Solved

login & password code

Posted on 2006-07-21
7
506 Views
Last Modified: 2008-03-10
i'm creating a simple webpage in IIS.... and i'm trying to add a login and password to only allow users to get into a folder...  externally.    

i created a login.asp and a default.asp but they are not currently working... is there anyone out there that could provide me some code to help me get this done.. thanks.
0
Comment
Question by:d01970g
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 18

Expert Comment

by:Mark Gilbert
ID: 17154869
Hi there,

Macromedia Dreamweaver MX has an excellant set of pre-built scripts for your requirements.  In the server behaviours rollout you have scripts to make sure the user is logged in, to log in, log out and to create user logins.  It is also group based should you wish to give various privillages such as admin, user, and guest.  

The check credentials page looks like this:

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<%
// *** Restrict Access To Page: Grant or deny access to this page
var MM_authorizedUsers="1,2,3";
var MM_authFailedURL="login.asp";
var MM_grantAccess=false;
if (String(Session("MM_Username")) != "undefined") {
  if (false || (String(Session("MM_UserAuthorization"))=="") || (MM_authorizedUsers.indexOf(String(Session("MM_UserAuthorization"))) >=0)) {
    MM_grantAccess = true;
  }
}
if (!MM_grantAccess) {
  var MM_qsChar = "?";
  if (MM_authFailedURL.indexOf("?") >= 0) MM_qsChar = "&";
  var MM_referrer = Request.ServerVariables("URL");
  if (String(Request.QueryString()).length > 0) MM_referrer = MM_referrer + "?" + String(Request.QueryString());
  MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied=" + Server.URLEncode(MM_referrer);
  Response.Redirect(MM_authFailedURL);
}
%>

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<!--#include file="/Connections/database.asp" -->
// *** The file in the include statement above is the database connector file.  Dreamweaver creates this automatically for you when you set up your database.
<%
// *** Validate request to log in to this site.
var MM_LoginAction = Request.ServerVariables("URL");
if (Request.QueryString!="") MM_LoginAction += "?" + Server.HTMLEncode(Request.QueryString);
var MM_valUsername=String(Request.Form("uname"));
if (MM_valUsername != "undefined") {
  var MM_fldUserAuthorization="group_id";
  var MM_redirectLoginSuccess="checkout.asp";
  var MM_redirectLoginFailed="login.asp";
  var MM_flag="ADODB.Recordset";
  var MM_rsUser = Server.CreateObject(MM_flag);
  MM_rsUser.ActiveConnection = MM_database_STRING;
  MM_rsUser.Source = "SELECT user_login, user_password";
  if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization;
  MM_rsUser.Source += " FROM redstone.users WHERE user_login='" + MM_valUsername.replace(/'/g, "''") + "' AND user_password='" + String(Request.Form("pword")).replace(/'/g, "''") + "'";
  MM_rsUser.CursorType = 0;
  MM_rsUser.CursorLocation = 2;
  MM_rsUser.LockType = 3;
  MM_rsUser.Open();
  if (!MM_rsUser.EOF || !MM_rsUser.BOF) {
    // username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername;
    if (MM_fldUserAuthorization != "") {
      Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);
    } else {
      Session("MM_UserAuthorization") = "";
    }
    if (String(Request.QueryString("accessdenied")) != "undefined" && true) {
      MM_redirectLoginSuccess = Request.QueryString("accessdenied");
    }
    MM_rsUser.Close();
    Response.Redirect(MM_redirectLoginSuccess);
  }
  MM_rsUser.Close();
  Response.Redirect(MM_redirectLoginFailed);
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
  <p>Username:
    <input name="uname" type="text" id="uname">
</p>
  <p>Password:
    <input name="pword" type="text" id="pword">
    <input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>


When you create your database, make sure you have a username, password and group ID fields.  You may even consider an encryption alogrithm for the passwords like md5.  

Hope this helps.

It is worth noting that Macromedia Dreamweaver MX has a 30 day trial whereby you can use the features to fully create your authentication system.  And the scripts are not trial based either.

Hope that this helps.

Mark
0
 

Author Comment

by:d01970g
ID: 17156109
i want to do it in HTML.... how can i have multiple logins?  i was able to create one login and password....
0
 
LVL 2

Accepted Solution

by:
masoncooper earned 250 total points
ID: 17156317
If it's just a single login/password you want, you might want to consider just setting security on the site.  By allowing only one (or a few) Windows accounts to access a portion of the site, you don't even need to write your own login/password script.

Just create a virtual directory in IIS and point that to the protected portion of your site.  Then under "Directory Security", remove Anonymous Access and turn on "Windows Authentication".  Now just create an account you give to web users and you'll be all set!

For additional security, you can modify the folder-level permissions on that directory so that only that web-account and yourself has access to the files contained within.
0
 
LVL 4

Assisted Solution

by:daluu
daluu earned 250 total points
ID: 17158429
masoncooper's suggestion is a good option for limited login accounts. IIS is not as great as Apache where you can use .htaccess & .htpasswd files that are independent of the OS user accounts to provision website access priviledges, however...

For Apache like access in IIS, check out the free IISPassword utility from Troxo at
http://www.troxo.com/products/iispassword/

It's easy to use and worked great when I tried it out.

As for custom coded login validation, this is what you do:

1. create web form with text fields for login, etc. set to send to a script page (e.g. ASP). This assumes you know HTML web forms and stuff.

2. At your script page, you compare the form field content to the login account data stored in either your ASP page, some file, or a database. If ok, allow access via URL redirection or have script load actual content. If no match, then block access via URL redirection or no show content.

NOTE: for security you may wish to encrypt the login data on your login form before it is submitted across the internet to your script page. In this case, you compare the encrypted values to the encrypted values stored in file or database, etc. This is easy to do with Perl or PHP using crypt() or md5() function. With ASP, you can consider using a Javascript MD5 script to do the job for you, sample given here. If you questions about this, let me know.

http://i.1asphost.com/daluu/jshash.htm
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question