Cinnamon
08-14-2002, 01:25 PM
I have a website that is for staff use only. Is there a way to add code that will prompt for a password before launching the page?
Thanks,
Cinnamon
Thanks,
Cinnamon
website passwordCinnamon 08-14-2002, 01:25 PM I have a website that is for staff use only. Is there a way to add code that will prompt for a password before launching the page? Thanks, Cinnamon kingesk 08-14-2002, 01:58 PM You can pass a user name and password from another page through use of a form. If someone goes directly to your page, nothing will have been passed and they will not have access to that part of the page. I have been to pages that throw up a box to put in username and password but I'm not sure what they are using. I hope this might be useful though. '''''user name/ password page <FORM method=post action='RequestUpdates.asp' id=form1 name=form1> <Table border='1' CELLPADDING='8' CELLSPACING='3'> <tr valign='right'> <td>Username: <Input Type='Text' Name=txtAssignUserName Value='" & strUserName & "' size='25' /> </td></tr> <td>Password: <INPUT type='password' id=password1 name=txtAssignPassword Value='" & strPassWord & "' size='25' /> </td></tr> </Table> <Input Type=SUBMIT Value='Update Status \ Mark Complete' id=SUBMIT1 name=SUBMIT1> </FORM> '''''Staff only page strAssignUserName = Request.Form("txtAssignUserName") strAssignPassword = Request.Form("txtAssignPassword") strSqlSecurity = "Select fldUserName, fldPassWord " & _ " From tblItPersonnel " & _ " Where LCase(fldUserName) = '" & Lcase(strAssignUserName) & "' " & _ " And LCase(fldPassWord) = '" & LCase(strAssignPassword) & "'" set objRSSecurity=server.CreateObject("ADODB.RecordSet") objRSSecurity.Open strSqlSecurity, objConn if not (objRSSecurity.BOF or objRSSecurity.EOF ) then objRSSecurity.Close set objRSSecurity = nothing 'code for web page else objRSSecurity.Close set objRSSecurity = nothing Response.Write "Invalid Username and Password." end if Rezner 08-14-2002, 04:52 PM Here's a simple script that will accept a user login and password from textboxes named "txtLogin" and "txtPassword" on a FORM:'Check to see if the login exists RS.Open _ "SELECT [Login],[Invalids] " & _ "FROM [Users] " & _ "WHERE LCase([Login])='" & LCase(request("txtLogin")), CNN, 3, 3, 1 'If it doesn't, then shutdown If RS.RecordCount = 0 Then 'Close the recordset and disconnect 'from the database RS.Close Set RS = Nothing CNN.Close Set CNN = Nothing response.write "That login is invalid." response.end End If 'Check for the account being locked. If it 'is, then shutdown If RS("Invalids") > 3 Then 'Close the recordset and disconnect RS.Close Set RS = Nothing CNN.Close Set CNN = Nothing Response.Write "You account is locked." Response.End Else RS.Close End if 'If it makes it here, the login must exist and the account 'not locked -- so check to see if the password is correct RS.Open _ "SELECT [Login] " & _ "FROM [Users] " & _ "WHERE [Password]='" & request("txtPassword") & _ "' AND LCase([Login])='" & LCase(request("txtLogin")), CNN, 3, 3, 1 If RS.RecordCount = 0 Then RS.Close Set RS = Nothing 'Track the invalid attempts CNN.Execute _ "UPDATE [Users] " & _ "SET [Invalids]=[Invalids]+1 " & _ "WHERE [Login]='" & request ("txtLogin") & "'" CNN.Close Set CNN = Nothing response.write "That is an invalid password." response.end End If 'Clear the invalid login attempts CNN.Execute _ "UPDATE [Users] " & _ "SET [Invalids]=0 " & _ "WHERE [Login]='" & request("txtLogin") & "'" Response.Write "You've made it this far, you must be valid" Derek Stone 08-14-2002, 08:39 PM It would be altogether easier to add Basic Authentication via IIS if you're only using the database to store authentication information. I wouldn't recommend this if you're maintaining a large list of users however. Rezner 08-15-2002, 08:26 AM If you're developing pages for internal use, then you can also use the REMOTE_USER server variable to authenticate the user. All you need to do is make a table that has the allowed logins and then use a function like the following to compare if the current user exists in that that table:Private Function GetUser() 'Should return something in the format of 'SERVER\username u = request.servervariables("REMOTE_USER") 'Work back until the \ is found For x = Len(u) To 1 Step -1 If Mid(u,x,1) = "\" then GetUser = Mid(u,x+1,len(u)) Exit Function End if Next 'If no \ is found, return the whole thing GetUser = u End Function |
EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum