Hello everyone.
I have set up an Intranet and within this site there are links which I want to secure. I've set it up so that a user will have to log on in order to get to this particular site. I have used an example on the internet which seems to work fine. But as soon as I apply my settings it seems to fail. All I want it to do is go to the specific website when you click submit. If you do not meet the reqiurements it will take you back to the Homepage. Here is an example of what i have done:
<% ' Do not cache this page.
Response.CacheControl = "no-cache"
' Define the name of the users table.
Const USERS_TABLE = "tblUsers"
' Define the path to the logon page.
Const LOGON_PAGE = "/rothleyburnwebsite/logon.asp"
' Define the path to the logon database.
Const MDB_URL = "/rothleyburnwebsite/_private/logon.mdb"
' Check to see whether you have a current user name.
If Len(Session("UID")) = 0 Then
' Are you currently on the logon page?
If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
' If not, set a session variable for the page that made the request...
Session("REFERRER") = Request.ServerVariables("URL")
' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE
End If
End If
' This function checks for a username/password combination. Function ComparePassword(UID,PWD) ' Define your variables. Dim strSQL, objCN, objRS ' Set up your SQL string. strSQL = "SELECT * FROM " & USERS_TABLE & _ " WHERE (UID='" & ParseText(UID) & _ "' AND PWD='" & ParseText(PWD) & "');" ' Create a database connection object. Set objCN = Server.CreateObject("ADODB.Connection") ' Open the database connection object. objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _ Server.MapPath(MDB_URL) & "; uid=admin; pwd=" ' Run the database query. Set objRS = objCN.Execute(strSQL) ' Set the status to true/false for the database lookup. ComparePassword = Not(objRS.EOF) ' Close your database objects. Set objRS = Nothing Set objCN = Nothing End Function ' This function restricts text to alpha-numeric data only. Function ParseText(TXT) Dim intPos, strText, intText For intPos = 1 TO Len(TXT) intText = Asc(Mid(TXT,intPos,1)) If (intText > 47 And intText < 59) Or _ (intText > 64 And intText < 91) Or _ (intText > 96 And intText < 123) Then strText = strText & Mid(TXT,intPos,1) End if Next ParseText = strText End Function %>
This is the logon.inc page which is within the _Private folder.
This is the logon.asp page which the users log into:
<% @language="vbscript" %> <!--#include virtual="/rothleyburnwebsite/_private/logon.inc"--> <% ' Was this page posted to? If UCase(Request.ServerVariables("HTTP_METHOD")) = "POST" Then ' If so, verify the username/password that was entered. If ComparePassword(Request("UID"),Request("PWD")) Then ' If comparison was good, store the user name... Session("UID") = Request("UID") ' ..and redirect back to the original page. Response.Redirect Session("REFERRER") End If End If %> <html> <head><title>Logon Page</title> <style> body { font-family: arial, helvetica } table { background-color: #cccccc; font-size: 9pt; padding: 3px } td { color: #000000; background-color: #cccccc; border-width: 0px } th { color: #ffffff; background-color: #0000cc; border-width: 0px } </style> </head> <body bgcolor="#000000" text="#ffffff"> <h3 align="center"> </h3> <div align="center"><center> <form action="<%=LOGON_PAGE%>" method="POST"> <table border="2" cellpadding="2" cellspacing="2"> <tr> <th colspan="4" align="left">Enter User Name and Password</th> </tr> <tr> <td> </td> <td colspan="2" align="left">Please type your user name and password.</td> <td> </td> </tr> <tr> <td> </td> <td align="left">Site</td> <td align="left"><%=Request.ServerVariables("SERVER_NAME")%>  </td> <td> </td> </tr> <tr> <td> </td> <td align="left">User Name</td> <td align="left"><input name="UID" type="text" size="20"></td> <td> </td> </tr> <tr> <td> </td> <td align="left">Password</td> <td align="left"><input name="PWD" type="password" size="20"></td> <td> </td> </tr> <tr> <td> </td> <td colspan="2" align="center"><input type="submit" value="LOGON"></td> <td> </td> </tr> </table> </form> </center></div> </body> </html>
Please help me
Thanks
JonnyEQ
I have set up an Intranet and within this site there are links which I want to secure. I've set it up so that a user will have to log on in order to get to this particular site. I have used an example on the internet which seems to work fine. But as soon as I apply my settings it seems to fail. All I want it to do is go to the specific website when you click submit. If you do not meet the reqiurements it will take you back to the Homepage. Here is an example of what i have done:
<% ' Do not cache this page.
Response.CacheControl = "no-cache"
' Define the name of the users table.
Const USERS_TABLE = "tblUsers"
' Define the path to the logon page.
Const LOGON_PAGE = "/rothleyburnwebsite/logon.asp"
' Define the path to the logon database.
Const MDB_URL = "/rothleyburnwebsite/_private/logon.mdb"
' Check to see whether you have a current user name.
If Len(Session("UID")) = 0 Then
' Are you currently on the logon page?
If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
' If not, set a session variable for the page that made the request...
Session("REFERRER") = Request.ServerVariables("URL")
' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE
End If
End If
' This function checks for a username/password combination. Function ComparePassword(UID,PWD) ' Define your variables. Dim strSQL, objCN, objRS ' Set up your SQL string. strSQL = "SELECT * FROM " & USERS_TABLE & _ " WHERE (UID='" & ParseText(UID) & _ "' AND PWD='" & ParseText(PWD) & "');" ' Create a database connection object. Set objCN = Server.CreateObject("ADODB.Connection") ' Open the database connection object. objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _ Server.MapPath(MDB_URL) & "; uid=admin; pwd=" ' Run the database query. Set objRS = objCN.Execute(strSQL) ' Set the status to true/false for the database lookup. ComparePassword = Not(objRS.EOF) ' Close your database objects. Set objRS = Nothing Set objCN = Nothing End Function ' This function restricts text to alpha-numeric data only. Function ParseText(TXT) Dim intPos, strText, intText For intPos = 1 TO Len(TXT) intText = Asc(Mid(TXT,intPos,1)) If (intText > 47 And intText < 59) Or _ (intText > 64 And intText < 91) Or _ (intText > 96 And intText < 123) Then strText = strText & Mid(TXT,intPos,1) End if Next ParseText = strText End Function %>
This is the logon.inc page which is within the _Private folder.
This is the logon.asp page which the users log into:
<% @language="vbscript" %> <!--#include virtual="/rothleyburnwebsite/_private/logon.inc"--> <% ' Was this page posted to? If UCase(Request.ServerVariables("HTTP_METHOD")) = "POST" Then ' If so, verify the username/password that was entered. If ComparePassword(Request("UID"),Request("PWD")) Then ' If comparison was good, store the user name... Session("UID") = Request("UID") ' ..and redirect back to the original page. Response.Redirect Session("REFERRER") End If End If %> <html> <head><title>Logon Page</title> <style> body { font-family: arial, helvetica } table { background-color: #cccccc; font-size: 9pt; padding: 3px } td { color: #000000; background-color: #cccccc; border-width: 0px } th { color: #ffffff; background-color: #0000cc; border-width: 0px } </style> </head> <body bgcolor="#000000" text="#ffffff"> <h3 align="center"> </h3> <div align="center"><center> <form action="<%=LOGON_PAGE%>" method="POST"> <table border="2" cellpadding="2" cellspacing="2"> <tr> <th colspan="4" align="left">Enter User Name and Password</th> </tr> <tr> <td> </td> <td colspan="2" align="left">Please type your user name and password.</td> <td> </td> </tr> <tr> <td> </td> <td align="left">Site</td> <td align="left"><%=Request.ServerVariables("SERVER_NAME")%>  </td> <td> </td> </tr> <tr> <td> </td> <td align="left">User Name</td> <td align="left"><input name="UID" type="text" size="20"></td> <td> </td> </tr> <tr> <td> </td> <td align="left">Password</td> <td align="left"><input name="PWD" type="password" size="20"></td> <td> </td> </tr> <tr> <td> </td> <td colspan="2" align="center"><input type="submit" value="LOGON"></td> <td> </td> </tr> </table> </form> </center></div> </body> </html>
Please help me
Thanks
JonnyEQ