473,320 Members | 2,094 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

controlling access to parts of a site

I have been trying to control access to some pages on my website for some
time without success. I have tried copying the code found on the web:

I created a page (loginform.asp) with the following form:

<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>
I then created a page (loginhandler.asp) to handle this:

<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))

'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if

if u<>"myusername" or p<>"mypassword" then

'access denied
response.redirect ("loginform.asp")
else

' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>

I then put the following code at the top of pages I want to be secure:

<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>

Everything worked well until I did the last stage. Now whether I am logged
on or not I am redirected back to my loginform.asp page.

I am using PWS with Windows 98 to test the page locally.

Can anyone suggest where I am going wrong?

Geoff Wickens

Jul 19 '05 #1
2 1775
The 1st thing to do in such cases, is response.write something so you can
get a handle on whats really happening as opposed to what you think is
happening

so I would change your
response.redirect("loginform.asp")
to be
response.write "[" & session("login") & "]

and see what you getting

session variables are always passed as text, so you may need to cast the
session var prior to using the NOT

I usually tend to test as follows
if session("varaible") <> "" then
or
if session("varaible") = "something specifc" then
"Geoff Wickens" <gw******@hotmail.com> wrote in message
news:ix**************@newsfep1-gui.server.ntli.net...
I have been trying to control access to some pages on my website for some
time without success. I have tried copying the code found on the web:

I created a page (loginform.asp) with the following form:

<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>
I then created a page (loginhandler.asp) to handle this:

<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))

'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if

if u<>"myusername" or p<>"mypassword" then

'access denied
response.redirect ("loginform.asp")
else

' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>

I then put the following code at the top of pages I want to be secure:

<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>

Everything worked well until I did the last stage. Now whether I am logged
on or not I am redirected back to my loginform.asp page.

I am using PWS with Windows 98 to test the page locally.

Can anyone suggest where I am going wrong?

Geoff Wickens

Jul 19 '05 #2
Geoff Wickens wrote:
I have been trying to control access to some pages on my website for
some time without success. I have tried copying the code found on the
web:

I created a page (loginform.asp) with the following form:

<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>
I then created a page (loginhandler.asp) to handle this:

<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))

'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if

if u<>"myusername" or p<>"mypassword" then

'access denied
response.redirect ("loginform.asp")
else

' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>

I then put the following code at the top of pages I want to be secure:

<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>

Everything worked well until I did the last stage. Now whether I am
logged on or not I am redirected back to my loginform.asp page.

I am using PWS with Windows 98 to test the page locally.

Can anyone suggest where I am going wrong?

Geoff Wickens


You didn't set the session variable a value in all cases:
If u<>"myusername" or p<>"mypassword" then
'access denied
set Session("login") = False
response.redirect ("loginform.asp")
Else
' let them in!
Set Session("login") = True
Response.Redirect ("hiThere.asp")
End if

And in each of your secured pages you must Cast the session value as a boole
an:
If Not CBool(Session("login")) Then
Response.Redirect("loginform.asp")
End If

Jul 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Seda Ozulku | last post by:
I don't have much information about .Net. May be it must be a silly question. I have Windows Application running at the server. I need to Access the program functions ( like at given time...
0
by: RWC | last post by:
Hi! I'm having some trouble controlling how the XP Packaging Wizard installs my applications. In 97, there were options to replace older, never or always, if there was a file conflict. Now...
3
by: ARobi | last post by:
I have developped an Access database with a lot of coding. The size of the database without data is about 5 meg. I am ready to copy the database to a client PC which already has a legal version...
3
by: Lyle Fairfield | last post by:
In a recent thread there has been discussion about Data Access Pages. It has been suggested that they are not permitted on many or most secure sites. Perhaps, that it is so, although I know of no...
8
by: GaryDean | last post by:
We have been noticing that questions on vs.2005/2.0 don't appear to get much in answers so I'm reposting some questions posted by some of the programmers here in our organization that never got...
7
by: unacoder | last post by:
Is it possible to request the user's permission to be able to control IE or FireFox windows that are pointed to domains other than the base domain the script is running from? For example, if my...
17
by: Mell via AccessMonster.com | last post by:
Is there a way to find out where an application was created from? i.e. - work or home i.e. - if application sits on a (work) server/network, the IT people know the application is sitting...
11
by: Pietro Cerutti | last post by:
Hi group, here I come with a question which is quite simple per se, but for which I can't find an answer. Does the C standard guarantee that inside an expression such as (x && y) "y" is...
1
by: Handle | last post by:
I want to customize some aspx / ascx files of a precompiled site (the project portofolio web access site). I have no access to source code. Using Visual Studio, when I try to edit one these files...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.