Hi
As various people have asked for this, I thought I'd best post it to
the list.
The script is intended to be run with basic or integrated
Windows authentication set via ISM, so it knows who has invoked it.
That's
so support staff here can use it to look up anyone's reports, while
individuals are restricted to their own ones. Also if invoked without
SSL it
redirects to an SSL version right at the start, to protect passwords.
Finally there are some site-specific items: the Const statements at the
start, and the function "Footer" at the end. You might need to change
these
to get it to work.
Oh, and I've had to change the extension from "asp" to "txt" to keep
Outlook
quiet!
Regards
Max Caines
IT Services, University of Wolverhampton
Wolverhampton, West Midlands WV1 1SB
Tel: 01902 322245 Fax: 01902 322777
<%
Const SearchBase = "<LDAP://ou=2kusers,dc=unv,dc=wlv,dc=ac,dc=uk>"
Const WirelessSupportGroup = "LDAP://cn=Student Wireless,ou=groups,ou=2kusers,dc=unv,dc=wlv,dc=ac,dc=uk"
Const ListUserURL = "https://register.wlv.ac.uk/ListAccounts.asp?nametofind="
Const GetReportURL = "https://cam.unv.wlv.ac.uk/admin/cisco_api.jsp"
Dim strQuery, strTitle, strAddress, strFilter, strFooter, strGif, arrReports, strWho, strType, strUser, strWhat
Dim objXMLHTTP, strURL, re, oMatches, oMatch, strErrText, strParams,
i, iCount, strText, strFunction, strNumber
SetLocale("en-gb")
strURL = "https://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("SCRIPT_NAME")
strTitle = "Lookup Clean Access reports"
strFooter = Footer
strWho = Request.ServerVariables("LOGON_USER")
if strWho = "" then Reply "Access to this script must be authenticated. Please report this error to the Service Desk.", false
strWho = replace(strWho, "UNV\", "")
if Request.QueryString.Count = 0 then
strFunction = ""
strUser = ""
strAddress = ""
strNumber = ""
else
strFunction = Request.QueryString("function")
strUser = Request.QueryString("user")
strAddress = ucase(Request.QueryString("address"))
strNumber = Request.QueryString("number")
end if
' Most people can only look themselves up
if not IsAdmin() and strFunction <> "report" then
strFunction = "find"
strUser = strWho
strAddress = ""
strNumber = ""
end if
if strFunction = "" then
%>
<html>
<head>
<title><% = strTitle %></title>
<LINK REL="stylesheet" TYPE="text/css" HREF="style.css">
<script language='JavaScript'>
<!--
function changeType(n) {
document.forms[0].querytype[n].click();
}
function findUser() {
var url = '<% = ListUserURL %>' +
escape(document.forms[0].user.value) + '&staff=y&students=y&listaction=' +
escape('window.opener.setUser(val1, val2);');
window.open(url, 'directory', 'width=600,height=350,scrollbars=yes,resizable=yes');
}
function setUser(cn, name) {
document.forms[0].user.value = cn;
}
function checkMAC(f) {
var re, m;
re = /^([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})[ -.:]?([0-9a-fA-F]{2})$/;
m = re.exec(f.value);
if (!m) {
alert("The MAC address must be 12 hex digits, with optional hyphens");
f.select();
f.focus();
return(false);
}
f.value = m[1] + ":" + m[2] + ":" + m[3] + ":" + m[4] + ":" +
m[5] + ":" + m[6];
return(true)
}
function checkData() {
with (document.forms[0]) {
if (querytype[0].checked)
return(checkMAC(address));
else if (querytype[1].checked)
if (user.value == "") {
alert("You have not supplied a usercode or student number");
user.focus();
return(false);
}
}
return(true);
}
//-->
</script>
</head>
<body bgcolor="white"><IMG SRC="banner.gif" ALT="University of Wolverhampton">
<h1><% = strTitle %></h1>
<hr>
<FORM ACTION='<% = strURL %>' METHOD='GET' onsubmit='return(checkData())'>
Which MAC addresses are you interested in?
<TABLE BORDER=0 WIDTH=60%>
<TR><TD><input type='radio' name='querytype' value='address' checked></td><td>A specific MAC address - enter it here:</td>
<td><input name='address' size=17 maxsize=17 onfocus='changeType(0)'></td></tr>
<tr><td><input type='radio' name='querytype' value='user'></td><td>All addresses registered to a user -
enter the usercode or student number, or enter the name or mail address and click <i>Search</i>:</td>
<td><input name='user' size=17 maxsize=17 onfocus='changeType(1)'> <input type='button' value='Search' onClick='findUser()'></td></tr>
</table>
<p>
Then press <i>Continue</i> to get the information for the required system.
<p><input type="submit" value="Continue">
<input type='hidden' name='function' value='find'>
</form>
<P>
<% = strFooter %>
</body>
</html>
<%
elseif strFunction = "find" then
Set objXMLHTTP = Server.CreateObject("MSXML2.ServerXMLHTTP") 'create the xmlhttp object
objXMLHTTP.Open "POST", GetReportURL, false
objXMLHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
if strAddress <> "" then
strFilter = "mac=" & strAddress
strWhat = "the system with this address"
elseif strUser <> "" then
strFilter = "user=" & strUser
if strUser = strWho then
strWhat = "systems owned by you"
else
strWhat = "systems owned by this user"
end if
else
Reply "You must supply either a username or a MAC address", false
end if
strParams = "admin=admin&passwd=xO94p%3BZk&op=getreports&"
& strFilter & "&timeRange=-168,now&showText=true"
objXMLHTTP.Send strParams
if objXMLHTTP.status = 200 then
set re = new Regexp
re.Pattern = "<!--error=(.*)-->"
On Error Resume Next
Set oMatches = re.Execute(objXMLHTTP.responseText)
Set oMatch = oMatches(0)
strErrText = oMatch.SubMatches(0)
On Error Goto 0
if Err <> 0 then Reply "Server error: " &
objXMLHTTP.responseText, false
else
Reply "The server returned status code " & objXMLHTTP.status, false
end if
if strErrText = "0" then
re.Pattern = "<!--count=(.*)-->"
On Error Resume Next
Set oMatches = re.Execute(objXMLHTTP.responseText)
Set oMatch = oMatches(0)
iCount = cint(oMatch.SubMatches(0))
On Error Goto 0
if Err <> 0 then Reply "Server error: " &
objXMLHTTP.responseText, false
else
Reply "The server returned status code " & objXMLHTTP.status, false
end if
if iCount = 0 then Reply "There are no check reports from the
last week for " & strWhat, false
re.Pattern = "<!--
status=([^,]*),user=([^,]*),agentType=[^,]*,ip=([^,]*),mac=([^,]*),os=([^,]*),time=([^,]*),text=(.*?)-->"
re.Global = true
strText = replace(objXMLHTTP.responseText, vbLf, "")
On Error Resume Next
Set oMatches = re.Execute(strText)
On Error Goto 0
if Err <> 0 then Reply "Server error: " & objXMLHTTP.responseText, false
%>
<html>
<head>
<title><% = strTitle %></title>
<style type="text/css">
div.tableContainer {
width: 55%; /* table width will be 99% of this*/
height: 348px; /* must be greater than tbody*/
overflow: auto;
}
</style>
<LINK REL="stylesheet" TYPE="text/css" HREF="scrolltable.css">
<LINK REL="stylesheet" TYPE="text/css" HREF="scrolltable-print.css" MEDIA="print">
</head>
<body bgcolor="white"><IMG SRC="banner.gif" ALT="University of Wolverhampton">
<h1><% = strTitle %></h1>
<hr>
This table shows all check reports from the last week for <% =
strWhat %>.
Click on the tick or cross in the result field to get the report details.
<p>
<form action='<% = strURL %>' method='post'>
<div class="tableContainer" id="data">
<table cellspacing="0">
<thead>
<tr><td width=20%>MAC</td><td width=20%>IP</td><td width=20%>OS</td><td width=20%>Time</td><td width=20%>Result</td></tr>
</thead>
<tbody>
<%
ReDim arrReports(iCount)
i = 1
for each oMatch in oMatches
if oMatch.SubMatches(0) = "success" then
strGif = "img/tick.gif"
else
strGif = "img/cross.gif"
end if
arrReports(i) = oMatch.SubMatches(6)
Response.Write "<tr><td>" & LCase(oMatch.SubMatches(3)) & _
"</td><td class='centered'>" & oMatch.SubMatches(2) & "</
td><td class='centered'>" & _
oMatch.SubMatches(4) & "</td><td class='centered'>" & oMatch.SubMatches(5) & _
"</td><td class='centered'><input type='image' src='" & strGif & "' height=15 width=15 border=0 " & _
"onClick=""javascript:window.open('" & strURL & "?function=report&number=" & i & "', " & _
"'report', 'toolbar=no, width=600, height=400, scrollbars=yes, resizable=yes'); return false;""></td></tr>" & vbCrLf
i = i + 1
next
Session("arrReports") = arrReports
%>
</tbody>
</table>
</div>
<p>
<input type='button' value='Start again' onClick='location="<%= strURL %>"'>
</form>
<P>
<% = strFooter %>
</body>
</html>
<%
elseif strFunction = "report" then
arrReports = Session("arrReports")
if not IsNumeric(strNumber) then Reply "Missing report number", false
Response.Write arrReports(strNumber) & vbCrLf
%>
<P>
<form><input type='button' value="Close" onclick="self.close()"></form>
</body>
</html>
<%
end if
sub Reply(strText, boolClose)
Dim strAction, strButton
if boolClose then
strAction = "self.close()"
strButton = "Close"
else
strAction = "location='" & strURL & "'"
strButton = "Start again"
end if
%>
<html>
<head>
<title><%= strTitle %></title>
<LINK REL="stylesheet" TYPE="text/css" HREF="style.css">
</head>
<body bgcolor="white"><IMG SRC="banner.gif" ALT="University of Wolverhampton">
<h1><%= strTitle %></h1>
<hr>
<% = strText %>.
<p>
<form><input type='button' value="<%= strButton %>" onClick="<%= strAction %>"></form>
<P>
<% = strFooter %>
</body>
</html>
<%
Response.End
end sub
function Footer
Dim f, fso
set fso = Server.CreateObject("Scripting.FileSystemObject")
set f = fso.GetFile(Server.MapPath(Request.ServerVariables("PATH_INFO")))
Footer = "<table width=100% bgcolor='#ffffdc' cellpadding=5 cellspacing=0><tr><td>" & vbCrLf
Footer = Footer & "<a href='http://www.wlv.ac.uk/'>University
of Wolverhampton</a><br>" & vbCrLf
Footer = Footer & "<a href='http://asp.wlv.ac.uk/Level2.asp?
UserType=6&Subsection=25'>IT Services</a><br>" & vbCrLf
Footer = Footer & "<a href='http://www.wlv.ac.uk/university/disclaimer/official.html'>" & vbCrLf
Footer = Footer & "Disclaimer and copyright statement</a></td><td align='right'>Page created: " & vbCrLf
Footer = Footer & FormatDateTime(f.DateCreated, vbLongDate) & "<br>Last changed: " & vbCrLf
Footer = Footer & FormatDateTime(f.DateLastModified, vbLongDate)
& vbCrLf
Footer = Footer & "<br> </td></tr></table><!-- Author: Max Caines; Reviser: Max Caines -->"
set f = Nothing
set fso = Nothing
end function
function IsAdmin
Dim adsGroup, adoConnection, adoResultSet
set adsGroup = GetObject(WirelessSupportGroup)
set adoConnection = Server.CreateObject("ADODB.Connection")
adoConnection.Provider = "ADSDSOObject"
adoConnection.Open "", vbNullString, vbNullString
set adoResultSet = adoConnection.Execute(SearchBase & ";(cn=" & strWho & ");ADsPath;SubTree")
IsAdmin = adsGroup.IsMember(adoResultSet("ADsPath"))
end function
%>
|