Resricting Pages

Resricting Pages

am 08.04.2005 01:25:50 von delete007

HI all, I have built a web site which require some of it's pages to be
restricted to authorised users only. I have a login but in case they
remember the URL I need to redirect them to the login page. I have tried
using dreamweavers built in log in and restrict pages, but for some reason I
can't get that working, It always seems to redirect everyone to the same
page even if they have the right permissions/access level.

Question Is there any way of restricting pages to authorised users only?

Or is there something I'm missing when using dreamweavers login/restrict
pages feature. Do i have to set up sessions or something?

Thanks in advance for all your help.

Desperate Paul

Re: Resricting Pages

am 08.04.2005 03:48:33 von Bullschmidt

Perhaps this may hopefully give you some ideas:

Classic ASP Design Tips - Login Page
http://www.bullschmidt.com/devtip-loginpage.asp

Perhaps have a login page that asks the user for his username and
password. And whatever page that posts to (which could be the same page
for a self posting form) tests these fields against what is in the
database, sets the username and userlevel session variables accordingly,
and then redirects to the proper page - i.e. back to the login page if
the password is wrong (perhaps with a JavaScript popup saying wrong
username/password combination) or to the main menu page if the password
is correct:

Session("UserName") = objRS("UserName")
Session("UserLevel") = objRS("UserLevel")
Response.Redirect "mainmenu.asp"

Then you can use If Then's or Select Case on each page to control
whether a user is allowed to actually be there and whether particular
links of where a user can go actually show up.

If (Session("UserLevel") <> "Admin") And (Session("UserLevel") <>
"Regular") Then
Response.Redirect "login.asp"
End If

Best regards,
J. Paul Schmidt, Freelance ASP Web Developer
http://www.Bullschmidt.com
ASP Design Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...


*** Sent via Developersdex http://www.developersdex.com ***

Re: Resricting Pages

am 08.04.2005 21:33:21 von delete007

Firstly thanks Paul for your help, it has been very very much appreciated.

My knowledge of ASP is not that brilliant, here is the code I'm using at the
moment for login and redirected pages. Is there anything major wrong that is
preventing it from working? or can you suggest how I would implement your
code using some of the below information. Thank

****Login Page****
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("Username"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="Accesslevel"
MM_redirectLoginSuccess="EmployeeMenu.htm"
MM_redirectLoginFailed="EmployeeLogin.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_CertainCars_STRING
MM_rsUser.Source = "SELECT Username, Password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source
& "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM EmployeeLogin WHERE
Username='" & Replace(MM_valUsername,"'","''") &"' AND Password='" &
Replace(Request.Form("Password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
***** ' username and password match - this is a valid user ******
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If

************************************************************ ****************************

Redirected page code

<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="Gold,Silver"
MM_authFailedURL="EmployeeLogin.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization")) >=1)
Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>

For some reason this page redirects you whether you have the right access
levels or not.

Thanks again for taking the time to help.

Paul.

------------------------------------------------------

"Bullschmidt" wrote in message
news:etdqT09OFHA.2736@TK2MSFTNGP09.phx.gbl...
> Perhaps this may hopefully give you some ideas:
>
> Classic ASP Design Tips - Login Page
> http://www.bullschmidt.com/devtip-loginpage.asp
>
> Perhaps have a login page that asks the user for his username and
> password. And whatever page that posts to (which could be the same page
> for a self posting form) tests these fields against what is in the
> database, sets the username and userlevel session variables accordingly,
> and then redirects to the proper page - i.e. back to the login page if
> the password is wrong (perhaps with a JavaScript popup saying wrong
> username/password combination) or to the main menu page if the password
> is correct:
>
> Session("UserName") = objRS("UserName")
> Session("UserLevel") = objRS("UserLevel")
> Response.Redirect "mainmenu.asp"
>
> Then you can use If Then's or Select Case on each page to control
> whether a user is allowed to actually be there and whether particular
> links of where a user can go actually show up.
>
> If (Session("UserLevel") <> "Admin") And (Session("UserLevel") <>
> "Regular") Then
> Response.Redirect "login.asp"
> End If
>
> Best regards,
> J. Paul Schmidt, Freelance ASP Web Developer
> http://www.Bullschmidt.com
> ASP Design Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...
>
>
> *** Sent via Developersdex http://www.developersdex.com ***

Re: Resricting Pages

am 08.04.2005 23:48:31 von delete007

Firstly thanks Paul for your help, it has been very very much appreciated.

My knowledge of ASP is not that brilliant, here is the code I'm using at the
moment for login and redirected pages. Is there anything major wrong that is
preventing it from working? or can you suggest how I would implement your
code using some of the below information. Thank

****Login Page****
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("Username"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="Accesslevel"
MM_redirectLoginSuccess="EmployeeMenu.htm"
MM_redirectLoginFailed="EmployeeLogin.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_CertainCars_STRING
MM_rsUser.Source = "SELECT Username, Password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source
& "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM EmployeeLogin WHERE
Username='" & Replace(MM_valUsername,"'","''") &"' AND Password='" &
Replace(Request.Form("Password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
***** ' username and password match - this is a valid user ******
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If

************************************************************ ****************************

Redirected page code

<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="Gold,Silver"
MM_authFailedURL="EmployeeLogin.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization")) >=1)
Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>

For some reason this page redirects you whether you have the right access
levels or not.

Thanks again for taking the time to help.

Paul.

------------------------------------------------------

"Bullschmidt" wrote in message
news:etdqT09OFHA.2736@TK2MSFTNGP09.phx.gbl...
> Perhaps this may hopefully give you some ideas:
>
> Classic ASP Design Tips - Login Page
> http://www.bullschmidt.com/devtip-loginpage.asp
>
> Perhaps have a login page that asks the user for his username and
> password. And whatever page that posts to (which could be the same page
> for a self posting form) tests these fields against what is in the
> database, sets the username and userlevel session variables accordingly,
> and then redirects to the proper page - i.e. back to the login page if
> the password is wrong (perhaps with a JavaScript popup saying wrong
> username/password combination) or to the main menu page if the password
> is correct:
>
> Session("UserName") = objRS("UserName")
> Session("UserLevel") = objRS("UserLevel")
> Response.Redirect "mainmenu.asp"
>
> Then you can use If Then's or Select Case on each page to control
> whether a user is allowed to actually be there and whether particular
> links of where a user can go actually show up.
>
> If (Session("UserLevel") <> "Admin") And (Session("UserLevel") <>
> "Regular") Then
> Response.Redirect "login.asp"
> End If
>
> Best regards,
> J. Paul Schmidt, Freelance ASP Web Developer
> http://www.Bullschmidt.com
> ASP Design Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...
>
>
> *** Sent via Developersdex http://www.developersdex.com ***

Re: Resricting Pages

am 08.04.2005 23:57:51 von Kyle Peterson

www.aspprotect.com



"Paul" wrote in message
news:2kj5e.15671$mQ6.11475@fe3.news.blueyonder.co.uk...
> HI all, I have built a web site which require some of it's pages to be
> restricted to authorised users only. I have a login but in case they
> remember the URL I need to redirect them to the login page. I have tried
> using dreamweavers built in log in and restrict pages, but for some reason
> I can't get that working, It always seems to redirect everyone to the same
> page even if they have the right permissions/access level.
>
> Question Is there any way of restricting pages to authorised users only?
>
> Or is there something I'm missing when using dreamweavers login/restrict
> pages feature. Do i have to set up sessions or something?
>
> Thanks in advance for all your help.
>
> Desperate Paul
>