Member Avatar for vishalsomani

Hi,

I am trying to create a restrict access to page function in ASP on Dreamweaver.

I have got an Admin table in the database which contains all required fields such as username, password, and Security Level.

When I try to implement restrict access to page, on one page say, the admin success login page, I also put a page for users in access denied page so they get to see another page.

But I when log in with either administrator or user, they both direct to the access denied page.

Even without implementing access levels, when I click on a page, which I only want members to see, since I have restrict access to page, the page will be restricted not only to visitors but also to logged in people.

Please help. I really don't know why this is happening.

Cheers.

  • 2 Contributors
  • 2 Replies
  • 183 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by vishalsomani

Recommended Answers

All 2 Replies

Member Avatar for peter_budo

Obviously you have problem in your code, so you better to post your code or at least relevant parts

Member Avatar for vishalsomani

This is the login page where users enter this username and password

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="Connections/testing.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("EmailAddress"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization=""
  MM_redirectLoginSuccess="/pass.asp"
  MM_redirectLoginFailed="/fail.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_testing_STRING
  MM_rsUser.Source = "SELECT EmailAddress, MyPassword"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM admin WHERE EmailAddress='" & Replace(MM_valUsername,"'","''") &"' AND MyPassword='" & Replace(Request.Form("MyPassword"),"'","''") & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If
  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If
%>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
  <table width="75%" border="1">
    tr> 
      <td>user name</td>
      <td><input type="text" name="EmailAddress"></td>
    </tr>
    <tr> 
      <td>password</td>
      <td><input type="text" name="MyPassword"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Login"></td>
    </tr>
  </table>
</form>
<p>&nbsp;</p>
</body>
</html>

Below is the adminonly page which should only be accessible by logged in users. I have put a restrict access to page behaviour. I haven't added any code as all code is generated by Dreamweaver. When I log in, and click a link to this page, it will take me to denied page. It will take me to denied page and never show this page even I have logged on or not, or even if I have typed this address straight from the web browser.

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers=""
MM_authFailedURL="/denied.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
  If (true Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
  End If
End If
If Not MM_grantAccess Then
  MM_qsChar = "?"
  If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  MM_referrer = Request.ServerVariables("URL")
  if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  Response.Redirect(MM_authFailedURL)
End If
%>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
Only for admin access 
</body>
</html>

Please help.

Thanks.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.