Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How can I verify the user access to our department homepage ?

Posted on 2006-05-09
11
Medium Priority
?
170 Views
Last Modified: 2013-12-24
We have published a homepage (Intranet, just within the department) using MS Frontpage. But other department also might access to this page because we are all in the same network. I had created a table for user access in Oracle 10G (windows version) in separate server, and our homepage reside in another server. The question is, how can I create login access form in MSFrontpage2K, accessing my table in Oracle 10G for authentication. This table (user_tab) is created in username let say user "master" with password "xyz123456" @ xyz. User_tab contain 2 columns ie user_id and password. The purpose of doing this is to allow only certain user or registered user accessing to our homepage.

Thanks.
0
Comment
Question by:KG1973
  • 7
  • 3
10 Comments
 
LVL 1

Author Comment

by:KG1973
ID: 16673096
I just increased value points to 500. I need the solution ASAP and also I only knew MS Frontpage and some Oracle forms. So if the solution in other language, please assist me to do it step-by-step.

Thanks.
0
 
LVL 1

Author Comment

by:KG1973
ID: 16696886
Can anyone help me solving this problem. I have been waiting since 9th May 2006.
Thanks.
0
 
LVL 2

Expert Comment

by:Eme-Eleonu
ID: 16771256
If everyone in your organisation signs on to the network already with a windows password, why make them sign in again. (Remember "Single Sign On" - thats what everyone is talking about these days) so why not try using windows Active directory. in IIS

On the web server - Control Panel, Administrative Tools. select Internet Info Service expand your website, write click your site and select "Directory Security" under Anonymous access and authetication. Select Edith - Uncheck Anonymous access, and sekect "Intergrated Windows authentication".

Howvere, if that wont do I have another solution.
0
[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

 
LVL 2

Expert Comment

by:Eme-Eleonu
ID: 16771364
I have been thinking about why it wont be nice for you to know the passwords (most non-it people tend to use the same passowrds over and over again it is not in your best intrest to create an alternate record of what ever they are using. - and managing it will be another issue to allow peole change their passowrds when the forget so I looked up something for you - http://tools.dynamicdrive.com/password/
0
 
LVL 1

Author Comment

by:KG1973
ID: 16786892
Hi Eme-Eleonu,
>>I have been thinking about why it wont be nice for you to know the passwords
If everyone know the password, then better not to control it at all

>>http://tools.dynamicdrive.com
COOL....!! I found a lot of useful stuffs especially for web development. Thanks a million.

Thanks for your response. I agreed with you, and it will be much more easier if we use domain (all users need to be registered in our domain).
The problem is, not all of us have same access right to our system that had been developed using Oracle Developer Suite.  Let me explain the main purpose in more detail.

1. All users will have the access to our homepage except from other department.
    Every user will login using their login id and password (this will be extracted from oracle 10G user_tab table)
2. This homepage contain static informations, just for info, no restricted/confidential information ie Information for all.
3. There is also a link to other 2nd homepage, index2.html. This page contain several links to all systems that had been developed using Oracle Developer.
    One example is, online leave application. For this system user can :
     a. View all staffs that currently onleave (access by all head of section only)
     b. View all staffs from same section only (access by all staffs within that section only)
     c. Update/ Delete/ Approve any record/application (access by Admin only)
     d. Add new application (access by all staffs)
     
This is just one example. We have several more. All users will be registered in our database, user_tab which contain the access privileges, ie, what system/ module/ submodule/ reports that they can access, to what level (Readonly or Full access) etc.... base on para 3 above.

I hope this can clarify what solution that I am looking for.
 






0
 
LVL 1

Author Comment

by:KG1973
ID: 16901707
hi everyone,

I still need help. I want my frontpage index.htm to be able to connect with my database.

thanks.
0
 
LVL 1

Author Comment

by:KG1973
ID: 16926119
Hi Eme-Eleonu,

I am waiting for your other solution as you stated earlier. I really want MS Frontpage to be able to connect to oracle.

Thanks.
0
 
LVL 2

Accepted Solution

by:
Eme-Eleonu earned 1000 total points
ID: 17057439
Sorry KG,
I will put on something I had done in the past - hoping that you can look through it and rework it to suite your environment. What you want to do is create a form with three fields, called login.asp - the fileds must be called UserId, password, UserDomain. then paste the following code into a file called checklogin.asp (include this page on every page you want to authenticate with <!--#include file="checklogin.asp"--> at the top of the page. Do not include it on free for all users pages. For the connection string, I used Access, but for Oracle you might need to create a dns connection in your ODBC. you can change that using this syntax.

DSN=YourDNSName;DRIVER={Microsoft ODBC for Oracle};UID=YourDNSUserID;PWD=YourDNSPassword

The code for checklogin.asp is:-
<%
' FileName="Connection_ado_conn_string.htm"
' Type="ADO"
' DesigntimeType="ADO"
' HTTP="true"
' Catalog=""
' Schema=""
'Dim MM_ppdb_STRING
MM_ppdb_STRING = "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=" & Server.MapPath("fpdb\Projectp_Abuja.mdb")
%>

<%
Dim UserId
Dim UserDomain
Dim password
Dim surname, firstname, middlename, staffid, currentStatus, divisionoffice, departmentbranch
'introduce dummy values to save our head first
UserId = 0
UserDomain = 0
password = "f"
UserId = request.form("UserId")
UserDomain = request.form("UserDomain")
password = request.form("password")

strconn = MM_ppdb_STRING

SQL1="SELECT UserId, UserDomain, RaterRelationshipToRated from SelectedRaters where UserId = " & UserId & " and UserDomain = " & UserDomain & " and status = 1 "
SQL2="SELECT PP_StaffDetails.StaffID, PP_StaffDetails.FirstName, PP_StaffDetails.MiddleN, PP_StaffDetails.SurName, "
SQL2 = SQL2 & " PP_StaffDetails.DepartmentBranch, PP_StaffDetails.DivisionOffice, PP_StaffDetails.CurrentStatus, "
SQL2 = SQL2 & " PP_StaffDetails.SupervisorsID, PP_StaffDetails.StaffEmail, PP_StaffDetails.Pass FROM PP_StaffDetails "
SQL2 = SQL2 & " where StaffId = '" & UserDomain & "' and Pass = '" & password & "'"
SQL3= "SELECT UserId, UserDomain, RaterType from PP_BaselineGrade where UserId = " & UserId & " and UserDomain = " & UserDomain

dim conntemp, rstemp
set conntemp=server.createobject("adodb.connection")
conntemp.open strconn

set rstemp = conntemp.execute(SQL1)

If rstemp.EOF Then
  Response.Redirect("login.asp?message=1")
end if

session("relationship") = rstemp("RaterRelationshipToRated").value

set rstemp = conntemp.execute(SQL3)

if rstemp.EOF  then
else
response.Redirect("login.asp?message=4")
end if

set rstemp = conntemp.execute(SQL2)

if rstemp.EOF then
  Response.Redirect("login.asp?message=3")
else
 Session("loggedin") = "true"
   Session("UserDomain") = UserDomain
   Session("UserId") = UserId
   Session("password") = password

   While Not rstemp.EOF
   surname = rstemp("SurName").value
   session("surname") = surname
   firstname = rstemp("FirstName").value
   session("firstname") = firstname
   middlename = rstemp("MiddleN").value
   session("middlename") = middlename
   staffid = rstemp("StaffID").value

   currentStatus = rstemp("CurrentStatus").value
   session("currentStatus") = currentStatus
   divisionoffice = rstemp("DivisionOffice").value
   session("divisionoffice") = divisionoffice
   departmentbranch = rstemp("DepartmentBranch").value
   session("departmentbranch") = departmentbranch
   rstemp.MoveNext
   Wend
   Response.Redirect("ratestaffskill.asp")
End If
%>
<%
   rstemp.close
   set rstemp=nothing
   conntemp.close
   set conntemp=nothing
%>
0
 
LVL 1

Author Comment

by:KG1973
ID: 17063657
>DSN=YourDNSName;DRIVER={Microsoft ODBC for Oracle};UID=YourDNSUserID;PWD=YourDNSPassword
where do i put this code to ? login.asp or checklogin.asp or ????

>' FileName="Connection_ado_conn_string.htm"
what is this ? Do i need to create another html file ? how ? what is the content ?


>The code for checklogin.asp is:-
All of them ? until ...   set conntemp=nothing ?
0
 
LVL 1

Author Comment

by:KG1973
ID: 17078004
I am not really familiar with creating asp manually. Can you pls tellme step by step generating those scripts using MS fontpage?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Turn A Profile Picture Into A Cartoon Using Photoshop And Illustrator This tutorial will teach you how to make a cartoon style image out of a regular picture. I have tried to keep the tutorial as simple as possible. I used Adobe CS4 for this tuto…
Geo-targeting is the practice of distributing content based on a person’s location, as best as you can determine it. Let’s look at some ways you could successfully use this tactic. The following tips and case studies could lead to meaningful results.
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
The purpose of this video is to demonstrate how to add AdSense Ads to a WordPress Website, and how to set up WordPress to automatically place Ads in Sidebars. This will be demonstrated using a Windows 8 PC. Log into your AdSense account. : Cli…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question