Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

security

Status
Not open for further replies.

Dashsa

Programmer
Aug 7, 2006
110
US
Hello
I am making a internal site for our company.
I want to allow acces to people only if they have a user name and Password (that is stored in a access database)

I have a login page that collects their username and Password and if it matches they are then redirected to the next Page.
What i would also like is a function that is called each time a page is loaded to verify that they have indeed been to the login page.
this first pice of code creates a session variable called accessLevel and passes it a value of correct
Code:
<%
	uName = String(Request.Form("uName"));
	pword = String(Request.Form("pword"));

	var connect = Server.CreateObject("ADODB.Connection");
	var recordSet = Server.CreateObject("ADODB.RecordSet");
	connect.Open("DSN=12345");

var loginMatch = false;

		recordSet.Open("select * from Members'" , connect, adOpenKeyset, adLockOptimistic);

while(!recordSet.EOF)
{
			var Username = recordSet("Username");
			var Password = recordSet("Password");
			var Firstname = recordSet("FirstName")	
	if(uName == String(Username) && pword == String(Password))
	{
		Session("AccessLevel") = "correct";	
		loginMatch = true;
		break;
		
	}
	
recordSet.MoveNext();
}

if(loginMatch)
{
	Response.Redirect("Shome.html");
}
else
{
	Response.Redirect("login.asp?login=false");
}

	
%>

now i have a function that i want to place on each page that will check to see if a user has been to the loginpage
Code:
var mink = Session("AccessLevel")
function valida()
{
if Session("AccessLevel") != mink;
	{
		Response.Redirect("login.asp?login=false")
	}
	
}

But i am getting a error on the Function(valida)
any suggestions??
Thanks
 
I would do a cookie that expires an a few hours, since they would be forced out of the site after 5-10 minutes depending on what the webserver is setup for. Unless you want that.


On your secure pages put this at the top of your code
Code:
<!--#include file="CheckThem.asp" -->

in your checking page (CheckThem.asp) you do a test, if they pass then do nothing, if it fails, send em packin
Code:
if Session("AccessLevel")="" then
   response.Redirect("login.asp?login=false")
end if
 
No i dont want them to be forced out of the site,
I think a cookie will be a very good idea ..
so to get the flow right:
1 create a cookie in the login script
Code:
 if(uName == String(Username) && pword == String(Password))
    {
        Request.Cookie("cookieOne") = correct ;    
        loginMatch = true;
        break;
        
    }
and hen in the secure pages i can access the cookie
Code:
var theCookie = Request.Cookies("cookieOne")

So could i put the code to access the cookies in an include file?
Im not sure how to do that...
Thanks for your help!
 
On the login page, create the cookie is it works out

Code:
IF request.ServerVariables("REQUEST_METHOD")="POST" then
	User=Trim(request.Form("login"))
	Pass=Trim(request.Form("password"))
	
	SQL = "Select * From tbl_admin Where User = '" & User & "' And Password = '" & Pass & "'"
	rs.open SQL,Conn,0,2,1
	If (NOT rs.EOF) then
    	Response.Cookies("APP")("N")=User
    	Response.Cookies("APP")("P")=Pass
    	Response.Cookies("APP").Expires = DATE + 1
		response.redirect("login.asp")
	Else
		msg="Try again"
	End If
END IF

that creates a cookie, with N being the username, and P being the password. It expires in one day from now, change as needed.
Then in your pages, do the include which can do anything. The reason i choose the includes is that you have one file, if you need changes, you change it and all pages update.

include file....
Code:
N = Request.Cookies("APP")("N") 
If N="" then Response.Redirect "login.asp"

You could do more, but this should be basic enough to get you started.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top