Can we use Request.QueryString in classic ASP if using URL masking? - sql

I'm writing a website for a local club of ours. I've got all the site written in ASP linked to our backend SQL server and it works lovely. I want to create player profiles now. Normally I would use "(a href=playerdetails.asp?ID=1) Player 1 (/a)" then in the ASP section of the page use strsql = "SELECT * FROM Players Where ID=" & request.querystring("ID").
However, this is where my problems starts. To save money for the club, I am also hosting the site for them on my private domain. We have registered there domain and instead of paying for hosting, we're just redirecting the traffic via the domain registers URL forwarding, using masking. Therefore instead of the URL saying www.mydomain.com/club/ it says www.club.com.
Thus the original question... Can I use request.querystring with the setup we have? If not, is there a way around it as the club doesn't really have the budet for a hosted site with SQL in the backend.
Thanks in advance,
Paul.
PS <'s in the link replaced with ('s to display correctly.

A couple of things:
URL Masking uses frames to hide the actual URL. You can still use query string values in the URL, however you will not see the URL in the address bar change, because it will always be www.club.com do to the URL masking.
http://en.wikipedia.org/wiki/Domain_Masking
Second you are opening up your site to SQL injection attacks:
NEVER trust user input
NEVER use Request.QueryString or Request.Form in SQL states without filtering out bad characters and keywords.
http://en.wikipedia.org/wiki/SQL_injection

Related

Discord bot doesn't show emotes from other servers in embeds

I'm working on a Discord bot using Discord.Net 2.2.0 and written in VB.NET. One of the (overly-ambitious?) many features of my bot will be posting player data from the mobile game, Star Wars: Galaxy of Heroes into an embed. This includes certain character ability information in which I wish to include some emotes to make it a bit more aesthetically pleasing. Initially, I had uploaded the emotes to a server I was testing in and everything worked great:
However, I realized that, if my bot makes it out into the wild, I can't really be installing these emotes on every server out there. I'm still in the beginning stages of this project, and I foresee the need for several "custom" emotes for some of the embeds I'll be using. So, I decided to create a new Discord server (henceforth referred to as the bot's "home" server) in which to load these emotes for use in the "client" or "target" server.
Unfortunately, when I try to include emotes from the bot's home server in the embed, all I get are the emote names and no images:
After fighting with it a bit, I tried including emotes from both servers in the same embed and I get "mixed" results. Those emotes that I include which are loaded in the client/target server show up correctly, but those that are from the bot's home server only display the emote name:
The method is pretty long, so here's a very simplified example of the code I'm using to create the embeds:
Dim BotHomeServer As Discord.WebSocket.SocketGuild = BotClient.GetGuild(Convert.ToUInt64(HOME_SERVER_ID))
Dim TargetServer As Discord.WebSocket.SocketGuild = BotClient.GetGuild(Convert.ToUInt64(TARGET_SERVER_ID))
Dim PostingChannel As Discord.WebSocket.SocketTextChannel = TargetServer.GetTextChannel(Convert.ToUInt64(POST_CHANNEL_ID))
Dim HomeEmote As Discord.Emote = Await BotHomeServer.GetEmoteAsync(EMOTE_ID_FROM_HOME_SERVER)
Dim TargetEmote As Discord.Emote = Await TargetServer.GetEmoteAsync(EMOTE_ID_FROM_TARGET_SERVER)
Dim PostBuilder As New Discord.EmbedBuilder
'... other fields and properties of the embed
PostBuilder.AddField("Home Server Test", "Some Text Here <:" & HomeEmote.Name & ":" & HomeEmote.Id & ">", False)
PostBuilder.AddField("Target Server Test", "Some Text Here <:" & TargetEmote.Name & ":" & TargetEmote.Id & ">", False)
'... other fields and properties of the embed
Await PostingChannel.SendMessageAsync("This is a test", False, PostBuilder.Build)
I've also tried using the .ToString() method for adding the emotes to the embed instead of "manually" building them with the Name and Id properties, but I get the exact same results. I retrieved the emote ID's by typing \:emotename: in the home (and client/target) server. The emote names (i.e., :gohomega:) are correct, so I know that it's correctly finding the emote in the bot's home server. It's just not displaying them unless they're loaded in the client/target server.
I found a similar issue addressed in the question, Discord bot can't show emote “sometimes”. Although the issue reported there is definitely different, the end result - the emote names showing up instead of the actual image - is the same behavior I'm trying to troubleshoot. The fact that the issue in that question is sporadic (whereas my issue is consistent) and that the bot there is written in a different language (Node.js instead of a .NET language) and using different libraries (I assume) has me wondering if the issue may be on Discord's end rather than anything to do with my code.
I've triple- and quadruple-checked that the bot (and the role group it's in) have permission to use external emojis on the client/target server:
Initially, I had forgotten this bit and it didn't have the appropriate permissions. However, even after granting the necessary permissions, I still get the same results.
At this point, I'm not above admitting that I may just be overlooking/missing something, or simply being dense about what I'm looking at, but I'm wondering if anyone else has encountered (and hopefully resolved) this particular issue with a bot using emotes from a different server.
EDIT
Just to make certain, I stepped through the code in my IDE and checked the properties of one of the emotes at the time it's supposedly being added to the embed:
The emote's Id and Url properties appear to be correct, but I also went ahead and "validated" the Url property with my browser and verified that it does show the correct image for the emote.
Per the comments, the bot is a member of both servers:
I'm grasping at straws here, but perhaps it has something to do with the fact that the "home" server is so new (I just created it last night)? I mean, Discord's documentation says this should work, and the Discord.Net documentation basically says the same thing. According to the comments, it works for other people and my code looks "right", so it's really leading me to believe the entire issue is something on Discord's end.
I've also asked this question in both the Discord API server (#dotnet_discord-net) and the Discord Bots server (#development), so feel free to join me in one of those servers for an "extended conversation", if needed.
Okay, I finally found the cause of the issue, and I feel like a moron. I spent all my time looking at the bot's permissions and the group permissions at the server level, but I didn't even think about the actual channel permissions. The Use External Emoji permission for bot's group role in the channel was set to inherit:
I set it to allow and, voilà, the emotes came through just fine. I checked the permissions for the category that the text channel is in and found that the bot/group roles weren't even listed. I guess I had mistakenly assumed that the bot/group role permissions for the channel would get inherited from the server-level permissions I had set, even though the message at the top of the channel's permission screen explicitly states that the permissions are synced with the category.
The moral of the story? If it looks like a permission issue, don't forget to look at ALL of the permissions at every level.
Server
Category
Channel

ASP Connection String

I am at the end of my nerves trying to find this.
I am in progress of migrating SQL 2005 DB's to 2012 and I cannot find the connection string in the websites code. Its an old ASP page and the only ref to the connection string is at the top of each page with the following.
Set OBJdbConnection = Server.CreateObject("ADODB.Connection")
OBJdbConnection.Open Application("ITRC_ConnectionString")
This website is contained within an APPS folder and within the apps folder is a page called appvars.asp. All the other websites in the APPS folder use this page for their connection string and therefore I can easily migrate these but this one chuffing website isn't listed.
Anyway my question is where are the places I should look to find this connection string. There must be standards or something I can look for that will tell me.
As much as I hate to admit this we have 2 webservers and the site I was looking at was inactive doh!!! I found the correct site which was re-done in asp.net and repointed the connection string.

Planning url rewrite for my web app

I'm working on a site which shows different products for different countries. The current url scheme I'm using is "index.php?country=US" for the main page, and "product.php?country=US&id=1234" to show a product from an specific country.
I'm planning now to implement url rewrite to use cleaner urls. The idea would be using each country as subdomain, and product id as a page. Something like this:
us.example.com/1234 -> product.php?country=US&id=1234
I have full control of my dns records and web server, and currently have set a * A record to point to my IP in order to receive *.example.com requests. This seems to work ok.
Now my question is what other things I'd need to take care of. Is it right to assume that just adding a .htaccess would be enough to handle all requests? Do I need to add VirtualHost to each subdomain I use as well? Would anything else be needed or avoided as well?
I'm basically trying to figure out what the simplest and correct way of designing this would be best.
The data you need to process the country is already in the request URL (from the hostname). Moving this to a GET variable introduces additional complications (how do you deal with POSTs).
You don't need seperate vhosts unless the domains have different SSL certs.

How to use # sign as a url parameter in REST WCF service

I have a RESTFul WCF service with a url likes this
groups/{groupName}/members
which returns a list of users this works fine for normal groupNames. But when I use a groupName with a special char (like #) nothing is returned
ex.
when the url
groups/c#/members
is called from the client it only returns null.
I put a break point in the service code but the service's method is not even executed.(Break point never gets hit)
Also I tried using the url encode to encode c# as c%23 but the result is still the same. I tried this with built in web server of VS 2010 and IIS 7 but the result is still the same.
And I am using .NET 4.0
Any help will be really appreciated
In a url the hash indicates the end of the url and what follows it is a reference to a specific portion on the page, so the url /groups/c#/members is interpreted as the url /groups/c (and then the browser tries to take you to the href on the page named "/members".
Basically you should never allow # as a character in your dynamic url's. There's a reason people generate permalinks with only alphanumeric characters separated by dashes, and it's not just for readability/SEO. Some characters just plain aren't allowed. You should look at having a permalink field in your application so groups might have a name of c# which you display on page, but also a url friendly version of the name like c-sharp.

Insert cookie/flash-cookie from external domain / cross-domain. API

I need to track visitors.
I have a script (http://example.com/something.aspx) that saves all the visitor data (like browser, referrer, etc.) into a DB and insert a flash-cookie in the visitor machine for further tracking.
Right now I insert that script using an iframe in each page I want it to work.
The script need to be in the same domain of the page for it to work.
I use this script in a number of domains, so for each domain I have the same script installed in each domain.
I want to provide some kind of javascript API to be able to use only one script for all the domains. "One Script to Rule them All".
Its important to know that I own all the domains.
It is possible? How to achieve cross-domain?
Thanks.
I would try the following approach, but have not tested the whole thing.
insert into the page.
The record-and-set-cookie.aspx page will record agent info into a database (this part I am sure will work), and then return javascript that will set a cookie (this part can work, but needs confirmation).