G
Geoff Wickens
I have been trying to control access to some pages on my website for some
time without success. I have tried copying the code found on the web:
I created a page (loginform.asp) with the following form:
<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>
I then created a page (loginhandler.asp) to handle this:
<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))
'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if
if u<>"myusername" or p<>"mypassword" then
'access denied
response.redirect ("loginform.asp")
else
' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>
I then put the following code at the top of pages I want to be secure:
<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>
Everything worked well until I did the last stage. Now whether I am logged
on or not I am redirected back to my loginform.asp page.
I am using PWS with Windows 98 to test the page locally.
Can anyone suggest where I am going wrong?
Geoff Wickens
time without success. I have tried copying the code found on the web:
I created a page (loginform.asp) with the following form:
<form action=loginhandler.asp method=post>
Username: <input type=text name='username'><BR>
Password: <input type=password name='password'><BR>
<input type=submit Value='Log In'><BR>
</form>
I then created a page (loginhandler.asp) to handle this:
<%
u = lcase(request.form("username"))
p = lcase(request.form("password"))
'---------------------------------------------------------
'-- check to see that the form was completely filled out--
'---------------------------------------------------------
if u="" or p="" then
response.redirect("loginform.asp")
end if
if u<>"myusername" or p<>"mypassword" then
'access denied
response.redirect ("loginform.asp")
else
' let them in!
session("login")=true
response.redirect ("hiThere.asp")
end if
%>
I then put the following code at the top of pages I want to be secure:
<%
if not session("login") then
response.redirect("loginform.asp")
end if
%>
Everything worked well until I did the last stage. Now whether I am logged
on or not I am redirected back to my loginform.asp page.
I am using PWS with Windows 98 to test the page locally.
Can anyone suggest where I am going wrong?
Geoff Wickens