Author |
Topic Search Topic Options
|
BritBOT
Newbie
Joined: 05 October 2021
Location: TRNC
Status: Offline
Points: 19
|
Post Options
Thanks(0)
Quote Reply
Topic: Mysql ODBC 5.3 error Posted: 19 October 2021 at 7:41am |
Thanks for your help.
Edited by BritBOT - 19 October 2021 at 8:20am
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Poole
Status: Offline
Points: 9742
|
Post Options
Thanks(0)
Quote Reply
Posted: 12 October 2021 at 11:16am |
You would parse the XML to get the CookieName, CookieKey, and CookieData.
This would be used to set a cookie in the users web browser which can then be read by the forum to login the user.
You can then re-create the same cookie as the forum would create when someone logs in to the forum.
The CookieName would be the name of the cookie you create, the CookieKey will be the cookie key usually UID, and the Cookie Data is the data you set for the cookie.
If the cookie is set on the same domain as the forum then you don't need to worry about browser security as the forum will be able to read the cookie and use this to login the user.
|
|
 |
BritBOT
Newbie
Joined: 05 October 2021
Location: TRNC
Status: Offline
Points: 19
|
Post Options
Thanks(0)
Quote Reply
Posted: 12 October 2021 at 8:51am |
Thanks, appreciate the advice but with all my sites using MySql, not going to change for this.
However, I am using the XML HTTP API and successfully parsing the response which gives the cookie. My question is what do I do with that? I can't see any documentation on how to use that to login. Presumably the cookie code needs to be redirected somewhere. Please advise.
Would it be possible for you to give me a code example please?
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Poole
Status: Offline
Points: 9742
|
Post Options
Thanks(0)
Quote Reply
Posted: 11 October 2021 at 6:56pm |
The existing member API is the easiest to use, but as ASP sessions only work within the same website/application pool you would need to find a way to have your website and forum run in the same website/application pool for it to work.
I highly recommend that you use SQL Server for the backend database which also supports 64-bit application pools. MySQL does not work very well as the backend database and we only maintain support for mySQL due to legacy reasons.
Regarding the XML HTTP API. This is intended to be used in backend server side code and should never be exposed client side.
If you are going to use the XML HTTP API you would need to write your own server side code that sends an XML request to the forums API, which then responds with an XML response that you would parse in your server side code.
Edited by WebWiz-Bruce - 12 October 2021 at 7:02am
|
|
 |
BritBOT
Newbie
Joined: 05 October 2021
Location: TRNC
Status: Offline
Points: 19
|
Post Options
Thanks(0)
Quote Reply
Posted: 11 October 2021 at 12:03pm |
Yes, and because I have had to use ODBC 5.3 32 bit for your code, there has to be a different application as we established earlier.
However, the httpAPI seems to require the admin name and password to be sent to it which exposes them, even if in hidden fields. Not good IMHO.
Even if I store them in a session variable, they would still be exposed. Is there a way of automatically logging in without that?
Your demo does return a cookie, but I'm afraid I haven't seen anywhere yet that says how that might be used to login.
Apologies if this is repeated, I thought I had posted this before your forum went down.
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Poole
Status: Offline
Points: 9742
|
Post Options
Thanks(0)
Quote Reply
Posted: 11 October 2021 at 9:07am |
4. The Existing Membership API uses ASP Session which require both the website where the session variable are set and Web Wiz Forums are both in the same application pool.
If you are using different websites and/or application pools there is also the XML HTTP API that can work across websites, domains, and applications pools.
|
|
 |
BritBOT
Newbie
Joined: 05 October 2021
Location: TRNC
Status: Offline
Points: 19
|
Post Options
Thanks(0)
Quote Reply
Posted: 07 October 2021 at 3:46pm |
Thanks for you help - much appreciated.
1. Solved 2. Tried a very long unique password and still showing insecure. Looking at the code, I couldn't find anywhere that turned off the class="errorTable" in admn_menu.asp 3. Found the activation now thanks. I had also found member_approve in tblsetupoptions and set that to true, but only after adding a primary key to the table so it was not read only. Actually will probably upload our current member list and then add them when they join the Society so they will be setup immediately.
Next, unfortunately 4. Tried many times to use the Existing Membership API, but even using the same tab to go from my login response to the forum which are both in the same domain, the session Id's are different, so it's not picking up the 3 session variables. Could this be because it is a different application pool?
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Poole
Status: Offline
Points: 9742
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 October 2021 at 2:56pm |
3. Yes you can enable vetting from the email section in the admin area. Once enabled the admins will need to vet new users to activate their accounts.
You can also use the forum permissions system so new users only have access to certain forums, read-only access to some forums but not others, or forums that are hidden to all but selected groups.
|
|
 |