Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

History.back with password support 1

Status
Not open for further replies.

Nogi

Technical User
Dec 10, 2004
132
BE
Hi all,

I have a question regarding a "go-1-page-back"-item on my asp-pages i'm using.

i now have the following code in my asp-page:

Code:
<p ALIGN="left"><a HREF="javascript:history.back()" class="style2">Back</a>

This works fine, however, the page in the history list, is always a password protected page. (always the same password).
So when people hit the "back" text, they always get prompted for a password (which they're not supposed to know).

Is there a way to change the code so it's not directly visible from within the html-code of the asp-page (for example an external .js)

Cause if i would use a password supported "back" directly embedded in my html, people would see the password by moving their mouse over the "back" word.

I hope somebody can help me out cause i have no idea how this can be achieved.

Thanks in advance
 
Putting the password in an external js file will not solve anything as someone could simply download that js file. How, if the user doesn't know the password, do you allow access to that page in the first place (i.e. why have a password at all if you are not even asking the user for it)?


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Yes - interesting. If they should have access to the page, then they'll need to know the password. If not, then remove the back link and replace it with a link to the page prioir to the password protected one.

Dan



[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
 
Maybe if i explain the situation it becomes more clear:

I have a basic page: index.htm, that contains an iframe.
Inside that iframe, i have an asp-page that displays results of a database, let's call this page database.asp.
The database.asp is opened by a user-click action into that iframe.

The database is password-protected, so the database.asp contains inside it's connection-script to the database the databasepassword.

Now if i open another asp-page inside the iframe, and i want to go back to the database.asp, you can go back the a click on the word "back" on that asp-page.
Problem is, that by going 1 page back in history, the database.asp asks for the password to connect to it's database.

You see, if database.asp is opened by a user-click, the password is auto-filled by the connectionscript, but if you go 1 page back in history, the connectionscript does not reload, so it asks for the password.

The External .js -file will be compiled inside an .exe-file, so it will not be downloadable, nor viewable.

Uhm..i hope this makes it all a bit more clear.
 
You see, if database.asp is opened by a user-click, the password is auto-filled by the connectionscript, but if you go 1 page back in history, the connectionscript does not reload, so it asks for the password.
This leads me to believe that it's actually an ASP problem that you have here, not a javascript one. However, even if you click the back button to go back to database.asp, that page should reload so I'm not sure why connectionscript (is this a function of some sorts?) isn't reloaded as well.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
with connectionscript i mean the ODBC connection string to the database.

When the page is opened by a user-click on the mainpage, somehow the connection is made through the ODBC-connection string, and things work fine.

But when going back to the page appearently the connectionstring gets read otherwise. If the password is entered it works fine.

I know in VB you can add blah blah, false, "yourpassword" and you can go on. But i don't know how to do it in an external javascript.
 
If it's a password for a database connection string, then it won't have anything to do with javascript. It will be within the ASP code that you have to specify the password (and it could be hard-coded like Dan suggested).


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
k thanks. i think i'll keep it simple and just make the "back" go to a certain page.

Thanks for your effords
 
It sounds to me like to get to the database.asp page in the first place they are clicking a link that goes to the connection script which then calls the database.asp page.
When hitting back in the browser it goes back to database.asp but since it did not go through the connection script the database.asp page does not load because the ODBC connection does not have the id/password that is included by the connection script.

If this is the case, could you replace the history entry for database.asp to point to the connection script instead?

Here, I use one include file that creates the DB connection passing ID/Password. Every page that uses the database just includes that file. So for me a situation like yours would not occur since my target page does the include for the connection string rather than the connection string redirection to the database page.
Perhaps something like that will work for you as well.


Paranoid? ME?? WHO WANTS TO KNOW????
 
i assume you could be right, but the problem is that my connection from the asp to the database is created within msaccess itself when i generated my database.

So i don't have a seperate connection-file like you, but every page has it's own piece of connection-code (which seems quiet difficult to understand for a newbie like me).

So it's a great idea, but not really an option.

i've posted a new question that might provide a work-around.

Instead of going back to the previous page, why not redirect to the same URL as the one you last visited.

Maybe that would work. Cause then the connection has to be reset upon loading the page. (i think)
 
Can you post your connection page?
You can probably modify it to work the way you want it to.
Otherwise, in your database.asp file you may be able to test to see if you have a connection object and if not redirect the page to the connection script before it tries to access the database.


Paranoid? ME?? WHO WANTS TO KNOW????
 
uhm..i'll try:
Sorry if i'm adding to much code, but i don't see where it begins and where it ends:
Code:
<object id="MSODSC" tabIndex="-1" classid="CLSID:0002E553-0000-0000-C000-000000000046">
  <param name="XMLData"
  value="&lt;xml xmlns:a=&quot;urn:schemas-microsoft-com:office:access&quot;&gt;
 &lt;a:DataSourceControl&gt;
  &lt;a:OWCVersion&gt;10.0.0.6619         &lt;/a:OWCVersion&gt;
  &lt;a:ConnectionString&gt;Provider=Microsoft.Jet.OLEDB.4.0;User ID=Admin;Data Source=C:\windows\Temp\database.mdb;Mode=Share Deny None;Extended Properties=&amp;quot;&amp;quot;;Persist Security Info=False;Jet OLEDB:System database=&amp;quot;&amp;quot;;Jet OLEDB:Registry Path=&amp;quot;&amp;quot;;Jet OLEDB:Database Password=&amp;quot;MyPassWord&amp;quot;;Jet OLEDB:Engine Type=0;Jet OLEDB:Database Locking Mode=1;Jet OLEDB:Global Partial Bulk Ops=2;Jet OLEDB:Global Bulk Transactions=1;Jet OLEDB:New Database Password=&amp;quot;&amp;quot;;Jet OLEDB:Create System Database=False;Jet OLEDB:Encrypt Database=False;Jet OLEDB:Don't Copy Locale on Compact=False;Jet OLEDB:Compact Without Replica Repair=False;Jet OLEDB:SFP=False&lt;/a:ConnectionString&gt;
  &lt;a:MaxRecords&gt;10000&lt;/a:MaxRecords&gt;
  &lt;a:GridX&gt;10&lt;/a:GridX&gt;
  &lt;a:GridY&gt;10&lt;/a:GridY&gt;
  &lt;a:OfflineType&gt;2&lt;/a:OfflineType&gt;
  &lt;a:XMLLocation&gt;0&lt;/a:XMLLocation&gt;
  &lt;a:XMLDataTarget&gt;&lt;/a:XMLDataTarget&gt;
  &lt;a:ConnectionFile&gt;&lt;/a:ConnectionFile&gt;
  &lt;a:ElementExtension&gt;
   &lt;a:ElementID&gt;Brand&lt;/a:ElementID&gt;
   &lt;a:ControlSource&gt;GroupOfTableBrand-Brand&lt;/a:ControlSource&gt;
   &lt;a:ChildLabel&gt;Brand_Label&lt;/a:ChildLabel&gt;
  &lt;/a:ElementExtension&gt;
  &lt;a:ElementExtension&gt;
   &lt;a:ElementID&gt;ItemDescription&lt;/a:ElementID&gt;
   &lt;a:ControlSource&gt;GroupOfTableBrand-ItemDescription&lt;/a:ControlSource&gt;
   &lt;a:ChildLabel&gt;ItemDescription_Label&lt;/a:ChildLabel&gt;
  &lt;/a:ElementExtension&gt;
  &lt;a:ElementExtension&gt;
   &lt;a:ElementID&gt;ItemType&lt;/a:ElementID&gt;
   &lt;a:ControlSource&gt;ItemType&lt;/a:ControlSource&gt;
   &lt;a:ChildLabel&gt;ItemType_Label&lt;/a:ChildLabel&gt;
  &lt;/a:ElementExtension&gt;
  &lt;a:ElementExtension&gt;
   &lt;a:ElementID&gt;textboxfield&lt;/a:ElementID&gt;
   &lt;a:ControlSource&gt;Download&lt;/a:ControlSource&gt;
  &lt;/a:ElementExtension&gt;
  &lt;a:GroupLevel&gt;
   &lt;a:RecordSource&gt;TableBrand-Brand&lt;/a:RecordSource&gt;
   &lt;a:DefaultSort&gt;[GroupOfTableBrand-Brand]&lt;/a:DefaultSort&gt;
   &lt;a:HeaderElementId&gt;HeaderTableBrandBrand&lt;/a:HeaderElementId&gt;
   &lt;a:FooterElementId&gt;&lt;/a:FooterElementId&gt;
   &lt;a:CaptionElementId&gt;&lt;/a:CaptionElementId&gt;
   &lt;a:RecordNavigationElementId&gt;&lt;/a:RecordNavigationElementId&gt;
   &lt;a:DataPageSize&gt;-1&lt;/a:DataPageSize&gt;
   &lt;a:GroupFilterControl&gt;&lt;/a:GroupFilterControl&gt;
   &lt;a:NoAllowEdits/&gt;
   &lt;a:NoAllowAdditions/&gt;
   &lt;a:NoAllowDeletions/&gt;
  &lt;/a:GroupLevel&gt;
  &lt;a:GroupLevel&gt;
   &lt;a:RecordSource&gt;TableBrand-ItemDescription&lt;/a:RecordSource&gt;
   &lt;a:DefaultSort&gt;[GroupOfTableBrand-ItemDescription]&lt;/a:DefaultSort&gt;
   &lt;a:HeaderElementId&gt;HeaderTableBrandItemDescription&lt;/a:HeaderElementId&gt;
   &lt;a:FooterElementId&gt;&lt;/a:FooterElementId&gt;
   &lt;a:CaptionElementId&gt;&lt;/a:CaptionElementId&gt;
   &lt;a:RecordNavigationElementId&gt;&lt;/a:RecordNavigationElementId&gt;
   &lt;a:DataPageSize&gt;-1&lt;/a:DataPageSize&gt;
   &lt;a:GroupFilterControl&gt;&lt;/a:GroupFilterControl&gt;
   &lt;a:NoAllowEdits/&gt;
   &lt;a:NoAllowAdditions/&gt;
   &lt;a:NoAllowDeletions/&gt;
  &lt;/a:GroupLevel&gt;
  &lt;a:GroupLevel&gt;
   &lt;a:RecordSource&gt;TableBrand&lt;/a:RecordSource&gt;
   &lt;a:DefaultSort&gt;&lt;/a:DefaultSort&gt;
   &lt;a:HeaderElementId&gt;HeaderTableBrand&lt;/a:HeaderElementId&gt;
   &lt;a:FooterElementId&gt;&lt;/a:FooterElementId&gt;
   &lt;a:CaptionElementId&gt;&lt;/a:CaptionElementId&gt;
   &lt;a:RecordNavigationElementId&gt;&lt;/a:RecordNavigationElementId&gt;
   &lt;a:DataPageSize&gt;-1&lt;/a:DataPageSize&gt;
   &lt;a:GroupFilterControl&gt;&lt;/a:GroupFilterControl&gt;
  &lt;/a:GroupLevel&gt;
  &lt;a:Datamodel a:version=&quot;0816&quot;&gt;
   &lt;a:SchemaRowsource a:id=&quot;TableBrand&quot; a:type=&quot;dscTable&quot;&gt;
    &lt;a:SchemaField a:id=&quot;Brand&quot; a:datatype=&quot;130&quot; a:size=&quot;50&quot;/&gt;
    &lt;a:SchemaField a:id=&quot;ItemDescription&quot; a:datatype=&quot;130&quot; a:size=&quot;50&quot;/&gt;
    &lt;a:SchemaField a:id=&quot;ItemType&quot; a:datatype=&quot;130&quot; a:size=&quot;50&quot;/&gt;
    &lt;a:SchemaField a:id=&quot;Download&quot; a:datatype=&quot;130&quot; a:size=&quot;50&quot;/&gt;
   &lt;/a:SchemaRowsource&gt;
   &lt;a:RecordsetDef a:id=&quot;TableBrand&quot;&gt;
    &lt;a:PageField a:id=&quot;Brand&quot;/&gt;
    &lt;a:PageField a:id=&quot;ItemDescription&quot;/&gt;
    &lt;a:PageField a:id=&quot;ItemType&quot;/&gt;
    &lt;a:PageField a:id=&quot;Download&quot;/&gt;
    &lt;a:GroupingDef a:id=&quot;TableBrand-ItemDescription&quot;&gt;
     &lt;a:PageField a:id=&quot;GroupOfTableBrand-ItemDescription&quot;
      a:source=&quot;ItemDescription&quot; a:groupon=&quot;dscEachValue&quot; a:interval=&quot;1.0&quot;/&gt;
    &lt;/a:GroupingDef&gt;
    &lt;a:GroupingDef a:id=&quot;TableBrand-Brand&quot;&gt;
     &lt;a:PageField a:id=&quot;GroupOfTableBrand-Brand&quot; a:source=&quot;Brand&quot;
      a:groupon=&quot;dscEachValue&quot; a:interval=&quot;1.0&quot;/&gt;
    &lt;/a:GroupingDef&gt;
   &lt;/a:RecordsetDef&gt;
  &lt;/a:Datamodel&gt;
 &lt;/a:DataSourceControl&gt;
&lt;/xml&gt;">
</object>
 
How is this called from your page?


Paranoid? ME?? WHO WANTS TO KNOW????
 
reload the page. Do you have !IsPostBack looking. History will be considered a postback will it not, so if your connection is only being initialised if(!IsPostBack) then it will not fire again.

Suggestion 1: Use asp to cache the results to the session object

Suggestion 2: history.back() + use asp to explicitlly connect to the SQL Server and pull the data everytime (ie, NO NATIVE IIS CACHE)

Regards,
mcm
 
thanks for having tried to help me out all.

I'm going to follow mcmcom89's directions and post a question in the asp-forum regarding refering to the session object.

I think maybe that might do the trick.

Thanks for all the effords
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top