By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
426,034 Members | 1,714 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 426,034 IT Pros & Developers. It's quick & easy.

Restrict Access Problem

P: n/a
Hi all, at present I I've built a website which can be updated by admin and
users.

My problem, I've combined "log in" and "access levels" to restrict access to
certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I constantly
get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerVariables("URL")

If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)

MM_valUsername=CStr(Request.Form("username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization="security"

MM_redirectLoginSuccess="welldone.asp"

MM_redirectLoginFailed="Login.asp"

MM_flag="ADODB.Recordset"

set MM_rsUser = Server.CreateObject(MM_flag)

MM_rsUser.ActiveConnection = MM_LoginTest_STRING

MM_rsUser.Source = "SELECT username, password"

If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source
& "," & MM_fldUserAuthorization

MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE username='" &
Replace(MM_valUsername,"'","''") &"' AND password='" &
Replace(Request.Form("password"),"'","''") & "'"

MM_rsUser.CursorType = 0

MM_rsUser.CursorLocation = 2

MM_rsUser.LockType = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Username") = MM_valUsername

If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)

Else

Session("MM_UserAuthorization") = ""

End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then

MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerVariables("URL")

if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QueryString()

MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)

Response.Redirect(MM_authFailedURL)

End If

%>
Jul 22 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged in,
not redirecting people all over the place. It is only going to cause issues
and complicate things because even after the redirect you still need to make
sure the places you send them only allow the intended users. Your basically
doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blueyonder.co.uk> wrote in message
news:m0*******************@fe2.news.blueyonder.co. uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict access
to certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I constantly
get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerVariables("URL")

If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)

MM_valUsername=CStr(Request.Form("username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization="security"

MM_redirectLoginSuccess="welldone.asp"

MM_redirectLoginFailed="Login.asp"

MM_flag="ADODB.Recordset"

set MM_rsUser = Server.CreateObject(MM_flag)

MM_rsUser.ActiveConnection = MM_LoginTest_STRING

MM_rsUser.Source = "SELECT username, password"

If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source
& "," & MM_fldUserAuthorization

MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE username='" &
Replace(MM_valUsername,"'","''") &"' AND password='" &
Replace(Request.Form("password"),"'","''") & "'"

MM_rsUser.CursorType = 0

MM_rsUser.CursorLocation = 2

MM_rsUser.LockType = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Username") = MM_valUsername

If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)

Else

Session("MM_UserAuthorization") = ""

End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then

MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerVariables("URL")

if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?"
& Request.QueryString()

MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)

Response.Redirect(MM_authFailedURL)

End If

%>

Jul 22 '05 #2

P: n/a
Hi Christopher, at present my admin pages are visible by everybody. I'm
trying to prevent this whilst giving certain users more administrative
features. I'm assuming that I would still use access level if I dynamically
tailored the content? If so there lays my problem. For something which
should seem so simple I'm having a nightmare. I've use the built in "log in"
and "restrict access" features in Dreamweaver but they don't seem to work.
Is there any special preparation, session or something? All I'm using for
login, is a login database containing username, password, accesslevel,
fields, all spelt correctly.

I feel the sessions aren't getting passed from the login paged. Is there any
way of checking this?

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If


"Christopher Williams" <ch***@fixCJWSoft.com> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged in,
not redirecting people all over the place. It is only going to cause
issues and complicate things because even after the redirect you still
need to make sure the places you send them only allow the intended users.
Your basically doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blueyonder.co.uk> wrote in message
news:m0*******************@fe2.news.blueyonder.co. uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict access
to certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I
constantly get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerVariables("URL")

If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)

MM_valUsername=CStr(Request.Form("username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization="security"

MM_redirectLoginSuccess="welldone.asp"

MM_redirectLoginFailed="Login.asp"

MM_flag="ADODB.Recordset"

set MM_rsUser = Server.CreateObject(MM_flag)

MM_rsUser.ActiveConnection = MM_LoginTest_STRING

MM_rsUser.Source = "SELECT username, password"

If MM_fldUserAuthorization <> "" Then MM_rsUser.Source =
MM_rsUser.Source & "," & MM_fldUserAuthorization

MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE username='" &
Replace(MM_valUsername,"'","''") &"' AND password='" &
Replace(Request.Form("password"),"'","''") & "'"

MM_rsUser.CursorType = 0

MM_rsUser.CursorLocation = 2

MM_rsUser.LockType = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Username") = MM_valUsername

If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)

Else

Session("MM_UserAuthorization") = ""

End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then

MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerVariables("URL")

if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?"
& Request.QueryString()

MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)

Response.Redirect(MM_authFailedURL)

End If

%>


Jul 22 '05 #3

P: n/a
well, I wont lie to you.
I sell this and it would probably solve all your problems as it takes care
of everything for you.

www.aspprotect.com

You need to ask yourself if all this time you are spending on this is worth
the aggrevation or if it is better to just buy something that takes care of
it and has been time tested.

I don't think you are going to get the answers you are looking for in these
newgroups.

Take Care,
--
Christopher Williams

www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blueyonder.co.uk> wrote in message
news:EI*****************@fe3.news.blueyonder.co.uk ...
Hi Christopher, at present my admin pages are visible by everybody. I'm
trying to prevent this whilst giving certain users more administrative
features. I'm assuming that I would still use access level if I
dynamically tailored the content? If so there lays my problem. For
something which should seem so simple I'm having a nightmare. I've use the
built in "log in" and "restrict access" features in Dreamweaver but they
don't seem to work. Is there any special preparation, session or
something? All I'm using for login, is a login database containing
username, password, accesslevel, fields, all spelt correctly.

I feel the sessions aren't getting passed from the login paged. Is there
any way of checking this?

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If


"Christopher Williams" <ch***@fixCJWSoft.com> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged
in, not redirecting people all over the place. It is only going to cause
issues and complicate things because even after the redirect you still
need to make sure the places you send them only allow the intended users.
Your basically doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blueyonder.co.uk> wrote in message
news:m0*******************@fe2.news.blueyonder.co. uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict
access to certain pages, using the built in "log in" and "user
authentication, restrict access to page" features. But I find the after
login I constantly get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerVariables("URL")

If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)

MM_valUsername=CStr(Request.Form("username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization="security"

MM_redirectLoginSuccess="welldone.asp"

MM_redirectLoginFailed="Login.asp"

MM_flag="ADODB.Recordset"

set MM_rsUser = Server.CreateObject(MM_flag)

MM_rsUser.ActiveConnection = MM_LoginTest_STRING

MM_rsUser.Source = "SELECT username, password"

If MM_fldUserAuthorization <> "" Then MM_rsUser.Source =
MM_rsUser.Source & "," & MM_fldUserAuthorization

MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE username='" &
Replace(MM_valUsername,"'","''") &"' AND password='" &
Replace(Request.Form("password"),"'","''") & "'"

MM_rsUser.CursorType = 0

MM_rsUser.CursorLocation = 2

MM_rsUser.LockType = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Username") = MM_valUsername

If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)

Else

Session("MM_UserAuthorization") = ""

End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then

MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerVariables("URL")

if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer &
"?" & Request.QueryString()

MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)

Response.Redirect(MM_authFailedURL)

End If

%>



Jul 22 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.