473,320 Members | 1,846 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Login Script based on Email, IP and sql server backend

My questions concerns building a login system based on checking for the
existence of the user's email address only....

1. Is it ok for me to use IP address to allow user to bypass all login and
registration systems if IP is present in database? I wish to save the user
time....if the IP is not present I will present the LOGIN email screen....

2. I am consideirng using Session variable on each page I wanted I
protected...I think I know how to do this but I am not sure on whether I
should be using the global.asa to handle loggin in or logging out or whether
I should so all the code on the secure page itself.

3. I wish to use a sql server backend to house my tables: tblProspect,
tblProspectPageSelections......is it okay to use the following branching
code to switch between my test and production server with regards the
physical database path as I have multiple sites on our remote server which
need to feed off the same database....I am thinking about something like
this:

If InStr(Request.ServerVariables("SERVER_NAME"), "publicserver.com") > 0
Then
' Set Public Server Paths
Else
' Set Private Server Paths
End If

Can this work?

Many thanks
Jason
Jul 19 '05 #1
3 1961
If this is internal, I suppose....but
1) are you using DHCP for addresses? this means they may change.
2) if this is external then it wont work. May places use a masked IP, in
other words an entire company of people may show as a single IP to the
outside world.

--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
<ja***@catamaranco.com> wrote in message
news:e$**************@TK2MSFTNGP09.phx.gbl...
My questions concerns building a login system based on checking for the
existence of the user's email address only....

1. Is it ok for me to use IP address to allow user to bypass all login and
registration systems if IP is present in database? I wish to save the user
time....if the IP is not present I will present the LOGIN email screen....

2. I am consideirng using Session variable on each page I wanted I
protected...I think I know how to do this but I am not sure on whether I
should be using the global.asa to handle loggin in or logging out or whether I should so all the code on the secure page itself.

3. I wish to use a sql server backend to house my tables: tblProspect,
tblProspectPageSelections......is it okay to use the following branching
code to switch between my test and production server with regards the
physical database path as I have multiple sites on our remote server which
need to feed off the same database....I am thinking about something like
this:

If InStr(Request.ServerVariables("SERVER_NAME"), "publicserver.com") > 0
Then
' Set Public Server Paths
Else
' Set Private Server Paths
End If

Can this work?

Many thanks
Jason

Jul 19 '05 #2
Thank, Curt, this is something I had not considered...I guess I could use
internal IP to help employees bypass login screens....I will revert to
'email' check for outsiders...


"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:O5**************@TK2MSFTNGP12.phx.gbl...
If this is internal, I suppose....but
1) are you using DHCP for addresses? this means they may change.
2) if this is external then it wont work. May places use a masked IP, in
other words an entire company of people may show as a single IP to the
outside world.

--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
<ja***@catamaranco.com> wrote in message
news:e$**************@TK2MSFTNGP09.phx.gbl...
My questions concerns building a login system based on checking for the
existence of the user's email address only....

1. Is it ok for me to use IP address to allow user to bypass all login and registration systems if IP is present in database? I wish to save the user time....if the IP is not present I will present the LOGIN email screen....
2. I am consideirng using Session variable on each page I wanted I
protected...I think I know how to do this but I am not sure on whether I
should be using the global.asa to handle loggin in or logging out or

whether
I should so all the code on the secure page itself.

3. I wish to use a sql server backend to house my tables: tblProspect,
tblProspectPageSelections......is it okay to use the following branching
code to switch between my test and production server with regards the
physical database path as I have multiple sites on our remote server which need to feed off the same database....I am thinking about something like
this:

If InStr(Request.ServerVariables("SERVER_NAME"), "publicserver.com") > 0
Then
' Set Public Server Paths
Else
' Set Private Server Paths
End If

Can this work?

Many thanks
Jason


Jul 19 '05 #3
Curt, I am returning to this theme after reading this article:

http://www.15seconds.com/issue/981104.htm
An IP address-based schema presented here assumes the IP address for a given
machine remains constant. For most networks it is constant. For a few
networks IP addressing is dynamic where the address will change for a
machine with each start up, and sometimes even during operation. The
security schema presented won't work if the IP address changes while the
user machine is on; however, this is rare (i.e., I think AOL proxy servers
do this for dial-in clients).

'---

I was wondering what your thoughts on this solution.

Many thanks

Jason

"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:O5**************@TK2MSFTNGP12.phx.gbl...
If this is internal, I suppose....but
1) are you using DHCP for addresses? this means they may change.
2) if this is external then it wont work. May places use a masked IP, in
other words an entire company of people may show as a single IP to the
outside world.

--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
<ja***@catamaranco.com> wrote in message
news:e$**************@TK2MSFTNGP09.phx.gbl...
My questions concerns building a login system based on checking for the
existence of the user's email address only....

1. Is it ok for me to use IP address to allow user to bypass all login and registration systems if IP is present in database? I wish to save the user time....if the IP is not present I will present the LOGIN email screen....
2. I am consideirng using Session variable on each page I wanted I
protected...I think I know how to do this but I am not sure on whether I
should be using the global.asa to handle loggin in or logging out or

whether
I should so all the code on the secure page itself.

3. I wish to use a sql server backend to house my tables: tblProspect,
tblProspectPageSelections......is it okay to use the following branching
code to switch between my test and production server with regards the
physical database path as I have multiple sites on our remote server which need to feed off the same database....I am thinking about something like
this:

If InStr(Request.ServerVariables("SERVER_NAME"), "publicserver.com") > 0
Then
' Set Public Server Paths
Else
' Set Private Server Paths
End If

Can this work?

Many thanks
Jason


Jul 19 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Nathan Given | last post by:
I run a book exchange web site based in PHP with a mysql database. Many users have having trouble logging in. Here is a description of the problem. A user types in his/her username and...
5
by: muppetjones | last post by:
I'm really new to the whole networking side of things, so I don't know the backend very well. I wrote a series of PHP/AJAX scripts to allow a user to create a login account, but apparently my script...
3
by: satishknight | last post by:
Hi, Can some one tell me how to change the validation sequence for the code pasted below, actually what I want it when any one enters the wrong login information (already registered users) then it...
4
by: Brett | last post by:
I have an ASP.NET 2.0 application that uses Forms Authentication. The startup page contains just a login control, and the site works well on an IIS 6 web server. I am now setting the site up on...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.