hey
if you read my other thread (log in) about 6 hrs ago I made a login script that gets usrname & pass data from a mdb (access database) and it redirects according to data in a mdb redirect form. How can i make it so that i can have multiple protected pages... ???


thanks ! :)

Ther are a lot of way to do it.

I frequently use a session-variable.
Session-value is set to 0 on session_onstart
When i succesfully validate the user and pasword, i set the session-variable to a certain value (1, 2, 3 ).
On every page I want to protect, i check this session-variable, and if the value is high enough, the page is displayed. if it's to low, i redirect.

Using this system permits you to work with different profiles, where every profile gets other content (even if the browse to the same pages)

yeah i see what ya saying.. but not quite.. canyou show me a sorta detailed example thanks..

OK. I'll prepare something. Give me a few minutes.

I've created a zipfile with 3 files (2asp's and a global.asa)
The global.asa needs to be in the root of your application (same directory as your startpage)

If a user browses to the application, a session is startted and the global.asa is prosessed. The session variable "securityprofile" is set to "0".
When the user and pasword are vallidated, the value of this variable is changed. Check out the code of login.asp from line 50 on. I get the profile (a number) from my database, where it is stored in the customers-table.
Depending on the profil, links to various modules will be displayed. (first kind of blocking of pages, buth no sufficiant because a user could browse straight to a page that you want to block)

On top of the page that I want to protect, if perform a check on this session-variable (look at demopage.asp) You can then display a page (or part of a page) depending on the security-profile of that user.
(If you always want to perform the same securitycheck on every page, you can use a SSI (server side include))

By setting the timout-time for your application, you can build in extra security (an unattended PC will timout and the session-variable can then be set to "0" in your global.asa)

Note : files are just illustration and won't work because you don't have db

wow, thanks mate! :-D
bit complicated...!! is the comments (the 'lala) in a foregin language .? or..? okies
um, where does the login (<form> etc.) go on that login.asp page?


THANKS A MILES!!

you're welcome.

Don'tthink it's that complicated. Bit more complicated then some premade things, buth it has some serious advantages. Especially the ability to limit the displayed content on each page (text, links, etc) accordingly to the profile someone has, is something i find pratty usefull.
try it, and you'll see it has unlimmited possibilitys. (session-variables are great for data you want to re-use on a lott of pages, without connecting to your database)

indeed, all the text is in Dutch.

the loginform is not on the login.asp page. it's on another page (straight html) that is posted to the login.asp. you probably don't need it, but here's the code for that page.



<html>

<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="Adobe GoLive 4">
<title>Welcome to Adobe GoLive 4</title>
<link href="granit.css" rel="stylesheet" type="text/css">
</head>

<script></script>

<body>
<div align="left">
Welkom op de GranIT-loginpagina.<br>
<br>
<br>
Met GranIT kan u snel prijsberekeningen maken en automatisch offertes en vacatures opstellen voor diverse modellen venstertabletten, werkbladen, trappen en vloeren in marmer, graniet of arduin.<br>
<br>
Om deze applicatie te gebruiken moet u een gebruikersnaam en paswoord hebben.<br>
<br>
<form name="FormName" action="login.asp" method="post">
<br>
</div>
<center>
<p><br>
<table border="0" cellpadding="0" cellspacing="10" width="45%" bgcolor="#c6d8df">
<tr>
<td><b>Uw gebuikersnaam</b></td>
<td><input type="text" name="user" size="15"></td>
<td></td>
</tr>
<tr>
<td><b>Uw paswoord</b></td>
<td><input type="password" name="pasword" size="15"></td>
<td></td>
</tr>
<tr>
<td>
<center>
<input type="reset" value="Wissen"></center>
</td>
<td align="center" valign="middle"><input type="submit" value="Starten" name="submitButtonName"></td>
<td><font size="2">help</font></td>
</tr>
</table>
</form>
</center>
</body>

</html>

:thumbsup: thanks so much man! you just made my day :cool:
anyway, i dont suppose you have any ideas on how to make an asp page that gets the user IP address and says Hello <iphostname> i tried various different ways but i havnt quite succeded maybe you could help?


once again thanky!
:D :D

Hi,
The things with client IP addresses are a bit complicated...
Generally, what You need is ServerVariables("REMOTE_ADDR")...
But if the client uses a proxy server, that will return the IP address of the proxy.
To detect if a proxy server is used You could check the ServerVariables("HTTP_VIA") - it's something like the UserAgent string for proxies and just as UserAgent can be customized or even not sent at all...
In some cases proxy servers will not send the real client IP address and You can do nothing with this... But usually the real IP is sent to Your server and can be retrieved with one of these headers:
ServerVariables("HTTP_CLIENT_IP") or ServerVariables("X_FORWARDED_FOR"), depending on the proxy software. You'll have to check both of them. Fortunately I've never seen both of them defined (will not be very surpised if this happens)...
Using this headers You''ll be able to retrieve the IP address of about 90% of clients or somewhere near...

Alex

thanks for you msg,
yeah i see what you mean but I just wanted it to like be a resource for students and whatevever :)

thanks anyhow :-D!

:D