Restrict Access to page.

Reply

Join Date: Feb 2006
Posts: 11
Reputation: vishalsomani is an unknown quantity at this point 
Solved Threads: 0
vishalsomani vishalsomani is offline Offline
Newbie Poster

Restrict Access to page.

 
0
  #1
Mar 23rd, 2008
Hi,

I am trying to create a restrict access to page function in ASP on Dreamweaver.

I have got an Admin table in the database which contains all required fields such as username, password, and Security Level.

When I try to implement restrict access to page, on one page say, the admin success login page, I also put a page for users in access denied page so they get to see another page.

But I when log in with either administrator or user, they both direct to the access denied page.

Even without implementing access levels, when I click on a page, which I only want members to see, since I have restrict access to page, the page will be restricted not only to visitors but also to logged in people.

Please help. I really don't know why this is happening.

Cheers.
Reply With Quote Quick reply to this message  
Join Date: Dec 2004
Posts: 4,267
Reputation: peter_budo has much to be proud of peter_budo has much to be proud of peter_budo has much to be proud of peter_budo has much to be proud of peter_budo has much to be proud of peter_budo has much to be proud of peter_budo has much to be proud of peter_budo has much to be proud of peter_budo has much to be proud of peter_budo has much to be proud of 
Solved Threads: 493
Moderator
Featured Poster
peter_budo's Avatar
peter_budo peter_budo is online now Online
Code tags enforcer

Re: Restrict Access to page.

 
0
  #2
Mar 24th, 2008
Obviously you have problem in your code, so you better to post your code or at least relevant parts
Learn to see in another's calamity the ills which you should avoid.
Publilius Syrus
(~100 BC)
LJC - London Java Community, Graduate & Undergraduate Software Development Community, JAVAWUG (Java Web User Group), The London Android Group
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 11
Reputation: vishalsomani is an unknown quantity at this point 
Solved Threads: 0
vishalsomani vishalsomani is offline Offline
Newbie Poster

Re: Restrict Access to page.

 
0
  #3
Mar 24th, 2008
This is the login page where users enter this username and password

ASP Syntax (Toggle Plain Text) 
  1. <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
  2. <!--#include file="Connections/testing.asp" -->
  3. <%
  4. ' *** Validate request to log in to this site.
  5. MM_LoginAction = Request.ServerVariables("URL")
  6. If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
  7. MM_valUsername=CStr(Request.Form("EmailAddress"))
  8. If MM_valUsername <> "" Then
  9.   MM_fldUserAuthorization=""
  10.   MM_redirectLoginSuccess="/pass.asp"
  11.   MM_redirectLoginFailed="/fail.asp"
  12.   MM_flag="ADODB.Recordset"
  13.   set MM_rsUser = Server.CreateObject(MM_flag)
  14.   MM_rsUser.ActiveConnection = MM_testing_STRING
  15.   MM_rsUser.Source = "SELECT EmailAddress, MyPassword"
  16.   If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  17.   MM_rsUser.Source = MM_rsUser.Source & " FROM admin WHERE EmailAddress='" & Replace(MM_valUsername,"'","''") &"' AND MyPassword='" & Replace(Request.Form("MyPassword"),"'","''") & "'"
  18.   MM_rsUser.CursorType = 0
  19.   MM_rsUser.CursorLocation = 2
  20.   MM_rsUser.LockType = 3
  21.   MM_rsUser.Open
  22.   If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
  23.     ' username and password match - this is a valid user
  24.     Session("MM_Username") = MM_valUsername
  25.     If (MM_fldUserAuthorization <> "") Then
  26.       Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
  27.     Else
  28.       Session("MM_UserAuthorization") = ""
  29.     End If
  30.     if CStr(Request.QueryString("accessdenied")) <> "" And false Then
  31.       MM_redirectLoginSuccess = Request.QueryString("accessdenied")
  32.     End If
  33.     MM_rsUser.Close
  34.     Response.Redirect(MM_redirectLoginSuccess)
  35.   End If
  36.   MM_rsUser.Close
  37.   Response.Redirect(MM_redirectLoginFailed)
  38. End If
  39. %>
  40. <html>
  41. <head>
  42. <title>Untitled Document</title>
  43. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  44. </head>
  45.  
  46. <body>
  47. <form name="form1" method="POST" action="<%=MM_LoginAction%>">
  48.   <table width="75%" border="1">
  49.     tr> 
  50.       <td>user name</td>
  51.       <td><input type="text" name="EmailAddress"></td>
  52.     </tr>
  53.     <tr> 
  54.       <td>password</td>
  55.       <td><input type="text" name="MyPassword"></td>
  56.     </tr>
  57.     <tr>
  58.       <td>&nbsp;</td>
  59.       <td><input type="submit" name="Submit" value="Login"></td>
  60.     </tr>
  61.   </table>
  62. </form>
  63. <p>&nbsp;</p>
  64. </body>
  65. </html>



Below is the adminonly page which should only be accessible by logged in users. I have put a restrict access to page behaviour. I haven't added any code as all code is generated by Dreamweaver. When I log in, and click a link to this page, it will take me to denied page. It will take me to denied page and never show this page even I have logged on or not, or even if I have typed this address straight from the web browser.

ASP Syntax (Toggle Plain Text) 
  1. <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
  2. <%
  3. ' *** Restrict Access To Page: Grant or deny access to this page
  4. MM_authorizedUsers=""
  5. MM_authFailedURL="/denied.asp"
  6. MM_grantAccess=false
  7. If Session("MM_Username") <> "" Then
  8.   If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
  9.          (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
  10.     MM_grantAccess = true
  11.   End If
  12. End If
  13. If Not MM_grantAccess Then
  14.   MM_qsChar = "?"
  15.   If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  16.   MM_referrer = Request.ServerVariables("URL")
  17.   if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  18.   MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  19.   Response.Redirect(MM_authFailedURL)
  20. End If
  21. %>
  22. <html>
  23. <head>
  24. <title>Untitled Document</title>
  25. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  26. </head>
  27.  
  28. <body>
  29. Only for admin access 
  30. </body>
  31. </html>


Please help.

Thanks.
Last edited by peter_budo; Mar 24th, 2008 at 2:22 pm. Reason: Keep It Organized - please use [code] tags
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the ASP Forum


Views: 2447 | Replies: 2
Thread Tools Search this Thread



Tag cloud for ASP
archive asp asp.net aspandmssqlserver2005 aspandmssqlserver2005connection aspconnection calendar changeable connection current database databaseconnection diagnostics dreamweaver excel fso html iis microsoft msmsql mssql2005 mssqlserver2005 mssqlserver2005andasp mssqlserverandasp opentextfile query record searchbox selectoption server single specfic sqlserver sqlserverconnection toolkit update web webserver windows7
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC