Hello everyone,

I'm creating a web page containing 2 links: first link i will call "Set Password Protection" and second link "View Secret Information"

Ex:
1. Set Password Protection
2. View Secret information

When user click on "Set Password Protection" they will prompt to enter password to protect for page "View Secret Information". When password has being setted, the user have to fill out password everytime they enter page "View Secret Information".

Unfortunately, If the user did not want to set password protection, then the page "View Secret Information" will not ask for password. They can view as normal

Here is my "set password protection" code please take a look and help me out

*****************begin*****************
function Modify_Password()
Dim strReturn
Dim conn, rsData, strSQL
Dim strName, strDescription

strSQL = "Select * from CHECK_PRINT_PSWD " _
& "Where OFFICE_EFIN = '" & SESSION("EFIN") & "'"

SET conn = GetDBConnection(DATABASE_CONNECT_STRING)
SET rsData = conn.Execute(strSQL)


'Do not add spaces to either of these names as they are used in the query string
'--------------------------------------------------------------------------------
If rsData.EOF then
strName = "Apply"
strDescription = "This will add password protection on the selected report."
Else
strName = "Remove"
strDescription = "This will remove the password protection on the selected report."
End If

strReturn = strReturn & vbCrlf _
& "<table border=""0"" cellspacing=""1"" cellpadding=""5"" width=""100%"">" & vbcrlf _
& " <form NAME=""FORM1"" action=""Set_Password.asp"" method=""post"">" & vbCrlf _
& " <tr>" & vbCrlf _
& " <td width=""3%"" rowspan=""4"">&nbsp;</td>" & vbCrlf _
& " <td colspan=""2"" class=""SubTitle"" height=""40"">" & rsData("OFFICE_EFIN") & "</td>" & vbCrlf _
& " <td colspan=""1"" class=""SubTitle"" height=""40""> Enter the password twice to confirm that your entry was made correctly. </td>" & vbCrlf _
& " <td width=""3%"" rowspan=""4"">&nbsp;</td>" & vbCrlf _
& " </tr>" & vbCrlf _
& " <tr>" & vbCrlf _
& " <td width=""20%"" class=""label_gray"">Enter Password:</td>" & vbCrlf _
& " <td width=""15%"" class=""field""><input type=""password"" name=""PASSWORD_1"" size=""10"" maxlength=""10""></td>" & vbCrlf _
& " <td width=""71%"" class=""standard"">&nbsp;</td>" & vbCrlf _
& " </tr>" & vbCrlf _
& " <tr>" & vbCrlf _
& " <td class=""label_gray"">Confirm Password:</td>" & vbCrlf _
& " <td class=""field""><input type=""password"" name=""PASSWORD_2"" size=""10"" maxlength=""10""></td>" & vbCrlf _
& " <td class=""standard"">&nbsp;</td>" & vbCrlf _
& " </tr>" & vbCrlf _
& " <tr>" & vbCrlf _
& " <td>&nbsp;</td>" & vbCrlf _
& " <td><input type=""submit"" value=""" & strName & """></td>" & vbCrlf _
& " <td class=""standard"">" & strDescription & "</td>" & vbCrlf _
& " </tr>" & vbCrlf _
& " </form>" & vbCrlf _
& "</table>"

Modify_Password = strReturn
End Function

*************end ********************

Thank you much for your help

I have absolutely no idea what you're trying to do.:confused:
Should that page always prompt for a pasword, or do you want's some sort a admin module to switch on and off security for that one page ?

i'm sorry

Yes i want to have something as you just said...Pretending i'm an admin and want to set a password for protection on page "View Secret Information" I'm sorry for not explaining well

still not clear to me, but here it comes (for a switch on-off security)

admin-functionality: set an application variable to a choosen value when you click a link. And then run whatever code you want.

oldstate=application("securepage1")
application("securepage1")="on"
if oldstate <> application("securepage1") then
response.redirect("confirm.asp")
else
echo ("Security not changed. Security for page1.asp is still" & application("securepage1") & ".")
end if

The same if you want to unsecure it, then just change it to "off" or so. This code could be on the page your first link points to.

on top of the page (page1.asp or whatever the page is called that your second link points to) you wan't to secure, check the application variable.

response.expires = -1000 'to ensure the page isn't cached browsersided
if application("securepage1")="on" then
if session("logconf") <> "ok" then
response.redirect("logon.asp?url=page1")
else
your code
end if
end if


So when a user is not logged in, he will be redirected to the loginscreen when the security is on. When you build that logonscreen, you should write the url-value from the querystring to a hidden field, that gets posted with the username and logon. After validating, you can then set the session("logconf")="ok" and redirect to the page he wanted to open (page1.asp) where the check will be ran again and passed.

The checking code can be placed in an include so you can use that to secure multiple pages with one application variable. Or you can use an array as application value to diferentiate and swith on security for some pages independently. Or you can include the loginform into the page and create a multipurpose page

Warning: if the site goes down, the application variable is flushed so all pages will be accesible (unless you set these variables to "on" in the application_onstart sub of your global.asa)

I tryed to explain it as good as I can, but setting up security is quite precise and sometimes complex (if you want tight security combined with userfriendly interface)

Thank you for your answering sir

Pretenting i'm a register user. After logging into a web site, and i will have a right to set password protect option for page "View secret Info" then everytime, when i try to view the page and i want something to prompt and ask for password, if i don't have a password or forget a password , then i will not be able to view the page " View Secret Info" .

secondly, after the password has being verified and i enter the page " View Secret Info" from here i want to be able to have a password remove option for page "view secret Info" or edit option. This is something not look like a login screen for the page, but this is a security issue.

Please help me

:confused: :confused: :confused:
so the user registers --> goes to page --> is prompted for password --> after entering, he can remove the password protection.

You wan't to write something like this?

let make it clear:


here is the process:

firstly: user register login -----> after logon user will have access to this option:

1. Display current record
2. View Status Report
3. Password Protect Printing Function
4. Printing Instruction
5. Display Available Checks

Okay, from here User can do what ever they want... they want to view an option 5 without prompt for password, or they can strictly set password by clicking on option 3 to set password protect printing function. If user want to click on option 3 and set password for Printing Function, then they can do it. After option 3 has being set by password protection, then option 5 will require for password. is that make sense to you. i'm sorry again

OK. I understand uptil the password setting.

My questions:
- do all users have this set pasword option (option 3)?
- if the password is set, i then suppose it is set for all the other users. Is this a fixed pasword or can the user that sets it type one in?
- when the password is set, you want the users to get some sort of input-box where they can type in a password. Right ?

I suppose it is a fixed pasword (always the same, security for that page can just be switched on or of). If you click 3, an asp-page that contains this code, is called

oldstate=application("securepage1")
application("securepage1")="on"
if oldstate <> application("securepage1") then
response.redirect("confirm.asp")
else
response.write ("Security not changed. Security for page1.asp is still" & application("securepage1") & ".")
end if

edit: inserted code for confirm.asp

response.write ("Security changed to "& application("securepage1") & " succesfully")
response.write("<br><br><br><center><a href='page1.asp'>Back to menu</a></center>")



If a user (any user) then clicks on 5, this code is run (must be placed on top of body of page 5

response.expires = -1000 'to ensure the page isn't cached browsersided
show = 0
if application("securepage1")="on" then
if request.form("pwdpage") = "yourpassword" then
show=1
else

%>
<center>
<form name="FormName" action="thepage.asp" method="post">

<p>Please insert password for this page</p>
<p><input type="password" name="pwdpage" size="24"></p>
<p><input type="submit" value="Open page" name="submitButtonName"></p>
<p>
</form>
</center>
<%
end if
else
show = 1
end if

if show=1
your code

end if


So what happens is, when the page is requested the first time, and if passwordprotection is on, then there wount be a value for the password, and you'll only see a page with the text, passwordbox and submitbutton. When the user submits, this page is posted to itself ( so you need to replace the "thepage.asp" with the filename) and the pasword is checked again (you need to replace the hardcoded pasword with the password of your choice) If it's the correct password, the page is shown. If it's not the right password, he only sees the text and paswordfield and submitbutton (over and over again until the password he enters is correct.

So there are two situations where he sees the page : if the passwordprotection is off and if he entered the right password.

Is this the sort a thing you're looking for. Just let me know if it's something else.

thank you for your understanding...i think we are on a right track ...Yes that is exactly what you have mention. On the last paragraph you are talking about is there two sistuations , once password turn off and user enter a correct password for option 5 then they will enter the page, other than that user will receive a password field and submit button over and over again. Would you please show me how to set up the security for this.

I showed you in my previous post.:confused: That is really all the code you need.

You only need to change the yourpassword with the password you want + the thepage.asp with the name of tha page you want to protect + the your code with the code of the page you wanted to protect.

Maybe what's not clear, is that you have 3 page:
- Page 1 wirth the 5 actions. Action 3 has a link to page2, action 5 has a link to page3
- Page 2 contans the first part of code from my previous post (i changed a little error --> echo should be response.write (i'm doing mostly PHP now ...)
- Page 3 contans the second part of code from my previous post (where you replaced the three things as i explained in the previous paragraph)

On page 2, you wil probably need to include a link to get back to page 1 or so. I added that to the code in my previous post. You need to replace page1.asp with the adress of page 1.

Thank you very much for your patient and time, you are a great helper, thanks again. I will test on your code and will get back with you for anything wrong..:thumbsup: