Re: Feature Request

Caines, Max Mon, 10 Mar 2008 09:36:03 -0700

Hi

As various people have asked for this, I thought I'd best post it to the list.


The script is intended to be run with basic or integrated
Windows authentication set via ISM, so it knows who has invoked it. That's
so support staff here can use it to look up anyone's reports, while
individuals are restricted to their own ones. Also if invoked without SSL it
redirects to an SSL version right at the start, to protect passwords.
Finally there are some site-specific items: the Const statements at the
start, and the function "Footer" at the end. You might need to change these
to get it to work.

Oh, and I've had to change the extension from "asp" to "txt" to keep Outlook
quiet!

Regards

Max Caines
IT Services, University of Wolverhampton
Wolverhampton, West Midlands WV1 1SB
Tel: 01902 322245 Fax: 01902 322777

<%

Const SearchBase = "<LDAP://ou=2kusers,dc=unv,dc=wlv,dc=ac,dc=uk>"
Const WirelessSupportGroup = "LDAP://cn=Student 
Wireless,ou=groups,ou=2kusers,dc=unv,dc=wlv,dc=ac,dc=uk"
Const ListUserURL = "https://register.wlv.ac.uk/ListAccounts.asp?nametofind=";
Const GetReportURL = "https://cam.unv.wlv.ac.uk/admin/cisco_api.jsp";

Dim strQuery, strTitle, strAddress, strFilter, strFooter, strGif, arrReports, 
strWho, strType, strUser, strWhat
Dim objXMLHTTP, strURL, re, oMatches, oMatch, strErrText, strParams, i, iCount, 
strText, strFunction, strNumber

SetLocale("en-gb")
strURL = "https://"; & Request.ServerVariables("SERVER_NAME") & 
Request.ServerVariables("SCRIPT_NAME")
strTitle = "Lookup Clean Access reports"
strFooter = Footer

strWho = Request.ServerVariables("LOGON_USER")
if strWho = "" then Reply "Access to this script must be authenticated. Please 
report this error to the Service Desk.", false
strWho = replace(strWho, "UNV\", "")

if Request.QueryString.Count = 0 then
  strFunction = ""
  strUser = ""
  strAddress = ""
  strNumber = ""
else
  strFunction = Request.QueryString("function")
  strUser = Request.QueryString("user")
  strAddress = ucase(Request.QueryString("address"))
  strNumber = Request.QueryString("number")
end if

' Most people can only look themselves up

if not IsAdmin() and strFunction <> "report" then
  strFunction = "find"
  strUser = strWho
  strAddress = ""
  strNumber = ""
end if

if strFunction = "" then

%>

<html>
<head>
<title><% = strTitle %></title>
<LINK REL="stylesheet" TYPE="text/css" HREF="style.css">
<script language='JavaScript'>
<!--
function changeType(n) {
  document.forms[0].querytype[n].click();
}

function findUser() {
  var url = '<% = ListUserURL %>' +
    escape(document.forms[0].user.value) + '&staff=y&students=y&listaction=' + 
    escape('window.opener.setUser(val1, val2);');
  window.open(url, 'directory', 
'width=600,height=350,scrollbars=yes,resizable=yes');
}

function setUser(cn, name) {
  document.forms[0].user.value = cn;
}

function checkMAC(f) {
  var re, m;

  re = /^([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})[ 
-.:]?([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})$/;
  m = re.exec(f.value);
  if (!m) {
    alert("The MAC address must be 12 hex digits, with optional hyphens");
    f.select();
    f.focus();
    return(false);
  }
  f.value = m[1] + ":" + m[2] + ":" + m[3] + ":" + m[4] + ":" + m[5] + ":" + 
m[6];
  return(true)
}

function checkData() {
  with (document.forms[0]) {
    if (querytype[0].checked)
      return(checkMAC(address));
    else if (querytype[1].checked)
      if (user.value == "") {
        alert("You have not supplied a usercode or student number");
        user.focus();
        return(false);
      }
  }
  return(true);
}
//-->
</script>
</head>
<body bgcolor="white"><IMG SRC="banner.gif" ALT="University of Wolverhampton">
<h1><% = strTitle %></h1>
<hr>
<FORM ACTION='<% = strURL %>' METHOD='GET' onsubmit='return(checkData())'>
Which MAC addresses are you interested in?
<TABLE BORDER=0 WIDTH=60%>
<TR><TD><input type='radio' name='querytype' value='address' checked></td><td>A 
specific MAC address - enter it here:</td>
  <td><input name='address' size=17 maxsize=17 
onfocus='changeType(0)'></td></tr>
<tr><td><input type='radio' name='querytype' value='user'></td><td>All 
addresses registered to a user - 
  enter the usercode or student number, or enter the name or mail address and 
click <i>Search</i>:</td>
  <td><input name='user' size=17 maxsize=17 
onfocus='changeType(1)'>&nbsp;&nbsp;&nbsp;<input type='button' value='Search' 
onClick='findUser()'></td></tr>
</table>
<p>
Then press <i>Continue</i> to get the information for the required system.
<p><input type="submit" value="Continue">
<input type='hidden' name='function' value='find'>
</form>
<P>
<% = strFooter %>
</body>
</html>

<% 

elseif strFunction = "find" then
  Set objXMLHTTP = Server.CreateObject("MSXML2.ServerXMLHTTP")   'create the 
xmlhttp object
  objXMLHTTP.Open "POST", GetReportURL, false
  objXMLHTTP.setRequestHeader "Content-Type", 
"application/x-www-form-urlencoded" 
  if strAddress <> "" then
    strFilter = "mac=" & strAddress
    strWhat = "the system with this address"
  elseif strUser <> "" then
    strFilter = "user=" & strUser
    if strUser = strWho then
      strWhat = "systems owned by you"
    else
      strWhat = "systems owned by this user"
    end if
  else
    Reply "You must supply either a username or a MAC address", false
  end if
  strParams = "admin=admin&passwd=xO94p%3BZk&op=getreports&" & strFilter & 
"&timeRange=-168,now&showText=true"
  objXMLHTTP.Send strParams
  if objXMLHTTP.status = 200 then
    set re = new Regexp
    re.Pattern = "<!--error=(.*)-->"
    On Error Resume Next
    Set oMatches = re.Execute(objXMLHTTP.responseText)
    Set oMatch = oMatches(0)
    strErrText = oMatch.SubMatches(0)
    On Error Goto 0
    if Err <> 0 then Reply "Server error: " & objXMLHTTP.responseText, false
  else
    Reply "The server returned status code " & objXMLHTTP.status, false
  end if
  if strErrText = "0" then
    re.Pattern = "<!--count=(.*)-->"
    On Error Resume Next
    Set oMatches = re.Execute(objXMLHTTP.responseText)
    Set oMatch = oMatches(0)
    iCount = cint(oMatch.SubMatches(0))
    On Error Goto 0
    if Err <> 0 then Reply "Server error: " & objXMLHTTP.responseText, false
  else
    Reply "The server returned status code " & objXMLHTTP.status, false
  end if
  if iCount = 0 then Reply "There are no check reports from the last week for " 
& strWhat, false
  re.Pattern = 
"<!--status=([^,]*),user=([^,]*),agentType=[^,]*,ip=([^,]*),mac=([^,]*),os=([^,]*),time=([^,]*),text=(.*?)-->"
  re.Global = true
  strText = replace(objXMLHTTP.responseText, vbLf, "")
  On Error Resume Next
  Set oMatches = re.Execute(strText)
  On Error Goto 0
  if Err <> 0 then Reply "Server error: " & objXMLHTTP.responseText, false

%>

<html>
<head>
<title><% = strTitle %></title>
<style type="text/css">
div.tableContainer {
        width: 55%;             /* table width will be 99% of this*/
        height: 348px;  /* must be greater than tbody*/
        overflow: auto;
        }
</style>
<LINK REL="stylesheet" TYPE="text/css" HREF="scrolltable.css"> 
<LINK REL="stylesheet" TYPE="text/css" HREF="scrolltable-print.css" 
MEDIA="print"> 

</head>
<body bgcolor="white"><IMG SRC="banner.gif" ALT="University of Wolverhampton">
<h1><% = strTitle %></h1>
<hr>

This table shows all check reports from the last week for <% = strWhat %>. 
Click on the tick or cross in the result field to get the report details.
<p>

<form action='<% = strURL %>' method='post'>
<div class="tableContainer" id="data">
<table cellspacing="0">
<thead>
<tr><td width=20%>MAC</td><td width=20%>IP</td><td width=20%>OS</td><td 
width=20%>Time</td><td width=20%>Result</td></tr>
</thead>
<tbody>

<%

  ReDim arrReports(iCount)
  i = 1
  for each oMatch in oMatches
    if oMatch.SubMatches(0) = "success" then
      strGif = "img/tick.gif"
    else
      strGif = "img/cross.gif"
    end if
    arrReports(i) = oMatch.SubMatches(6)
    Response.Write "<tr><td>" & LCase(oMatch.SubMatches(3)) & _
      "</td><td class='centered'>" & oMatch.SubMatches(2) & "</td><td 
class='centered'>" & _
      oMatch.SubMatches(4) & "</td><td class='centered'>" & 
oMatch.SubMatches(5) & _
      "</td><td class='centered'><input type='image' src='" & strGif & "' 
height=15 width=15 border=0 " & _
      "onClick=""javascript:window.open('" & strURL & 
"?function=report&number=" & i & "', " & _
      "'report', 'toolbar=no, width=600, height=400, scrollbars=yes, 
resizable=yes'); return false;""></td></tr>" & vbCrLf
    i = i + 1
  next
  Session("arrReports") = arrReports

%>

</tbody>
</table>
</div>
<p>
<input type='button' value='Start again' onClick='location="<%= strURL %>"'>
</form>
<P>
<% = strFooter %>
</body>
</html>

<%

elseif strFunction = "report" then
  arrReports = Session("arrReports")
  if not IsNumeric(strNumber) then Reply "Missing report number", false
  Response.Write arrReports(strNumber) & vbCrLf

%>

<P>
<form><input type='button' value="Close" onclick="self.close()"></form>
</body>
</html>

<%

end if

sub Reply(strText, boolClose)
  Dim strAction, strButton

  if boolClose then
    strAction = "self.close()"
    strButton = "Close"
  else
    strAction = "location='" & strURL & "'"
    strButton = "Start again"
  end if

%>

<html>
<head>
<title><%= strTitle %></title>
<LINK REL="stylesheet" TYPE="text/css" HREF="style.css"> 
</head>
<body bgcolor="white"><IMG SRC="banner.gif" ALT="University of Wolverhampton">
<h1><%= strTitle %></h1>
<hr>
<% = strText %>.
<p>
<form><input type='button' value="<%= strButton %>" onClick="<%= strAction 
%>"></form>
<P>
<% = strFooter %>
</body>
</html>

<%

  Response.End

end sub

function Footer
  Dim f, fso

  set fso = Server.CreateObject("Scripting.FileSystemObject")
  set f = fso.GetFile(Server.MapPath(Request.ServerVariables("PATH_INFO")))
  Footer = "<table width=100% bgcolor='#ffffdc' cellpadding=5 
cellspacing=0><tr><td>" & vbCrLf
  Footer = Footer & "<a href='http://www.wlv.ac.uk/'>University of 
Wolverhampton</a><br>" & vbCrLf
  Footer = Footer & "<a 
href='http://asp.wlv.ac.uk/Level2.asp?UserType=6&Subsection=25'>IT 
Services</a><br>" & vbCrLf
  Footer = Footer & "<a 
href='http://www.wlv.ac.uk/university/disclaimer/official.html'>" & vbCrLf
  Footer = Footer & "Disclaimer and copyright statement</a></td><td 
align='right'>Page created:&nbsp;" & vbCrLf
  Footer = Footer & FormatDateTime(f.DateCreated, vbLongDate) & "<br>Last 
changed:&nbsp;" & vbCrLf
  Footer = Footer & FormatDateTime(f.DateLastModified, vbLongDate) & vbCrLf
  Footer = Footer & "<br>&nbsp;</td></tr></table><!-- Author: Max Caines; 
Reviser: Max Caines -->"
  set f = Nothing
  set fso = Nothing

end function

function IsAdmin
  Dim adsGroup, adoConnection, adoResultSet

  set adsGroup = GetObject(WirelessSupportGroup)
  set adoConnection = Server.CreateObject("ADODB.Connection")
  adoConnection.Provider = "ADSDSOObject"
  adoConnection.Open "", vbNullString, vbNullString
  set adoResultSet = adoConnection.Execute(SearchBase & ";(cn=" & strWho & 
");ADsPath;SubTree")
  IsAdmin = adsGroup.IsMember(adoResultSet("ADsPath"))

end function

%>

smime.p7s
Description: S/MIME cryptographic signature

Re: Feature Request

Reply via email to