authentication

[niceguy606]

I have a form where i have select boxes when i click on the submit button it updates them in the database and the same page is loaded with the remaining select boxes which have not been updated.

I want to authenticate the user when he clicks on the submit button by popping up a window and asking him to login using username and password.
But the original page submits itself anyway even before this ones get authenticated. is there any way i can stop the page from submitting until he login is authenticated.


<script language="javascript">

function CloseIt(){
var newwin;
newwin=window.open('Secure_Logon.asp','newwin','toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=1,width=500,directories=no,height=300,left = 0,top = 0');
newwin.close();

}

function SaveSubmit()
{
Show_Login();
document.EducApproval.action="EducationApproval.asp?action=2"
}

function Show_Login() {
var newwin;
newwin= window.open ('Secure_Logon.asp','newwin','toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=1,width=500,directories=no,height=300,left = 0,top = 0');

}
function SetApproved()
{
document.EducApproval.action="EducationApproval.asp?action=1"
}

function CheckOnExit(act, change)
{
if (confirm("Do you want to save your changes?"))
return(false);
else
return(true);
}

function SubmitMe()
{
document.EducApproval.submit();
return(true);
}

</script>

<form method="POST" name="EducApproval" action="Mgmt_EmployeeApprove.asp?menuid=<%=request.querystring("menuid")%>&action=0" onload="CloseIt()" >

select case action
Case 0:
response.write "<tr bgcolor='#FFFFFF'><td valign='top'><select name='Approval' onchange='ValueChange.value=1'>"
Select case rst("Approval")
Case 1 'Approved
response.write "<option selected value=" & keyvalue1 & ">Approved "
response.write "<option value=" & keyvalue2 & ">Pending"
response.write "<option value=" & keyvalue3 & ">Rejected</select></td>"
end Select

</form>

Here is the Secure_Logon.asp file
---------------------------------
<!-- #include file="Include_Files/General/GetTestCodeValue.inc" -->

<%
Dim msg1, msg2, msgtest
Dim TestMode

TestMode = GetTestCodeValue

msg1 = " Either your userid or password is invalid!"
msg2 = " You are not authorized to view this page! Please contact your System Administrator"
msg3 = " You did not enter a valid security code!"
msg = ""
msg4 = "Please Enter your UserName and Password again to Approve the training."
if cint(request.querystring("msg")) = 1 then
msg = msg1

else
if cint(request.querystring("msg")) = 2 then
msg = msg2
else
if cint(request.querystring("msg")) = -1 then
msg=msg3
end if

end if

if cint(request.querystring("msg")) = -2 then
msg = msg4
end if
end if

%>

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Employee Logon</title>
<script Language="JavaScript"><!--
function FrontPage_Form1_Validator(theForm)
{

if (theForm.Password.value == "")
{
alert("Please enter a value for the \"Password\" field.");
theForm.Password.focus();
return (false);
}

if (theForm.Password.value.length < 1)
{
alert("Please enter at least 1 characters in the \"Password\" field.");
theForm.Password.focus();
return (false);
}

if (theForm.Password.value.length > 25)
{
alert("Please enter at most 25 characters in the \"Password\" field.");
theForm.Password.focus();
return (false);
}
return (true);
}

function disable(formnum, elementnum) {
if (navigator.appName == "Microsoft Internet Explorer")
document.forms[formnum].elements[elementnum].style.visibility="hidden";
}


function enable(formnum, elementnum) {
if (navigator.appName == "Microsoft Internet Explorer")
document.forms[formnum].elements[elementnum].style.visibility="inherit";
}


//--></script>
</head>
<body bgcolor="#FFFFFF" height="200" width="200">
<form method="POST" action="Approval_Security.asp" name="FrontPage_Form1" onload="disable(0,2)" onsubmit="return FrontPage_Form1_Validator(this)">
</form>
<table border="0" cellspacing="0" cellpadding="0" width="156" height="1">
<tr><td width="87" height="40">
<img border="0" src="images/Logo.gif" width="100" height="34"></td>
<td width="713" height="40">
<img border="0" src="images/TitleMain.gif" width="270" height="38"></td></tr>
<tr><td colspan="2" width="800" height="40">
<img border="0" src="images/TopLine.gif" width="345" height="58"></td></tr>
<tr><td width="100" height="68">
<img border="0" src="images/leftbar.gif" width="72" height="164"></td>
<form method="POST" action="Approval_Security.asp" name="FrontPage_Form1" onsubmit="return FrontPage_Form1_Validator(this)">
<td width="700" height="68" valign="top">

<font face="Arial" size="2"><b>Username: </b></font><font face="Arial" size="3">
<INPUT TYPE="text" name="Userid" size="18" tabindex="1" maxlength="25"></font><p><font face="Arial" size="2"><b>
Password:</b></font><font face="Arial" size="3">&nbsp;
<input type="password" name="Password" size="18" maxlength="25" tabindex="2"></font></p>
<p>
<font face="Arial" size="2" style="visibility:visible" style="visibility:hidden">
Security:&nbsp;&nbsp;&nbsp;&nbsp; </font><font face="Arial" size="3">
<input type="text" name="EmployeeID" size="18" maxlength="25" tabindex="2" <% if TestMode = "-1" then %> style="visibility:visible" <% else %> style="visibility:hidden" <% end if %> ></font></p>
<p><font face="Arial">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</font>
<input type=image src="images/B_Logon_Off.gif" value="Login" name="Submit" onmouseover="src='images/B_Logon_On.gif'" onmouseout= "src='images/B_Logon_Off.gif'"></TR>



<tr><td width="800" height="16" colspan="2">
<img border="0" src="images/footer.gif" width="345" height="22"></td>
<tr>



</form>



</table>
</body>

This is Approval_Security.asp
-----------------------------

<!-- #include file="Include_Files/Security/Add_Audit.inc" -->
<!-- #include file="Include_Files/General/GetTestCodeValue.inc" -->

<%


if ( (session("Userid") = Request("Userid")) AND (session("Password") = Request("Password")) ) then
%>

<script language="javascript">
document.EducApproval.action="EducationApproval.asp?action=2"
newwin.close();

</script>

<%

else
Response.write "You are not authorized to approve training"
Response.redirect "Secure_Logon.asp"
end if
%>

pls let me know

thanks

 

[Ammodog]

I would put the login page as the index and set your update page to only show when a user auth. has been verified.

Christopher Abney
There is no limit to the good you can do if you dont care who gets the credit

 

[theniteowl]

You are executing client side script for your onsubmit which then launches your logon window. The clientside script will not pause while waiting for the popup windows script to complete and will cause the first form to finish submitting.

One possible way to handle this would be to not use a Submit button type but use a "button" type and have an onclick event call the function that opens the popup.
Do your authentication in the popup window and as the window goes to close itself it can execute a javascript function in the main window to trigger the correct event based on whether the logon failed or was successful.

The solution is basically in Javascript though so it might be better to post in that forum for details for the above approach.

Paranoid? ME?? WHO WANTS TO KNOW????