controlling access to parts of a site

G

Geoff Wickens

I have been trying to control access to some pages on my website for some
time without success. I have tried copying the code found on the web:

I created a page (loginform.asp) with the following form:

<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>


I then created a page (loginhandler.asp) to handle this:

<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))

'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if

if u<>"myusername" or p<>"mypassword" then

'access denied
response.redirect ("loginform.asp")
else

' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>

I then put the following code at the top of pages I want to be secure:

<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>

Everything worked well until I did the last stage. Now whether I am logged
on or not I am redirected back to my loginform.asp page.

I am using PWS with Windows 98 to test the page locally.

Can anyone suggest where I am going wrong?

Geoff Wickens
 
O

only me

The 1st thing to do in such cases, is response.write something so you can
get a handle on whats really happening as opposed to what you think is
happening

so I would change your
response.redirect("loginform.asp")
to be
response.write "[" & session("login") & "]

and see what you getting

session variables are always passed as text, so you may need to cast the
session var prior to using the NOT

I usually tend to test as follows
if session("varaible") <> "" then
or
if session("varaible") = "something specifc" then
 
J

jbongran

Geoff said:
I have been trying to control access to some pages on my website for
some time without success. I have tried copying the code found on the
web:

I created a page (loginform.asp) with the following form:

<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>


I then created a page (loginhandler.asp) to handle this:

<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))

'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if

if u<>"myusername" or p<>"mypassword" then

'access denied
response.redirect ("loginform.asp")
else

' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>

I then put the following code at the top of pages I want to be secure:

<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>

Everything worked well until I did the last stage. Now whether I am
logged on or not I am redirected back to my loginform.asp page.

I am using PWS with Windows 98 to test the page locally.

Can anyone suggest where I am going wrong?

Geoff Wickens

You didn't set the session variable a value in all cases:
If u<>"myusername" or p<>"mypassword" then
'access denied
set Session("login") = False
response.redirect ("loginform.asp")
Else
' let them in!
Set Session("login") = True
Response.Redirect ("hiThere.asp")
End if

And in each of your secured pages you must Cast the session value as a boole
an:
If Not CBool(Session("login")) Then
Response.Redirect("loginform.asp")
End If
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
474,083
Messages
2,570,591
Members
47,212
Latest member
RobynWiley

Latest Threads

Top