473,738 Members | 2,009 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Restrict Access Problem

Hi all, at present I I've built a website which can be updated by admin and
users.

My problem, I've combined "log in" and "access levels" to restrict access to
certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I constantly
get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerV ariables("URL")

If Request.QuerySt ring<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEnco de(Request.Quer yString)

MM_valUsername= CStr(Request.Fo rm("username") )

If MM_valUsername <> "" Then

MM_fldUserAutho rization="secur ity"

MM_redirectLogi nSuccess="welld one.asp"

MM_redirectLogi nFailed="Login. asp"

MM_flag="ADODB. Recordset"

set MM_rsUser = Server.CreateOb ject(MM_flag)

MM_rsUser.Activ eConnection = MM_LoginTest_ST RING

MM_rsUser.Sourc e = "SELECT username, password"

If MM_fldUserAutho rization <> "" Then MM_rsUser.Sourc e = MM_rsUser.Sourc e
& "," & MM_fldUserAutho rization

MM_rsUser.Sourc e = MM_rsUser.Sourc e & " FROM Login WHERE username='" &
Replace(MM_valU sername,"'","'' ") &"' AND password='" &
Replace(Request .Form("password "),"'","''" ) & "'"

MM_rsUser.Curso rType = 0

MM_rsUser.Curso rLocation = 2

MM_rsUser.LockT ype = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Use rname") = MM_valUsername

If (MM_fldUserAuth orization <> "") Then

Session("MM_Use rAuthorization" ) =
CStr(MM_rsUser. Fields.Item(MM_ fldUserAuthoriz ation).Value)

Else

Session("MM_Use rAuthorization" ) = ""

End If

if CStr(Request.Qu eryString("acce ssdenied")) <> "" And false Then

MM_redirectLogi nSuccess = Request.QuerySt ring("accessden ied")

End If

MM_rsUser.Close

Response.Redire ct(MM_redirectL oginSuccess)

End If

MM_rsUser.Close

Response.Redire ct(MM_redirectL oginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUs ers="Admin"

MM_authFailedUR L="NoPermission .asp"

MM_grantAccess= false

If Session("MM_Use rname") <> "" Then

If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _

(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_aut hFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerV ariables("URL")

if (Len(Request.Qu eryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QuerySt ring()

MM_authFailedUR L = MM_authFailedUR L & MM_qsChar & "accessdeni ed=" &
Server.URLEncod e(MM_referrer)

Response.Redire ct(MM_authFaile dURL)

End If

%>
Jul 22 '05 #1
3 3128
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged in,
not redirecting people all over the place. It is only going to cause issues
and complicate things because even after the redirect you still need to make
sure the places you send them only allow the intended users. Your basically
doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blue yonder.co.uk> wrote in message
news:m0******** ***********@fe2 .news.blueyonde r.co.uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict access
to certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I constantly
get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerV ariables("URL")

If Request.QuerySt ring<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEnco de(Request.Quer yString)

MM_valUsername= CStr(Request.Fo rm("username") )

If MM_valUsername <> "" Then

MM_fldUserAutho rization="secur ity"

MM_redirectLogi nSuccess="welld one.asp"

MM_redirectLogi nFailed="Login. asp"

MM_flag="ADODB. Recordset"

set MM_rsUser = Server.CreateOb ject(MM_flag)

MM_rsUser.Activ eConnection = MM_LoginTest_ST RING

MM_rsUser.Sourc e = "SELECT username, password"

If MM_fldUserAutho rization <> "" Then MM_rsUser.Sourc e = MM_rsUser.Sourc e
& "," & MM_fldUserAutho rization

MM_rsUser.Sourc e = MM_rsUser.Sourc e & " FROM Login WHERE username='" &
Replace(MM_valU sername,"'","'' ") &"' AND password='" &
Replace(Request .Form("password "),"'","''" ) & "'"

MM_rsUser.Curso rType = 0

MM_rsUser.Curso rLocation = 2

MM_rsUser.LockT ype = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Use rname") = MM_valUsername

If (MM_fldUserAuth orization <> "") Then

Session("MM_Use rAuthorization" ) =
CStr(MM_rsUser. Fields.Item(MM_ fldUserAuthoriz ation).Value)

Else

Session("MM_Use rAuthorization" ) = ""

End If

if CStr(Request.Qu eryString("acce ssdenied")) <> "" And false Then

MM_redirectLogi nSuccess = Request.QuerySt ring("accessden ied")

End If

MM_rsUser.Close

Response.Redire ct(MM_redirectL oginSuccess)

End If

MM_rsUser.Close

Response.Redire ct(MM_redirectL oginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUs ers="Admin"

MM_authFailedUR L="NoPermission .asp"

MM_grantAccess= false

If Session("MM_Use rname") <> "" Then

If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _

(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_aut hFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerV ariables("URL")

if (Len(Request.Qu eryString()) > 0) Then MM_referrer = MM_referrer & "?"
& Request.QuerySt ring()

MM_authFailedUR L = MM_authFailedUR L & MM_qsChar & "accessdeni ed=" &
Server.URLEncod e(MM_referrer)

Response.Redire ct(MM_authFaile dURL)

End If

%>

Jul 22 '05 #2
Hi Christopher, at present my admin pages are visible by everybody. I'm
trying to prevent this whilst giving certain users more administrative
features. I'm assuming that I would still use access level if I dynamically
tailored the content? If so there lays my problem. For something which
should seem so simple I'm having a nightmare. I've use the built in "log in"
and "restrict access" features in Dreamweaver but they don't seem to work.
Is there any special preparation, session or something? All I'm using for
login, is a login database containing username, password, accesslevel,
fields, all spelt correctly.

I feel the sessions aren't getting passed from the login paged. Is there any
way of checking this?

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUs ers="Admin"

MM_authFailedUR L="NoPermission .asp"

MM_grantAccess= false

If Session("MM_Use rname") <> "" Then

If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _

(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1)
Then

MM_grantAccess = true

End If


"Christophe r Williams" <ch***@fixCJWSo ft.com> wrote in message
news:%2******** **********@tk2m sftngp13.phx.gb l...
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged in,
not redirecting people all over the place. It is only going to cause
issues and complicate things because even after the redirect you still
need to make sure the places you send them only allow the intended users.
Your basically doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blue yonder.co.uk> wrote in message
news:m0******** ***********@fe2 .news.blueyonde r.co.uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict access
to certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I
constantly get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerV ariables("URL")

If Request.QuerySt ring<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEnco de(Request.Quer yString)

MM_valUsername= CStr(Request.Fo rm("username") )

If MM_valUsername <> "" Then

MM_fldUserAutho rization="secur ity"

MM_redirectLogi nSuccess="welld one.asp"

MM_redirectLogi nFailed="Login. asp"

MM_flag="ADODB. Recordset"

set MM_rsUser = Server.CreateOb ject(MM_flag)

MM_rsUser.Activ eConnection = MM_LoginTest_ST RING

MM_rsUser.Sourc e = "SELECT username, password"

If MM_fldUserAutho rization <> "" Then MM_rsUser.Sourc e =
MM_rsUser.Sourc e & "," & MM_fldUserAutho rization

MM_rsUser.Sourc e = MM_rsUser.Sourc e & " FROM Login WHERE username='" &
Replace(MM_valU sername,"'","'' ") &"' AND password='" &
Replace(Request .Form("password "),"'","''" ) & "'"

MM_rsUser.Curso rType = 0

MM_rsUser.Curso rLocation = 2

MM_rsUser.LockT ype = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Use rname") = MM_valUsername

If (MM_fldUserAuth orization <> "") Then

Session("MM_Use rAuthorization" ) =
CStr(MM_rsUser. Fields.Item(MM_ fldUserAuthoriz ation).Value)

Else

Session("MM_Use rAuthorization" ) = ""

End If

if CStr(Request.Qu eryString("acce ssdenied")) <> "" And false Then

MM_redirectLogi nSuccess = Request.QuerySt ring("accessden ied")

End If

MM_rsUser.Close

Response.Redire ct(MM_redirectL oginSuccess)

End If

MM_rsUser.Close

Response.Redire ct(MM_redirectL oginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUs ers="Admin"

MM_authFailedUR L="NoPermission .asp"

MM_grantAccess= false

If Session("MM_Use rname") <> "" Then

If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _

(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_aut hFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerV ariables("URL")

if (Len(Request.Qu eryString()) > 0) Then MM_referrer = MM_referrer & "?"
& Request.QuerySt ring()

MM_authFailedUR L = MM_authFailedUR L & MM_qsChar & "accessdeni ed=" &
Server.URLEncod e(MM_referrer)

Response.Redire ct(MM_authFaile dURL)

End If

%>


Jul 22 '05 #3
well, I wont lie to you.
I sell this and it would probably solve all your problems as it takes care
of everything for you.

www.aspprotect.com

You need to ask yourself if all this time you are spending on this is worth
the aggrevation or if it is better to just buy something that takes care of
it and has been time tested.

I don't think you are going to get the answers you are looking for in these
newgroups.

Take Care,
--
Christopher Williams

www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blue yonder.co.uk> wrote in message
news:EI******** *********@fe3.n ews.blueyonder. co.uk...
Hi Christopher, at present my admin pages are visible by everybody. I'm
trying to prevent this whilst giving certain users more administrative
features. I'm assuming that I would still use access level if I
dynamically tailored the content? If so there lays my problem. For
something which should seem so simple I'm having a nightmare. I've use the
built in "log in" and "restrict access" features in Dreamweaver but they
don't seem to work. Is there any special preparation, session or
something? All I'm using for login, is a login database containing
username, password, accesslevel, fields, all spelt correctly.

I feel the sessions aren't getting passed from the login paged. Is there
any way of checking this?

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUs ers="Admin"

MM_authFailedUR L="NoPermission .asp"

MM_grantAccess= false

If Session("MM_Use rname") <> "" Then

If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _

(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1)
Then

MM_grantAccess = true

End If


"Christophe r Williams" <ch***@fixCJWSo ft.com> wrote in message
news:%2******** **********@tk2m sftngp13.phx.gb l...
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged
in, not redirecting people all over the place. It is only going to cause
issues and complicate things because even after the redirect you still
need to make sure the places you send them only allow the intended users.
Your basically doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blue yonder.co.uk> wrote in message
news:m0******** ***********@fe2 .news.blueyonde r.co.uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict
access to certain pages, using the built in "log in" and "user
authentication, restrict access to page" features. But I find the after
login I constantly get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerV ariables("URL")

If Request.QuerySt ring<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEnco de(Request.Quer yString)

MM_valUsername= CStr(Request.Fo rm("username") )

If MM_valUsername <> "" Then

MM_fldUserAutho rization="secur ity"

MM_redirectLogi nSuccess="welld one.asp"

MM_redirectLogi nFailed="Login. asp"

MM_flag="ADODB. Recordset"

set MM_rsUser = Server.CreateOb ject(MM_flag)

MM_rsUser.Activ eConnection = MM_LoginTest_ST RING

MM_rsUser.Sourc e = "SELECT username, password"

If MM_fldUserAutho rization <> "" Then MM_rsUser.Sourc e =
MM_rsUser.Sourc e & "," & MM_fldUserAutho rization

MM_rsUser.Sourc e = MM_rsUser.Sourc e & " FROM Login WHERE username='" &
Replace(MM_valU sername,"'","'' ") &"' AND password='" &
Replace(Request .Form("password "),"'","''" ) & "'"

MM_rsUser.Curso rType = 0

MM_rsUser.Curso rLocation = 2

MM_rsUser.LockT ype = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Use rname") = MM_valUsername

If (MM_fldUserAuth orization <> "") Then

Session("MM_Use rAuthorization" ) =
CStr(MM_rsUser. Fields.Item(MM_ fldUserAuthoriz ation).Value)

Else

Session("MM_Use rAuthorization" ) = ""

End If

if CStr(Request.Qu eryString("acce ssdenied")) <> "" And false Then

MM_redirectLogi nSuccess = Request.QuerySt ring("accessden ied")

End If

MM_rsUser.Close

Response.Redire ct(MM_redirectL oginSuccess)

End If

MM_rsUser.Close

Response.Redire ct(MM_redirectL oginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUs ers="Admin"

MM_authFailedUR L="NoPermission .asp"

MM_grantAccess= false

If Session("MM_Use rname") <> "" Then

If (false Or CStr(Session("M M_UserAuthoriza tion"))="") Or _

(InStr(1,MM_aut horizedUsers,Se ssion("MM_UserA uthorization")) >=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_aut hFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerV ariables("URL")

if (Len(Request.Qu eryString()) > 0) Then MM_referrer = MM_referrer &
"?" & Request.QuerySt ring()

MM_authFailedUR L = MM_authFailedUR L & MM_qsChar & "accessdeni ed=" &
Server.URLEncod e(MM_referrer)

Response.Redire ct(MM_authFaile dURL)

End If

%>



Jul 22 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
2190
by: Vijay Kumar R Zanvar | last post by:
Greetings, Are the following inferences of mine correct? 1. #include <string.h> char *strcpy(char * restrict s1, const char * restrict s2); a. s1 != s2 b. That means,
7
2670
by: tweak | last post by:
Can someone give me a short example as how to best use this keyword in your code? This is my understanding: by definition restrict sounds like it is suppose to restrict access to memory location(s) pointed to, so that only one declared pointer can store that address and access the data in those memory blocks, where I the data in those location(s) can be changed. Is that a correct understanding?
5
2969
by: toddles666 | last post by:
Hi- Is there any way of restricting access to a database by application & account? For example, I only want the application APP1 to access the database using the USER1 account. I've tried to use the DB2 Governor to do this, but it seems it always allows the the first query to be processed before forcing the connection. Here is my db2gov config file: --- start config
2
2412
by: pemo | last post by:
In Harbison and Steele's book, they say that using 'restrict' allows functions like memcpy() to be prototyped like this: void * memcpy(void * restrict s1, const void * restrict s2, size_t n); But this seems a mite dangerous to me ... a restricted pointer ... is *assumed* to be the only to access an object. So, mightn't using such a prototype subtly imply that the compiler will *actively check* that s1 and s2 do not point to the same
12
2500
by: Me | last post by:
I'm trying to wrap my head around the wording but from what I think the standard says: 1. it's impossible to swap a restrict pointer with another pointer, i.e. int a = 1, b = 2; int * restrict ap = &a; int * restrict bp = &b;
21
6521
by: Niu Xiao | last post by:
I see a lot of use in function declarations, such as size_t fread(void* restrict ptr, size_t size, size_t nobj, FILE* restrict fp); but what does the keyword 'restrict' mean? there is no definition found in K&R 2nd.
2
2632
by: Frederick Gotham | last post by:
I'm going to be using an acronym a lot in this post: IINM = If I'm not mistaken Let's say we've got translation units which are going to be compiled to object files, and that these object files will be supplied to people to link with their own projects. Here's a sample function in one of the object files: void Func(int const *const p) {
6
2378
by: rainy6144 | last post by:
Does the following code have defined behavior? double *new_array(unsigned n) { double *p = malloc(n * sizeof(double)); unsigned i; for (i = 0; i < n; i++) p = 0.0; return p; }
23
4833
by: raashid bhatt | last post by:
what is restrict keyword used for? eg int *restrict p;
0
8968
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8787
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9473
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
8208
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6750
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
6053
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4569
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
3279
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
2193
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.