Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Include file in Data access pages

Status
Not open for further replies.
samusa

samusa

Programmer
Jan 1, 2001
107
US
I have created data access pages and a logon page in asp.However there is a file tiltled securitycheck.asp that need to included in all DAP's. Here is the code of this file:
<%
'This Page is a Security Check Page
'This code checks if the user has logged in.
'It checks the session variable called loginID.
'This session is created whenever a user has sucessfully logged on.
'This will also redirect the user if they are inactive for a period of time.
'This period is defined in IIS and by default is 15 minutes (I think)

If session("loginID") = "" then
Response.redirect "default.asp?strMsg=You have been logged out for security reasons"
else
end if
%>

If i wont include this file , users can directly enter the dap url and thus skip login page. Could someone tell me how to add this file in a DAP code or what is equivalent of this code in VBS. Will appreciate your help.

Sam
 
Sort by date Sort by votes
In the securitycheck page, set a session, say session("validuser") to true if login is successful and redirect to the dap, else to false and request login again. And in the dap, start with checking the session("validuser"). If it is not true, redirect back to the login page or send a message like response.write("Unauthorized Access"). In that case, even they know the url of the dap, they can operate on it directly. Maybe this will do?
 
Upvote 0 Downvote
>[self][tt]they can operate on it directly[/tt]
I meant
[tt]they can[red]not[/red] operate on it directly[/tt]
 
Upvote 0 Downvote
I didn't get you. Do I have to use session function in vbs and put that script in DAP or I can call this script in a DAP.

Sam
 
Upvote 0 Downvote
>Do I have to use session function in vbs ...
Is your session("loginID") a function? If yes, you can ignore my post.
 
Upvote 0 Downvote
No it is not. Here is the asp file code where from it grabs the value of LoginID.

<!--#include file="db.asp"-->

<%
dim Username, password
Username = request.form("uname")
password = request.form("pword")
%>

<%
Dim struserSQL 'SQL command
dim rsUser

struserSQL = "SELECT * FROM tbl_Users where UserName='" & username & "' AND UserPword= '" & password & "'"

Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open ConString

Set rsUser = Server.CreateObject("ADODB.Recordset")
rsuser.Open struserSQL, Conn, adOpenstatic, adLockOptimistic, adCmdText

if not rsuser.eof then
Session("LoginID") = rsUser("UserID")
response.redirect "default.htm"
else
response.write "Username / Password combination failed<br>Press back on your browser"
end if

%>
what i want is to use session () in DAP to find out whether the user has lgged in or not.

Sam
 
Upvote 0 Downvote
>>>Do I have to use session function in vbs ...
>>[self]Is your session("loginID") a function? If yes, you can ignore my post.
>No it is not.
Then I wonder why you take my conceptual approach with session("validuser") as a session function? May be I should leave you some time to consider what I post. But my post may not have any value---I am not insisting on anything.

If we establish after all a common understanding, then I would coin something like this.
[tt]
if not rsuser.eof then
Session("LoginID") = rsUser("UserID")
[blue] Session("validuser") = true[/blue]
response.redirect "default.[red]asp[/red]"
else
[blue] Session("validuser") = false[/blue]
response.write "Username / Password combination failed<br>Press back on your browser"
end if
[/tt]
You can the default page to an asp rather than a htm. Then in the default.asp, you keep mostly the default.htm construction, only you add a checking on the session("validuser").
[tt]
[blue]<%
if not session("validuser") then
response.redirect "login_failed.htm" 'something like that or asp page
end if
%>[/blue]
<!-- below about the same thing or about as your existing default.htm -->
[/tt]
That's what I visualize the mechanics. Maybe not making much sense to you. I don't know...
 
Upvote 0 Downvote
Still I have to put following in all Data access pages.It is not working

<%
if not session("validuser") then
response.redirect "login_failed.htm" 'something like that or asp page
end if
%>



Sam
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Rick_Stanich
  • Locked
  • Question
Save xls file to cvs file 1
Replies
3
Views
195
Rick_Stanich
Rick_Stanich
Palito1916
  • Locked
  • Question
Disable multiple computer accounts using TXT file with computer names
Replies
2
Views
184
Palito1916
Palito1916
bdwilcox
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
811
SoftwareRT
SoftwareRT
paullem
  • Locked
  • Question
vbscript to read properties of JPEG file
Replies
4
Views
305
paullem
paullem
asel
  • Locked
  • Question
Copy cell data from excel and paste into portable software application
Replies
0
Views
129
asel
asel

Part and Inventory Search

Sponsor

Back
Top