Restrict Access to Page using Recordset

[Keith]

Hi

I am using Dreamweaver MX 2004 to create my site, and I am using the
in-built features to restrict access to pages based on username, password,
and access level.

This works fine (code sample is below).

In order for it to restrict access by access level, I need to manually
supply DWMX with the list of approved levels (in the case of the code below,
I have simply supplied a single level "1").

How can I modify this code (or create new code), so that this code uses a
list of access levels automatically fetched from a SQL DB and not a manual
list (as the list may change regularly).

I am not a ASP guru, so please try and make answers idiot proof

Thanks

 

[Keith]

<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="1"
MM_authFailedURL="../security/access_denied.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1)
Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>

 

[rwg]

Greetings Keith:

Basically you need to access the SQL database which requires a connection and a recordset. Below is a test example which assumes the SQL server is
on a computer called PionusParrot and you special users are in a database called Yama and a table called Accounts. This test assumes that if the
record matches, then it is a valid account otherwise invalid.


<%

dim Conn, rs
dim ConnStr
ConnStr = "DRIVER=SQL Server; UID=rob; " & _
" DATABASE=Yama; WSID=PIONUSPARROT; " _
& " SERVER=PionusParrot;password=mypassword"

Set Conn = Server.CreateObject("ADODB.Connection")
Set rs = Server.CreateObject("ADODB.RecordSet")

Conn.Open ConnStr

rs.Open "Select * from Accounts where AccountUID='" _
& Session("MM_Username") & "'", Conn
if rs.EOF then
Response.write( "Not valid" )
else
Response.write ( "valid" )
end if


%>


-rwg
This is what I think, not necessarily what is accurate!

--------------------
| From: "Keith" <@.>
| References: <O#Dst#[email protected]>
| Subject: Re: Restrict Access to Page using Recordset
| Date: Fri, 23 Apr 2004 16:23:22 +0100
| Lines: 50
|
| <%
| ' *** Restrict Access To Page: Grant or deny access to this page
| MM_authorizedUsers="1"
| MM_authFailedURL="../security/access_denied.asp"
| MM_grantAccess=false
| If Session("MM_Username") <> "" Then
| If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
| (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1)
| Then
| MM_grantAccess = true
| End If
| End If
| If Not MM_grantAccess Then
| MM_qsChar = "?"
| If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
| MM_referrer = Request.ServerVariables("URL")
| if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" &
| Request.QueryString()
| MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
| Server.URLEncode(MM_referrer)
| Response.Redirect(MM_authFailedURL)
| End If
| %>
|
| | > Hi
| >
| > I am using Dreamweaver MX 2004 to create my site, and I am using the
| > in-built features to restrict access to pages based on username, password,
| > and access level.
| >
| > This works fine (code sample is below).
| >
| > In order for it to restrict access by access level, I need to manually
| > supply DWMX with the list of approved levels (in the case of the code
| below,
| > I have simply supplied a single level "1").
| >
| > How can I modify this code (or create new code), so that this code uses a
| > list of access levels automatically fetched from a SQL DB and not a manual
| > list (as the list may change regularly).
| >
| > I am not a ASP guru, so please try and make answers idiot proof
| >
| > Thanks