Search Results

Search found 29495 results on 1180 pages for 'cross site scripting'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 539/1180 | < Previous Page | 535 536 537 538 539 540 541 542 543 544 545 546  | Next Page >

  • Apache/PHP serving file multiple times

    - by easement
    I have a system with a download.php page. The page takes and id and loads a file based on from the DB Record and then serves it up. I've noticed a couple instances where files are requested multiple times in short time spans (20ms). Times that are too quick for human input. There are plenty of instances where the downloader functions fine. However, in taking a closer look at the downloader’s usage, I did see some interesting behavior. For instance, the IP address xxx.xxx.xxx.xxx (which is one in a range owned by xxxxxx.de in Germany) came to the site through Google. They browsed around and then came to the page http://site.com/xxxx/press+125.php There they issued a request for /download.php?id=/ZZ/n+aH55Y= (a PDF) at 9:04:23AM. That alone is not a big deal. However, what is interesting is that the server seems to have been quite preoccupied with serving that request. In the logs the request first completes between 9:09:48 and 9:10:00. It looks like the user must have gotten tired of waiting during that time and requested the document two more times. Between 09:14:47 and 09:15:00 the same request appears again, except it is from 9:04:43AM, 20ms later than the first request. Then it pops up a third time, with a request that started at 09:05:06 completing between 09:19:55 and 09:19:58! I’m suspicious of that document. In looking through the logs I see other instances where it takes the server a little while to handle that specific file. Check out this list of requests from zzz.zzz.zzz.zzz[different than above] for the file /download.php?id=/ZZ/n+aH55Y= (the same docuemnt as before): Request time Complete Time 04:32:43 04:33:36 04:32:50 04:33:36 04:32:51 04:33:38 04:33:05 04:33:38 04:33:34 04:33:42 04:33:05 04:33:42 So something is definitely going on. Whether it has to do with this specific document tripping up the server, the download.php page’s code, or if we’re just seeing the evidence of some server level overload as it plays out in real time I’m not yet sure. In fairness, there are other instances of people downloading /download.php?id=/ZZ/n+aH55Y= (the same PDF) without error. However, it is interesting that the multiple processes only seem to happen with this one file, and then only when it is accessed through the page http://site.com/press+125.php . It bears further investigation if there’s something amiss inside the code that causes the system to fire off multiple download requests that occupy the server. I don't know if this press+125.php is a rabbit hole, but there is weird consicence. Any ideas? I'm totally out of ideas. Apache maxed out? Things like that. ///DOWNLOAD.php $file = new files(); $file->comparison_filter("id", "=", $id); //sql to load if ($file->load()) { $file->serve(); } //FILES function serve() { if ($this->is_loaded) { if (file_exists($this->get_value("filename"))) { if ($this->get_value("content_type") != "") { header("Content-Type: " . $this->get_value("content_type")); } header("Content-Length: " . filesize($this->get_value("filename"))); if ($this->get_value("flag_image") == 0 || $this->get_value("flag_image") == false) { header("Cache-Control: private"); header("Content-Disposition: attachment; filename=" . urlencode($this->get_value("original_filename"))); } set_time_limit(0); @readfile($this->get_value("filename")); exit; } } }

    Read the article

  • Create / build / generate a web form that can be on my server and has modern looks and could be impl

    - by Luay
    I have a small web site and would like to add a 'contact us' form and a 'feedback' form. i would like the forms to satisfy the following: 1- be modern looking (with beautiful css effects) 2- the form fields are validated properly and 'inline'. What I mean is once a user skips a required field or enters an email address incorrectly some kind of tooltip or icon is displayed to ask him to cerrect the error (as opposed to a message box that appears after the user clicks 'submit') 3- once the submit button is clicked the form contents are emailed to me. 4- the whole thing can be setup by a noob like myself. 5- no ads on the form I have been searching for at least 5 days for a solution but I can't seem to find anything the would satisfy the above 5 conditions. I don't mind paying for a solution as long as it is hosted on my site and it is a one off payment and not a monthly payment. So far my search has lead me to the following: 1 wufoo. The good: the generated forms seem to look okay but not the best there is. The bad: the free service is limited to 100 submissions. ads on the form. it is not hosted on my server. Paid service requires monthly payments 2- emailmeform: almost same as above except the generated form looks old. They do have an offer where you pay only $4 to get the form and set it up on your own site but that doesn't solve the fact that the forms look old. 3- formAssembly: same as above with minor variations (the generated form looks better) 4- formchamp, formthis, kontaktr,... And other similar online services: the same problem. either the form generated looks outdated or require monthly payments or they put ads...they don't satisfy my conditions. 5- coffeecup form builder. a desktop software. The problem is the generated forms look too old and use flash. 6- simfatic. Another software. Much better than coffeecup. almost satisfies my conditions but the forms not as good as I like. 7- many, many php scripts or html templates that look so outdated or fail when tested (probably because they are too old). Seriously guys, how hard is this. At least 90%+ of website contain at least a 'contact us' form. Why aren't there better solutions? if there is I can't seem to find them. In terms of looks I want something similar to this: http://web-kreation.com/articles/lightform-free-ajaxphp-contact-form/ It is called lightform. And this is a perfect example of what I mean by 'inline' validation. the only problem: there is no script to handle sending the mail. Even if I find one, I don't know how to modify it for my needs. So could you please help me out. I really can't search anymore. I reached rock bottom with this issue. I need a complete solution. If nothing exists then at least a: 1- form template (html) that looks nice and can easily be modified 2- a validation script that does 'inline' validation like the example above (or similar to it) and can be easily implemented by a noob like me to work with the html form. 3- a php script that will handle sending the email and can be easily implemented (all three working in harmony). I hope there is a complete solution but am I asking for too much? Pretty please...help...

    Read the article

  • Wordpress blog with Joomla?

    - by user427902
    Hi, I had this Wordpress installation which was installed in a subfolder (not root). Like http: //server/blog/. Now, I installed Joomla on the root (http: //server/). Everything seems to be working fine with the Joomla part. However, the blog part is messed up. If I try to browse the homepage of my blog which is http: //server/blog/ it works like a charm. But while trying to view individual blog pages like say, http: //server/blog/some_category/some_post I get a Joomla 404 page. So, I was wondering if it was possible to use both Wordpress and Joomla in the same server in the setup I am trying to. Let me clarify that I am NOT looking to integrate user login and other such things. I just want the blog to be functional under a subfolder while I run the Joomla site in the root. So, what is the correct way to go about it. Can this be solved by any .config edits or something else? Edit: Here's the .htaccess for Joomla ... (I can't find any .htaccess for Wp though, still looking for it.) ## # @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $ # @package Joomla # @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. # @license http://www.gnu.org/copyleft/gpl.html GNU/GPL # Joomla! is Free Software ## ##################################################### # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. # ##################################################### ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks # # mod_rewrite in use RewriteEngine On ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # ## Deny access to extension xml files (uncomment out to activate) #<Files ~ "\.xml$"> #Order allow,deny #Deny from all #Satisfy all #</Files> ## End of deny access to extension xml files RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root) # RewriteBase / ########## Begin - Joomla! core SEF Section # RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/index.php RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] RewriteRule (.*) index.php RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] # ########## End - Joomla! core SEF Section

    Read the article

  • Grabbing all <a> tags in a specific div and displaying them

    - by Taylor Swyter
    So I'v got a small problem with my portfolio site (you can see it at here) When you click on a portfolio piece, a top section opens up to reveal the details (Title, year, role, description) as well as the photos. I'v been able to get each project to replace all the text data, but I can't seem to get the images to load into the thumbnails. I have been able to get the last image i'm looking for in all of the images on the site, but not display each photo for each project. Here's the HTML i'm working with: <section id="details"> <div class="pagewrapper"> <section id="main-img"> <article id="big-img"> <img src="" alt="big-img" /> </article> <article class="small-img-container"> <a href="#"><img src="#" alt="smallimg" class="small-img" /></a> </article> </section> <section id="description"> <h3></h3> <h4></h4> <h5></h5> <p></p> </section> </div> <div class="clear"></div> </section> <section id="portfolio"> <div class="pagewrapper"> <h2 class="sectionTitle">Portfolio</h2> <div class="thumb"> <a class="small" href="#" title="David Lockwood Music" data-year="2010" data-role="Sole Wordpress Developer" data-description="David Lockwood is a musician and an educator based in New Hampshire who came to me needing a website for his musical career. I fully developed his site using Wordpress as a CMS, creating a custom template based on the design by Jeremiah Louf. Jeremiah and I worked together on the website's UX design."><img src="images_original/davidcover.png" alt="thumb" /> <div class="hide"> <a href="images/davidlockwood/homepage.png" ></a> <a href="images/davidlockwood/blog.png"></a> <a href="images/davidlockwood/shows.png"></a> <a href="images/davidlockwood/bio.png"></a> <a href="images/davidlockwood/photos.png"></a> </div> <h3>David Lockwood Music</h3> <div class="clear"></div> </a> </div><!--thumb--> and here's the jQuery: $(document).ready(function(){ var proj = {}; $('.thumb a').click(function() { $('#details').slideDown(1000); $('.hide a').each(function() { proj.img = $(this).attr("href"); $('.small-img-container img').attr('src',proj.img); }); alert("the image is " + proj.img);//is it getting the image URLS? proj.title = $(this).attr("title"); proj.year = $(this).attr("data-year"); proj.role = $(this).attr("data-role"); proj.description = $(this).attr("data-description"); $('#description h3').text(proj.title); $('#description h4').text(proj.year); $('#description h5').text(proj.role); $('#description p').text(proj.description); }); }); Anyone have any idea how I grab just the images for the specific project, display them all as thumbnails and then make those thumbnail clickable to see the bigger image? Thanks!

    Read the article

  • Infinite sharing system (PHP/MySQLi)

    - by Toine Lille
    I'm working on a discount system for whichever customer shares a product and brings in new customers. Each unique visit = $0.05 off, each new customer = $0.50 off (it's a cheap product so yeah, no big numbers). When a new customer shares the site, the customer initially responsible for the new customer (if any) will get half of the new customer's discount as well. The initial customer would get a fourth for the next level and the new customer half of that, etc, creating a tree or pyramid that way that could be infinite. Initial customer ($1.35 discount: 2 new+3 visits + half of 1 new+2 visits) Visitor ($0) Visitor ($0) New customer ($0.60) Visitor ($0) Visitor ($0) Newer customer ($0) New customer ($0) Visitor ($0) The customers are saved along with their IP addresses (bin2hex(inet_pton)) in a database table (customers) with info like a unique id, e-mail address and first date/time the purchased a product (= time of registration). The shares are saved in a separate table within the same database (sharing). Each unique IP addresses that visits the site creates a new row featuring the IP address (also saved as bin2hex(inet_pton)), the id of the customer who shared it and the date/time of the visit. Sharing goes via URL, featuring a GET element containing the customer's id. Visits and new customers overlap, as visits will always occur before the new customer does. That's fine. The date/times are used just to make it a little more secure (I also use the IP along with cookies to see if people cheat the system). If an IP is already in the sharing or customer tables, it does not count and will not create a new entry. Now the problem is, how to make the infinity happen and apply the different values to it? That's all I'd need to know. It needs to calculate the discount for each customer separately, but also allow for monitoring altogether (though that's just a matter of passing all ID's through it). I figured I'd start (after the database connection) with $stmt = $con->prepare('SELECT ip,datetime FROM sharing WHERE sender=?'); $stmt->bind_param('i',$customerid); $stmt->execute(); $stmt->store_result(); $discount = $discount + ($stmt->num_rows * 0.05); $stmt->bind_result($ip,$timeofsharing); to translate all the visits to $0.05 of discount each. To check for the new customers that came from these visits, I wrote the following: while ($sql->fetch()) { $stmt2 = $con->prepare("SELECT datetime FROM users WHERE ip=?"); $stmt2->bind_param('s',$ip); $stmt2->execute(); $stmt2->store_result(); $stmt2->bind_result($timeofpurchase); Followed by a little more security comparing the datetimes: while ($stmt2->fetch()) { if (strtotime($timeofpurchase) < strtotime($timeofsharing)) { $discount = $discount + $0.50; } But this is just for the initial customer's direct results. If I'd want to check for the next level, I'd basically have to put the exact same check and loop in itself, checking each new customer the initial customer they brought to the site, and then for the next level again to check all of the newer customers, etc, etc. What to do? / Where to go? / What would be the correct practice for this? Thanks!

    Read the article

  • Please help! Every Post link links to the most recent post Wordpress

    - by kwek-kwek
    I got the site up on time, with one blog post up. Later I added another one and tested it. Big problem! Any link that used to take you to the old post (ie: side-bar "Recent Posts" links) now takes you to the newest one. I tested it by adding a third post, and got the same result. This is a custom wordpress theme and I have a, page.php <?php get_header(); ?> <?php if (have_posts()) : while (have_posts()) : the_post(); ?> <div id="BodyWrap"> <!--MAIN CONT--> <div id="mainCont"> <?php get_sidebar(); ?> <?php if (is_page(array('home'))) { ;?> <div id="rotateBanner"> <div id="slide-holder"> <div id="slide-runner"> <img id="slide-img-1" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial2.jpg" class="slide" alt="" /> <img id="slide-img-5" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial5.jpg" class="slide" alt="" /> <img id="slide-img-2" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial1.jpg" class="slide" alt="" /> <img id="slide-img-6" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial6.jpg" class="slide" alt="" /> <img id="slide-img-3" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial3.jpg" class="slide" alt="" /> <img id="slide-img-7" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial7.jpg" class="slide" alt="" /> <img id="slide-img-4" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial4.jpg" class="slide" alt="" /> <img id="slide-img-8" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial8.jpg" class="slide" alt="" /> <div id="slide-controls"> <p id="slide-client" class="text" style="display:none;"><span></span></p> <p id="slide-desc" class="text" style="display:none;"></p> <p id="slide-nav" style="display:none;"></p> </div> </div> <script type="text/javascript"> if(!window.slider) var slider={};slider.data=[{"id":"slide-img-1","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-5","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-2","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-6","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-3","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-7","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-4","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-8","client":"nature beauty","desc":"nature beauty photography"}]; </script> </div> </div> <?php } ?> <?php if (is_page(array('accueil'))) { ;?> <div id="rotateBanner"> <div id="slide-holder"> <div id="slide-runner"> <img id="slide-img-1" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial1-fr.jpg" class="slide" alt="" /> <img id="slide-img-5" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial5-fr.jpg" class="slide" alt="" /> <img id="slide-img-2" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial2-fr.jpg" class="slide" alt="" /> <img id="slide-img-6" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial6-fr.jpg" class="slide" alt="" /> <img id="slide-img-3" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial3-fr.jpg" class="slide" alt="" /> <img id="slide-img-7" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial7-fr.jpg" class="slide" alt="" /> <img id="slide-img-4" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial4-fr.jpg" class="slide" alt="" /> <img id="slide-img-8" src="<?php bloginfo('template_url'); ?>/images/banner/testimonial8-fr.jpg" class="slide" alt="" /> <div id="slide-controls"> <p id="slide-client" class="text" style="display:none;"><span></span></p> <p id="slide-desc" class="text" style="display:none;"></p> <p id="slide-nav" style="display:none;"></p> </div> </div> <script type="text/javascript"> if(!window.slider) var slider={};slider.data=[{"id":"slide-img-1","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-5","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-2","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-6","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-3","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-7","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-4","client":"nature beauty","desc":"nature beauty photography"},{"id":"slide-img-8","client":"nature beauty","desc":"nature beauty photography"}]; </script> </div> </div> <?php } ?> <?php if (is_page(array('contact-us'))) { ;?> <div id="rotateBanner"> <?php custom_field_image() ?> </div> <?php } ?> <div id="mainCopy"> <div id="content"> <h2> <?php if (is_page('home','accueil')) : ?> <?php else : ?> <?php single_post_title(); ?> <?php endif; ?></h2> <?php the_content('<p class="serif">Read the rest of this page &raquo;</p>'); ?> <?php wp_link_pages(array('before' => '<p><strong>Pages:</strong> ', 'after' => '</p>', 'next_or_number' => 'number')); ?> </div> </div> <?php if (is_page(array('home','accueil'))) { ;?> <div id="rightCol2"> <div id="Fworks"> <h2>Featured work</h2> <li><img src="<?php bloginfo('template_url'); ?>/images/portage-thumb.jpg" width="234" height="92" border="0" alt="" /></li> <li><a href="<?php bloginfo('url'); ?>our-work/foundation-on-antivirals"><img src="<?php bloginfo('template_url'); ?>/images/fav-thumb.jpg" width="234" height="92" border="0" alt="" /></a></li> <li><img src="<?php bloginfo('template_url'); ?>/images/danslejardin-thumb.jpg" width="234" height="92" border="0" alt="" /></li> </div> <div id="NewEvents"> <?php if ( (strtolower(ICL_LANGUAGE_CODE) == 'en') ) {echo("<h2>News &amp; Events</h2");} ?> <?php if ( (strtolower(ICL_LANGUAGE_CODE) == 'fr')) echo("<h2>Nouvelles</h2") ?> <div id="NewsListings"> <ul> <?php //dbem_get_events_list("limit=5&scope=al&order=DESC"); ?> <?php include('events.php');?> </ul> </div> </div> </div> <?php } ?> </div> </div> <?php endwhile; endif; ?> <?php get_footer(); ?> single.php <?php /** * @package WordPress * @subpackage Default_Theme */ get_header(); ?> <div id="BodyWrap"> <!--MAIN CONT--> <div id="mainCont"> <?php get_sidebar(); ?> <?php if (is_page(array('home','contact-us'))) { ;?> <div id="rotateBanner"> <?php custom_field_image() ?> </div> <?php } ?> <div id="mainCopy"> <div id="content" class="widecolumn" role="main"> <?php if (have_posts()) : while (have_posts()) : the_post(); ?> <!-- <div class="navigation"> <div class="alignleft"><?php previous_post_link('&laquo; %link') ?></div> <div class="alignright"><?php next_post_link('%link &raquo;') ?></div> </div> <br class="clr" />--> <div <?php post_class() ?> id="post-<?php the_ID(); ?>"> <h2><?php the_title(); ?></h2> <div class="entry"> <?php the_content('<p class="serif">Read the rest of this entry &raquo;</p>'); ?> <?php wp_link_pages(array('before' => '<p><strong>Pages:</strong> ', 'after' => '</p>', 'next_or_number' => 'number')); ?> <?php the_tags( '<p>Tags: ', ', ', '</p>'); ?> <!--<p class="postmetadata alt"> <small> This entry was posted <?php /* This is commented, because it requires a little adjusting sometimes. You'll need to download this plugin, and follow the instructions: http://binarybonsai.com/wordpress/time-since/ */ /* $entry_datetime = abs(strtotime($post->post_date) - (60*120)); echo time_since($entry_datetime); echo ' ago'; */ ?> on <?php the_time('l, F jS, Y') ?> at <?php the_time() ?> and is filed under <?php the_category(', ') ?>. You can follow any responses to this entry through the <?php post_comments_feed_link('RSS 2.0'); ?> feed. <?php if ( comments_open() && pings_open() ) { // Both Comments and Pings are open ?> You can <a href="#respond">leave a response</a>, or <a href="<?php trackback_url(); ?>" rel="trackback">trackback</a> from your own site. <?php } elseif ( !comments_open() && pings_open() ) { // Only Pings are Open ?> Responses are currently closed, but you can <a href="<?php trackback_url(); ?> " rel="trackback">trackback</a> from your own site. <?php } elseif ( comments_open() && !pings_open() ) { // Comments are open, Pings are not ?> You can skip to the end and leave a response. Pinging is currently not allowed. <?php } elseif ( !comments_open() && !pings_open() ) { // Neither Comments, nor Pings are open ?> Both comments and pings are currently closed. <?php } edit_post_link('Edit this entry','','.'); ?> </small> </p>--> </div> </div> <?php comments_template(); ?> <?php endwhile; else: ?> <p>Sorry, no posts matched your criteria.</p> <?php endif; ?> </div> </div> </div> </div> <?php get_footer(); ?> index.php <?php get_header(); ?> <!--MAIN WRAP--> <div id="BodyWrap"> <!--MAIN CONT--> <div id="mainCont"> <?php get_sidebar(); ?> <div id="mainCopy"> <div id="content"> <?php if ( have_posts() ) : while ( have_posts() ) : the_post(); ?> <div id="BGHeadTitle"><h2><a href="<?php the_permalink() ?>"><?php the_title(); ?></a></h2></div> <?php the_content(); ?> <p><?php the_time('F j, Y'); ?> at <?php the_time('g:i a'); ?> | <?php the_category(', '); ?> | <?php comments_number('No comment', '1 comment', '% comments'); ?></p> <?php comments_template(); // Get wp-comments.php template ?> <?php endwhile; else: ?> <h2>Woops...</h2> <p>Sorry, no posts we're found.</p> <?php endif; ?> <p align="center"><?php posts_nav_link(); ?></p> </div> </div> </div> </div> <?php get_footer(); ?> my recent post code : <ul> <?php query_posts('cat=3,4,5&posts_per_page=5&order=ASC&orderby=date'); if ( have_posts() ) : while ( have_posts() ) : the_post()?> <li> <span class="date"><?php the_time('M j') ?></span> <a href="<?php the_permalink(); ?>" title="<?php the_title(); ?>"><?php the_title(); ?></a> </li> <?php endwhile; ?> <?php rewind_posts(); ?> </ul> I am really stuck the site went live and when I was working on the testserver I only noticed it.view the site here »

    Read the article

  • SQL Server 2008 R2 Quiet Installation Failure

    - by pk
    I've downloaded the SQL Server 2008 R2 software from Microsoft and am working on scripting a silent installation. I'm getting the following errors (and the duplicate paste job is not an accident, that's how it shows up for me) The following error occurred: Exception has been thrown by the target of an invocation. Error result: 1152035024 Result facility code: 1194 Result error code: 43216 Please review the summary.txt log for further details The following error occurred: Exception has been thrown by the target of an invocation. Error result: 1152035024 Result facility code: 1194 Result error code: 43216 Please review the summary.txt log for further details Microsoft (R) SQL Server 2008 R2 Setup 10.50.1600.01 This is what shows up in the detailed SQL install log. 2011-02-23 09:53:13 Slp: Running Action: ExecuteInitWorkflow 2011-02-23 09:53:13 Slp: Workflow to execute: 'INITIALIZATION' 2011-02-23 09:53:13 Slp: Error: Action "Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction" threw an exception during execution. 2011-02-23 09:53:13 Slp: Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ArgumentNullException: Value cannot be null. 2011-02-23 09:53:13 Slp: Parameter name: InstallMediaPath Hopefully someone can help me work through this. Here is a simple version of my PowerShell code. $arguments = @() $arguments += "/q" $arguments += "/ACTION=Install" $arguments += "/FEATURES=SQL,Tools" $arguments += "/INSTANCENAME=MSSQLSERVER" $arguments += "/SQLSVCACCOUNT=`"$NetBIOSDomainName\$SQLServerServiceAccount`"" $arguments += "/SQLSVCPASSWORD=`"$SQLServerServiceAccountPassword`"" $arguments += "/SQLSYSADMINACCOUNTS=`"$NetBIOSDomainName\$SQLSysAdminAccount`"" $arguments += "/AGTSVCACCOUNT=`"$NetBIOSDomainName\$SQLServerAgentAccount`"" $arguments += "/IACCEPTSQLSERVERLICENSETERMS" Start-Process "$SQLServerSetupLocation\setup.exe" -Wait -ArgumentList $arguments -RedirectStandardOutput error.txt

    Read the article

  • Deleting file with SharePoint List web service fails

    - by Robert MacLean
    I am trying to delete a file from SharePoint using the list web service which is failing with the following error. Error Code: 0x81020030 Message: Invalid file name Detail: The file name you specified could not be used. It may be the name of an existing file or directory, or you may not have permission to access the file. The update XML I sent through is: <Batch OnError="Continue" PreCalc="TRUE" ListVersion="0" ViewName="{8FE4E2C8-939E-4462-ABA2-D633EED7F76E}"><Method ID="1" Cmd="Delete"><Field Name="ID">84</Field><Field Name="FileRef">http://win-4h0xp59sn75:40414/Shared%20Documents/del.txt</Field></Method></Batch> The SharePoint server error logs indicate: ERROR: Failed to OpenThreadToken, LastError=1008 The file you are attempting to save or retrieve has been blocked from this Web site by the server administrators. Things I have tried I've tried the changes in #1372971 which has no helped. I have also tried the changes recommended on the Microsoft Social site, which has also not helped. I have confirmed that the txt file extension is not blocked as indicated here. In addition I can remove the file via the website, it is just on the web service that this fails. The permissions are correct (or rather not in play) as I am running as a SharePoint administrator, which is the same account that uploaded it via the copy web service.

    Read the article

  • SharePoint 2010 - Client Object Model - Add attachment to ListItem

    - by Thorben
    Hi, I have a SharePoint List to which I'm adding new ListItems using the Client Object Model. Adding ListItems is not a problem and works great. Now I want to add attachments. I'm using the SaveBinaryDirect in the following manner: File.SaveBinaryDirect(clientCtx, url.AbsolutePath + "/Attachments/31/" + fileName, inputStream, true); It works without any problem as long as the item that I'm trying to add the attachment to, already has an attachment that was added through the SharePoint site and not using the Client Object Model. When I try to add an attachment to a item that doesnt have any attachments yet, I get the following errors (both happen but not with the same files - but those two messages appear consistently): The remote server returned an error: (409) Conflict The remote server returned an error: (404) Not Found I figured that maybe I need to create the attachment folder first for this item. When I try the following code: clientCtx.Load(ticketList.RootFolder.Folders); clientCtx.ExecuteQuery(); clientCtx.Load(ticketList.RootFolder.Folders[1]); // 1 -> Attachment folder clientCtx.Load(ticketList.RootFolder.Folders[1].Folders); clientCtx.ExecuteQuery(); Folder folder = ticketList.RootFolder.Folders[1].Folders.Add("33"); clientCtx.ExecuteQuery(); I receive an error message saying: Cannot create folder "Lists/Ticket System/Attachment/33" I have full administrator rights for the SharePoint site/list. Any ideas what I could be doing wrong? Thanks, Thorben

    Read the article

  • How can I set IIS Application Pool recycle times without resorting to the ugly syntax of Add-WebConfiguration?

    - by ObligatoryMoniker
    I have been scripting the configuration of our IIS 7.5 instance and through bits and pieces of other peoples scripts I have come up with a syntax that I like: $WebAppPoolUserName = "domain\user" $WebAppPoolPassword = "password" $WebAppPoolNames = @("Test","Test2") ForEach ($WebAppPoolName in $WebAppPoolNames ) { $WebAppPool = New-WebAppPool -Name $WebAppPoolName $WebAppPool.processModel.identityType = "SpecificUser" $WebAppPool.processModel.username = $WebAppPoolUserName $WebAppPool.processModel.password = $WebAppPoolPassword $WebAppPool.managedPipelineMode = "Classic" $WebAppPool.managedRuntimeVersion = "v4.0" $WebAppPool | set-item } I have seen this done a number of different ways that are less terse and I like the way this syntax of setting object properties looks compared to something like what I see on TechNet: Set-ItemProperty 'IIS:\AppPools\DemoPool' -Name recycling.periodicRestart.requests -Value 100000 One thing I haven't been able to figure out though is how to setup recycle schedules using this syntax. This command sets ApplicationPoolDefaults but is ugly: add-webconfiguration system.applicationHost/applicationPools/applicationPoolDefaults/recycling/periodicRestart/schedule -value (New-TimeSpan -h 1 -m 30) I have done this in the past through appcmd using something like the following but I would really like to do all of this through powershell: %appcmd% set apppool "BusinessUserApps" /+recycling.periodicRestart.schedule.[value='01:00:00'] I have tried: $WebAppPool.recycling.periodicRestart.schedule = (New-TimeSpan -h 1 -m 30) This has the odd effect of turning the .schedule property into a timespan until I use $WebAppPool = get-item iis:\AppPools\AppPoolName to refresh the variable. There is also $WebappPool.recycling.periodicRestart.schedule.Collection but there is no add() function on the collection and I haven't found any other way to modify it. Does anyone know of a way I can set scheduled recycle times using syntax consistent with the code I have written above?

    Read the article

  • Cannot convert lambda expression to type 'string' because it is not a delegate type

    - by RememberME
    I have the following code written by another developer on 2 pages of my site. This used to work just fine, but now is giving the error "Cannot convert lambda expression to type 'string' because it is not a delegate type" on the Delete line with Ajax.ThemeRollerActionLink. I don't go into this section of the site often, and we recently upgraded from MVC 1.0 to 2.0. I'm guessing that's probably when it stopped working. I've looked up this error and the recommended fix seems to be add using System.Linq However, the page already has <%@ Import Namespace="System.Linq" %> <% Html.Grid(Model).Columns(col => { col.For(c => "<a href='" + Url.Action("Edit", new { userName = c }) + "' class=\"fg-button fg-button-icon-solo ui-state-default ui-corner-all\"><span class=\"ui-icon ui-icon-pencil\"></span></a>").Named("Edit").DoNotEncode(); col.For(c => Ajax.ThemeRollerActionLink("fg-button fg-button-icon-solo ui-state-default ui-corner-all", "ui-icon ui-icon-close", "Delete", new { userName = c }, new AjaxOptions { Confirm = "Delete User?", HttpMethod = "Delete", InsertionMode = InsertionMode.Replace, UpdateTargetId = "gridcontainer", OnSuccess = "successDeleteAssignment", OnFailure = "failureDeleteAssignment" })).Named("Delete").DoNotEncode(); col.For(c => c).Named("User"); }).Attributes(id => "userlist").Render(); %>

    Read the article

  • Testing radius server from Mac OS X client

    - by Calvin Froedge
    I have a radius server set up on a server running Ubuntu 11.04. I have configured my switch to use the authentication server's IP (192.168.1.2) for RADIUS / 802.1x authentication, and I created a connection to test connecting from my Mac OSX client. Here is my radius configuration for the client: client 192.168.1.0/16 { secret = testing123 } I can successfully authenticate using both 127.0.0.1 (localhost) and 192.168.1.2 (ip of eth1), so I know radius is getting those requests. I set up a connection to test from my macbook, and my requests are timing out. http://screencast.com/t/tMhRLS3H7 Is there a better way to test the radius connection from my macbook? Thanks! UPDATE: I was able to successfully test on Mac OSX client using RadPerf. This is available as a cross-platform command line tool.

    Read the article

  • solution for RPC_E_ATTEMPTED_MULTITHREAD error caused by SPRequestContext caching SPSites?

    - by kerray
    Hi, I'm developing a solution for SharePoint 2007, and I'm using SPSecurity.RunWithElevatedPrivileges a lot, passing in UserToken of the SystemAccount. After reading http://hristopavlov.wordpress.com/2009/01/19/understanding-sharepoint-sprequest/ I finally began to understand why I get these System.Runtime.InteropServices.COMException (0x80010102): Attempted to make calls on more than one thread in single threaded mode. (Exception from HRESULT: 0x80010102 (RPC_E_ATTEMPTED_MULTITHREAD)) errors, but there seems to be no solution - "known issue in the product" The article is more then a year old. I wasn't able to find anything more recent and helpful, but I was hoping maybe someone else has? My code goes like this SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite elevatedSite = new SPSite(web.Site.ID, web.Site.SystemAccount.UserToken)) { using (SPWeb elevatedWeb = elevatedSite.OpenWeb(web.ID)) { // some operations on lists and items obtained through elevatedWeb } } } The errors come up wherever such an elevated code is used, and more often when there are more users who use these functionalities, so I guess perhaps the elevated SPSite is getting cached and reused. Is there any way to solve this? If my understanding is correct, how to make Sharepoint forget about the cached SPSites, and use a fresh one instead? Thanks

    Read the article

  • IIS7 Mixed Mode Authentication

    - by drachenstern
    We're getting ready to start migrating some of our IIS6 sites to IIS7, and the application currently uses Forms Authentication. We have started getting some requests from various sites to use the Windows Authentication for the users. While this is easy enough to implement (and I've shown internally that there is no issue with the app, as expected) the question then is how to continue to keep Forms authentication for when Integrated Windows doesn't work. I've seen several walkthroughs on how to have it configured on IIS6, and I could do the same thing on IIS7, but then I have to turn on Classic Mode processing. Any solution should also be back portable to IIS6, if possible, to keep the build tree simple. So what are my options on this? Do I setup the app with Integrated Windows Authentication in IIS7, Forms Auth in the web.config, and redirect 401 errors to an "error page" allowing them to login using forms, then back to the regular app? The case when Forms is likely to be needed is going to be reserved for Contract workers, our support staff, and if someone needs to access it on their site from their Extranet. So primarily it's for our staff to login to check functionality and confirm bug reports. I suggested we just maintain that for our support staff to work, we need a Windows login that will always be live, and then we'll just enforce local responsibility on who can login to the site, but I'm told that we would do better to have Forms Authentication. Any thoughts? I can post some of the links of the articles I've already read through if that would help the forum better narrow my needs. Many thanks. tl;dr: How to do mixed mode authentication (forms, windows) in IIS7 without changing to classic pipeline and still be able to use the build in IIS6 if possible.

    Read the article

  • TF203015 The Item $/path/file has an incompatible pending change. While trying to unshelve.

    - by drachenstern
    I'm using Visual Studio 2010 Pro against Team Server 2010 and I had my project opened (apparently) as a solution from the repo, but I should've opened it as "web site". I found this out during compile, so I went to shelve my new changes and deleted the project from my local disk, then opened the project again from source (this time as web site) and now I can't unshelve my files. Is there any way to work around this? Did I blow something up? Do I need to do maintenance at the server? I found this question on SO #2332685 but I don't know what cache files he's talking about (I'm on XP :\ ) EDIT: Found this link after posting the question, sorry for the delay in researching, still didn't fix my problem Of course I can't find an error code for TF203015 anywhere, so no resolution either (hence my inclusion of the number in the title, yeah?) EDIT: I should probably mention that these files were never checked in in the first place. Does that matter? Can you shelve an unchecked item? Is that what I did wrong? EDIT: WHAP - FOUND IT!!! Use "Undo" on the items that don't exist because they show up in pending changes as checkins.

    Read the article

  • Yii urlManager language in URL

    - by TaMeR
    I am trying to add a language to the url with following syntax: http://www.example.com/en/site/page/view/about What I have so far works with short urls like: http://www.example.com/en/site/contact but not with long once as in my first example Here is what I have so far: /config/main.php 'urlManager'=>array( 'class'=>'application.components.MyCUrlManager', 'urlFormat'=>'path', 'showScriptName'=>false, 'rules'=>array( '<language:\w+>/<controller:\w+>/<id:\d+>'=>'<controller>/view', '<language:\w+>/<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>', '<language:\w+>/<controller:\w+>/<action:\w+>'=>'<controller>/<action>', ), ), <?php // components/MyCUrlManager.php class MyCUrlManager extends CUrlManager { public function createUrl($route,$params=array(),$ampersand='&') { if(isset($_POST['_lang'])){ Yii::app()->language = $_POST['_lang']; }elseif (!isset($route['language']) && $controller != 'srbac'){ $route['language']=Yii::app()->language; }else{ Yii::app()->language = $route['language']; } return parent::createUrl($route, $params, $ampersand); } } ?> class Controller extends CController: { /// ..... function init() { parent::init(); if (isset($_POST['_lang'])) { Yii::app()->setLanguage($_POST['_lang']); Yii::app()->session['_lang'] = Yii::app()->language; }elseif (isset(Yii::app()->session['_lang'])) { Yii::app()->setLanguage(Yii::app()->session['_lang']); } } } class LangBox extends CWidget { public function run() { $currentLang = Yii::app()->language; require_once 'Zend/Locale.php'; $locale = new Zend_Locale(); //$siteLanguages = $this->getLang(); $siteLanguages = array('en','de','tr'); foreach($siteLanguages as $value){ $list[$value] = $locale->getTranslation($value, 'Language', $value); } asort($list); $this->render('langBox', array('currentLang' => $currentLang, 'list'=>$list)); } }

    Read the article

  • image filters for iphone sdk development

    - by plsp
    Hi All, I am planning to develop an iphone app which makes use of image filters like blurring, sharpening,etc. I noticed that there are few approaches for this one, Use openGL ES. I even found an example code on apple iphone dev site. How easy is openGL for somebody who has never used it? Can the image filters be implemented using the openGL framework? There is a Quartz demo as well posted on apple iphone dev site. Has anybody used this framework for doing image processing? How is this approach compared to openGL framework? Don't use openGL and Quartz framework. Basically access the raw pixels from the image and do the manipulation myself. Make use of any custom built image processing libraries like this one. Do you know of any other libraries like this one? Can anybody provide insights/suggestions on which option is the best? Your opinions are highly appreciated. Thanks!

    Read the article

  • C#: Cannot handle redirect from HTTP/HTTPS protocols to other dissimilar ones

    - by Peanut
    Basically, I'm trying to grab an EXE from CNet's Download.com So i created web parser and so far all is going well. Here is a sample link pulled directly from their site: http://dw.com.com/redir?edId=3&siteId=4&oId=3001-20_4-10308491&ontId=20_4&spi=e6323e8d83a8b4374d43d519f1bd6757&lop=txt&tag=idl2&pid=10566981&mfgId=6250549&merId=6250549&pguid=PlvcGQoPjAEAAH5rQL0AAABv&destUrl=ftp%3A%2F%2F202.190.201.108%2Fpub%2Fryl2%2Fclient%2Finstaller-ryl2_v1673.exe Here is the problem: When you attempt to download, it begins with HTTP, then redirects to an FTP site. I have tried .NET's WebClient and HttpWebRequest Objects, and it looks like Neither can support Redirects. This Code Fails at GetResponse(); HttpWebRequest req = (HttpWebRequest)WebRequest.Create("http://dw.com.com/redir?edId=3&siteId=4&oId=3001-20_4-10308491&ontId=20_4&spi=e6323e8d83a8b4374d43d519f1bd6757&lop=txt&tag=idl2&pid=10566981&mfgId=6250549&merId=6250549&pguid=PlvcGQoPjAEAAH5rQL0AAABv&destUrl=ftp%3A%2F%2F202.190.201.108%2Fpub%2Fryl2%2Fclient%2Finstaller-ryl2_v1673.exe"); WebResponse response = req.GetResponse(); Now, I also tried this: HttpWebRequest req = (HttpWebRequest)WebRequest.Create("http://dw.com.com/redir?edId=3&siteId=4&oId=3001-20_4-10308491&ontId=20_4&spi=e6323e8d83a8b4374d43d519f1bd6757&lop=txt&tag=idl2&pid=10566981&mfgId=6250549&merId=6250549&pguid=PlvcGQoPjAEAAH5rQL0AAABv&destUrl=ftp%3A%2F%2F202.190.201.108%2Fpub%2Fryl2%2Fclient%2Finstaller-ryl2_v1673.exe"); req.AllowAutoRedirect = false; WebResponse response = req.GetResponse(); string s = new StreamReader(response.GetResponseStream()).ReadToEnd(); And it does not throw the error anymore, however variable s turns out to be an empty string. I'm at a loss! Can anyone help out?

    Read the article

  • Objective-C SSL Synchronous Connection

    - by Mike
    Hello, I'm a little new to objective-C but have run across a problem that I can't solve, mostly because I'm not sure I am implementing the solution correctly. I am trying to connect using a Synchronous Connection to a https site with a self-signed certificate. I am getting the Error Domain=NSURLErrorDomain Code=-1202 "untrusted server certificate" Error that I have seen some solutions to on this forum. The solution i found was to add: - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace { return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]; } (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; } to the NSURLDelegate to accept all certificates. When I connect to the site using just a: NSURLRequest *theRequest=[NSURLRequest requestWithURL:[NSURL URLWithString:@"https://examplesite.com/"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:60.0]; NSURLConnection *theConnection=[[NSURLConnection alloc] initWithRequest:theRequest delegate:self]; It works fine and I see the challenge being accepted. However when I try to connect using the synchronous connection I still get the error and I don't see the challenge functions being called when I put in logging. How can I get the synchronous connection to use the challenge methods? Is it something to do with the delegate:self part of the URLConnection? I also have logging for sending/receiving data within the NSURLDelegate that is called by my connection function but not by the synchronous function. What I am using for the synchronous part: NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL: [NSURL URLWithString:@"https://examplesite.com/"]]; [request setHTTPMethod: @"POST"]; [request setHTTPBody: [[NSString stringWithString:@"username=mike"] dataUsingEncoding: NSUTF8StringEncoding]]; dataReply = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&error]; NSLog(@"%@", error); stringReply = [[NSString alloc] initWithData:dataReply encoding:NSUTF8StringEncoding]; NSLog(@"%@", stringReply); [stringReply release]; NSLog(@"Done"); Like I mentioned I'm a little new to objective C so be kind :) Thanks for any help. Mike

    Read the article

  • How to migrate from Natara DayNotez for Pocket PC / Windows Mobile

    - by piggymouse
    I've been using DayNotez as my notes manager since the old Palm PDA days. When I moved to Windows Mobile, I installed DayNotez there and migrated from the Palm version. Now I wish to move from DayNotez altogether (I currently consider Evernote as a decent cross-platform tool). Problem is, DayNotez doesn't let me export the notes (unless I want to transfer them one by one, which is a pain). Natara offers an export tool for Windows, but it only works for Palm HotSync (as it reads from the backed-up PDB file). DayNotez Desktop for Windows stores its local DB under "My Documents\Natara\DayNotez\" directory in a file named "[device name] DayNotez.dnz". Quick look within the file spots a string "Standard Jet DB" near the beginning, but I couldn't open it as a regular JET/MDB file. Any help would be greatly appreciated.

    Read the article

  • How to do server-side validation using Jqgrid?

    - by Eoghan
    Hi, I'm using jqgrid to display a list of sites and I want to do some server side validation when a site is added or edited. (Form editing rather than inline. Validation needs to be server side for various reasons I won't go into.) I thought the best way would be to check the data via an ajax request when the beforeSubmit event is triggered. However this only seems to work when I'm editing an existing row in the grid - the function isn't called when I add a new row. Have I got my beforeSubmit in the wrong place? Thanks for your help. $("#sites-grid").jqGrid({ url:'/json/sites', datatype: "json", mtype: 'GET', colNames:['Code', 'Name', 'Area', 'Cluster', 'Date Live', 'Status', 'Lat', 'Lng'], colModel :[ {name:'code', index:'code', width:80, align:'left', editable:true}, {name:'name', index:'name', width:250, align:'left', editrules:{required:true}, editable:true}, {name:'area', index:'area', width:60, align:'left', editable:true}, {name:'cluster_id', index:'cluster_id', width:80, align:'right', editrules:{required:true, integer:true}, editable:true, edittype:"select", editoptions:{value:"<?php echo $cluster_options; ?>"}}, {name:'estimated_live_date', index:'estimated_live_date', width:120, align:'left', editable:true, editrules:{required:true}, edittype:"select", editoptions:{value:"<?php echo $this->month_options; ?>"}}, {name:'status', index:'status', width:80, align:'left', editable:true, edittype:"select", editoptions:{value:"Live:Live;Plan:Plan;"}}, {name:'lat', index:'lat', width:140, align:'right', editrules:{required:true}, editable:true}, {name:'lng', index:'lng', width:140, align:'right', editrules:{required:true}, editable:true}, ], height: '300', pager: '#pager-sites', rowNum:30, rowList:[10,30,90], sortname: 'cluster_id', sortorder: 'desc', viewrecords: true, multiselect: false, caption: 'Sites', editurl: '/json/sites' }); $("#sites-grid").jqGrid('navGrid','#pager-sites',{edit:true,add:true,del:true, beforeSubmit : function(postdata, formid) { $.ajax({ url : 'json/validate-site/', data : postdata, dataType : 'json', type : 'post', success : function(data) { alert(data.message); return[data.result, data.message]; } }); }});

    Read the article

  • ASP.NET / Active Directory - Supporting auto login for domain users

    - by Krisc
    I am developing a simple ASP.NET website that will run on the intranet on a WS2008(IIS7) box and respond to users running XP/IE8. Everything is domain connected and I am trying to automatically login the users much like SharePoint does. On my dev machine (XP), when running the site through VS, everything works. I can pickup on the user perfectly. I am using the following settings: <authentication mode="Windows"/> <identity impersonate="true"/> <anonymousIdentification enabled="false"/> <authorization> <allow users="*"/> <deny users="?"/> </authorization> However, when I publish to the WS2008 box, it doesn't work. Clearly I am missing a setting in IIS7 to support this. I have the following set for Authentication on the site: Anon Auth - Enabled ASP.NET Impersonation - Enabled Basic Auth - Disabled Forms Auth - Disabled Windows Auth - Disabled What am I missing? Thanks

    Read the article

  • In Asp.Net MVC 2 is there a better way to return 401 status codes without getting an auth redirect

    - by Greg Roberts
    I have a portion of my site that has a lightweight xml/json REST API. Most of my site is behind forms auth but only some of my API actions require authentication. I have a custom AuthorizeAttribute for my API that I use to check for certain permissions and when it fails it results in a 401. All is good, except since I'm using forms auth, Asp.net conveniently converts that into a 302 redirect to my login page. I've seen some previous questions that seem a bit hackish to either return a 403 instead or to put some logic in the global.asax protected void Application_EndRequest() that will essentially convert 302 to 401 where it meets whatever criteria. Previous Question Previous Question 2 What I'm doing now is sort of like one of the questions, but instead of checking the Application_EndRequest() for a 302 I make my authorize attribute return 666 which indicates to me that I need to set this to a 401. Here is my code: protected void Application_EndRequest() { if (Context.Response.StatusCode == MyAuthAttribute.AUTHORIZATION_FAILED_STATUS) { //check for 666 - status code of hidden 401 Context.Response.StatusCode = 401; } } Even though this works, my question is there something in Asp.net MVC 2 that would prevent me from having to do this? Or, in general is there a better way? I would think this would come up a lot for anyone doing REST api's or just people that do ajax requests in their controllers. The last thing you want is to do a request and get the content of a login page instead of json.

    Read the article

  • Using two versions of the same assembly (system.web.mvc) at the same time

    - by Joel Abrahamsson
    I'm using a content management system whose admin interface uses MVC 1.0. I would like to build the public parts of the site using MVC 2. If I just reference System.Web.Mvc version 2 in my project the admin mode doesn't work as the reference to System.Web.Mvc.ViewPage created by the views in the admin interface is ambiguous: The type 'System.Web.Mvc.ViewPage' is ambiguous: it could come from assembly 'C:\Windows\assembly\GAC_MSIL\System.Web.Mvc\2.0.0.0__31bf3856ad364e35\System.Web.Mvc.dll' or from assembly 'C:\Windows\assembly\GAC_MSIL\System.Web.Mvc\1.0.0.0__31bf3856ad364e35\System.Web.Mvc.dll'. Please specify the assembly explicitly in the type name. I could easily work around this by using binding redirects to specify that MVC 2 should always be used. Unfortunately the content management systems admin mode isn't compatible with MVC 2. I'm not exactly sure why, but I start getting a bunch of null reference exceptions in some of it's actions when I try it and the developers of the CMS have confirmed that it isn't compatible with MVC 2 (yet). The admin interface which is accessed through domain.com/admin is not physically located in webroot/admin but in the program files folder on the server and domain.com/admin is instead routed there using a virtual path provider. Therefor, putting a separate web.config file in the admin folder to specify a different version of System.Web.Mvc for that part of the site isn't an option as that won't fly when using shared hosting. Can anyone see any solution to this problem? Perhaps it's possible to specify that for some assemblies a different version of a referenced assembly should be used?

    Read the article

  • Common vulnerabilities for WinForms applications

    - by David Stratton
    I'm not sure if this is on-topic or not here, but it's so specific to .NET WinForms that I believe it makes more sense here than at the Security stackexchange site. (Also, it's related strictly to secure coding, and I think it's as on-topic as any question asking about common website vulnerabiitles that I see all over the site.) For years, our team has been doing threat modeling on Website projects. Part of our template includes the OWASP Top 10 plus other well-known vulnerabilities, so that when we're doing threat modeling, we always make sure that we have a documented process to addressing each of those common vulnerabilities. Example: SQL Injection (Owasp A-1) Standard Practice Use Stored Parameterized Procedures where feasible for access to data where possible Use Parameterized Queries if Stored Procedures are not feasible. (Using a 3rd party DB that we can't modify) Escape single quotes only when the above options are not feasible Database permissions must be designed with least-privilege principle By default, users/groups have no access While developing, document the access needed to each object (Table/View/Stored Procedure) and the business need for access. [snip] At any rate, we used the OWASP Top 10 as the starting point for commonly known vulnerabilities specific to websites. (Finally to the question) On rare occasions, we develop WinForms or Windows Service applications when a web app doesn't meet the needs. I'm wondering if there is an equivalent list of commonly known security vulnerabilities for WinForms apps. Off the top of my head, I can think of a few.... SQL Injection is still a concern Buffer Overflow is normally prevented by the CLR, but is more possible if using non-managed code mixed in with managed code .NET code can be decompiled, so storing sensitive info in code, as opposed to encrypted in the app.config... Is there such a list, or even several versions of such a list, from which we can borrow to create our own? If so, where can I find it? I haven't been able to find it, but if there is one, it would be a great help to us, and also other WinForms developers.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 535 536 537 538 539 540 541 542 543 544 545 546  | Next Page >