ASP in-depth encryption (lower)

Iv. Development and Use of ASP components:

1. What are the features of components?

L advantages:
N easy to call and saveCode
N High Security
N supports transaction processing and multi-component combination
N fast running
N the page does not need to be modified to upgrade or modify components, so the scalability is good.
L disadvantages:
N development and debugging difficulties

2. How to use VB for development?

(1) Open VB> new project> ActiveX DLL

(2) Change the project name to course.

(3) modify the class module name to conn_db.

(4). Project> references, reference COM Service Type Library and Microsoft Active Server Pages Object Library.

Modify. Modify the Class Code as follows:

'Create a database connection and output database fields
Dim response as response
Dim request as request
Dim server as server
Dim application as application
Dim session as session

Private sub class_initialize ()
Dim objcontext as objectcontext
Set objcontext = getobjectcontext ()
Set response = objcontext ("response ")
Set Request = objcontext ("request ")
Set Server = objcontext ("server ")
Set Application = objcontext ("application ")
Set session = objcontext ("session ")
End sub

Sub conn_db ()
Set conn = Createobject ("ADODB. Connection ")
Conn. Open "course_dsn", "course_user", "course_password"
Set rs = Createobject ("ADODB. recordset ")
Rs. Open "select * From user_info", Conn, 1, 1

If Rs. recordcount> 0 then
For I = 1 to Rs. recordcount
Response. Write "<br>" & RS ("user_name") & "<br>"
If Rs. EOF then exit
Rs. movenext
Next
End if
Rs. Close
Set rs = nothing
Conn. Close
Set conn = nothing
End sub

Adding a new class of cutstr

Modify. Modify the Class Code as follows:

'Intercept string
Function cutstr (STR, length)
If Len (STR)> length then
Cutstr = left (STR, length )&"..."
Else
Cutstr = Str
End if
End Function

Workflow. File> Save

Examples. File> make course. dll

3. Register components: mtsand regsvr32.exe

You can register components in two ways: mtsand regsvr32.exe. MTS is recommended because it has the following advantages:
N dynamic unload balancing to improve components and component-based applicationsProgram.
N contains the ability to publish and submit events and queue components, making it easier to work with multiple components.

To make the component have the MTS feature, you must make a few changes to the component. During Development under NT and 98, Microsoft Transaction Server Type Library must be referenced in the project. For Development under Windows 2000, COM Service Type Library must be referenced.

(1). regsvr32 registration:

Regsvr32.exe is an executable file under system32. It reads component information into the registry for ASP to call.
Use the command line to enter the directory where the component DLL file is located, and run "regsvr32 dll_file_name.

Run regedit. The course. conn_db and course. cutstr items are found under hkey_classes_root, indicating that the component is successfully registered.

(2) register using MTS:

①. Start> program> Management Tools> component services

2. Expand the directory to the following status:

3. Follow the wizard and click "Create an empty application" until the following dialog box is displayed ":

④. In the following dialog box, name the application "Course". The other items are used by default until they are completed.

⑤ Expand the course application, right-click to create a new component

6. Follow the prompts to continue. When the following dialog box appears, select "Import registered components"

7. Select the component we developed and click Next until it is completed.

Summary. At this time, we can find that the course application has two more components:

4. Call components in ASP

Asp_use_com.asp
<%
'Asp calls COM components
Set cutstr_obj = server. Createobject ("course. cutstr ")
Response. Write cutstr_obj.cutstr ("abcdefghijk", 3) & "<br>"
Set cutstr_obj = nothing

Set conn_obj = server. Createobject ("course. conn_db ")
Conn_obj.conn_db ()
Set conn_obj = nothing
%>

Effect:
ABC...

Ahyi

Tuth

Indicates that the call is successful.

5. Uninstall Components

(1). Use the-u Switch to uninstall the component registered with regsvr32:

Note: first enter the directory where the component DLL is located, and then use "regsvr32-u dll_file_name" to uninstall it. Then restart IIS.

(2) to use the MTS registered component, first Delete the corresponding application in "component service", and then perform steps (1) to completely uninstall the component.

6. dll component storage location and permission settings

(1). We only need to copy the DLL file generated by compilation. Other files do not need to be processed.
(2) Place the DLL outside the Web site, such as the System32 directory to prevent download.
(3) set the File Permission of. DLL to system reading. Internet users can traverse folders/running files.
(4). dll remove all permissions in IIS, such as reading and voluntary access to scripts.
After the above processing, you can ensure the security of the DLL file.

7. Others

How can I easily port ASP code into COM components by Using ASP objects in components?

5. Optimal IIS configuration

1. Web site tabs: IP, port, virtual host, connection, log
2. ISAPI filter: added to PhP and JSP support
3. Main directory Configuration tab: I is permission settings (combined with file permissions), execution permission, application protection, ing, buffering, parent path, error information
4. Other tabs: Custom errors, HTTP headers, Directory Security, documents
5. benefits and disadvantages of File compression

Vi. Others

1. Send mail (jmail; ms smtp)

Use Microsoft SMTP to send emails
(1) install Microsoft SMTP service
(2) Set Microsoft SMTP service
(3). Code:
Mail_smtp.asp
<%
Sub Sendmail (fromwho, towho, subject, body)
Dim mymail
Set mymail = server. Createobject ("cdonts. newmail ")
Mymail. From = fromwho
Mymail. To = towho
Mymail. Subject = subject
Mymail. Body = body
Mymail. Send
Set mymail = nothing
End sub
%>

This subroutine accepts four parameters corresponding to the following items.
L email address of the email sender
L email address of the email recipient
L Email Subject
L mail content

Usage:
<%
Fromwho =...
Towho =...
Subject =...
Body =...

If towho <> "" then
Sendmail fromwho, towho, subject, body
End if
%>

Use jmail to send an email
If you are interested, you can discuss it with me. I also have the jmail software.

2. decompress the ZIP file (wscript. Shell and WinZip command line; Java component)

(1) install WinZip 8.1 or above
(2) install WinZip command line
(3) set the File Permission of the working directory to allow Internet users to read, write, and modify files.
(4). Code:
Unzip_a_zipfile.asp
<%
'Start the program with a shell object
'Zip _ path is the path of a specific ZIP file, such as c: \ test.zip.
'Path is the path for storing the decompressed File
'Ond is a command line parameter.
Set wshshell = server. Createobject ("wscript. Shell ")
Issuccess = wshshell. Run ("wzunzip-ond" & zip_path & "& Path, 1, true)

'Delete the ZIP file
Set myfileobject = server. Createobject ("scripting. FileSystemObject ")
Myfileobject. deletefile zip_path

'Determine whether the operation is successful to continue
If issuccess = 0 then
'Success
...
Else
'Failed
...
End if
%>

3. Operate XML files

The communication time is limited, so I have time to discuss it in detail.

4. File Upload

(1. install the File Upload Component ASP fileup (supports multi-File Upload, file type and size determination, File Upload renamed, etc.)
(2. restart IIS for the Upload Component to take effect
(3. set the upload directory permission to allow Internet users to read, write, and modify files
(4. code
upload_file.htm

<Center>
<Form enctype = "multipart/form-Data" method = "Post" Action = "upload_file.asp" name = "Upload">
<Input type = "hidden" name = "copyrightinfo" value = "http://www.chinaasp.com";>
Select a file: <input type = "file" name = "file1" class = "input"> <br>
Select a file: <input type = "file" name = "file2" class = "input"> <br>
</Form>
<Br>
<A href = "javascript: Document. Upload. Submit ();"> submit </a>
</Center>

Upload_file.asp
<%
On Error resume next

'Define the function for obtaining the file suffix
Function getfileextname (filename)
Pos = Limit Rev (filename ,".")
If POS> 0 then
Getfileextname = mid (filename, POS 1)
Else
Getfileextname = ""
End if
End Function

'Define the function for getting the file name.
Function getfilename (filename)
Lens = Len (filename)-len (getfileextname (filename)-1
Getfilename = left (filename, lens)
End Function

'Create an object for the File Upload Component
Set fileup = server. Createobject ("chinaasp. Upload ")

'Read user-uploaded files cyclically and save them on the server
For each F in fileup. Files

'When the user does not select a file or the file size exceeds 10 MB, the page for selecting the file to be uploaded is returned.
If F. filename = "" or F. filesize> 10485500 then response. Redirect "upload_file.htm"

'Get the saved path
Path = server. mappath ("upload_file.asp ")
Path = left (path, Len (PATH)-15)

'Save the file
F. saveas Path & getfilename (F. filename) & "." & getfileextname (F. filename)

Next

Response. Redirect "upload_file.htm"
%>

5. Drive/directory/File Operations

The communication time is limited, so I have time to discuss it in detail.

6. asp Writing and debugging experience: How to Select cookies and sessions, cookies quantity traps, page expiration and buffering settings, how to ensure portability, and how to handle internal server 500 errors ......

1. Selection of cookies and sessions:
(1). Common Features
(2). Differences:
①. Working Method
②. Expiration Conditions
③. Impact on server performance

2. Cookies quantity trap:
IIS can store no more than 20 General cookies, and then define the value of cookies before the new cookies will be lost. This is obviously very limited for large applications. How can this problem be solved?
The answer is to use two-dimensional cookies.

Example:

Test the maximum number of cookies in one dimension:
Test_cookies_1.asp
<%
For I = 1 to 50
Response. Cookies ("cookies _" & I) = I
Next
%>

Test_cookies_2.asp
<%
For I = 1 to 50
Response. Write Request. Cookies ("cookies _" & I) & "<br>"
Next
%>

Effect:
Access test_cookies_1.asp first, and then test_cookies_2.asp. What did you find?

Test_cookies_3.asp
<%
For I = 1 to 50
Response. Cookies ("cookies _" & I) = I
Next

For I = 1 to 50
Response. Write Request. Cookies ("cookies _" & I) & "<br>"
Next
%>

Effect:
No cookies are lost !!!!

Test the limit of two-dimensional cookies:
Test_cookies_4.asp
<%
For 1 to 301
Response. Cookies ("tuht") ("cookies _" & I) = I
Next
%>

Test_cookies_5.asp
<%
For 1 to 301
Response. Write Request. Cookies ("tuht") ("cookies _" & I) & "<br>"
Next
%>

Effect:
In this way, you can use 201*20 = 4020 cookies !!!!

3. Page expiration and cache settings
<%
'Expiration and buffer Processing
Response. Buffer = true
Response. cachecontrol = "no-chache"
Response. expiresabsolute = now ()-1
Response. expires = 0
%>
You can also set the parameters in HTML:
<Meta content = "no-Cache" http-equiv = "Pragma">
<Meta HTTP-EQUIV = "expires" content = "0">

4. Portability assurance
(1). Include files
<! -- # Include file = "Top. asp" -->
(2) Use server. mappath to find the file path and avoid using the absolute path directly on the page.
(3) Use components to encapsulate business logic as much as possible

5. debug Internal Server Error 500
(1). Set IIS to display specific error information
(2) step-by-step debugging, from top to bottom
(3) print the values of some important variables and check whether they are as expected.
(4) Judging Errors Based on experience

7. Operate Word documents

(1) install Office 2000, which is mandatory for Word 2000
(2) Set Internet Security in IE: All ActiveX controls and plug-ins are enabled.
(3) set the File Permission of the working directory to Internet and system read/modify/Write
(4). Compile the course. Dot template.
Detail. Specific Code:
Opr_doc_inc.asp
<%
Response. Write "dim var_num" & CHR (13)
Response. Write "var_num = 2" & CHR (13)
Response. Write "dim varstrings (2)" & CHR (13)
Response. Write "varstrings (0) =" & CHR (34) & "Start:" & CHR (34) & CHR (13)
Response. Write "varstrings (1) =" & CHR (34) & "Date:" & CHR (34) & CHR (13)
Response. Write "dim varvalues (2)" & CHR (13)
Response. Write "varvalues (0) =" & CHR (34) & "Kia: Tu Haitao" & CHR (34) & CHR (13)
Response. Write "varvalues (1) =" & CHR (34) & "Date:" & date () & CHR (34) & CHR (13)
%>

Sub instead (word)
Set myrange = word. activedocument. Content
For I = 0 to var_num-1
Call myrange. Find. Execute (varstrings (I), false, varvalues (I), 2)
Next
End sub

Opr_doc.asp
<%
'Get the saved path
Path = server. mappath ("opr_doc.asp ")
Path = left (path, Len (PATH)-11)
Filenames = Path & "test.doc"

W1 = "word. activedocument. saveas" & CHR (32) & CHR (34) & filenames & CHR (34)
W2 = "wapp. Documents. Open" & CHR (32) & CHR (34) & filenames & CHR (34)
%>
<Script language = "VBScript">
On Error resume next
'Generate a Word document with the specified file name
Dim word
Set word = Createobject ("word. application ")
If err. Number> 0 then
Alert "An error occurred. Check whether the file exists"
Else
Word. Visible = false
Word.doc uments. Open "<% response. Write PATH %> course. Dot"
<% Response. Write W1 %>
Word.doc uments. Close
Set word = nothing
End if

<! -- # Include file = "opr_doc_inc.asp" -->

Dim wapp
Set wapp = Createobject ("word. application ")
If err. Number> 0 then
Alert "An error occurred. Check whether the file is correctly created"
Else
Wapp. Visible = true
<% Response. Write W2 %>
Call instead (wapp)
Set wapp = nothing
End if
</SCRIPT>

Result: Have you generated the DOC file? What is the difference between the newly created DOC file and the template file? Has the drafting and date changed? Save it and check the content of the newly generated DOC file.

Appendix:
1. All the above Code is tested in Windows 2000 Server SP2 IIS 5.0 ms SQL Server 2000 Office 2000
2. Configure the database: the database name is course, the user is course_user, the password is course_password, the ODBC driver is course_dsn, the port is 2433, and the script describing the table structure is in the shared directory.
3. download the software ASP fileup, jmail, WinZip 8.1, and WinZip command line.
4. Database script file:
If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [output_1] ') and objectproperty (ID, n' isprocedure') = 1)
Drop procedure [DBO]. [output_1]
Go

If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [return_1] ') and objectproperty (ID, n' isprocedure') = 1)
Drop procedure [DBO]. [return_1]
Go

If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [user_info_1] ') and objectproperty (ID, n' isprocedure') = 1)
Drop procedure [DBO]. [user_info_1]
Go

If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [user_info_2] ') and objectproperty (ID, n' isprocedure') = 1)
Drop procedure [DBO]. [user_info_2]
Go

If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [user_info_3] ') and objectproperty (ID, n' isprocedure') = 1)
Drop procedure [DBO]. [user_info_3]
Go

If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [user_info] ') and objectproperty (ID, n'isusertable') = 1)
Drop table [DBO]. [user_info]
Go

Create Table [DBO]. [user_info] (
[ID] [int] identity (1, 1) not null,
[User_name] [varchar] (40) Collate chinese_prc_ci_as not null,
[Password] [varchar] (20) Collate chinese_prc_ci_as not null
) On [primary]
Go

Alter table [DBO]. [user_info] With nocheck add
Constraint [pk_user_info] primary key clustered
(
[User_name]
) On [primary]
Go

Set quoted_identifier off
Go
Set ansi_nulls off
Go

Create procedure [output_1]
@ Sid int output
As
Set @ SID = 2
Go
Set quoted_identifier off
Go
Set ansi_nulls on
Go

Set quoted_identifier off
Go
Set ansi_nulls off
Go

Create procedure [return_1]
(@ User_name varchar (40), @ password varchar (20 ))
As
If exists (select ID from user_info where user_name = @ user_name and Password = @ password)
Return 1
Else
Return 0
Go
Set quoted_identifier off
Go
Set ansi_nulls on
Go

Set quoted_identifier on
Go
Set ansi_nulls off
Go

Create procedure [user_info_1]
(@ User_name varchar (40), @ password varchar (20 ))
As
Select ID from user_info where user_name = @ user_name and Password = @ Password
Go
Set quoted_identifier off
Go
Set ansi_nulls on
Go

Set quoted_identifier off
Go
Set ansi_nulls off
Go

Create procedure [user_info_2]
(@ User_name varchar (40), @ password varchar (20 ))
As
Set xact_abort on
Begin transaction
Delete from user_info where user_name = @ user_name and Password = @ Password
Commit transaction
Set xact_abort off
Go
Set quoted_identifier off
Go
Set ansi_nulls on
Go

Set quoted_identifier off
Go
Set ansi_nulls off
Go

Create procedure [user_info_3]
Select * From user_info
Go
Set quoted_identifier off
Go
Set ansi_nulls on
Go