website password

Cinnamon
08-14-2002, 01:25 PM
I have a website that is for staff use only. Is there a way to add code that will prompt for a password before launching the page?

Thanks,

Cinnamon

kingesk
08-14-2002, 01:58 PM
You can pass a user name and password from another page through use of a form. If someone goes directly to your page, nothing will have been passed and they will not have access to that part of the page. I have been to pages that throw up a box to put in username and password but I'm not sure what they are using. I hope this might be useful though.


'''''user name/ password page
<FORM method=post action='RequestUpdates.asp' id=form1 name=form1>

<Table border='1' CELLPADDING='8' CELLSPACING='3'>
<tr valign='right'>
<td>Username: <Input Type='Text' Name=txtAssignUserName Value='" & strUserName & "' size='25' /> </td></tr>
<td>Password: <INPUT type='password' id=password1 name=txtAssignPassword Value='" & strPassWord & "' size='25' /> </td></tr>
</Table>

<Input Type=SUBMIT Value='Update Status \ Mark Complete' id=SUBMIT1 name=SUBMIT1>

</FORM>



'''''Staff only page
strAssignUserName = Request.Form("txtAssignUserName")
strAssignPassword = Request.Form("txtAssignPassword")

strSqlSecurity = "Select fldUserName, fldPassWord " & _
" From tblItPersonnel " & _
" Where LCase(fldUserName) = '" & Lcase(strAssignUserName) & "' " & _
" And LCase(fldPassWord) = '" & LCase(strAssignPassword) & "'"

set objRSSecurity=server.CreateObject("ADODB.RecordSet")
objRSSecurity.Open strSqlSecurity, objConn

if not (objRSSecurity.BOF or objRSSecurity.EOF ) then
objRSSecurity.Close
set objRSSecurity = nothing

'code for web page

else
objRSSecurity.Close
set objRSSecurity = nothing

Response.Write "Invalid Username and Password."
end if

Rezner
08-14-2002, 04:52 PM
Here's a simple script that will accept a user login and password from textboxes named "txtLogin" and "txtPassword" on a FORM:'Check to see if the login exists
RS.Open _
"SELECT [Login],[Invalids] " & _
"FROM [Users] " & _
"WHERE LCase([Login])='" & LCase(request("txtLogin")), CNN, 3, 3, 1

'If it doesn't, then shutdown
If RS.RecordCount = 0 Then

'Close the recordset and disconnect
'from the database
RS.Close
Set RS = Nothing
CNN.Close
Set CNN = Nothing

response.write "That login is invalid."
response.end
End If

'Check for the account being locked. If it
'is, then shutdown
If RS("Invalids") > 3 Then

'Close the recordset and disconnect
RS.Close
Set RS = Nothing
CNN.Close
Set CNN = Nothing

Response.Write "You account is locked."
Response.End
Else
RS.Close
End if

'If it makes it here, the login must exist and the account
'not locked -- so check to see if the password is correct
RS.Open _
"SELECT [Login] " & _
"FROM [Users] " & _
"WHERE [Password]='" & request("txtPassword") & _
"' AND LCase([Login])='" & LCase(request("txtLogin")), CNN, 3, 3, 1

If RS.RecordCount = 0 Then
RS.Close
Set RS = Nothing

'Track the invalid attempts
CNN.Execute _
"UPDATE [Users] " & _
"SET [Invalids]=[Invalids]+1 " & _
"WHERE [Login]='" & request ("txtLogin") & "'"

CNN.Close
Set CNN = Nothing

response.write "That is an invalid password."
response.end
End If

'Clear the invalid login attempts
CNN.Execute _
"UPDATE [Users] " & _
"SET [Invalids]=0 " & _
"WHERE [Login]='" & request("txtLogin") & "'"

Response.Write "You've made it this far, you must be valid"

Derek Stone
08-14-2002, 08:39 PM
It would be altogether easier to add Basic Authentication via IIS if you're only using the database to store authentication information. I wouldn't recommend this if you're maintaining a large list of users however.

Rezner
08-15-2002, 08:26 AM
If you're developing pages for internal use, then you can also use the REMOTE_USER server variable to authenticate the user. All you need to do is make a table that has the allowed logins and then use a function like the following to compare if the current user exists in that that table:Private Function GetUser()

'Should return something in the format of
'SERVER\username
u = request.servervariables("REMOTE_USER")

'Work back until the \ is found
For x = Len(u) To 1 Step -1
If Mid(u,x,1) = "\" then
GetUser = Mid(u,x+1,len(u))
Exit Function
End if
Next

'If no \ is found, return the whole thing
GetUser = u

End Function

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum