ASP Example #3
Application Security Testing: An Integral Part of DevOps
[Guestbook] [The Thank-You Page]
[Altering the Guestbook]
Welcome to Active Server Pages (ASP) Example #3, A guestbook with "Thank You" page. Everybody loves putting together a great guestbook, and through the use of ASP, you can get that all important secondary page that pops up right after the user submits. But more than that, you get to configure the thank-you page to include the user's name and other responses depending on what the user entered into the guestbook form.
As was stated in ASP Example #2, this tutorial will not get into what ASP is all about or how to find out if you have ASP capabilities. That's all covered in ASP Example #1. So, if you haven't already, head over to the ASP Example #1 and read all about it. You'll get the ASP scoop and a small program to test your server for ASP capabilities.
And again - ASP is not supported by all servers. In fact, you can't see the Guestbook presented here in action. Why? The HTML Goodies servers do not support ASP. *sigh*
The ProcessThe young gentleman who wrote these ASP pages for me actually thought I was pulling his leg when I told him how popular the concept of getting a thank-you page following a guestbook submit had become. He wanted to know why people wanted such a thing. I said, "Shut up and get writing. I'm paying you by the hour."
Actually I paid him a flat rate. It's a good thing too. He didn't quite know how he was going to get the effect. He actually had to go back to his apartment and call a bunch of his ASP buddies to talk over how the effect would be achieved. What you get in this tutorial is what they all arrived at. No, I didn't pay the consulting ASP artists. Seeing what the first guy charges me, they're all probably wealthy anyway.
Here's the deal:
- The form that acts as the Guestbook is created through simple HTML commands, making sure
that every form element is given a NAME attribute.
- The main FORM tag has its ACTION attribute pointing at the thank-you page rather than
at a mailto: command.
- All of the VBScript that sends the mail along is contained on the thank-you page. Thus, the change of page was going to happen whether a guestbook was involved or not. The thank you text displays and the mail are both sent all from the second page. It's a very clever system. Maybe those other guys should have gotten paid.
The FilesYou're going to have to have two. As was the case in ASP Example #2, I am offering the files as HTML documents. When you click on the links below, you'll see code. Copy the ENTIRE code and paste it to a text editor. The first thing you copy should be the code: <%@ LANGUAGE="VBSCRIPT" %>. That starts off all ASP pages. Then, when you save the code, name it what ever you want and make sure it has an ".asp" extension.
The ".asp" extension is very important and not adding it is the main cause of these tutorials not giving people the effect they're looking for. Here are the files:
The Guestbook PageThe Guestbook page should be pretty familiar to you coding to you by now. If not, go read the Forms tutorial right away. You're in over your head here.
Right now the form is just two text boxes named yourname and email, a couple of radio buttons named answer, and a submit button.
Yes, you will be able to add and alter the items that make up the Guestbook page, but right now let's stay on track.
Did you see that there was some bold text when you copied and pasted? The bold text was the ASP page the ACTION attribute pointed to. It looked like this:
See it? In terms of this Guestbook page, that's really the only the thing you have to be concerned with. Right now the ACTION is set to send the output of the form to the thank-you page, asp_ty.asp.
If you kept the name in tact and you named your thank-you page asp_ty.asp, they you don't have to change a thing - it's ready to roll. But if you did change the name of the thank-you page, you need the change this out to read whatever name you chose.
The Thank-You PageThe thank-you page has a few more parts to be concerned about. First off, I have made each of the HTML comments italic. I have also underlined the ASP comments. (They start with a single quote mark.) None of those comments add to the output of the page, they're just in there to help you understand what's going on.
Here's the first line of code that really involves what the user entered into the Guestbook form page:
See the command within the < and >. That's VBScript that posts what was written in the text box given the name yourname. Remember that format. It's going to come into play again later.
Remember that this is ASP. That code will never be seen by the user, even if they look at the source. It'll just simply read Thanks for filling out the form Bill.. That is, if some guy named Bill answered the form. Following the concept here?
Set Up The Email
The next small block of code sets up destination and originating variables plus a subject line and body so that the text has somewhere to go. Don't touch it. I'm just pointing out what it does. No need to mess with it.
Fill the Variables
Now we're at a point where you have to alter the code a bit.
OriginatingEmail = Request.form("email")
DestinationEmail = "firstname.lastname@example.org"
Subject = "The Subject Line Goes Here"
The first line is good to go. It's using the input the user entered in the text box named email. Don't touch it.
The next two lines require you to put in your own email, or the email address where you want the mail to end up, and then a subject line. Do that.
The Body of the Email
...is created by the next little block of code. Notice the format. It's much like the first code we talked about that posts the user's name to the page. All this line of code does is take the text in the two text boxes, and the user's choice between the radio buttons and make it one line of text.
Notice the format. Each blurb or code starts with an "&" and ends with a semi-colon. That will become important to you later when you want to add additional elements.
Send that Mail!
The next blurb of code sends the mail. I have mentioned that the mail element has to be added to the server for this format to run. I only put that in, in case the form doesn't run. I would be very, very surprised if your ASP server didn't have the mail utility installed.
Did the Mail Send?
Very clever. I think this is the greatest part of this whole Guestbook system.
Respond to the User
The final block of text is, again, a conditional statement that displays text depending on which radio button the user chose. If the user chose the radio button with the VALUE "yes", then the text "I like Active Server Pages Too!" is written to the page. If the user chose the radio button with the VALUE "no", then the text "I don't like Active Server Pages either!" writes to the page.
Again, this all happens behind the scenes. The user will never actually see the VBScript code. When the page is displayed, all of this will be replaced with simple text. The source code will look like a basic HTML document. Neat, huh?
Altering the GuestbookYou have the format for posting something from the Guestbook form to the page. This: <%=Request.form("######")%>. So now you can add as many text boxes and textarea boxes as you'd like to. Just remember to give each text element a different name. Then you can take and place the text the user put into the text element simply by following the format above and putting the NAME you gave the text element in where I have "######". Easy.
If you want to add what the user put in the text element into the email message that comes to your mailbox, simply follow the format that was used to create the Body section of the text. Each new element begins with an "&" and ends with a semicolon. Watch the quotes too.
Want to add another couple of radio button, check box, or pull down box choices and have something write to the page depending on the choice? Follow the format in the last block of code to get the effect. Just remember to give each element a VALUE. That's what is used to determine what choice the user made.
That's ThatI have this guestbook format on my server at school. It supports ASP. The look is very nice and it really makes you look like you know what you're doing. And isn't that what it's all about?
[Guestbook] [The Thank-You Page]
[Altering the Guestbook]
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...