Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
User Login for Data Access Pages
- Thread starter samusa
- Start date
Here's one way. First I made a little table - called it LogonInfo - that has one field:
EmployID (which is a primary key, format text)
Glen
Neil
etc.
I then have a DAP that has a label and textbox on it. It says something like:
"To Enter, Type in Your Password Then TAB:" Textbox (named it EmployeeID). Note: They have to TAB, not enter.
I also have an invisible hyperlink to the next DAP.
Then on the onchange event of the textbox, I have:
<SCRIPT language=vbscript event=onchange for=EmployeeID>
<!--
Set rs = CreateObject("ADODB.Recordset")
sqlSelect = _
"SELECT * FROM LogonInfo WHERE EmployID = '" & EmployeeID.value & "'"
rs.Open sqlSelect, MSODSC.Connection
If rs.EOF Then
EmployeeID.value = "(Access Denied)"
Else
EmployeeID.value = "(You May Edit)"
Hyperlink0.style.visibility = "visible"
End if
rs.Close
Set rs = Nothing
-->
</SCRIPT>
Pretty simple to understand. It tries to find the password in the table. If it doesn't then they get the message "Access Denied". If it's found, they get a message, "You may Edit") and the hyperlink appears so they can jump to the next DAP. You can add code to check for a valid ID then a valid password.
EmployID (which is a primary key, format text)
Glen
Neil
etc.
I then have a DAP that has a label and textbox on it. It says something like:
"To Enter, Type in Your Password Then TAB:" Textbox (named it EmployeeID). Note: They have to TAB, not enter.
I also have an invisible hyperlink to the next DAP.
Then on the onchange event of the textbox, I have:
<SCRIPT language=vbscript event=onchange for=EmployeeID>
<!--
Set rs = CreateObject("ADODB.Recordset")
sqlSelect = _
"SELECT * FROM LogonInfo WHERE EmployID = '" & EmployeeID.value & "'"
rs.Open sqlSelect, MSODSC.Connection
If rs.EOF Then
EmployeeID.value = "(Access Denied)"
Else
EmployeeID.value = "(You May Edit)"
Hyperlink0.style.visibility = "visible"
End if
rs.Close
Set rs = Nothing
-->
</SCRIPT>
Pretty simple to understand. It tries to find the password in the table. If it doesn't then they get the message "Access Denied". If it's found, they get a message, "You may Edit") and the hyperlink appears so they can jump to the next DAP. You can add code to check for a valid ID then a valid password.
In the following articles, you'll see that when you save a password in a data access page, the password is saved in its unencrypted form in the page. Users of the page will be able to view the password. A malicious user could access the information to compromise the security of the data source.
To protect your data, on the Connection tab of the Data Link Properties dialog box, clear the Allow saving password check box.
The following talks about security issues about DAP's:
Creating Secure Data Access Pages
To protect your data, on the Connection tab of the Data Link Properties dialog box, clear the Allow saving password check box.
The following talks about security issues about DAP's:
Creating Secure Data Access Pages
- Thread starter
- #4
Thanks fneily for your quick reply. It will work fine if the user enters the URL of logon page. However if a user directly enter the URL of DAP2, he/she can bypass the logon page. Is there a way to redirect the user to logon page if user tries to enter URL of other than logon page.
Sam
Sam
- Status
Similar threads
