Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Senior Coder
    Join Date
    Jun 2002
    Location
    UK
    Posts
    1,137
    Thanks
    0
    Thanked 0 Times in 0 Posts

    ASP tutorials/password area script

    anyone know of a good set of ASP database tutorials?
    also does anyone know of a password area script, so that the user when logged in can see some pages where as someone higher up e.g. admin can see all the pages.
    thanks in advance
    scroots
    Spammers next time you spam me consider the implications:
    (1) that you will be persuaded by me(in a legitimate mannor)
    (2)It is worthless to you, when i have finished

  • #2
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    I can partially answer your question. For the password area scripting. One way that I have found most effective is to have an access number i.e. 2 for a user and store it in a database. Then when the login make a session variable equal that number.

    So then for pages level 2 users and above can access you'd add this at the top of the pages:
    Code:
    <%If Session("Level")>2 then Response.Redirect("Login.asp")%>
    So then if someone doesn't have a high enough access level it redirects them.

    Am I making sense?

  • #3
    Senior Coder
    Join Date
    Jun 2002
    Location
    UK
    Posts
    1,137
    Thanks
    0
    Thanked 0 Times in 0 Posts
    you are making a litle sense, i`m new to the stuff.
    could i not just have a database and IF statements e.g. if user value =2 then access to level to.
    doing it your way, how would i make the session variable equal a number.

    scroots
    Spammers next time you spam me consider the implications:
    (1) that you will be persuaded by me(in a legitimate mannor)
    (2)It is worthless to you, when i have finished

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    41 8' 52" N -95 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Code:
    'Put your database connection here!
    
    AccessQuery = "SELECT AccessLevel FROM database_name WHERE Username = '" & Username & "' AND Password = '" & Password & "'"
    
    rs = Conn.Execute(AccessQuery)
    
    If NOT rs.EOF Then
         Session("AccessLevel") = rs("AccessLevel")
    Else
         Session("AccessLevel") = 0
    End If
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #5
    Regular Coder
    Join Date
    Mar 2005
    Posts
    735
    Thanks
    4
    Thanked 1 Time in 1 Post
    Quote Originally Posted by whammy View Post
    Code:
    'Put your database connection here!
    
    AccessQuery = "SELECT AccessLevel FROM database_name WHERE Username = '" & Username & "' AND Password = '" & Password & "'"
    
    rs = Conn.Execute(AccessQuery)
    
    If NOT rs.EOF Then
         Session("AccessLevel") = rs("AccessLevel")
    Else
         Session("AccessLevel") = 0
    End If
    Can you explain me how the code works?

  • #6
    Regular Coder
    Join Date
    Mar 2006
    Posts
    187
    Thanks
    5
    Thanked 0 Times in 0 Posts
    use an MD5 encryption alogarithm to encrypt the password before it is stored in the database. Because you cant decrypt MD5 to check the login pass work you have to encrypt it using the alogarithm. i have an include file which you can use that you just pass a var to in a function call

  • #7
    Regular Coder
    Join Date
    Mar 2007
    Posts
    505
    Thanks
    1
    Thanked 19 Times in 19 Posts
    Here's the explanation that you are looking for:

    Once you make your DSN-less database connection, then you submit a query to the Access database.

    [OT] My issues with the query are that is you don't do some pre-Query validation and character replacements, you are vulnerable to SQL Injection and database hacking. [/OT]

    That query asks the database for the AccessLevel you are searching for in your original post. It then stores that data in a Session variable, allowing you to access it for the entire time that a user is logged in.

    If you don't have any permissions in your record, or your user doesn't have a record in the database ( rs.EOF = Recordset.EndOfField), it sets that session variable to '0'. This is so they have no access to your system (or read-only if you so prefer).

    Does that help?
    To say my fate is not tied to your fate is like saying, 'Your end of the boat is sinking.' -- Hugh Downs
    Please, if you found my post helpful, pay it forward. Go and help someone else today.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •