Hi all, at present I I've built a website which can be updated by admin and
users.
My problem, I've combined "log in" and "access levels" to restrict access to
certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I constantly
get redirected from the restricted pages.
I.e. admin get redirected even though they meet the security level.
Can anyone help?
Below are portion of the code to help
I'm Using Dreamweaver MX 7.01 an XP SP 2.
Login database
Username password security
Peter bongo Admin
Patrick peach client
"Log in" web page code
*** Validate request to log in to this site.
MM_LoginAction = Request.ServerV ariables("URL")
If Request.QuerySt ring<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEnco de(Request.Quer yString)
MM_valUsername= CStr(Request.Fo rm("username") )
If MM_valUsername <> "" Then
MM_fldUserAutho rization="secur ity"
MM_redirectLogi nSuccess="welld one.asp"
MM_redirectLogi nFailed="Login. asp"
MM_flag="ADODB. Recordset"
set MM_rsUser = Server.CreateOb ject(MM_flag)
MM_rsUser.Activ eConnection = MM_LoginTest_ST RING
MM_rsUser.Sourc e = "SELECT username, password"
If MM_fldUserAutho rization <> "" Then MM_rsUser.Sourc e = MM_rsUser.Sourc e
& "," & MM_fldUserAutho rization
MM_rsUser.Sourc e = MM_rsUser.Sourc e & " FROM Login WHERE username='" &
Replace(MM_valU sername,"'","'' ") &"' AND password='" &
Replace(Request .Form("password "),"'","''" ) & "'"
MM_rsUser.Curso rType = 0
MM_rsUser.Curso rLocation = 2
MM_rsUser.LockT ype = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Use rname") = MM_valUsername
If (MM_fldUserAuth orization <> "") Then
Session("MM_Use rAuthorization" ) =
CStr(MM_rsUser. Fields.Item(MM_ fldUserAuthoriz ation).Value)
Else
Session("MM_Use rAuthorization" ) = ""
End If
if CStr(Request.Qu eryString("acce ssdenied")) <> "" And false Then
MM_redirectLogi nSuccess = Request.QuerySt ring("accessden ied")
End If
MM_rsUser.Close
Response.Redire ct(MM_redirectL oginSuccess)
End If
MM_rsUser.Close
Response.Redire ct(MM_redirectL oginFailed)
End If
%>
Restricted web page
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUs ers="Admin"
MM_authFailedUR L="NoPermission .asp"
MM_grantAccess= false
If Session("MM_Use rname") <> "" Then
If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _
(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1)
Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_aut hFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerV ariables("URL")
if (Len(Request.Qu eryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QuerySt ring()
MM_authFailedUR L = MM_authFailedUR L & MM_qsChar & "accessdeni ed=" &
Server.URLEncod e(MM_referrer)
Response.Redire ct(MM_authFaile dURL)
End If
%> 3 3132
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged in,
not redirecting people all over the place. It is only going to cause issues
and complicate things because even after the redirect you still need to make
sure the places you send them only allow the intended users. Your basically
doing a lot more work than you need to.
Christopher Williams www.PowerASP.com www.CJWSoft.com
"Paul" <de*******@blue yonder.co.uk> wrote in message
news:m0******** ***********@fe2 .news.blueyonde r.co.uk... Hi all, at present I I've built a website which can be updated by admin and users. My problem, I've combined "log in" and "access levels" to restrict access to certain pages, using the built in "log in" and "user authentication, restrict access to page" features. But I find the after login I constantly get redirected from the restricted pages.
I.e. admin get redirected even though they meet the security level. Can anyone help? Below are portion of the code to help
I'm Using Dreamweaver MX 7.01 an XP SP 2. Login database Username password security
Peter bongo Admin
Patrick peach client "Log in" web page code *** Validate request to log in to this site.
MM_LoginAction = Request.ServerV ariables("URL")
If Request.QuerySt ring<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEnco de(Request.Quer yString)
MM_valUsername= CStr(Request.Fo rm("username") )
If MM_valUsername <> "" Then
MM_fldUserAutho rization="secur ity"
MM_redirectLogi nSuccess="welld one.asp"
MM_redirectLogi nFailed="Login. asp"
MM_flag="ADODB. Recordset"
set MM_rsUser = Server.CreateOb ject(MM_flag)
MM_rsUser.Activ eConnection = MM_LoginTest_ST RING
MM_rsUser.Sourc e = "SELECT username, password"
If MM_fldUserAutho rization <> "" Then MM_rsUser.Sourc e = MM_rsUser.Sourc e & "," & MM_fldUserAutho rization
MM_rsUser.Sourc e = MM_rsUser.Sourc e & " FROM Login WHERE username='" & Replace(MM_valU sername,"'","'' ") &"' AND password='" & Replace(Request .Form("password "),"'","''" ) & "'"
MM_rsUser.Curso rType = 0
MM_rsUser.Curso rLocation = 2
MM_rsUser.LockT ype = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Use rname") = MM_valUsername
If (MM_fldUserAuth orization <> "") Then
Session("MM_Use rAuthorization" ) = CStr(MM_rsUser. Fields.Item(MM_ fldUserAuthoriz ation).Value)
Else
Session("MM_Use rAuthorization" ) = ""
End If
if CStr(Request.Qu eryString("acce ssdenied")) <> "" And false Then
MM_redirectLogi nSuccess = Request.QuerySt ring("accessden ied")
End If
MM_rsUser.Close
Response.Redire ct(MM_redirectL oginSuccess)
End If
MM_rsUser.Close
Response.Redire ct(MM_redirectL oginFailed)
End If
%> Restricted web page <%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUs ers="Admin"
MM_authFailedUR L="NoPermission .asp"
MM_grantAccess= false
If Session("MM_Use rname") <> "" Then
If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _
(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_aut hFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerV ariables("URL")
if (Len(Request.Qu eryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QuerySt ring()
MM_authFailedUR L = MM_authFailedUR L & MM_qsChar & "accessdeni ed=" & Server.URLEncod e(MM_referrer)
Response.Redire ct(MM_authFaile dURL)
End If
%>
Hi Christopher, at present my admin pages are visible by everybody. I'm
trying to prevent this whilst giving certain users more administrative
features. I'm assuming that I would still use access level if I dynamically
tailored the content? If so there lays my problem. For something which
should seem so simple I'm having a nightmare. I've use the built in "log in"
and "restrict access" features in Dreamweaver but they don't seem to work.
Is there any special preparation, session or something? All I'm using for
login, is a login database containing username, password, accesslevel,
fields, all spelt correctly.
I feel the sessions aren't getting passed from the login paged. Is there any
way of checking this?
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUs ers="Admin"
MM_authFailedUR L="NoPermission .asp"
MM_grantAccess= false
If Session("MM_Use rname") <> "" Then
If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _
(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1)
Then
MM_grantAccess = true
End If
"Christophe r Williams" <ch***@fixCJWSo ft.com> wrote in message
news:%2******** **********@tk2m sftngp13.phx.gb l... I say redirecting users around like that is a bad idea. You should be dynamically tailoring the content based on who is logged in, not redirecting people all over the place. It is only going to cause issues and complicate things because even after the redirect you still need to make sure the places you send them only allow the intended users. Your basically doing a lot more work than you need to.
Christopher Williams www.PowerASP.com www.CJWSoft.com "Paul" <de*******@blue yonder.co.uk> wrote in message news:m0******** ***********@fe2 .news.blueyonde r.co.uk... Hi all, at present I I've built a website which can be updated by admin and users. My problem, I've combined "log in" and "access levels" to restrict access to certain pages, using the built in "log in" and "user authentication, restrict access to page" features. But I find the after login I constantly get redirected from the restricted pages.
I.e. admin get redirected even though they meet the security level. Can anyone help? Below are portion of the code to help
I'm Using Dreamweaver MX 7.01 an XP SP 2. Login database Username password security
Peter bongo Admin
Patrick peach client "Log in" web page code *** Validate request to log in to this site.
MM_LoginAction = Request.ServerV ariables("URL")
If Request.QuerySt ring<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEnco de(Request.Quer yString)
MM_valUsername= CStr(Request.Fo rm("username") )
If MM_valUsername <> "" Then
MM_fldUserAutho rization="secur ity"
MM_redirectLogi nSuccess="welld one.asp"
MM_redirectLogi nFailed="Login. asp"
MM_flag="ADODB. Recordset"
set MM_rsUser = Server.CreateOb ject(MM_flag)
MM_rsUser.Activ eConnection = MM_LoginTest_ST RING
MM_rsUser.Sourc e = "SELECT username, password"
If MM_fldUserAutho rization <> "" Then MM_rsUser.Sourc e = MM_rsUser.Sourc e & "," & MM_fldUserAutho rization
MM_rsUser.Sourc e = MM_rsUser.Sourc e & " FROM Login WHERE username='" & Replace(MM_valU sername,"'","'' ") &"' AND password='" & Replace(Request .Form("password "),"'","''" ) & "'"
MM_rsUser.Curso rType = 0
MM_rsUser.Curso rLocation = 2
MM_rsUser.LockT ype = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Use rname") = MM_valUsername
If (MM_fldUserAuth orization <> "") Then
Session("MM_Use rAuthorization" ) = CStr(MM_rsUser. Fields.Item(MM_ fldUserAuthoriz ation).Value)
Else
Session("MM_Use rAuthorization" ) = ""
End If
if CStr(Request.Qu eryString("acce ssdenied")) <> "" And false Then
MM_redirectLogi nSuccess = Request.QuerySt ring("accessden ied")
End If
MM_rsUser.Close
Response.Redire ct(MM_redirectL oginSuccess)
End If
MM_rsUser.Close
Response.Redire ct(MM_redirectL oginFailed)
End If
%> Restricted web page <%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUs ers="Admin"
MM_authFailedUR L="NoPermission .asp"
MM_grantAccess= false
If Session("MM_Use rname") <> "" Then
If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _
(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_aut hFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerV ariables("URL")
if (Len(Request.Qu eryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QuerySt ring()
MM_authFailedUR L = MM_authFailedUR L & MM_qsChar & "accessdeni ed=" & Server.URLEncod e(MM_referrer)
Response.Redire ct(MM_authFaile dURL)
End If
%>
well, I wont lie to you.
I sell this and it would probably solve all your problems as it takes care
of everything for you. www.aspprotect.com
You need to ask yourself if all this time you are spending on this is worth
the aggrevation or if it is better to just buy something that takes care of
it and has been time tested.
I don't think you are going to get the answers you are looking for in these
newgroups.
Take Care,
--
Christopher Williams www.PowerASP.com www.CJWSoft.com
"Paul" <de*******@blue yonder.co.uk> wrote in message
news:EI******** *********@fe3.n ews.blueyonder. co.uk... Hi Christopher, at present my admin pages are visible by everybody. I'm trying to prevent this whilst giving certain users more administrative features. I'm assuming that I would still use access level if I dynamically tailored the content? If so there lays my problem. For something which should seem so simple I'm having a nightmare. I've use the built in "log in" and "restrict access" features in Dreamweaver but they don't seem to work. Is there any special preparation, session or something? All I'm using for login, is a login database containing username, password, accesslevel, fields, all spelt correctly. I feel the sessions aren't getting passed from the login paged. Is there any way of checking this?
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUs ers="Admin"
MM_authFailedUR L="NoPermission .asp"
MM_grantAccess= false If Session("MM_Use rname") <> "" Then
If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _
(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1) Then
MM_grantAccess = true
End If
"Christophe r Williams" <ch***@fixCJWSo ft.com> wrote in message news:%2******** **********@tk2m sftngp13.phx.gb l...I say redirecting users around like that is a bad idea. You should be dynamically tailoring the content based on who is logged in, not redirecting people all over the place. It is only going to cause issues and complicate things because even after the redirect you still need to make sure the places you send them only allow the intended users. Your basically doing a lot more work than you need to.
Christopher Williams www.PowerASP.com www.CJWSoft.com "Paul" <de*******@blue yonder.co.uk> wrote in message news:m0******** ***********@fe2 .news.blueyonde r.co.uk... Hi all, at present I I've built a website which can be updated by admin and users. My problem, I've combined "log in" and "access levels" to restrict access to certain pages, using the built in "log in" and "user authentication, restrict access to page" features. But I find the after login I constantly get redirected from the restricted pages.
I.e. admin get redirected even though they meet the security level. Can anyone help? Below are portion of the code to help
I'm Using Dreamweaver MX 7.01 an XP SP 2. Login database Username password security
Peter bongo Admin
Patrick peach client "Log in" web page code *** Validate request to log in to this site.
MM_LoginAction = Request.ServerV ariables("URL")
If Request.QuerySt ring<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEnco de(Request.Quer yString)
MM_valUsername= CStr(Request.Fo rm("username") )
If MM_valUsername <> "" Then
MM_fldUserAutho rization="secur ity"
MM_redirectLogi nSuccess="welld one.asp"
MM_redirectLogi nFailed="Login. asp"
MM_flag="ADODB. Recordset"
set MM_rsUser = Server.CreateOb ject(MM_flag)
MM_rsUser.Activ eConnection = MM_LoginTest_ST RING
MM_rsUser.Sourc e = "SELECT username, password"
If MM_fldUserAutho rization <> "" Then MM_rsUser.Sourc e = MM_rsUser.Sourc e & "," & MM_fldUserAutho rization
MM_rsUser.Sourc e = MM_rsUser.Sourc e & " FROM Login WHERE username='" & Replace(MM_valU sername,"'","'' ") &"' AND password='" & Replace(Request .Form("password "),"'","''" ) & "'"
MM_rsUser.Curso rType = 0
MM_rsUser.Curso rLocation = 2
MM_rsUser.LockT ype = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Use rname") = MM_valUsername
If (MM_fldUserAuth orization <> "") Then
Session("MM_Use rAuthorization" ) = CStr(MM_rsUser. Fields.Item(MM_ fldUserAuthoriz ation).Value)
Else
Session("MM_Use rAuthorization" ) = ""
End If
if CStr(Request.Qu eryString("acce ssdenied")) <> "" And false Then
MM_redirectLogi nSuccess = Request.QuerySt ring("accessden ied")
End If
MM_rsUser.Close
Response.Redire ct(MM_redirectL oginSuccess)
End If
MM_rsUser.Close
Response.Redire ct(MM_redirectL oginFailed)
End If
%> Restricted web page <%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUs ers="Admin"
MM_authFailedUR L="NoPermission .asp"
MM_grantAccess= false
If Session("MM_Use rname") <> "" Then
If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _
(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_aut hFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerV ariables("URL")
if (Len(Request.Qu eryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QuerySt ring()
MM_authFailedUR L = MM_authFailedUR L & MM_qsChar & "accessdeni ed=" & Server.URLEncod e(MM_referrer)
Response.Redire ct(MM_authFaile dURL)
End If
%>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Vijay Kumar R Zanvar |
last post by:
Greetings,
Are the following inferences of mine correct?
1. #include <string.h>
char *strcpy(char * restrict s1,
const char * restrict s2);
a. s1 != s2
b. That means,
|
by: tweak |
last post by:
Can someone give me a short example as how to best use this keyword in
your code?
This is my understanding: by definition restrict sounds like it is
suppose to restrict access to memory location(s) pointed to, so that
only one declared pointer can store that address and access the data in
those memory blocks, where I the data in those location(s) can be changed.
Is that a correct understanding?
|
by: toddles666 |
last post by:
Hi-
Is there any way of restricting access to a database by application &
account? For example, I only want the application APP1 to access the
database using the USER1 account. I've tried to use the DB2 Governor to
do this, but it seems it always allows the the first query to be
processed before forcing the connection. Here is my db2gov config
file:
--- start config
|
by: pemo |
last post by:
In Harbison and Steele's book, they say that using 'restrict' allows
functions like memcpy() to be prototyped like this:
void * memcpy(void * restrict s1, const void * restrict s2, size_t n);
But this seems a mite dangerous to me ... a restricted pointer ... is
*assumed* to be the only to access an object.
So, mightn't using such a prototype subtly imply that the compiler
will *actively check* that s1 and s2 do not point to the same
|
by: Me |
last post by:
I'm trying to wrap my head around the wording but from what I think the
standard says:
1. it's impossible to swap a restrict pointer with another pointer,
i.e.
int a = 1, b = 2;
int * restrict ap = &a;
int * restrict bp = &b;
| |
by: Niu Xiao |
last post by:
I see a lot of use in function declarations, such as
size_t fread(void* restrict ptr, size_t size, size_t nobj, FILE*
restrict fp);
but what does the keyword 'restrict' mean? there is no definition found
in K&R 2nd.
|
by: Frederick Gotham |
last post by:
I'm going to be using an acronym a lot in this post:
IINM = If I'm not mistaken
Let's say we've got translation units which are going to be compiled to
object files, and that these object files will be supplied to people to link
with their own projects. Here's a sample function in one of the object files:
void Func(int const *const p)
{
|
by: rainy6144 |
last post by:
Does the following code have defined behavior?
double *new_array(unsigned n)
{
double *p = malloc(n * sizeof(double));
unsigned i;
for (i = 0; i < n; i++) p = 0.0;
return p;
}
|
by: raashid bhatt |
last post by:
what is restrict keyword used for?
eg int *restrict p;
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |