Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Creating a Customer Logon at Webpage 4

Status
Not open for further replies.
ShawnF

ShawnF

IS-IT--Management
Oct 1, 2001
149
US
Hello,

I have very limited webpage experience (just the basics of Frontpage 2000). The company I work for wants to create a login section on our webpage where our customers can login to view product specifications. There will probably be a hundred or so individual product pages, all of which being very basic with little to no graphics. We (actually I) will assign customers a username and password. The specifications won't be for everyone to see, however, it's not critical enough that I'd be concerned about someone hacking in and viewing it. That being said, I'd still like to know if there are varying levels of secure login types, or if it is a rather generic thing (because I'd opt for a more secure form of login).

What does it take to have a logon prompt on a webpage? This will determine whether I have enough time or skills to bother trying myself or to outsource it.
 
Sort by date Sort by votes
Hi mate,

There are a few ways that you could do this..

You could either include a login form on the page in question or you could have a link to the directory and use htaccess to prompt for the user and pass.

It really is up to you but if you can use htaccess on the server that you are using then that is the way I personally would go.

This is what you get when using htaccess.

Let me know and I will guide you through it..

Hope this helps Wullie

 
Upvote 0 Downvote
I am looking for help in the same area, but i need to to be a pretty secure area, with database access that uses the logon name... this is going to be on an Intra-net, but i still need to it be secure, and i can't use the network names for security, i need it to be one's i make. I will also be hosting on a Microsoft IIS Server... if that makes a difference... what would you suggest for this as well??

--Junior JHauge@jmjpc.net
Life is change. To deny change is to deny life.
 
Upvote 0 Downvote
darn, alwell... thank for tring:)

--Junior JHauge@jmjpc.net
Life is change. To deny change is to deny life.
 
Upvote 0 Downvote
[tt]Why type of security are you actually talking about?
You mean:
[ol][li]Only give access to certain people to view your site?[/li] or [li]IIS security?[/li][/ol]


I can help you with 1
[/tt]
[pc3]
[thumbsup2]
 
Upvote 0 Downvote
CDN,

I'm not sure if you're speaking to me or to junior...

I'm not sure what type of security I'm talking about. I need to know what's available and in what ways I should be secure. But the basics are that I want to control who can see our product specs and do this based on a login prompt at our website.

Wullie,

That might be an option. Know of any good websites that have support and tech info for htaccess? I no nothing about it other than the handy link you provided me as an example. Such as, is it easy to "crack" or get by? Does it have to have the check box to allow the option to retain the password? Can I add a prompt to change a password every so often?

Oh, a few more details as well. We do not have our own webserver. An internet service provider is hosting our page, so does this mean it depends on what they are running and if they allow it? I didn't think about that until now....

Thanks!
 
Upvote 0 Downvote
Such as, is it easy to "crack" or get by?

No, it is not easy but like anything on the net, it is not 100% secure either.. Passwords are encrypted however..

Does it have to have the check box to allow the option to retain the password?

It is system generated, you cannot remove that..

Can I add a prompt to change a password every so often?

I am not sure what you mean here.. Do you mean, can a user change their password?? If so, then no..

so does this mean it depends on what they are running and if they allow it?

Yes, it depends on what server you are running and also what you are allowed to use on the server.

If you can tell me the url to the server, I can find out the server type..

Hope this helps Wullie

 
Upvote 0 Downvote
[tt]
Here's how I handle security on every portal I create.




[ol][li]On your login page (I'm not sure if you're familiar with Dreamweaver but that's what I use. I'm sure you can figure out how is working)[/li]


After you check their login name and password, assuming
this page is called LOGIN.ASP PAGE, create a cookie.

Here's some of my code:
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>&quot;&quot; Then MM_LoginAction = MM_LoginAction + &quot;?&quot; + Request.QueryString
MM_valUsername=CStr(Request.Form(&quot;username&quot;))
If MM_valUsername <> &quot;&quot; Then
MM_fldUserAuthorization=&quot;&quot;
MM_redirectLoginSuccess=&quot;index.asp&quot;
MM_redirectLoginFailed=&quot;login.asp?valid=false&quot;
MM_flag=&quot;ADODB.Recordset&quot;
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_yourDSN_STRING
MM_rsUser.Source = &quot;SELECT *&quot;
If MM_fldUserAuthorization <> &quot;&quot; Then MM_rsUser.Source = MM_rsUser.Source & &quot;,&quot; & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & &quot; FROM ,members WHERE username='&quot; & MM_valUsername &&quot;' AND password='&quot; & CStr(Request.Form(&quot;password&quot;)) & &quot;'&quot;
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session(&quot;MM_Username&quot;) = MM_valUsername
Response.Cookies(&quot;user&quot;).Expires = Date - 1
Response.Cookies(&quot;2002&quot;).Expires = Date - 1
' Write a Cookie
'COOKIE = USERNAME BELOW
Response.Cookies(&quot;user&quot;)(&quot;username&quot;) = MM_rsUser(&quot;username&quot;)
'COOKIE = PASSWORD BELOW
Response.Cookies(&quot;user&quot;)(&quot;password&quot;) = MM_rsUser(&quot;password&quot;)
etc, etc, etc....


Then on every other page you create or want to provide access to, simply put this code at very beginning of them:

<%@LANGUAGE=&quot;VBSCRIPT&quot;%>
<!--#include file=&quot;Connections/myconnection.asp&quot; -->
<%
if request.cookies(&quot;user&quot;)(&quot;username&quot;) = &quot;&quot; then
response.redirect &quot;login.asp&quot;
end if
%>

'I'm only checking their username because that's all I care for. And if one of my users actually tries to type in the address of a page they don't have access to, they are send back to the LOGIN.ASP PAGE

[/tt]

&quot;The reward of one duty done is the power to fulfill another&quot;
--------------------------------------------------------------------
J R C L [jester] W N
 
Upvote 0 Downvote
Wullie,

Thanks for the super quick responses! In regards to changing passwords, I should have been more clear. I was thinking of something along the lines of requiring users to have to change their passwords every so often. If that's not possible, how do I accomplish changing passwords? I'm assuming there must be a file kept somewhere on the server that will retain user login info and I can change it at any time. I would like to prevent having to manually change passwords by myself and having to remember to email customer's their new password, but if that's the way it is then I can probably live with that.

I should contact my website host to see if they even let their customers do this sort of thing. I'd also like to be able to monitor the usage of this feature such as # of logins, failed login attempts (with a set maximum # of attempts before lockout), what they looked at, etc... This ISP does provide website design in addition to just hosting, so it's probable I will be able to do this stuff.

In the meantime, I will do some searches on htaccess to learn more about it. Here's dumb questiont though, is htaccess a program, a langauge, or something else? I'd like to go to some sort of tech page to start learning about it.

Thanks!
 
Upvote 0 Downvote
[tt]Don't let the dreamweaver code confuse you.

Here's basically what I'm saying:

[ol][li]Create a cookie when your users login[/li] [li]Place the code that checks for a cookie on every page even the login page, if the cookie is not present, Kick them out forcing them log in. If it is, let them in.[/li][/ol]

[/tt]

&quot;The reward of one duty done is the power to fulfill another&quot;
J R C L [jester] W N


 
Upvote 0 Downvote
[tt]On changing passwords, all you need to do, is pull the data of the user that wants to change their password matching it to the cookie then display all their data on the screen inside a form and simply do an update to it. *Poof* Your done.[/tt]

&quot;The reward of one duty done is the power to fulfill another&quot;
J R C L [jester] W N


 
Upvote 0 Downvote
[tt]It seems I spoke too soon.
Let me say this:
If you at this time do NOT have the understanding of how an Access Database or any other Database works.

Please ignore my suggestions.
Thanks
[flowerface][atom][rockband]

[/tt]

&quot;The reward of one duty done is the power to fulfill another&quot;
J R C L [jester] W N


 
Upvote 0 Downvote
Hi mate,

In the meantime, I will do some searches on htaccess to learn more about it.

Good luck!! I have never found a good guide to htaccess for beginners..

Htaccess is not just for authentication but is used for a whole range of things.. You can use it to change the default error documents, redirecting to another page etc.

Virtually any directive defined in the httpd.conf file(Server config) on an apache server can be defined locally in an htaccess file. This allows multiple sites on a server (virtualhosts) to have different settings for their particular site.

Here's dumb questiont though, is htaccess a program, a langauge, or something else?

Basic Authentication Protocol.

I would like to prevent having to manually change passwords by myself and having to remember to email customer's their new password

There are some programs out there that claim to mail your users when the password alters etc, but I have never tried them..

I was thinking of something along the lines of requiring users to have to change their passwords every so often.

Why?? There is no real security issue here..

I'd also like to be able to monitor the usage of this feature such as # of logins, failed login attempts (with a set maximum # of attempts before lockout), what they looked at, etc...

Use some kind of stats program for this..

I'm assuming there must be a file kept somewhere on the server that will retain user login info and I can change it at any time.

Yes, the file is called .htpasswd and the format is as follows.

username:password

Hope this helps Wullie

 
Upvote 0 Downvote
Just thought i'd add this,
have a very good &quot;member area&quot; script, fairly easy to install, even for dummies like me, and uses htaccess/htpasswd/member database etc.
Its worth checking out. theres a free version so you can test it a bit and if you like it i'm sure your co. wont mind paying the reasonable price for the full version.




I got bloody bored at the weekend:
É,
<!--#include file=&quot;profound quotation&quot; -->
 
Upvote 0 Downvote
Junior1544,

Are you hosting with an ISP or on your own server? IIS security can be handled fairly easy by the server administrator. Most ISP's will work with you on this.

If you're hosting on your own server, and have admin. rights, I can walk you through a couple of security scenerios with IIS.

MSB [peace]

webdev@cox.net

Strive for whorld peas.
 
Upvote 0 Downvote
Be nice Wullie. [wink]

I'm looking forward to working on a Unix box. I hear they are pretty good (stable). MSB [peace]

webdev@cox.net

Strive for whorld peas.
 
Upvote 0 Downvote
Drop me an email Wullie. I'm very interested but don't think it's appropriate for this forum. Even though some people on this forum might want to know what the heck thier ISP server admin. (running apache) is talking about too.

i.e. Why doesn't my Products.html link work just because my filename is products.html MSB [peace]

webdev@cox.net

Strive for whorld peas.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

paulajune
  • Locked
  • Question
Bluehost losing customer files?
Replies
4
Views
420
paulajune
paulajune
ControlNovice
  • Locked
  • Question
Any plans to add AppSheet programming to this list?
Replies
0
Views
333
ControlNovice
ControlNovice
Digital Dose
  • Locked
  • Question
My website refreshes twice when it is opened on any browser. 1
Replies
3
Views
473
sartechy
sartechy
chris900
  • Locked
  • Question
suggest a Magento development company
Replies
0
Views
307
chris900
chris900
bogdangromov
  • Locked
  • Question
Free-royalty music for a vlog
Replies
0
Views
351
bogdangromov
bogdangromov

Part and Inventory Search

Sponsor

Back
Top