exsits and read in there password 'Initialise the strAccessDB variable with the name of the Access Database strAccessDB = "users" 'Create a connection odject Set adoCon = Server.CreateObject("ADODB.Connection") 'Database connection info and driver strCon = "Driver={SQL Server}; Server=serveranme; Database=dbname; UID=user; PWD=pass; Option=4" 'Set an active connection to the Connection object adoCon.Open strCon 'Create a recordset object Set rsCheckUser = Server.CreateObject("ADODB.Recordset") 'Initalise the strSQL variable with an SQL statement to query the database strSQL = "select * from table where (field='" & strUserName & "' or field='" & strUserName & "')" 'Query the database rsCheckUser.Open strSQL, strCon 'If the recordset finds a record for the username entered then read in the password for the user If NOT rsCheckUser.EOF Then 'Read in the password for the user from the database If (Request.Form("txtUserPass")) = rsCheckUser("per_Data8") Then 'If the password is correct then set the session variable to True Session("blnIsUserGood") = True strContract = rsCheckUser("per_Data9") strDisplayName = rsCheckUser("pers_name") strType = rsCheckUser("per_Data11") 'Close Objects before redirecting Set adoCon = Nothing Set strCon = Nothing Set rsCheckUser = Nothing 'Redirect to the authorised user page and send the users name If strType = "Client" Then Response.Redirect"client.asp?name=" & strUserName & "&contract=" & strContract & "&displayname=" & strDisplayName ElseIf strType = "Engineer" Then Response.Redirect"engineer.asp?name=" & strUserName & "&displayname=" & strDisplayName ElseIf strType = "SubContractor" Then Response.Redirect"/clientportal/sub/sub.asp?name=" & strUserName & "&display=TODAY" & "&jobtype=ALL" End If End If End If 'Close Objects Set adoCon = Nothing Set strCon = Nothing Set rsCheckUser = Nothing 'If the script is still running then the user must not be authorised Session("blnIsUserGood") = False 'Redirect to the unautorised user page Response.Redirect"unauthorised.asp" %>
03-05-2017 2:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
That would be on this line:
Session("blnIsUserGood") = True
I see no reason as to why you can’t also add :
Session("userName") = strUserName Session("moreStuf") = myStuff
...
Then later in another page :
Dim sessUser As String sessUser = Session(“userName”)
to extract and values assign the variables. Of course you don't need to assign them to variables you could simply use the values as is e.g.
If (StrComp(Session("userType"), "Admin", vbTextCompare) == 0) THEN Do Admin Stuff End If
Re: one for the web developers - query strings (or not!)
03-05-2017 3:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
i actually just thought of why don't i just put the login page inside the iframe and that would mean no changes needed at all ! but that seems just too easy !
Re: one for the web developers - query strings (or not!)
04-05-2017 12:15 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have to say this strikes me as terribly insecure. Surely, the correct page should be selected server-side according to the user's identity and not simply passed as a redirection to the browser. Does the redirected page check the identity of the person accessing it? Otherwise, what's to stop someone trying different query strings to see other people's pages?
Re: one for the web developers - query strings (or not!)
on 04-05-2017 1:01 AM - last edited on 04-05-2017 2:10 AM by Mav
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This.
You say after logging in the script checks the users permissions and redirects accordingly.. why not just run the appropriate code directly after the user has logged in? - You're over complicating things using an iframe.
But.. if you've really got to continue down that road.. does the server you're using (presumably IIS) support anything like apaches rewrite module? - You could always just rewrite the url and have the script parse details from the url. I'm working on a site that has around 800 static html pages and putting them all into the database with unique addresses that all go via a rewrite rule to one php file but thats on a linux / apache setup.
Moderator's note by Mike (Mav): Full quote of preceding post removed as per Forum rules.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: one for the web developers - query strings (or...