1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

pasword protection

Discussion in 'C#' started by dirkoo, Apr 18, 2006.

0
  1. #1
    Hello
    Can somebody help me with some asp code? I want a popup screen when a link is clicked so the
    user has to fill in his username and pasword. When both username and pasword are correct, the person
    will be redirected to the correct (asp) page, otherwise the message will be : "no correct username
    and pw!". I suppose the usernames and paswords have to be put in a access database?

    thank for your help.
    :)
     
    dirkoo, Apr 18, 2006 IP
  2. vectorgraphx

    vectorgraphx Guest

    Messages:
    545
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #2
    yes, you could store the usernames/passwords in a database - i myself don't use access and i'm sure you'll get alot of people who will tell you to stay away from access entirely - but i suppose it comes down to availability. if you had the option - use something like mysql.

    the easiest way to do this is to submit the username/password form fields to the page where you plan to show the "members only" stuff, and put a query that checks to see if the username/password combo supplied matches anything in the database. you could then create an if/then statement that would show "no correct username and pw!" or whatever your error message would be in the event that there are no matches to the username/password combo, else show the rest of the page.

    i.e.

    if yourrecordset.eof and yourrecordset.bof then

    response.write "no correct username and pw!"

    else

    'show your members-only stuff here

    end if
     
    vectorgraphx, Apr 18, 2006 IP
  3. jaymcc

    jaymcc Peon

    Messages:
    139
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I would do it like this (and have done it like this many times):

    1. Create a login page (I would avoid popup if possilbe). Submit this to a loginprocess page. Have a hidden control on the login form that reads the servervariables collection indicating where the page request came from. It's something like URL_REQUEST, i can't remember but you can look it up.

    2. Add code to the loginprocess page to check the database to see if the username/password matches. When it does match set a session variable indicating the name of the logged in user. Additionally add some code with a response.redirect to push the user to the place they wanted to get to in the first place by looking at the hidden form control you created above.

    3. Create a small include file that checks for the value in the session variable, if it's empty then redirect to the login page, if not then assume the user is logged in.

    4. Add the include to the top of every page you want to control access to.

    I could code something up for you if you needed it (for a fee of course :) ).

    Jay
     
    jaymcc, Apr 18, 2006 IP
  4. vectorgraphx

    vectorgraphx Guest

    Messages:
    545
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #4
    be sure to cleanse your input variables. SQL injection can be TRES nasty if you're using a database to do your authentication.

    you can really easily cleanse your variables by doubling the single quotes with a replace statement. i.e.

    newusername = replace(request.form("username"), "'", "''")

    the variable "newusername" is now cleansed of nasty little grubby hacking nOOb's meddling and ready to pass to your authentication query.
     
    vectorgraphx, Apr 19, 2006 IP