I'm trying logging verification, everything seems to be fine, but when I add the special characters string to another variable it causes an error to occur.
I'm trying to detect if a user is inputting special characters such as: !, . etc. something like that.
Here's my code,
<form action="" method="get"/>
username:<input type="text" name="user"/><br>
password:<input type="password" name="pass"/><br>
<input type="submit" value="Login">
</form>
<%
dim user,pass, spchar, getspchar
user=request.querystring("user")
pass=request.querystring("pass")
spchar = "!"
getspchar = spchar
if user = "" then
response.write("Please provide your first name")
elseif pass = "" then
response.write("Please provide your password")
elseif user = spchar or pass = spchar then
response.write(getspchar &" Special character not allowed")
elseif user <> "admin" or pass <> "admin" then
response.write("Invalid Username or Password")
else
response.write("welcome")
end if
%>
What you need to do is check to see if your special characters are in the list. Perhaps something like the following...
<%
Dim user, pass, specchars
'Put all your special characters in the following list...
user = Request.QueryString("user")
pass = Request.QueryString("pass")
specchars = "!£$%^"
If IsValid(user, specchars) And IsValid(pass, specchars) Then
Response.Write("Username and password are fine! Welcome!")
Else
Response.Write("Bad username or password.")
End if
'The reason I've given two arguments here is so that you can have different
'restricted characters for both the username and password...
Function IsValid(phrase, special)
Dim rv, c
For c = 1 to Len(specchars)
rv = (Instr(phrase, Mid(special, c, 1)) = 0)
Next
IsValid = rv
End Function
%>
Just as an aside, here, you're visually displaying your username and password in the query string which is tagged on to the end of your URL (something like www.example.com/default.asp?user=admin&pass=G0d); this isn't a good idea. Try at least using POST in your form instead of GET. If you do this, then you're going to have to look at changing to using Request.Form("controlname") ... and that's just scratching the surface.
Please remember that this is a very basic piece of code and I would not recommend using any structure like this for your security on the internet. You'll need to look into Secure Sockets Layer (SSL) and similar encryption.
Related
I am having an issue with one part of my automation job, and that is selecting ALL the options in a combobox, on a webpage, using VBA and IE.
This code selects ONE item in the combo box
Set frm = HTMLDoc.getElementsByName("UFG.USER_TYPES")(0)
frm.Value = "AUT"
However, when I try to select multiple items, it just selects the last one, not all of them.
Here is the code from the web page
<p id="DispFormCollapsible.Rc10"class="formrow" >
<span id="DispFormCollapsible.Rc10.C1" class="querytextleft">
<label for="UFG.USER_TYPES" id="LabelForContro123"class = "simpletext" >
Accessible Types:<span class="redstar">*</span></label></span>
<span id="DispFormCollapsible.Rc10.C2" class="querytextright">
<span class="labelColumn_combo">
<span class="labelColumn_combi_brdr">
<select name= "UFG.USER_TYPES" multiple= "true" class = "dropdownexpandalbe"
id="UFG.USER_TYPES" title = "Accessible Financial Transaction Types">
<option value="AUT" title="ACTIVE USER TYPE1" >TYPE1</option>
<option value="SET" title="Selective User Type" >TYPE2</option>
<option value="TST" title="Test User Type" >TEST3</option>
</select></span></span>
<input type ="hidden" name= "UFG.USER_TYPES" value="NULL" >
</span></p>
Here is my VBA line to select an item
Set frm = HTMLDoc.getElementsByName("UFG.USER_TYPES")(0)
frm.Value = "AUT"
What I need it to do, is select all the "option values" in the combobox. I think it needs to be an array maybe, or some other way. I've tried searching, but I'm getting nowhere. Any help appreciated. Thx
Tried the following, but get an error 91 Block not set. I've also tried using the Values "AUT" in the children, and when doing that I don't get an error, but it doesn not select anything.
With HTMLDoc.getElementsByName("Select")(0)
.Children(1).Selected = True
.Children(2).Selected = True
.Children(3).Selected = True
End With
Also tried the following, this doesn't give an error, but only selects the first option in the list.
With HTMLDoc.getElementsByName("UFG.USER_TYPES")(0)
.Children(AUT).Selected = True
.Children(SET).Selected = True
.Children(TST).Selected = True
End With
This is strange, when I use this code, it selects the first two in the list, but not the third.
With HTMLDoc.getElementsByName("UFG.USER_TYPES")(0)
.Children(all).Selected = True
End With
With HTMLDoc.getElementsByName("UFG.USER_TYPES")(0)
.Children(0).Selected = True
.Children(1).Selected = True
.Children(2).Selected = True
End With
The above code fixed it... whoopie!
I'm attempting to:
open a specific URL & pass log-in information
grab data from Excel and search specified data
once search is complete, manipulate a data field to correlating Excel data and execute several commands within the application
close IE or loop search for next cell in data
I've attempted using VBA forms and modules.
I found this code online which seemed to have worked once to pass my credentials, but I can't get it to work again.
These Objects all.email & all.password would be found in the source code on the webpage as the ID?
HTMLDoc.all.Email.Value = "email#example.com"
HTMLDoc.all.Password.Value = "ex5566"
Dim HTMLDoc As HTMLDocument
Dim oBrowser As InternetExplorer
Sub Login_2_Website()
Dim oHTML_Element As IHTMLElement
Dim sURL As String
On Error GoTo Err_Clear
sURL = "example.com"
Set oBrowser = New InternetExplorer
oBrowser.Silent = True
oBrowser.timeout = 60
oBrowser.navigate sURL
oBrowser.Visible = True
Do
' Wait till the Browser is loaded
Loop Until oBrowser.readyState = READYSTATE_COMPLETE
Set HTMLDoc = oBrowser.Document
HTMLDoc.all.Email.Value = "email#example.com"
HTMLDoc.all.Password.Value = "ex5566"
For Each oHTML_Element In HTMLDoc.getElementsByTagName("input")
If oHTML_Element.Type = "submit" Then oHTML_Element.Click: Exit For
Next
' oBrowser.Refresh ' Refresh If Needed
Err_Clear:
If Err <> 0 Then
Err.Clear
Resume Next
End If
End Sub
I think you can use the same code, which you use for finding the submit button, to find the e-mail and password elements. If you know which name or id these elements have (by checking the html code of the page), you can use for instance If oHTML_Element.Name = "password" then oHTML_Element.Value = "ex5566"
If the specific elements have an ID, you can also go directly to them by using oHTML_Element = document.getElementById("[id of element]")
oHTML_Element.Value = "password" This can also be done if they don't have an id, but only a name, but then you have to find out if the name is used multiple times.
The web developer can name their inputs, buttons, forms, ids whatever they want. The email could be named Email, or ID, or Username, or XYZ, this is why you must inspect the elements in the website so you can build your code accordingly. Lets take twitter for example.
<input class="js-username-field email-input js-initial-focus" type="text" name="session[username_or_email]" autocomplete="on" value="" placeholder="Phone, email or username">
The tag is an input tag, with a class name of js-username-field email-input js-initial-focus there is no ID on it, therefore you can not use HTMLDoc.getElementByID, you have to use HTMLDoc.getElementsByClassName or you could use HTMLDoc.getElementsByTagName but if there are more than 1 input you have to loop them and correctly detect the one you need.
Its easier than it sounds but you have to have some basic knowledge of HTML. Continuing with twitter, the tag for the password is:
<input class="js-password-field" type="password" name="session[password]" placeholder="Password">
Different class and different name to differentiate between the two. And finally the login/submit button:
<button type="submit" class="submit EdgeButton EdgeButton--primary EdgeButtom--medium">Log in</button>
With these 3 portions of the HTML elements, you can log in the following way:
HTMLDoc.getElementsByClassName("js-username-field email-input js-initial-focus")(0).Value = "email#example.com"
HTMLDoc.getElementsByClassName("js-password-field")(0).Value = "ex5566"
HTMLDoc.getElementsByClassName("submit EdgeButton EdgeButton--primary EdgeButtom--medium")(0).Click
What does the (0) mean? in HTML you can have many tags with the same class name, and they all are on an array when you call getElementsByClassName, since the login site only has 1 tag with those class names, the array position of "0" is the one you are looking for.
Again, the developer can name the class, the id, anything they want, therefore you want to inspect the website to properly code your script.
<%# language = "VBScript"%>
<!DOCTYPE html>
<html>
<body>
<form method="post" action="">
Username:<br> <input type = "text" name = "user"/><br>
Password:<br> <input type = "password" name = "pass"/><br>
<input type = "submit" name = "register_button" value = "Register"/>
<input type = "submit" name = "submit_button" value = "Submit"/>
</form>
<%
set credentials = Server.CreateObject("Scripting.Dictionary")
set Session("credentials") = credentials
if Request.form("register_button") <> "" then
dim user
dim pass
pass = Request.form("pass")
user = Request.form("user")
Session("credentials").Add user, pass
end if
if Request.form("submit_button") <> "" then
dim userd
dim passd
passd = Request.form("pass")
userd = Request.form("user")
if Session("credentials").Exists(userd) = true then
if Session("credentials").Item(userd) = passd then
Response.Write("ACCESS GRANTED")
else
Response.Write("ACCESS DENIED")
end if
else
Response.Write("USERNAME DOES NOT EXIST")
end if
end if
%>
</body>
</html>
So this is a basic login page I created using Classic ASP. When I type in a user and pass, then click Register, it stores the username and password in the Dictionary no problem. But, when I click the submit button (after filling in the registered credentials), somehow the contents of the dictionary get deleted. So, it fails the "if Session("credentials").Exists(userd) = true then" statement. I even tried making "credentials" a normal variable, without using Session. It still won't work, the dictionary's contents just get deleted. How can I overcome this problem? Thanks in advance!
this first
credentials.Add user, pass
set Session("credentials") = credentials
should be after
I have a script that lists all files in a directory, then for each one it will Response.Write the name and how many downloads it has.
I have everything completed, but when I went for a test, the files that have "odd" characters in the name are replace with a ?
I'm guessing, that since some files have foreign languages as there name, and that some have the iPhone emoji icons in the name, that it doesn't recognize it and puts a ? instead, but this is a serious issue since I can't give the correct file name back to the user, then that incorrect name is fed back into the url to download. (Which doesn't work)
Any suggestions?
Edit:
set fs=Server.CreateObject("Scripting.FileSystemObject")
set fo=fs.GetFolder(Server.MapPath("."))
for each file in fo.files
if fs.GetExtensionName(file.Path) = "plist" then
dim tempList, tempName, ...
tempList = split(file.Name, ".")
'Manipulate name and data ...
Response.write(name)
end if
next
The file names themselves have odd characters, and file.Name returns a ? instead of what is actually there.
18アイコン is one example.
Here's some code which works fine for me:
<%# Language="VBScript" CodePage="65001" %><%
Option Explicit
Response.CodePage = 65001
Response.CharSet = "utf-8"
Dim fs, fo, file
Set fs = Server.CreateObject("Scripting.FileSystemObject")
Set fo = fs.GetFolder(Server.MapPath("."))
For Each file In fo.files
If fs.GetExtensionName(file.Path) = "plist" Then
' Do whatever here...
Response.Write file.Name & "<br>"
End If
Next
%>
If you are using any variables that you didn't dimension beforehand, you'll need to remove the Option Explicit; otherwise, VBScript will complain that you didn't dimension them.
Edit: I copy & pasted the wrong code; this code works.
I need a way to find the difference between two strings in a Windows application using VBScript. One of the strings is known but the second one is completely unknown during coding. I know there are functions like StrCompare, InStr etc. but these require you to know the second string also during coding.
Explanation:
There is a text box in the screen and there are several buttons in the same screen. As and when the buttons are clicked, the text in the text box changes depending on the button clicked. Is there a way to find the changes made to the text after the button is clicked ? Basically I need to get the text entered due to the button click. Is there a simple way to do this or it requires complex coding ?
Thanks in Advance.
It depends on your application and the format of the new string.
If you need to find the text appended to the original string, you could take the new text and simply replace the first occurrence of the original string with an empty string:
Dim strOld, strNew, strDiff
strOld = "Apple"
strNew = "Apple, Orange"
strDiff = Replace(strNew, strOld, "", 1, 1)
WScript.Echo strDiff
Sample output:
, Orange
Or if you need to get the appended text without the preceding comma, you could use something like this:
strDiff = Replace(strNew, strOld + ", ", "", 1, 1)
To access (read/write) the content of a HTML text input you need to get the HTML element (document.all.<Name/Id> or document.getElementById(<Name/Id>) and its .value; as in this demo:
<html>
<head>
<Title>readtext</Title>
<hta:application id="readtext" scroll = "no">
<script type="text/vbscript">
Function Change()
document.all.txtDemo.value = "Changed Value"
End Function
Function Check()
Dim txtDemo : Set txtDemo = document.getElementById("txtDemo")
Dim sDemo : sDemo = txtDemo.value
Select Case LCase(Trim(sDemo))
Case "initial value"
MsgBox "still: " & sDemo
Case "changed value"
MsgBox "now: " & sDemo
Case Else
MsgBox "surpise: " & sDemo
End Select
End Function
</script>
</head>
<body>
<input type="text" id="txtDemo" value="Initial Value" />
<hr />
<input type="button" value="Change" onclick="Change" />
<input type="button" value="Check" onclick="Check" />
</body>
</html>