Hello,
Can someone help me with this problem? To summarise this script works in so much as is it scrambles the query string (preventing people from guessing it) however the SQL statement in the project.asp page seems to be using the jumbled value instead of decoding it first then using the original value of project_id.
(The original tutorial can be found here:
http://www.tutorialized.com/tutorial...ng-Values/2190)
Here is the code:
Detail.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="Connections/01.asp" -->
<%
Randomize timer
' Randomizing the timer function
rndNum = abs(int((rnd() * 3001)))
' To generate a prime based, non-negative random number..
rndNum = rndNum + 53
Session("rndNum") = rndNum
'We place the random number value in a session variable so that we can use it again in the next page
%>
<%
Dim rs_project__MMColParam
rs_project__MMColParam = "1"
If (Session("mm_username") <> "") Then
rs_project__MMColParam = Session("mm_username")
End If
%>
<%
Dim rs_project
Dim rs_project_numRows
Set rs_project = Server.CreateObject("ADODB.Recordset")
rs_project.ActiveConnection = MM_01_STRING
rs_project.Source = "SELECT DISTINCT tblproject .* FROM tblcompany,tbluser, tblproject, tblfiles WHERE tblcompany.user_id =tbluser.user_id and tbluser.user_name = '" + Replace(rs_project__MMColParam, "'", "''") + "' and tblcompany.customer_id = tblproject.customer_id and tblproject.project_id = tblfiles.project_id"
rs_project.CursorType = 0
rs_project.CursorLocation = 2
rs_project.LockType = 1
rs_project.Open()
rs_project_numRows = 0
%>
<%
Dim Repeat1__numRows
Dim Repeat1__index
Repeat1__numRows = -1
Repeat1__index = 0
rs_project_numRows = rs_project_numRows + Repeat1__numRows
%>
<%
Dim MM_paramName
%>
<%
' *** Go To Record and Move To Record: create strings for maintaining URL and Form parameters
Dim MM_keepNone
Dim MM_keepURL
Dim MM_keepForm
Dim MM_keepBoth
Dim MM_removeList
Dim MM_item
Dim MM_nextItem
' create the list of parameters which should not be maintained
MM_removeList = "&index="
If (MM_paramName <> "") Then
MM_removeList = MM_removeList & "&" & MM_paramName & "="
End If
MM_keepURL=""
MM_keepForm=""
MM_keepBoth=""
MM_keepNone=""
' add the URL parameters to the MM_keepURL string
For Each MM_item In Request.QueryString
MM_nextItem = "&" & MM_item & "="
If (InStr(1,MM_removeList,MM_nextItem,1) = 0) Then
MM_keepURL = MM_keepURL & MM_nextItem & Server.URLencode(Request.QueryString(MM_item))
End If
Next
' add the Form variables to the MM_keepForm string
For Each MM_item In Request.Form
MM_nextItem = "&" & MM_item & "="
If (InStr(1,MM_removeList,MM_nextItem,1) = 0) Then
MM_keepForm = MM_keepForm & MM_nextItem & Server.URLencode(Request.Form(MM_item))
End If
Next
' create the Form + URL string and remove the intial '&' from each of the strings
MM_keepBoth = MM_keepURL & MM_keepForm
If (MM_keepBoth <> "") Then
MM_keepBoth = Right(MM_keepBoth, Len(MM_keepBoth) - 1)
End If
If (MM_keepURL <> "") Then
MM_keepURL = Right(MM_keepURL, Len(MM_keepURL) - 1)
End If
If (MM_keepForm <> "") Then
MM_keepForm = Right(MM_keepForm, Len(MM_keepForm) - 1)
End If
' a utility function used for adding additional parameters to these strings
Function MM_joinChar(firstItem)
If (firstItem <> "") Then
MM_joinChar = "&"
Else
MM_joinChar = ""
End If
End Function
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<p> </p>
<p>Click on the link to open Project directory</p>
<%
While ((Repeat1__numRows <> 0) AND (NOT rs_project.EOF))
%>
<p><%=(rs_project.Fields.Item("project_name").Value)%> - <%=(rs_project.Fields.Item("project_description").Value)%> </p>
<br>
<A HREF="project.asp?<%= Server.HTMLEncode(MM_keepURL) & MM_joinChar(MM_keepURL) & "project_id=" & rs_project.Fields.Item("project_id").Value*rndNum %>">Detail</A>
<br>
<%
Repeat1__index=Repeat1__index+1
Repeat1__numRows=Repeat1__numRows-1
rs_project.MoveNext()
Wend
%>
<p> </p>
<p> </p>
</body>
</html>
<%
rs_project.Close()
Set rs_project = Nothing
%>
Project.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="Connections/01.asp" -->
<%
Dim project_id
project_id = (request.querystring("project_id") / Session("rndNum"))
' We are dividing the record ID query string value with the same formula to un-scramble and pass the actual record ID to the SQL statement
'Session.abandon
' Releasing Session value for the next record
%>
<%= Session("rndNum") %>
<%
Dim rs__MMColParam
rs__MMColParam = 0
If (Request("project_id") <> "") Then
rs__MMColParam = project_id
End If
%>
<%
Dim rs_files
Dim rs_files_numRows
Set rs_files = Server.CreateObject("ADODB.Recordset")
rs_files.ActiveConnection = MM_01_STRING
rs_files.Source = "SELECT * FROM tblfiles WHERE project_id = '" + Replace(rs_files__MMColParam, "'", "''") + "'"
rs_files.CursorType = 0
rs_files.CursorLocation = 2
rs_files.LockType = 1
rs_files.Open()
rs_files_numRows = 0
%>
<%
Dim Repeat1__numRows
Dim Repeat1__index
Repeat1__numRows = -1
Repeat1__index = 0
rs_files_numRows = rs_files_numRows + Repeat1__numRows
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<p> </p>
<h3>A List of Downloadable Files: </h3>
<p><br>
<%
While ((Repeat1__numRows <> 0) AND (NOT rs_files.EOF))
%>
<%=(rs_files.Fields.Item("file_name").Value)%><br>
<br>
<%
Repeat1__index=Repeat1__index+1
Repeat1__numRows=Repeat1__numRows-1
rs_files.MoveNext()
Wend
%>
<br>
<% Response.Write ( request.querystring("project_id") / Session("rndNum") ) %>
<br>
<% Response.Write (Session("rndNum") ) %>
<br>
<% Response.Write ( request.querystring("project_id")) %>
</p>
</body>
</html>
<%
rs_files.Close()
Set rs_files = Nothing
%>
Before you post, read our: 
