469,359 Members | 1,606 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,359 developers. It's quick & easy.

controlling access to parts of a site

I have been trying to control access to some pages on my website for some
time without success. I have tried copying the code found on the web:

I created a page (loginform.asp) with the following form:

<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>
I then created a page (loginhandler.asp) to handle this:

<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))

'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if

if u<>"myusername" or p<>"mypassword" then

'access denied
response.redirect ("loginform.asp")
else

' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>

I then put the following code at the top of pages I want to be secure:

<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>

Everything worked well until I did the last stage. Now whether I am logged
on or not I am redirected back to my loginform.asp page.

I am using PWS with Windows 98 to test the page locally.

Can anyone suggest where I am going wrong?

Geoff Wickens

Jul 19 '05 #1
2 1640
The 1st thing to do in such cases, is response.write something so you can
get a handle on whats really happening as opposed to what you think is
happening

so I would change your
response.redirect("loginform.asp")
to be
response.write "[" & session("login") & "]

and see what you getting

session variables are always passed as text, so you may need to cast the
session var prior to using the NOT

I usually tend to test as follows
if session("varaible") <> "" then
or
if session("varaible") = "something specifc" then
"Geoff Wickens" <gw******@hotmail.com> wrote in message
news:ix**************@newsfep1-gui.server.ntli.net...
I have been trying to control access to some pages on my website for some
time without success. I have tried copying the code found on the web:

I created a page (loginform.asp) with the following form:

<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>
I then created a page (loginhandler.asp) to handle this:

<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))

'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if

if u<>"myusername" or p<>"mypassword" then

'access denied
response.redirect ("loginform.asp")
else

' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>

I then put the following code at the top of pages I want to be secure:

<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>

Everything worked well until I did the last stage. Now whether I am logged
on or not I am redirected back to my loginform.asp page.

I am using PWS with Windows 98 to test the page locally.

Can anyone suggest where I am going wrong?

Geoff Wickens

Jul 19 '05 #2
Geoff Wickens wrote:
I have been trying to control access to some pages on my website for
some time without success. I have tried copying the code found on the
web:

I created a page (loginform.asp) with the following form:

<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>
I then created a page (loginhandler.asp) to handle this:

<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))

'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if

if u<>"myusername" or p<>"mypassword" then

'access denied
response.redirect ("loginform.asp")
else

' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>

I then put the following code at the top of pages I want to be secure:

<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>

Everything worked well until I did the last stage. Now whether I am
logged on or not I am redirected back to my loginform.asp page.

I am using PWS with Windows 98 to test the page locally.

Can anyone suggest where I am going wrong?

Geoff Wickens


You didn't set the session variable a value in all cases:
If u<>"myusername" or p<>"mypassword" then
'access denied
set Session("login") = False
response.redirect ("loginform.asp")
Else
' let them in!
Set Session("login") = True
Response.Redirect ("hiThere.asp")
End if

And in each of your secured pages you must Cast the session value as a boole
an:
If Not CBool(Session("login")) Then
Response.Redirect("loginform.asp")
End If

Jul 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Seda Ozulku | last post: by
3 posts views Thread by Lyle Fairfield | last post: by
8 posts views Thread by GaryDean | last post: by
17 posts views Thread by Mell via AccessMonster.com | last post: by
11 posts views Thread by Pietro Cerutti | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.