473,224 Members | 1,434 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,224 software developers and data experts.

Need help with ASP script.

Hello everyone I have a question. The school I am working for is in
the beginning process of having a webpage that will direct students to
download there homework and be able to view there info like test
scores and etc(the homework and info page will reside on our
webservers at the school on the local intranet network). Now what I
need is a way for the students to go to a login page and when logging
in will be automatically directed to there own personal index.htm page
that will reside in a folder containing all there information and
homework. I had downloaded a free ASP script which basically uses a
Access DB to authorize the username and password and gives 2 diffrent
asp result pages either "Granted" or "No Access". Now the only thing I
can think of is to put a script in each students virtual directory and
when getting to there index file have this script run and the results
will let them in or give them no access but I think that would be way
to much. So what do you guys recommend and is there any links you know
that I can get some info from?
Here is the code from the free code I got
-----------------------------------------------------------------------
<%
'Dimension variables
Dim adoCon 'Database Connection Variable
Dim strCon 'Holds the Database driver and the path and name of the
database
Dim rsCheckUser 'Database Recordset Variable
Dim strAccessDB 'Holds the Access Database Name
Dim strSQL 'Database query sring
Dim strUserName 'Holds the user name

'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")

'Check the database to see if user exsits and read in there password
'Initialise the strAccessDB variable with the name of the Access
Database
strAccessDB = "users"

'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")

'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein;
DBQ=" & Server.MapPath(strAccessDB)

'Set an active connection to the Connection object
adoCon.Open strCon

'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the
database
strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID
='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in
the password for the user
If NOT rsCheckUser.EOF Then

'Read in the password for the user from the database
If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then

'If the password is correct then set the session variable to True
Session("blnIsUserGood") = True

'Close Objects before redirecting
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing

'Redirect to the authorised user page and send the users name
Response.Redirect"authorised_user_page.asp?name=" & strUserName
End If
End If

'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing

'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page
Response.Redirect"unauthorised_user_page.htm"
%>
-----------------------------------------------------------------------------
Any help would be appreciated.
Jul 21 '05 #1
2 1892
First a nitpick, "there" is used to indicate a location. When talking about
something belonging to a person you use "their".

Actually the approach you mention does not go far enough. Every single page
that you want to protect must include code to verify that the student is
logged on.

1. create a logon page that is shared by everyone
2. when a student logs on set a session variable or temporary cookie
indicating that they are logged on. For example: Session("studentid") =
<whatever student id is in the database>
3. redirect the logged on student to their home page. If all of the student
data is in a database then this page can be built dynamically using a single
ASP page.
4. on all pages that require a student to be logged on (including the home
page) check that the session variable or cookie exists. If it does not then
re-direct them to the login page.

If Len(Session("studentid")) = 0 Then
response.redirect "login.asp"
End If

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

"Bobby" <de*****@hotmail.com> wrote in message
news:d0*************************@posting.google.co m...
Hello everyone I have a question. The school I am working for is in
the beginning process of having a webpage that will direct students to
download there homework and be able to view there info like test
scores and etc(the homework and info page will reside on our
webservers at the school on the local intranet network). Now what I
need is a way for the students to go to a login page and when logging
in will be automatically directed to there own personal index.htm page
that will reside in a folder containing all there information and
homework. I had downloaded a free ASP script which basically uses a
Access DB to authorize the username and password and gives 2 diffrent
asp result pages either "Granted" or "No Access". Now the only thing I
can think of is to put a script in each students virtual directory and
when getting to there index file have this script run and the results
will let them in or give them no access but I think that would be way
to much. So what do you guys recommend and is there any links you know
that I can get some info from?
Here is the code from the free code I got
-----------------------------------------------------------------------
<%
'Dimension variables
Dim adoCon 'Database Connection Variable
Dim strCon 'Holds the Database driver and the path and name of the
database
Dim rsCheckUser 'Database Recordset Variable
Dim strAccessDB 'Holds the Access Database Name
Dim strSQL 'Database query sring
Dim strUserName 'Holds the user name

'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")

'Check the database to see if user exsits and read in there password
'Initialise the strAccessDB variable with the name of the Access
Database
strAccessDB = "users"

'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")

'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein;
DBQ=" & Server.MapPath(strAccessDB)

'Set an active connection to the Connection object
adoCon.Open strCon

'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the
database
strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID
='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in
the password for the user
If NOT rsCheckUser.EOF Then

'Read in the password for the user from the database
If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then

'If the password is correct then set the session variable to True
Session("blnIsUserGood") = True

'Close Objects before redirecting
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing

'Redirect to the authorised user page and send the users name
Response.Redirect"authorised_user_page.asp?name=" & strUserName
End If
End If

'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing

'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page
Response.Redirect"unauthorised_user_page.htm"
%>
-----------------------------------------------------------------------------
Any help would be appreciated.

Jul 21 '05 #2
On 9 Nov 2004 20:33:57 -0800, de*****@hotmail.com (Bobby) wrote:
Hello everyone I have a question. The school I am working for is in
the beginning process of having a webpage that will direct students to
download there homework and be able to view there info like test
scores and etc(the homework and info page will reside on our
webservers at the school on the local intranet network). Now what I
need is a way for the students to go to a login page and when logging
in will be automatically directed to there own personal index.htm page
that will reside in a folder containing all there information and
homework. I had downloaded a free ASP script which basically uses a
Access DB to authorize the username and password and gives 2 diffrent
asp result pages either "Granted" or "No Access". Now the only thing I
can think of is to put a script in each students virtual directory and
when getting to there index file have this script run and the results
will let them in or give them no access but I think that would be way
to much. So what do you guys recommend and is there any links you know
that I can get some info from?


1) There are already commercial apps written to do these things, or
at worst, portal apps available free.

2) Providing this type of access in a school environment without a
good handle on the security aspect is foolhardy.

3) If you're asking this question as you've asked it, you don't meet
the criteria for #2

Use Windows accounts and Windows Integrated security, redirect and
allow access based on the user ID, using
Request.ServerVariables("LOGON_USER").

Jeff
Jul 21 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Sofia | last post by:
My name is Sofia and I have for many years been running a personals site, together with my partner, on a non-profit basis. The site is currently not running due to us emigrating, but during its...
5
by: deko | last post by:
In regard to running php scripts with cron - Here is a sample script: <?php //debug.php echo "<br> This is a test"; ?> I can call debug.php from a web page on my site like this:
6
by: mike | last post by:
Hello, After trying to validate this page for a couple of days now I was wondering if someone might be able to help me out. Below is a list of snippets where I am having the errors. 1. Line 334,...
28
by: Randy Starkey | last post by:
Hi, Does anyone know where I can get a script that show a little plus sign after a line of text, that when you click the plus sign, more text is revealed on that same page, like a continuing...
5
by: news | last post by:
I have a new situation I'm facing and could use a suggestion or two, as I don't seem to be able to think in the abstract very well. We have a local server which holds all of our image files. We...
2
by: ern | last post by:
My command-line application must be able to run text scripts (macros). The scripts have commands, comments, and flags. Comments are ignored (maybe they are any line beginning with " ; ") Commands...
4
by: Brie_Manakul | last post by:
I need to set up an if else to show different weather scripts based on the city selection they choose. Any help on this would be great. Thanks! <%@ page language="java" import="java.util.*,...
9
by: Mickey Segal | last post by:
The long-simmering Eolas patent dispute: http://www.microsoft.com/presspass/press/2003/oct03/10-06EOLASPR.mspx has led to an optional Microsoft Update: http://support.microsoft.com/kb/912945/en-us...
14
by: mistral | last post by:
Need compile python code, source is in html and starts with parameters: #!/bin/sh - "exec" "python" "-O" "$0" "$@" I have installed ActivePython for windows.
4
by: Jonathan Wood | last post by:
I'm trying to duplicate an HTML sample I have using my ASP.NET pages. The sample contains the following within the <headtag: <script type="text/javascript" src="flashobject.js"></script>...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: veera ravala | last post by:
ServiceNow is a powerful cloud-based platform that offers a wide range of services to help organizations manage their workflows, operations, and IT services more efficiently. At its core, ServiceNow...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.