Search Results

Search found 4913 results on 197 pages for '303 redirect'.

Page 176/197 | < Previous Page | 172 173 174 175 176 177 178 179 180 181 182 183  | Next Page >

• How to form submit and show a different page in ASP.Net MVC?

  - by melaos

  hi guys i'm new to asp.net mvc.. so basically i just build up a two page app which takes the registration information of the user and post it to the database. i use a lot of jquery and ajax calls to retrieve data from the database using linq to sql stored proc object. and currently i'm stuck at one page where after the user submits the form it should redirect him to /Home/AddProduct. What i found was the error: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. what used on my form are basically a combination of html controls, asp.net controls and some asp.net mvc type controls. i submit the form using action="/Home/ProductAdded" and after doing some googling i found i was supposed to add in the machine key but after doing so, the index page becomes unviewable. because it couldn't find the index file now. removing the action helps, but now it just doesn't go anywhere. so what am i missing here? i feel i'm missing a lot of fundamentals understanding about asp.net mvc and i don't even know how to submit a form and go to a different page here!!

  Read the article

• Where does Tomcat append / to directory paths?

  - by Anonymouse

  Suppose my Tomcat webapps directory looks like this: webapps/ webapps/fooapp/ webapps/fooapp/WEB-INF/ webapps/fooapp/WEB-INF/web.xml webapps/fooapp/bardir/ When I make a GET request for /fooapp/bardir, Tomcat sees that webapps/fooapp/bardir is a directory and sends back a 302 to /fooapp/bardir/ (with a slash at the end). Here is my question: Where in the Tomcat source code does this take place? (I'm looking at 6.0.x but a correct answer for any version would be a great starting point.) The only reference material I can find on this subject is in the Catalina Functional Specifications which states, regarding the Default Servlet: On each HTTP GET request processed by this servlet, the following processing shall be performed: [...] If the requested resource is a directory: If the request path does not end with "/", redirect to a corresponding path with "/" appended so that relative references in welcome files are resolved correctly. However, this functionality does not appear to be in org.apache.catalina.servlets.DefaultServlet; or at least, it's not there exclusively: if I replace the default servlet in web.xml with a servlet whose servlet-class does not exist, directory paths still come back 302 to add the slash, while every other request comes back with an error as expected.

  Read the article

• Putting CAPTCHAs on their own page?

  - by mnemosyn

  We need to put a captcha image on our ASP.NET MVC 2 based website. We chose reCaptcha and built it in using the way described by Derik Whittaker. The idea there is baiscally to build some abstractions and all you need to do is decorate your Controller with a [ValidateCaptcha] attribute. This works all fine. However, we have a lot of form-widgets in different pages and I don't want to have the captcha floating around everywhere. So I'd like to implement it the way StackOverflow does: Submit a Form -> Challenge Captcha -> Submit Captcha -> Perform Action on original form data. Now, how do I redirect the user to the captcha page while keeping the originally submitted information? I thought of some very ugly hacks (hidden fields w/ base64 encoded form data, etc.) but I think I'm missing something obvious. On the other hand, this sounds as if I wanted to do something in a stateful manner, and I shouldn't?

  Read the article

• What can be a cookie? How to set with OUTPUT? RETURNVALUE?

  - by Ronnie Chester Lynwood

  hello. i think i got some problems with setting a cookie data. for this code: Set cmdDB = Server.CreateObject("ADODB.Command") With cmdDB .ActiveConnection = ADOConM .CommandText = "usp_jaljava_member_select" .CommandType = adCmdStoredProc .Parameters.Append .CreateParameter("RETURN_VALUE", adInteger, adParamReturnValue, 0) .Parameters.Append .CreateParameter("@TLoginName", adVarChar, adParamInput, 15,lcase(TLoginName)) .Parameters.Append .CreateParameter("@TPassword", adVarChar, adParamInput, 20,TPassword) .Parameters.Append .CreateParameter("@retval", adVarChar, adParamOutput, 50) ' .Parameters.Append .CreateParameter("@TPinCode", adVarChar, adParamInput, 15,TPinCode) .Execute,,adExecuteNoRecords RetVal = .Parameters("@retval") Ret = Trim(.Parameters("RETURN_VALUE")) 'Set .ActiveConnection = Nothing End With Set cmdDB = Nothing UTid = RetVal if Ret = 100 then deleteInvalidLogin(TLoginName) SetDomainCookie "UTid",UTid SetDomainCookie "Uid", TLoginName if redirect_domain <> "" then Response.Write "<form name=frm action=" & urlserver & " method=post><input type=hidden name=loginname value='" & TLoginName & "'><input type=hidden name=id value=""" & Request.Cookies("UTID") & """></form><script>frm.submit();</script>" Response.End else%> <% Response.Redirect ("kologin.asp?id=OK") Response.End end if RETURN_VALUE is returns as 100. But I don't know.. UTID! What is UTID have to be? If I set UTID same as UID will it work? thanks..

  Read the article

• CakePHP: email validate action doesn't work when clicking on the email link

  - by bakerjr

  Hi, We've created the email validation part of our site. We built the site using CakePHP BTW. The problem is that it doesn't work when we click on the link in the email. The email is sent as plain text. A weird thing is that when we paste the link on the address bar, it works. Also when clicking on the link using Gmail and desktop email clients, it works as well. Other email providers doesn't work. EDIT: Additional info: Example link for the validation: http://localhost/users/validate/validatecodeblah12c023 When it's working it should login the user and redirect to the user dashboard. It goes to the front page when it's not working (see description above). Additional info 2: I did compare the results using Live HTTP headers and I found out that the only time it doesn't push through (goes to the login page for some reason) is when there's a 'Referrer: h ttp://mail.yahooblahblah...' Gmail for some reason doesn't have a 'Referer' line in it's headers.

  Read the article

• Redirection fails in IE but is fine with Firefox

  - by Bob

  I use an <Authorize> attribute in ASP.NET MVC to secure a controller. My page loads portions of its content via AJAX. Here's a problem I have with IE8, but not Firefox 3.6: Sign in as user JohnDoe and navigate to http://www.example.com/AjaxPage. Everything works fine. AjaxPage is protected with the <Authorize> attribute. Sign out, which redirects me to http://www.example.com. That page doesn't use <Authorize>. Navigate to http://www.example.com/AjaxPage without signing in again. I should be redirected to the Sign In page since that controller has the <Authorize> attribute. Step 3 works with Firefox, but IE8 displays the non-Ajax portion of http://www.example.com/AjaxPage and then never loads the Ajax content. I'm surprised any content is displayed at all since I should be redirected to the Sign In page. My code redirects to the login page with: Return Redirect("https://login.live.com/wlogin.srf?appid=MY-APP-ID&alg=wsignin1.0") Why does Firefox handle this redirection, but IE doesn't? Since it works the first time (Step 1 above), is there a cache issue? EDIT: I used Fiddler to see if AjaxPage was being cached, but it appears not to be. I assume if it were cached, I'd get an HTTP Status Code 200 back. I may simply misunderstand this though.

  Read the article

• Redirection fails in IE but is fine with Firefox

  - by Bob

  I use an <Authorize> attribute in ASP.NET MVC to secure a controller. My page loads portions of its content via AJAX. Here's a problem I have with IE8, but not Firefox 3.6: Sign in as user JohnDoe and navigate to http://www.example.com/AjaxPage. Everything works fine. AjaxPage is protected with the <Authorize> attribute. Sign out, which redirects me to http://www.example.com. That page doesn't use <Authorize>. Navigate to http://www.example.com/AjaxPage without signing in again. I should be redirected to the Sign In page since that controller has the <Authorize> attribute. Step 3 works with Firefox, but IE8 displays the non-Ajax portion of http://www.example.com/AjaxPage and then never loads the Ajax content. I'm surprised any content is displayed at all since I should be redirected to the Sign In page. My code redirects to the login page with: Return Redirect("https://login.live.com/wlogin.srf?appid=MY-APP-ID&alg=wsignin1.0") Why does Firefox handle this redirection, but IE doesn't? Since it works the first time (Step 1 above), is there a cache issue?

  Read the article

• SecurityNegotiationException in WCF Service Hosted on IIS

  - by Ram

  Hi, I have hosted a WCF service on IIS. The configuration file is as follows <?xml version="1.0"?> <!-- Note: As an alternative to hand editing this file you can use the web admin tool to configure settings for your application. Use the Website->Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in \Windows\Microsoft.Net\Framework\v2.x\Config --> <configuration> <configSections> <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" /> <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> </sectionGroup> </sectionGroup> </sectionGroup> </configSections> <appSettings/> <connectionStrings/> <system.web> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation debug="false"> <assemblies> <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </assemblies> </compilation> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Windows" /> <!-- The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="NoAccess.htm" /> <error statusCode="404" redirect="FileNotFound.htm" /> </customErrors> --> <pages> <controls> <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </controls> </pages> <httpHandlers> <remove verb="*" path="*.asmx"/> <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> </httpHandlers> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </httpModules> </system.web> <system.codedom> <compilers> <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <providerOption name="CompilerVersion" value="v3.5"/> <providerOption name="WarnAsError" value="false"/> </compiler> </compilers> </system.codedom> <system.web.extensions> <scripting> <webServices> <!-- Uncomment this section to enable the authentication service. Include requireSSL="true" if appropriate. <authenticationService enabled="true" requireSSL = "true|false"/> --> <!-- Uncomment these lines to enable the profile service, and to choose the profile properties that can be retrieved and modified in ASP.NET AJAX applications. <profileService enabled="true" readAccessProperties="propertyname1,propertyname2" writeAccessProperties="propertyname1,propertyname2" /> --> <!-- Uncomment this section to enable the role service. <roleService enabled="true"/> --> </webServices> <!-- <scriptResourceHandler enableCompression="true" enableCaching="true" /> --> </scripting> </system.web.extensions> <!-- The system.webServer section is required for running ASP.NET AJAX under Internet Information Services 7.0. It is not necessary for previous version of IIS. --> <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules> <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated"/> <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </handlers> </system.webServer> <system.serviceModel> <services> <service name="IISTest2.Service1" behaviorConfiguration="IISTest2.Service1Behavior"> <!-- Service Endpoints --> <endpoint address="" binding="wsHttpBinding" contract="IISTest2.IService1"> <!-- Upon deployment, the following identity element should be removed or replaced to reflect the identity under which the deployed service runs. If removed, WCF will infer an appropriate identity automatically. --> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="IISTest2.Service1Behavior"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> </configuration> The client configuration file is as follows <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_IService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Message"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="http://yyy.zzz.xxx.net/IISTest2/Service1.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1" contract="ServTest.IService1" name="WSHttpBinding_IService1"> <identity> <dns value="localhost" /> </identity> </endpoint> </client> </system.serviceModel> </configuration> When I tried to access the service from client application, I got SecurityNegotiationException and details are Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. If I host the service on ASP .NET Dev server, it work well but if I host on IIS above mentioned error occurs. Thanks, Ram

  Read the article

• Form Based Authentication problem?

  - by programmerist

  i have 2 pages : Login.aspx and Satis.aspx. i redirected from Login.aspx to Satis.aspx if authentication is correct . if i signout from satis i redirected to Login.aspx. But if i write satis.aspx' url on web scanner i entered satis.aspx. But i am not sign in Satis.aspx. i should't enter Satis.aspx directly. my web config: <authentication mode="Forms"> <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" path="/" protection="All"> <credentials> <user name="a" password="a"></user> </credentials> </forms> </authentication> <authorization> <allow users="*"/> </authorization> </system.web> <location path="~/ContentPages/Satis/Satis.aspx"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> Login.aspx.cs: protected void lnkSubmit_Click(object sender, EventArgs e) { if(FormsAuthentication.Authenticate(UserEmail.Value,UserPass.Value)) { FormsAuthentication.RedirectFromLoginPage (UserEmail.Value, PersistForms.Checked); } else Msg.Text = "Invalid Credentials: Please try again"; } Satis.aspx protected void LogoutSystem_Click(object sender, EventArgs e) { FormsAuthentication.SignOut(); Response.Redirect("~/Login/Login.aspx"); }

  Read the article

• How test that ASP.NET MVC route redirects to other site?

  - by Matt Lacey

  Due to a prinitng error in some promotional material I have a site that is receiving a lot of requests which should be for one site arriving at another. i.e. The valid sites are http://site1.com/abc & http://site2.com/def but people are being told to go to http://site1.com/def. I have control over site1 but not site2. site1 contains logic for checking that the first part of the route is valid in an actionfilter, like this: public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); if ((!filterContext.ActionParameters.ContainsKey("id")) || (!manager.WhiteLabelExists(filterContext.ActionParameters["id"].ToString()))) { if (filterContext.ActionParameters["id"].ToString().ToLowerInvariant().Equals("def")) { filterContext.HttpContext.Response.Redirect("http://site2.com/def", true); } filterContext.Result = new ViewResult { ViewName = "NoWhiteLabel" }; filterContext.HttpContext.Response.Clear(); } } I'm not sure how to test the redirection to the other site though. I already have tests for redirecting to "NoWhiteLabel" using the MvcContrib Test Helpers, but these aren't able to handle (as far as I can see) this situation. How do I test the redirection to antoher site?

  Read the article

• window.location.href not working in Safari when using onkeypress

  - by insanepaul

  I'm using an asp textbox and a search button. In Safari if I click the search button i get redirected to the search results page using javascript window.location.href. But strangely the same javascript will not redirect to the page if I press return in the textbox. Using the alert function I can see that window.location.href has the the correct url and the location bar at the top changes from the search page(default.aspx) to the search results url however when I click OK to the alert box the url at the top reverts back to the default.aspx page. It works on ie7/8/firefox/chrome but not safari. Here is my javascript,cs and aspx code: function submitSearchOnEnter(e) { var CodeForEnter = 13; var codeEnteredByUser; if (!e) var e = window.event; if (e.keyCode) codeEnteredByUser = e.keyCode; else if (e.which) codeEnteredByUser = e.which; if (codeEnteredByUser == CodeForEnter) RedirectToSearchPage(); } function RedirectToSearchPage() { var searchText = $get('<%=txtHeaderSearch.ClientID%>').value if (searchText.length) { window.location.href = "Search.aspx?searchString=" + searchText; } } protected void Page_Load(object sender, EventArgs e) { txtHeaderSearch.Attributes.Add("onkeypress", "submitSearchOnEnter(event)"); } <asp:Panel ID="pnlSearch" runat="server" DefaultButton="lnkSearch"> <asp:TextBox ID="txtHeaderSearch" runat="server" CssClass="searchBox"></asp:TextBox> <asp:LinkButton ID="lnkSearch" OnClientClick="RedirectToSearchPage(); return false;" CausesValidation="false" runat="server" CssClass="searchButton"> SEARCH </asp:LinkButton> </asp:Panel> I've tried return false; which doesn't allow me to enter any characters in the search box. I've spent ages online trying to find a solution. Maybe it has something to do with setTimeout or setTimeInterval but it didn't work unless i did it wrong.

  Read the article

• Does mod_php honor HEAD requests properly?

  - by rkulla

  The HTTP/1.1 RFC stipulates "The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response." I know Apache honors the RFC but modules don't have to. My question is, does mod_php5 honor this? The reason I ask is because I just came across an article saying that PHP developers should check this themselves with: if (stripos($_SERVER['REQUEST_METHOD'], 'HEAD') !== FALSE) { exit(); } but seeing as how browsers send HEAD requests for cache checking it seems unlikely to me that no book, docs, etc., advise PHP developers to do this check. I googled a second and not much turned up, other than some people saying they try to strange things like mod_rewrite/redirect after getting HEAD requests and some old bug ticket from like 2002 claiming that mod_php still executed the rest of the script by default. So I just ran a quick test by using PECL::HTTP to run http_head('http://mysite.com/test-head-request.php'); while having: <?php error_log('REST OF SCRIPT STILL RAN'); ?> in test-head-request.php to see if the rest of the script still executed, and it didn't. I figure that should be enough to settle it, but want to get more feedback and maybe help clear up confusion for anyone else who has wondered about this. So if anyone knows off the top of their head (no pun intended) - or have any conventions they use for receiving HEAD requests, that'd be great. Otherwise, I'll grep the C source later and respond in a comment with my findings. Thanks.

  Read the article

• Simple imeplementation of admin/staff panel?

  - by Michael Mao

  Hi all: A new project requires a simple panel(page) for admin and staff members that : Preferably will not use SSL or any digital ceritification stuff, a simple login from via http will just be fine. has basic authentication which allows only admin to login as admin, and any staff member as of the group "staff". Ideally, the "credentials(username-hashedpassword pair)" will be stored in MySQL. is simple to configure if there is a package, or the strategy is simple to code. somewhere (PHP session?) somehow (include a script at the beginning of each page to check user group before doing anything?), it will detect any invalid user attempt to access protected page and redirect him/her to the login form. while still keeps high quality in security, something I worry about the most. Frankly I am having little knowledge about Internet security, and how modern CMS such as WordPress/Joomla do with their implementation in this. I only have one thing in my mind that I need to use a salt to hash the password (SHA1?) to make sure any hacker gets the username and password pair across the net cannot use that to log into the system. And that is what the client wants to make sure. But I really not sure where to start, any ideas? Thanks a lot in advance.

  Read the article

• how to know which response data is associated with its requested url (using RollingCurl.php) ?

  - by Ken

  I am writing a web application that grabs the http response headers from multiple sites (with RollingCurl.php) then stores it in an array and at the end outputs it in json format. Since some sites do redirects to new locations, $info (array) in “request_callback” function always has an url ($info[‘url’]) where the requested url was redirect.to, and it’s quite expected. But how to put a requested url in $info ($info[‘requested_url’]) and to know which $info (response data) is associated with its requested url? $urls = array( ‘http://google.com’, ‘http://microsoft.com’ // more urls here ); $json = array(); if ( $urls ) { $rc = new RollingCurl("request_callback"); $rc->window_size = 20; foreach ($urls as $url) { $request = new Request($url); $rc->add($request); } $rc->execute(); echo json_encode($json); } function request_callback($response, $info) { global $json; $json['status'][] = $info; } from RollingCurl.php: // send the return values to the callback function. $callback = $this->callback; if (is_callable($callback)){ $info[‘requested_url’] = ??? // How to put requested url here??? call_user_func($callback, $output, $info); }

  Read the article

• Load image dynamically on Silverlight

  - by FelixMM

  I have a Silverlight app that has to load an image dynamically, depending on the image name. The approach that im taking right now is passing the image name by query string to the page and passing that as a param to the Silverlight objet tag This is the query string passed Response.Redirect("Build.aspx?img=" + this.PictureUploader.PostedFile.FileName; And I try to pass it to Silverlight like this: <object id="SilverlightObject" data="data:application/x-silverlight-2," type="application/x-silverlight-2" width="100%" height="100%"> <param name="source" value="Silverlight/iMapsSL.xap"/> <param name="onError" value="onSilverlightError" /> <param name="background" value="white" /> <param name="minRuntimeVersion" value="3.0.40624.0" /> <param name="autoUpgrade" value="true" /> <param name="image" value="<%# Request.QueryString["img"] %>" /> <a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration:none"> <img src="http://go.microsoft.com/fwlink/?LinkId=108181" alt="Get Microsoft Silverlight" style="border-style:none"/> </a> </object><iframe id="_sl_historyFrame" style="visibility:hidden;height:0px;width:0px;border:0px"></iframe> in the last param tag with name=image value= Requerst.QueryString I catch the image inside the Silverlight app like this private void Application_Startup(object sender, StartupEventArgs e) { string pictureName = ""; if (e.InitParams != null && e.InitParams.Count > 0) { pictureName = e.InitParams["image"]; this.RootVisual = new MainPage(pictureName); } else { this.RootVisual = new MainPage(); } } And when MainPage starts, I set the image source of the Image control like this this.Image.Source = new BitmapImage(new Uri(pictureName, UriKind.RelativeOrAbsolute)); But Silverlight loads without an image, any help someone?

  Read the article

• What is causing Apache2 to display PHP as plain text in this config file?

  - by rxgx

  I am trying to run PHP and Rails in the same virtual host, however, PHP is being displayed as plain/text. When I create a test host without all the rewrites and proxy-ing, Apache2 will process the PHP as desired. Where in my config file have I gone wrong? <VirtualHost *:80> #ServerName staging.domain.com #ServerAlias www.domain.com DocumentRoot /home/demo/vhosts/domain/public <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/demo/vhosts/domain/public> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> RewriteEngine On <Proxy balancer://thinservers> BalancerMember http://127.0.0.1:5000 BalancerMember http://127.0.0.1:5001 BalancerMember http://127.0.0.1:5002 </Proxy> # Redirect all non-static requests to thin RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L] ProxyPass / balancer://thinservers/ ProxyPassReverse / balancer://thinservers/ ProxyPreserveHost on <Proxy *> Order deny,allow Allow from all </Proxy> # Custom log file locations ErrorLog /home/demo/vhosts/domain/log/error.log CustomLog /home/demo/vhosts/domain/log/access.log combined </VirtualHost>

  Read the article

• PHP mySQL Error

  - by happyCoding25

  Hello, Im new to php so I decided to follow this tutorial for a simple login screen. I got the code setup but when I try login I get this error: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in (a long file path to the script) on line 27 The code I got from the tutorial is: <?php ob_start(); $host="thehost"; // Host name $username="myusername"; // Mysql username $password="mypass"; // Mysql password $db_name="test"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> (Note: All of the mySQL database info is filled in on my version) Aslo, the author gives a php5 version and a normal php version. I have tried both and gotten the same error. If anyone knows why this is happening help is really appreciated.

  Read the article

• How to Persist URL parameters when CakePHP form validation fails

  - by am2605

  Hi, I'm new to cakephp and trying to write a simple app with it, however I'm stuck with some form validation issues. I have a model named "Person" which hasMany "PersonSkill" objects. To add a "PersonSkill" to a person, I have set it up to call a url like this: http://localhost/myapp/person_skills/add/person_id:3 I have been passing through the person_id because I want to display the name of the person we are adding the skills for. My issue is if the validation fails, the person_id parameter is not persisted to the next request, so the person's name is not displayed. The add method on the controller looks like this: function add() { if (!empty($this->data)) { if ($this->PersonSkill->save($this->data)) { $this->Session->setFlash('Your person has been saved.'); $this->redirect(array('action' => 'view', 'id' => $this->PersonSkill->id)); } } else { $this->Person->id = $this->params['named']['person_id']; $this->set('person', $this->Person->read()); } } In my person_skill add.ctp I set a hidden field which holds the person_id, eg: echo $form->input('person_id', array('type'=>'hidden','value'=>$person['Person']['id'])); Is there a way to persist the person_id url parameter when form validation fails, or is there a better way to do this that I'm missing completely? Any advice would be greatly appreciated.

  Read the article

• Manually start session with specific id / transitioning session cookie between domains

  - by deceze

  My host requires me to use a different domain for SSL secured access (shared SSL), so I need to transition the user session between two domains. One part of the page lives at http://example.com, while the SSL'd part is at https://example.hosting.com. As such I can't set a domain-spanning cookie. What I'm trying to do is to transition the session id over and re-set the cookie like this: http://example.com/normal/page, user clicks link to secure area and goes to: http://example.com/secure/page, which causes a redirect to: https://example.hosting.com/secure/page?sess=ikub..., which resurrects the session and sets a new cookie valid for the domain, then redirects to: https://example.hosting.com/secure/page This works up to the point where the session should be resurrected. I'm doing: function beforeFilter() { ... $this->Session->id($_GET['sess']); $this->Session->activate(); ... } As far as I can tell this should start the session with the given ID. It actually generates a new session ID though and this session is empty, the data is not restored. This is on CakePHP 1.2.4. Do I need to do something else, or is there a better way to do what I'm trying to do?

  Read the article

• asp.net mvc and portal like functionality

  - by richard-heesbeen

  fHi, I need to build an site with some portal like functionality where an param in the request will indentify the portal. like so http:/domain/controller/action/portal Now my problem is if an portal doesn't exists there must be an redirect to an other site/page and an user can login in to one portal but if the user comes to an other portal the user must be redirected back to the login page for that portal. I have something working now, but i feel like there must be an central place in the pipeline to handle this. My current solution uses an custom action filter which checks the portal param and sees if the portal exists and checks if the user logged on in that portal (the portal the user logged on for is in the authentication cookie). I make my own IIndentiy and IPrincipal in the application_postauthentication event. I have 2 problems with my current approach: 1: It's not really enforced, i have to add the attributes to all controllers and/or actions. 2: The isauthenticated on an user isn't really working, i would like that to work. But for that i need to have access to the params of the route when i create my IPrincipal/IIndenty and i can't seem to find an correct place to do that. Hope someone can give me some pointers, Richard.

  Read the article

• i18n redirection breaks my tests ....

  - by Mike

  I have a big application covered by more than a thousand tests via rspec. We just made the choice to redirect any page like : / /foo /foo/4/bar/34 ... TO : /en /en/foo /fr/foo/4/bar/34 .... So I made a before filter in application.rb like so : if params[:locale].blank? headers["Status"] = "301 Moved Permanently" redirect_to request.env['REQUEST_URI'].sub!(%r(^(http.?://[^/]*)?(.*))) { "#{$1}/#{I18n.locale}#{$2}" } end It's working great but ... It's breaking a lot of my tests, ex : it "should return 404" do Video.should_receive(:failed_encodings).and_return([]) get :last_failed_encoding response.status.should == "404 Not Found" end To fix this test, I should do : get :last_failed_encoding, :locale => "en" But ... seriously I don't want to fix all my test one by one ... I tried to make the locale a default parameter like this : class ActionController::TestCase alias_method(:old_get, :get) unless method_defined?(:old_get) def get(path, parameters = {}, headers = nil) parameters.merge({:locale => "fr"}) if parameters[:locale].blank? old_get(path, parameters, headers) end end ... but couldnt make this work ... Any idea ??

  Read the article

• Will rel=canonical break site: queries ?

  - by Justin Grant

  Our company publishes our software product's documentation using a custom-built content management system using a dynamic URL namespace like this: http://ourproduct.com/documentation/version/pageid Where "version" is the version number to which the documentation applies, and "pageid" is a unique string which identifies that page in our back-end content management system. For example, if content (e.g. a page about configuration best practices) is unchanged from version 3.0 and 4.0 of our product, it'd be reachable by two different URLs: http://ourproduct.com/documentation/3.0/configuration-best-practices http://ourproduct.com/documentation/4.0/configuration-best-practices This URL scheme allows us to scope Google search results to see only documentaiton for a particular product version, like this: configuration site:ourproduct.com/documentation/4.0 But when the user is searching across all versions, we don't want Google to arbitrarily choose one of the URLs to show in results. Instead, we always want the latest version to show up. Hence our planned use of rel=canonical so we can proscriptively tell Google which URL we want to show up if multiple versions are being searched. (Users who do oddball things like searching 2 versions but not all of them are a corner case, so we don't care which version(s) show up in that case-- the primary use-cases we care about is searching one version or searching all versions) But what will happen to scoped searches if we do this? If my rel=canonical URL points to version 4.0, but my search is scoped to 3.0, will Google return a result? Even if you don't know the answer offhand, do you know a site which uses rel=canonical to redirect across folders in a URL namespace. If so, I could run a few Google searches and figure out the answer.

  Read the article

• How to do a javascript redirection to a ClickOnce deployment URL?

  - by jerem

  I have a ClickOnce application used to view some documents on a website. When connected, the user sees a list of documents as links to http://server/myapp.application?document=docname. It worked fine until I had to integrate the website authentication/security system into my application. The website uses a ticketing system to grant access to its users. A ticket is generated by a web application and needs to be added to the deployment URL querystring, then I have to check at application startup that the ticket given in querystring was right by making another request to the web application. So the deployment URL becomes something like: h ttp://server/myapp.application?document=docname&ticket=ticketnumber. The problem is the ticket is valid only 10 seconds, so I have to get it only after the user has clicked a link. My first try was to have some javascript do the request to get the ticket, generate the proper deployment URL and then redirect the user to this URL with "window.location = deploymentUrl;". It works fine in Firefox, but IE does not prompt the user for installation. I guess it is a ClickOnce security constraints, but I am able to do the redirection when doing it on localhost, so I hope there is a workaround. I have also added the server on the "trusted sites" list in IE options. Is it possible to have that working in IE? What are my other options to do that?

  Read the article

• Storing User Information in Session with aspNetMembershipProvider

  - by Muhammad Adeel Zahid

  Hi Everyone, i m developing an application in .NET mvc2. i m using aspnetMembershipProvider for User registration and related activities. i need some custom information about user that i stored in a separate table (sysUser for example) and linked it to aspnetUser table through foreign key. after Login i need to fetch user's credentials from sysUser table and push it to the session. For this Account controller's Logon method seemed best to me and i pasted following code in my Logon ActionResult if (!ValidateLogOn(userName, password)) { return View(); } FormsAuth.SignIn(userName, rememberMe); ApplicationRepository _ApplicationRepository = new ApplicationRepository(); MembershipUser aspUser = Membership.GetUser(userName); SessionUser CurrentUser = _ApplicationRepository.GetUserCredentials(aspUser.ProviderUserKey.ToString()); //Session["CurrentUser"] = CurrentUser; if (!String.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } The code is working perfectly for me and put my desired information in the session but the thing is that if a user selects Remember me and on his next visit he won't have to Log in and i would not find my desired information in the Session. Can anyone guide me where should i put my code that stores the user information in the session. any Help is Highly appreciated Regards Adeel

  Read the article

• Link checker ; how to avoid false positives

  - by Burnzy

  I'm working a on a link checker/broken link finder and I am getting many false positives, after double checking I noticed that many error codes were returning webexceptions but they were actually downloadable, but in some other cases the statuscode is 404 and i can access the page from the browse. So here is the code, its pretty ugly, and id like to have something more, id say practical. All the status codes are in that big if are used to filter the ones i dont want to add to brokenlink because they are valid links ( i tested them all ). What i need to fix is the structure (if possible) and how to not get false 404. Thank you! try { HttpWebRequest request = ( HttpWebRequest ) WebRequest.Create ( uri ); request.Method = "Head"; request.MaximumResponseHeadersLength = 32; // FOR IE SLOW SPEED request.AllowAutoRedirect = true; using ( HttpWebResponse response = ( HttpWebResponse ) request.GetResponse() ) { request.Abort(); } /* WebClient wc = new WebClient(); wc.DownloadString( uri ); */ _validlinks.Add ( strUri ); } catch ( WebException wex ) { if ( !wex.Message.Contains ( "The remote name could not be resolved:" ) && wex.Status != WebExceptionStatus.ServerProtocolViolation ) { if ( wex.Status != WebExceptionStatus.Timeout ) { HttpStatusCode code = ( ( HttpWebResponse ) wex.Response ).StatusCode; if ( code != HttpStatusCode.OK && code != HttpStatusCode.BadRequest && code != HttpStatusCode.Accepted && code != HttpStatusCode.InternalServerError && code != HttpStatusCode.Forbidden && code != HttpStatusCode.Redirect && code != HttpStatusCode.Found ) { _brokenlinks.Add ( new Href ( new Uri ( strUri , UriKind.RelativeOrAbsolute ) , UrlType.External ) ); } else _validlinks.Add ( strUri ); } else _brokenlinks.Add ( new Href ( new Uri ( strUri , UriKind.RelativeOrAbsolute ) , UrlType.External ) ); } else _validlinks.Add ( strUri ); }

  Read the article

< Previous Page | 172 173 174 175 176 177 178 179 180 181 182 183  | Next Page >