Global.asa and resource not allowed [Archive]

rosenzl

07-09-2003, 05:01 PM

I have a front page 2002 web application that uses a global.asa file. The application is using webbbots to validate an email address and a password. All worked fine until I attempted to use a "forget your password" with a new password.asp page and a confirm.asp page which sends the password. Stand alone it sends the appropriate password.

Here is where the problem starts:

It appears that the combination of the global.asa and the new pages I created do not work together because If I attempt to get to the password page, it ignores it and stays on the logon page. If I change the global.asa file to not do an abandon on an error, then it allows me to do the password page and confirm page. However, when I click a link to return to the logon page, I get the "resource not allowed". If you need my code, let me know!

I have tried many different gyrations to get around this, but everything I tried causes something to not work properly.

Any suggestions?

Thanks,

Larry

Lotus

07-09-2003, 06:43 PM

I need your code!

rosenzl

07-10-2003, 05:03 AM

I undid the code, but I will give you my current code and show what I added:

Global.asa:

<SCRIPT LANGUAGE=VBScript RUNAT=Server>

'You can add special event handlers in this file that will get run automatically when
'special Active Server Pages events occur. To create these handlers, just create a
'subroutine with a name from the list below that corresponds to the event you want to
'use. For example, to create an event handler for Session_OnStart, you would put the
'following code into this file (without the comments):

'Sub Session_OnStart
'**Put your code here **
'End Sub

'EventName Description
'Session_OnStart Runs the first time a user runs any page in your application
'Session_OnEnd Runs when a user's session times out or quits your application
'Application_OnStart Runs once when the first page of your application is run for the first time by any user
'Application_OnEnd Runs once when the web server shuts down

</SCRIPT>

<SCRIPT LANGUAGE=VBScript RUNAT=Server>

' try to validate the user, see comments in pgAccountAccess.htm
Sub Session_OnStart
Dim cn ' ado connection object
Dim rs ' ado recordset object
Dim strSQL ' sql query string
Dim strSQL2 ' sql query for Email in tblCustomers
Dim struserid ' name of user(from logon2.asp)
Dim strPassword ' password (from logon2.asp)
Dim strcheckbox1 ' new user checks box
Dim strcheckbox2 'lost password
Dim Admins, holddate
Dim strcurrdate
Dim stratsymbol
dim mystring
dim mystring2
dim mylen
dim mylen2
' set session timeout to 10 minutes
Session.Timeout = 10
Admins = 0
strcurrdate = CDate(Date)
Session("currdate") = CDate(strcurrdate)
' get the login info the user entered in logon3.htm
struserid = Request.Form("txtuserid")
strPassword = Request.Form("txtPassword")

strcheckbox1 = Request.Form("txtcheckbox1")
strcheckbox2 = Request.form("txtcheckbox2")
stremail = ""
If request.Form("txtcheckbox1") = 1 then
strcheckbox1 = 1 ' checked

else
strcheckbox1 = 0 ' not checked
end if
'holddate = Date

' if request.form("txtcheckbox2") = 1 then
' strcheckbox2 = 1 ' checked
' else
' strcheckbox2 = 0 ' not checked
' end if
' If strcheckbox2 = 1 then
' session.abandon
' response.redirect "Password.asp"
' end if
'

' mystring = struserid
' mystring2 = strpassword
'
' if Len(mystring) < 8 then
'
' session.abandon
' Response.Redirect "logon3.htm"
' end if
' if Len(mystring2) < 6 Then
' session.abandon
' Response.Redirect "logon3.htm"
' end if

' make sure they did not leave the fields blank
If struserid = "" And strPassword = "" Then
' no login information at all, abandon the
' session and send to the login page
Session.Abandon
Response.Redirect "logon3.htm"
Else
' see if user entered valid login information

' first, create the connection and recordset

Set cn = Server.CreateObject("ADODB.Connection")
Set rs = Server.CreateObject("ADODB.Recordset")

' build the query string using info collected from the
' login page (pgAccountAccess.htm)
strSQL = "SELECT userid, logon, logonid FROM tbllogons WHERE " & _
"(UserID = '" & struserid & "') AND " & _
"(Logon = '" & strPassword & "')"

' Open the connection, the connection string, username and password
' are stored in the Application object which was created by the
' Data Environment connection wizard
cn.Open Application("maxxschedule_ConnectionString")

' open the recordset
rs.Open strSQL, cn
Session("varadmins") = 0
' see if found a recordset, if we did, the user entered
' valid information in the login page
If Not rs.EOF Then
' login successful
' save variables that can be accessed by other pages

Session("varpassword") = rs("Logon")
Session("varUserID") = rs("UserID")
session("varcheckbox1") = strcheckbox1
session("varadmins") = rs("logonid")
'session("origdate") = holddate

Set cn = Nothing
Set rs = Nothing
Response.Redirect "calsched.asp"

Else
If Instr(Request.form("txtuserid"),"@") <> 0 Then
stratsymbol = 1
Session("varatok") = 1
Else
stratsymbol = 0
Session("varatok") = 0
End If
If strcheckbox1 = 1 and strpassword <> "" And stratsymbol = 1 Then
Session("varpassword") = strpassword
Session("varUserID") = struserid
session("varcheckbox1") = strcheckbox1
strsql = "Insert Into tblLogons (DateCreated, userid, Logon) Values (#" & Date &"#, '" & struserid & "', '" & strpassword & "')"

cn.Execute(strsql)
cn.close
set cn=nothing
set rs=nothing
Response.Redirect "calsched.asp"

else
Set cn = Nothing
Set rs = Nothing

' abandon the session and display the
' login failed page
Session.Abandon
Response.Redirect "pgerror2.htm"
End If
End If
End If
End Sub
</SCRIPT>
<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub Application_OnStart
'==Visual InterDev Generated - startspan==
'--Project Data Connection
Application("maxxschedule_ConnectionString") = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\inetpub\scheduleavisit\data\maxxschedule.mdb;Mode=share deny none;Extended Properties="""";Jet OLEDB:System database="""";Jet OLEDB:Registry Path="""";Jet OLEDB:Database Password="""";Jet OLEDB:Engine Type=5;Jet OLEDB:Database Locking Mode=1;Jet OLEDB:Global Partial Bulk Ops=2;Jet OLEDB:Global Bulk Transactions=1;Jet OLEDB:New Database Password="""";Jet OLEDB:Create System Database=False;Jet OLEDB:Encrypt Database=False;Jet OLEDB:Don't Copy Locale on Compact=False;Jet OLEDB:Compact Without Replica Repair=False;Jet OLEDB:SFP=False;"

Application("maxxschedule_ConnectionTimeout") = 15
Application("maxxschedule_CommandTimeout") = 30
Application("maxxschedule_CursorLocation") = 3
Application("maxxschedule_RuntimeUserName") = "Admin"
Application("maxxschedule_RuntimePassword") = ""
'-- Project Data Environment
'Set DE = Server.CreateObject("DERuntime.DERuntime")
'Application("DE") = DE.Load(Server.MapPath("Global.ASA"), "_private/DataEnvironment/DataEnvironment.asa")
'==Visual InterDev Generated - endspan==
End Sub
</SCRIPT>
_________________________________________________________
Logon3.htm: Commented out code was used

<HTML>
<HEAD>
<title>Online Appointment Scheduler Logon ScheduleAVisit</title>
<meta name="keywords" content="appointment scheduler online appointment schedule appointments online scheduling software appointment scheduler small business scheduling www.scheduleavisit.com">
<meta name="description" content="An Online Reservation and Appointment Scheduler which makes it easy to schedule your resources. Designed to Free-up office manager’s and employees phone time with customers">
<meta name="Microsoft Theme" content="glacier4 110, default">
</HEAD>
<BODY onload="document.all.txtuserid.focus()"><TABLE cellSpacing=0 cellPadding=8 align=center border=0>

<TR>
<TD class=clsTop colSpan=2>
<p align="center"><B>Welcome to Online Appointment Scheduler </B></TD></TR>
<TR>
<TD class=clsTD2 colSpan=2>
<p align="center"><IMG src="images/key.gif"
border=0 width="22" height="10">     &nbsp          Please Logon to the Schedule</TD></TR>
<FORM name=FrontPage_Form1 action=calsched.asp Target="_top" method=post language="JavaScript" onsubmit="return FrontPage_Form1_Validator(this)">
<TR>
<TD class=clsTop colSpan=2>
<p align="center"><B>Please enter your Email Address and Password</B></TD></TR>
<TR>
<TD>

<BR>
<TR>
<TD class=clsTop colSpan=2>
<p align="center"><B>If you are a new user, please also click the Checkbox</B></TD></TR>
<TR>
<TD class=clsTD align=middle>  Your Email Address:<P>Password: (6-8 char.) </P>
<P>Check here if 1st Time User: </P>


</TD>
<TD class=clsTD2><P>
<INPUT class=Text name=txtuserid maxlength="50" size="40">
</P>
<P>
<INPUT class=clsInput2 type=password name=txtpassword maxlength="8" size=8></P>
<P><INPUT type=checkbox name=txtcheckbox1 value=1>
</P>


</TD></TR>
<% txtuserid.setfocus %>
<TR>

<TR>
<TD class=clsBottom align=middle colSpan=2><INPUT class=clsInput type=submit value=Submit name=btnSubmit><BR> </TD></TR>
</FORM></TABLE></BODY></HTML>
_________________________________________________________

rosenzl

07-10-2003, 05:32 AM

Here are the other pages:

password.asp

<head>
<title>New Page 1</title>
</HEAD>
<Body>
<form name="Password" method="post" action="confirm.asp">
<table width="100%">
<tr><td>Email:</td>
<td><input type="text" name="Email" size="50">
<input type="submit" name="Submit" value="Submit">
</td></tr></table>
</form>
</Body>
</html>
____________________________________________________
confirm.asp

<%
DIM strEmail
Dim conn, rs
strEmail = Request.Form("Email")

If strEmail <> "" or stremail = "" THEN
%>

<%

DIM mySQL, objRS
mySQL = "SELECT Email, Password FROM tblcustomers WHERE Email = '" & strEmail & "'"
' Set objRS = Server.CreateObject("ADODB.Recordset")
' objRS.Open mySQL, sConnect
' Set objrs = Server.CreateObject("ADODB.Connection")
Set conn = Server.CreateObject("ADODB.Connection")
Conn.Open sConnect
set RS = conn.Execute("SELECT Email, Passwd FROM tblcustomers WHERE Email = '" & strEmail & "'")

IF RS.EOF THEN
Response.Write "That email address was not found in our database. Please click Back on your browser and enter the email address you registered with."
ELSE
DIM strPassword
strPassword = RS("Passwd")

DIM mail, objMail
Set objMail = Server.CreateObject("CDONTS.NewMail")
objMail.From = "email@scheduleavisit.com"
objMail.Subject = "Password"
objMail.To = strEmail
objMail.Body = "Here is your password: " & strPassword
objMail.Send
Set objMail = nothing
session.abandon
Response.Write "Your password has been sent to your email address."

END IF

ELSE
Response.Write "Please click Back on your browser and enter the email address you registered with."
END IF
%><p><a href="logon3.htm">Return to Logon Page</a></p>
____________________________________________________
pgerror2.htm

<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft FrontPage 5.0">
<TITLE></TITLE>
<meta name="Microsoft Theme" content="glacier4 110, default">
</HEAD>
<BODY>

<P>

 <TABLE cellSpacing=0 cellPadding=8 align=center border=0>

<TR>
<TD class=clsTop><B><CENTER><FONT size="4">Welcome to the Reservation and Appointment System</FONT> </B></CENTER></TD></TR>

<TR>

<TD><TABLE cellSpacing=1 cellPadding=5 width="100%" border=0>

<TR>
<TD class=LeftBorder></TD>
<TD><BR>
<CENTER>
<% If Session("varatok") = 1 Then %>
<H5 class=Title><FONT size="3">Invalid Email Address and/or Password<BR>Please Try Again!</FONT></H5>
<H5 class=Title><FONT size="3">If you are a first time customer<BR>Please check the checkbox!
<% Else %>
</FONT>
</H5>
<H5 class=Title><FONT size="3">You must have an @ sign in your Email Address<BR>Please Try Again!
</FONT>
<% End If %> </H5>
<FORM id=form1 name=form1 action=calsched.asp method=post>
<P><INPUT id=cmdSubmit type=submit value=Continue name=cmdSubmit></P></FORM>



</CENTER></TD></TR></TABLE>
</TABLE></BODY>