Login Maintanance

Hi,

One method can be that :
You can create a table in the database which will store the login details of the administrator.This table will roughly contain following fields :

1) AdministratorId -
Description:integer
2) LoginDateTime -
Description :datetime value
3) LoginStatus -
Description :
Will contain Boolean value
Eachtime when user logs in ,make LoginStatus =1
Eachtime when user logs out, make LoginStatus =0


Now,in your page when the Administrator logs in , check the LoginStatus of the the admistrator. If it is 1 do not allow him access to the administrator page.

Hi
I m makin Intranet based Library Management System
On Homepage i have asked user to enter their login id
and select from one option button weather he is a administrator or
member.So as per his id and selected option he is been redirected to
his corresponding account.If he is member then his account page is opened
and if he is admin the he is taken to admin page where he can interact wid database.
I want that whenever Administrator has logged in from any computer on network
no other person can login as administrator as admin is to be only one person.
So to provide security I want to do this.
So the thing to be done is only one person at a time can enter as administrator
from the whole network.
How can i do this ???
Can I use application or session objects and global.asa file ?
If yes then how

I have done the same thing but the problem is that when he log out with the log off button it will run well as when he clicks on log off the value in database is again reset to 0 so this will run well.
but when he will close the site using close button on title bar then i cant change the value in database and set it to 0 so when he tries to login in again
he will not allowed as the value will be 1
now wat to do ??
So m thinkin of trying session or application events in Global.asa file
but how to use session or application variable ?
and wat to use session or application

Hi,

If you want to do it using Application and session variable following are the steps for doing this:

1) When the user Logs in into the application set the session and application variables.

Login.asp
<%
Dim username
Dim userRights

'Set the session variables for username and his rights
Session("LoginName") = username
Session("Rights") = userRights

'Set the application variable

'Check if user is having Administrator rights
If(Session("Rights") = "Administrator")
if (Application("AdminLogin") = false) OR (Application("AdminLogin") = "")
Application.Lock()
'Make the adminstrative Login = true
Application("AdminLogin")= true
Application.Unlock()
else
Response.write("Login is not allowed")
end if
End if
%>

2) Now on Global.asa write the following code :
The following code will take care of the situation that if user closes the form by clicking on cross button of title bar.

Sub Application_OnEnd()
Application.Lock()
'Make the adminstrative Login = false
Application("AdminLogin")= false
Application.UnLock()
End Sub


Sub Session_OnEnd()
'Clear session variables
Session("LoginName") = ""
Session("Rights") = ""
End sub

I have done the same thing but the problem is that when he log out with the log off button it will run well as when he clicks on log off the value in database is again reset to 0 so this will run well.
but when he will close the site using close button on title bar then i cant change the value in database and set it to 0 so when he tries to login in again
he will not allowed as the value will be 1
now wat to do ??
So m thinkin of trying session or application events in Global.asa file
but how to use session or application variable ?
and wat to use session or application

I have done the same thing but the problem is that when he log out with the log off button it will run well as when he clicks on log off the value in database is again reset to 0 so this will run well.
but when he will close the site using close button on title bar then i cant change the value in database and set it to 0 so when he tries to login in again
he will not allowed as the value will be 1
now wat to do ??
So m thinkin of trying session or application events in Global.asa file
but how to use session or application variable ?
and wat to use session or application

Try using a combination of session and application variables, and one is some kind of timer. Every time the admin loads a page the timer should be reset. If someone attempts to log in as the admin, and the last admin hasn't re-loaded a page in 30 minutes (or whatever time limit you like), then you might as well log him out and start over. This is fairly easy to program using only ASP, if it gives you any trouble, ask and I can clarify.

Only slightly more difficult would be incorporating a refreshing frame or ajax code that updates the timer very often (this could be a very minimally coded page or only a fragment that the server could handle in less than a second) and if the admin is off for more than 30 seconds log him out. Does this make sense?

Jared

Hi shweta
I have tried your code
its working, at a time only one admin can login
but when the admin logsoff still it doesnt allow to log in as admin
following is my code
plzz check it out

Hi,

1) Following code need to be added to your existing code in global.asa file.

2) In your existing code make the following changes :

'''''''''''''Do the following step only if selection is "Admin" and useName and password is correct.

3) On your logoff page clear the session and application variables

If Session("Rights") = "Administrator"
Application.Lock()
'Make the adminstrative Login = false
Application("AdminLogin") = false
Application.UnLock()
End if

Session("LoginName") =""
Session("Rights") =""

Hi shweta
I have tried your code
its working, at a time only one admin can login
but when the admin logsoff still it doesnt allow to log in as admin
following is my code
plzz check it out

Expand|Select|Wrap|Line Numbers

1. if opt="adm" then
2.  
3.    response.Cookies("sna")="Administrator"
4.  
5.    sql="Select * from DBA where Aid='"&login&"' and Apwd='"&pass&"'" 
6.    rsb.open sql,con
7.  
8.    'rsd.open "select * from flag",conn
9.    'flag=rs(0).value                  
10.  
11.        'if flag=1 then response.Redirect("Error.asp")
12.  
13.           'rsd("a")=1
14.           'rsd.update
15.  
16.       Session("Rights")="Administrator"
17.  
18.     If(Session("Rights") = "Administrator") then
19.  
20.         if (Application("AdminLogin") = false) OR Application("AdminLogin") = "" then
21.  
22.             Application.Lock() 
23.              '  Make the adminstrative Login = true
24.                 Application("AdminLogin")= true
25.             Application.Unlock()
26.  
27.          else
28.  
29.               Response.redirect("Error.asp")
30.  
31.                                  end if
32.                End if
33.  
34.     if rsb.eof then response.redirect("Error.asp")
35.  
36.     response.redirect("DBA.asp")
37.  
38.  
39. end if

Hi,

1) Following code need to be added to your existing code in global.asa file.

Expand|Select|Wrap|Line Numbers

1.    Sub Session_OnEnd()
2.        If Session("Rights") = "Administrator"
3.          Application.Lock()
4.          'Make the adminstrative Login = false 
5.          Application("AdminLogin")= false
6.         Application.UnLock()
7.       End if
8.  End Sub

2) In your existing code make the following changes :

'''''''''''''Do the following step only if selection is "Admin" and useName and password is correct.

Expand|Select|Wrap|Line Numbers

1.      If(!rsb.Eof) then
2.           Session("Rights")="Administrator"
3.      end if    

3) On your logoff page clear the session and application variables

If Session("Rights") = "Administrator"
Application.Lock()
'Make the adminstrative Login = false
Application("AdminLogin") = false
Application.UnLock()
End if

Session("LoginName") =""
Session("Rights") =""

Thanks for reply
I have put the code
when admin logsvout using logs off button
its workin well but when i use close button
its no cleaning the application variables
in global.asa file
this is code of global.asa file
instead of true/false i have used 0 and 1

Hi,

After clicking the close button Application_OnEnd event is called where the code for clearing Application("AdminLogin") is written . So please check if that event is executed or not after close application.

Hi,

After clicking the close button Application_OnEnd event is called where the code for clearing Application("AdminLogin") is written . So please check if that event is executed or not after close application.

sorry but
how do i check that
i have never used application variable
or global.asa file

Hi,

Hope you still need this

As you can not check the code written into Global.asa file ,
you can make sure of writing the code for clearing all the session related variables as well as application variables at the appropriate places like
on your LogOff page, on ErrorPage etc.

sorry but
how do i check that
i have never used application variable
or global.asa file