CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede pho2ke Nybegynder
20. marts 2005 - 09:13 Der er 9 kommentarer og
1 løsning

AspUpload3.0.0.3 - problem

Jeg har en side hvor jeg kan oprette emner til salg. På samme side kan jeg vedhæfte nogle billeder som så bliver vist sammen med de respektive emner.

Jeg får denne fejlmeddelelse når jeg prøver at uploade noget med billede:

Persits.Upload.1 error '800a0005'
The system cannot find the file specified.
/opretsalg.asp, line 21

Der er ingen problemer med at uploade emner uden billede.


Her er koden til siden:
************************
<html>

<head>
<meta http-equiv="Content-Language" content="da">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Salgsliste</title>
</head>

<body>

<%
mode=request.querystring("m")
if mode="gem" then
sti = "billeder/"
Set Upload = Server.CreateObject("Persits.Upload")
set conn = server.createobject("ADODB.connection")
path = Server.MapPath("db/fpdb/sha.mdb")
conn.Open "DBQ="& path &";DefaultDir="& path & ";Driver={Microsoft Access Driver (*.mdb)}"

Upload.OverwriteFiles = False
Upload.Save (Server.Mappath(sti))
fil1 = ""
fil2 = ""
fil3 = ""
If Not Upload.Files("FILE1") Is Nothing Then fil1 = sti & Upload.Files("FILE1").FileName
If Not Upload.Files("FILE2") Is Nothing Then fil2 = sti & Upload.Files("FILE2").FileName
If Not Upload.Files("FILE3") Is Nothing Then fil3 = sti & Upload.Files("FILE3").FileName

SQL="insert into tblBILSALG ("
SQL = SQL & "oprettet, [Mærke], [Model], [Type], [Brændstof], Farve, [Årgang], Kilometer,  Pris, Synet, Beskrivelse, [Billede 1], [Billede 2], [Billede 3])"
SQL = SQL & " values ("
SQL = SQL & "'" & Upload.form("oprettet") & "', "
SQL = SQL & "'" & Upload.form("Mærke") & "', "
SQL = SQL & "'" & Upload.form("Model") & "', "
SQL = SQL & "'" & Upload.form("Type") & "', "
SQL = SQL & "'" & Upload.form("Brændstof") & "', "
SQL = SQL & "'" & Upload.form("Farve") & "', "
SQL = SQL & "'" & Upload.form("Årgang") & "', "
SQL = SQL & "'" & Upload.form("Kilometer") & "', "
SQL = SQL & "'" & Upload.form("Pris") & "', "
SQL = SQL & "'" & Upload.form("Synet") & "', "
SQL = SQL & "'" & Upload.form("Beskrivelse") & "', "
SQL = SQL & "'" & fil1 & "', "
SQL = SQL & "'" & fil2 & "', "
SQL = SQL & "'" & fil3 & "' "
SQL = SQL & ")"
Conn.Execute(SQL)
%>                <meta http-equiv="refresh" content="2;URL=default_safe.asp?path=1s">
                <font color="#FF0000">Dine ændringer er nu gemt.</font><b>
                <% else %>
        </b>
<div align="center">
    <table border="0" width="85%" id="table1">
        <tr>
            <td><b>
        <form method="POST" action="opretsalg.asp?m=gem" enctype="multipart/form-data">
 
  <div align="center">
    <center>
    <table border="0" cellpadding="0" cellspacing="0" height="44" id="table2">
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Oprettet:</font></td>
        <td height="22">
        <font face="Verdana"><span style="font-size: 9pt">
        <input type="text" name="oprettet" size="20" value="<%=date()%>"></span></font></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Mærke:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="Mærke" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Model:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="model" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Type:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="Type" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Brændstof:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="Brændstof" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Farve:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="Farve" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Årgang:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="Årgang" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Kilometer:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="Kilometer" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Pris:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="Pris" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Synet:</font></td>
        <td height="22"><b>
                <font face="Verdana"><span style="font-size: 9pt">
                <input type="text" name="synet" size="35"></span></font></b></td>
      </tr>
      <tr>
        <td height="22" valign="top">
        <font face="Verdana" style="font-size: 9pt">Beskrivelse:</font></td>
        <td height="22"><font face="Verdana"><span style="font-size: 9pt">
        <textarea rows="8" name="Beskrivelse" cols="35"></textarea></span></font></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Billede 1:</font></td>
        <td height="22"><font face="Verdana"><span style="font-size: 9pt">
        <INPUT TYPE="FILE" SIZE="30" NAME="FILE1"></span></font></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Billede 2:</font></td>
        <td height="22"><font face="Verdana"><span style="font-size: 9pt">
        <INPUT TYPE="FILE" SIZE="30" NAME="FILE2"></span></font></td>
      </tr>
      <tr>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Billede 3:</font></td>
        <td height="22"><font face="Verdana"><span style="font-size: 9pt">
        <INPUT TYPE="FILE" SIZE="30" NAME="FILE3"></span></font></td>
      </tr>
      <tr>
        <td height="22">&nbsp;</td>
        <td height="22"><font face="Verdana" style="font-size: 9pt">Det
        anbefales at billederne fylder max. 50 Kb</font></td>
      </tr>
      </table>
    </center>
  </div>
    <p align="center">
    <font face="Verdana"><span style="font-size: 9pt">
    <br>
  <input type="submit" value="Gem" name="gem">
</span></font>
</p>
</form>
</b>
            <font face="Verdana" style="font-size: 9pt">
<% end if %>
            </font>
            <p>&nbsp;</td>
        </tr>
    </table>
</div>
</body>

</html>
**********************************************

Er der nogen der kan hjælpe mig med problemet??

/Toke
Avatar billede eagleeye Praktikant
20. marts 2005 - 09:26 #1
Så vidt jeg kan tælle mig frem til kommer fejlen i denne linje:
Upload.Save (Server.Mappath(sti))

sti er lig: sti = "billeder/"

Så for den kunne gemme filerne skal der være en folder som hedder billeder som skal være i samme folder som ASP koden. Har du det?
Avatar billede pho2ke Nybegynder
20. marts 2005 - 09:39 #2
Ja det er der.
Mappen og filen ligger samme sted.

Det har virket, men af en eller anden grund gør den ikke længere..
Avatar billede eagleeye Praktikant
20. marts 2005 - 10:24 #3
Har du flyttet koden eller noget?
Det kan være der mangler skriverettigheder til folderen.
Avatar billede pho2ke Nybegynder
20. marts 2005 - 12:04 #4
Det kan være det er noget med skrive rettigheder....
Men det har jo virket, men af en eller anden grund virker det ikke mere..
Jeg har ikke flyttet noget det er sket af sig selv, måske det er noget på serveren der er lavet om.

Jeg fik denne mail, men kan ikke lige se hvad det bevirker hos mig.
**********************************

We have discovered an security issue on all hostingaccounts that affects FSO object that can leak information’s to unwanted users and is under siege to be restructured and fixed.

Risk is very high and is being taken care of immediately and should be finished with in 1 – 2 days.

This will change your website structure and permission structure a lot in a form you can see here below:

All sites will get 2 additional folders and each folder has a special purpose to both protect your data and prevent any further information leeks from your sites and data.

Your basic structure is as fallows:

------ /(ftproot) /domain.dk/db
      /(ftproot) /domain.dk

and will be changed to fallowing structure:

-----/(ftproot)domain.com/db                <- existing folder ( restricted for databases )
    /(ftproot)domain.com/upload          <- new folder      ( restricted for upload content )
    /(ftproot)private                            <- new folder      ( restricted for personal files )

/db is now and will be the only folder you can place mdb databases or other database types that need write access from your website and is structured in a special way to prevent leek of information’s from databases and other important data.
/db has nonread nonscript witch means that you serverside scripts like asp can write to it when user enters your site authenticated by iusr but no user can read from this this folder or run scripts from it or with other words only server side scripts like asp can talk to this folder.

This will mean you must locate all your databases for this site with in this folder.
This will mean you must (if you have not fallowed the rule of placing databases in this folder) move your paths and databases into this folder.

/upload is now and will be only for uploads to protect your web hotel from being abused when you allow direct uploading trough forms on to your site.
/upload has nonscript but has read,  this mean that a user can upload files like pictures and txt or files but they can not be executed to get information’s from your site trough scripts like asp or vbs.

This will mean you must relocate any upload folders you have had in many places inside your website into this folder.

/privat is your personal folder and is located behind your webs, this folder is more like your store folder for data you do not want to be in your web but still on the server, there is no access to this folder in any way from your sites.

From the start we have included a /db folder and has bean the folder for databases and has been told to customers tu use and to be the folder to use for the main reason it is the folder that was meant to only have this rights but until now it has had wrong permissions do to problematic ways to centralize the permission deployment.

Why this happens now ?
In the start it was not done with actually not the best way of security but the most user-friendly way for customers to easy the usage of there hotel but it has flaws regarding permissions.

Now we have developed a lot more efficient way of web hosting and develop us day by day to offer better and more reliable service and this is a part of It, as our when hosting provides about the cheapest hosting solutions there is, often it has to start somewhere and wait with some solutions until we can, and so we did but after we got a kick in the but when one server got abused by FSO crackers and leaked sensitive information’s when using upload forms that users used and opened holes into our servers we take this action and finish all security steps we had planned to do.

Why is this so risky ?
FOS and Asp Upload are 2 of supported components that TalkActive Windows hosting provides and allow direct read and write to the hard disk on the server and then get abused by script kiddies by uploading scripts that use FSO ( File System Object ) to list info from with in your site, and is the most widely used way to crack websites.
Day by day crackers and script kiddies are getting more and more scripted and automated and more and more youngsters are having more and more ways to get there hands on scripts that actual hackers have written and make it a lot more important for us to secure our data as well as possible. To day Windows 2003 servers are getting a lot targeted for the reason that they are not getting cracked and exploited and it seems to be a challenge for those who live in the world of cracking/hacking.

We apologize for all inconvenience this will and may cause you but keep in mind this will secure your sites a lot more and a lot more than that as there are about 24 changes to every web hotel to prevent future issues that can possible be used later on and as we self crack our servers and brutalize them to find weaknesses, every way has no been applied that we feel need to in a one big change to your site.

Other changes will fallow but non will affect your site or hosting but will affect other parts of the servers.

With Best of all regards.
TalkActive Windows Admin.

*****************************************
/Toke
Avatar billede eagleeye Praktikant
20. marts 2005 - 15:17 #5
Ja ud fra mailen har de begrænset rettighederne i alle folderne pga. sikkerhed.

Der er lavet en ny /upload folder som man skal uploade filer til:
"This will mean you must relocate any upload folders you have had in many places inside your website into this folder."
Avatar billede pho2ke Nybegynder
20. marts 2005 - 15:37 #6
Hmm...

Ja det må jeg da lige have misset

Takker....
Prøver lige at lave det om, så skriver jeg igen..
Avatar billede eagleeye Praktikant
20. marts 2005 - 15:41 #7
du kan i første omgang prøve at lave sti om til: sti = "/upload/"

Så skulle den gerne kunne upload. Men så ligger filerne i /upload folderen og ikke billeder. Jeg ved så ikke helt hvordan man flytter dem da det umiddelbart også kræver skriverettighed i den folder man flytter dem til.
Avatar billede pho2ke Nybegynder
20. marts 2005 - 16:20 #8
Jeg har lavet den ene om....
Jeg har flere oploads på samme site....
Og det virker...

Kanont..

Sidder lige op prøver på en af de andre....
Ved ikke helt om de forskellige filer bare skal i samme folder..

Men det må jeg lige udtænke
Avatar billede pho2ke Nybegynder
20. marts 2005 - 16:35 #9
Det virker...

Vil du smide et svar...
Points skal du alligevel have.... trods min dumhed ikke at have læst det ordentlig igennem..

/Toke
Avatar billede eagleeye Praktikant
20. marts 2005 - 16:41 #10
Ok her et svar :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Programmeringssprog kurser
Kurser inden for grundlæggende programmering
Se alle Programmeringssprog kurser

Flere spørgsmål fra ASP kategorien

Titel Indlæg Oprettet Seneste aktivitet
Lost focus Af bsn i ASP 0 07/11/202415:34 -
ASP classic Af bsn i ASP 8 28/10/202423:11 30/10/202422:51
Classic - filer vist med sidste fil først Af bsn i ASP 5 23/05/202409:56 24/05/202400:02
Optimer MySql table med ASP Af poulmadsen i ASP 4 26/04/202417:16 26/04/202418:37
JSON Af ingeman i ASP 3 07/04/202417:53 08/04/202412:09
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 17:06 Sort skærm Af luffe1955 i Windows
I dag 15:18 WM-bus Minomess Single Jet vandmåler Brunata/Zenner Af kulawig i Andet hardware
I dag 14:23 Navn i stifinder til ny bruger: C:\Users\defaultuser100000 Af Jørgen Kirkegaard i Windows
I dag 11:44 Sti og filnavn i sidefod Af boro23 i Word
I dag 11:02 Zyxel Multy U netværk Af jcr18 i Wifi
White papers
Flere white papers »


Premium
Teaser billede
Netcompany udsat for endnu et datalæk
Læs mere »
Leverandør til 50 danske kommuner ramt af ransomware: "Det er ikke sjovt," siger direktør Thomas à Porta
Norlys-kunder har store problemer efter sammenlægning af it-systemer: Internet, tv og telefoni crasher i lange baner
Meldes til politiet for grove GDPR-brud og elendig sikkerhed: Mere end 1.000 tidligere ansatte har haft fri adgang til centralt KMD-system
Se alle »
Computerworld
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Test: Den snusfornuftige Volkswagen ID.3 blevet til lidt af el-bisse
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Et ”mareridt for privatlivets fred”: Kontroversiel Windows-funktion er udkommet i en test-version
Se alle »
CIO
Teaser billede
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Læs mere »
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Leverandør til 50 danske kommuner ramt af ransomware: "Det er ikke sjovt," siger direktør Thomas à Porta
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Twoday er rykket til et af de dyreste postnumre i Danmark – og det kan betale sig, siger topchef Lars Berthelsen
Se alle »
White paper
Teaser billede
Sådan: Én løsning til compliance, sikkerhed og overblik
Læs mere »
SMB og cybertrusler: Brug sikkerhedsressourcerne optimalt
SAP: Skab værdi og minimér omkostninger med effektiv dokumenthåndtering
Sikkerhed uden grænser: Cisco Hypershield
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »