0

I've played with ASP classic and VB Script a few years since that's what we have at our company, but this is really bothering me. We bought the CJWSoft ASP Protect, and did some customizing, if anyone is familiar with it. Every page I log into ends with a question mark at the end of the URL and displays an internal server 500 error (using a testing server: Windows Web Server 2008 R2). One would think it would always go to the default.asp page upon login, but that doesn't happen unless I open a new window, which it's set to not store cookies. I can access any page I log into after I clear the question mark at the end of the URL. I have IT guys here, but we're not sure what's causing it.

(IP Address/Default.asp? [or] IP Address/password_admin/default.asp?) produces an

Internal Server Error 500.

Remove the ? and I'm into any of the pages on the server. Why?

I think the following script may have something to do with it, or whatever relates to it...

If Session("PasswordAccess") = "No" Then
    Thispage = Request.ServerVariables("script_name")
Else

    'Thispage = Request.ServerVariables("script_name") & "?" & Request.Querystring & Request.Form

    'Setting Below is more secure than the setting above which allows form post data to be re-returned to the page

    Thispage = Request.ServerVariables("script_name") & "?" & Request.Querystring
End If

Please help me resolve the question mark, anything else is a grand bonus!

Teivaz
  • 5,462
  • 4
  • 37
  • 75
redfish
  • 3
  • 1
  • 1
    You really should [enable detailed error messages](http://stackoverflow.com/questions/5910147/setting-detailed-customer-error-messages-issues-iis7-asp-classic) and figure out exactly what the 500 error is. – Martha Apr 29 '16 at 13:56
  • Excellent idea. I will ask IT to help me get that resolved so I can check it out in detail. Learning as I go along... Thank you! – redfish Apr 29 '16 at 14:03
  • Another question: what does the script do with `Thispage` after setting it? Does it just do a `Response.Redirect Thispage`, or is it trying something fancier? – Martha Apr 29 '16 at 14:05
  • check_user_inc.asp requests script_name, which I haven't found yet, and links to these pages as well. – redfish Apr 29 '16 at 14:26
  • 1
    I don't think listing the other include files is relevant. What are the next lines of code after the snippet you posted? More specifically, where is the variable `Thispage` used in the code? (There's nothing special about "`Thispage`"; `Josephine = Request.ServerVariables("SCRIPT_NAME")` would accomplish the same thing.) – Martha Apr 29 '16 at 15:34

1 Answers1

0

What about only appending that ? if the query string isn't empty? Like

<%
Thispage = Request.ServerVariables("script_name") 
Dim qst : qst = Request.ServerVariables("QUERY_STRING")
if qst<>"" then Thispage = Thispage & "?" & qst
%>
Ralpharama
  • 441
  • 4
  • 20
  • That does remove the question mark upon login, but it still has the Internal Server Error 500. I have to go up to the URL and press enter to access the site. So frustrating!!! Thank you for helping. – redfish Apr 29 '16 at 13:37
  • Are there any odd rewrite rules in place in IIS that might be catching these urls and trying to redirect them somewhere odd? I'm afraid I'm out of ideas after that :( – Ralpharama Apr 30 '16 at 11:44
  • 1
    Thank you Martha and Ralpharama! I got the detailed error messaging enabled, used the code Ralpharama provided in place of what I had above, and had an IT guy change admin permissions to read and write, etc. on the database and IIS. It now logs into the site as it should, with the stupid question mark gone! He called me a nuebie, but it's his system I don't have access to that I'm trying to make this website. You both were very helpful! :) – redfish May 02 '16 at 17:44
  • Glad you got it sorted. – Ralpharama May 03 '16 at 13:40