Solved

login & password code

Posted on 2006-07-21
7
499 Views
Last Modified: 2008-03-10
i'm creating a simple webpage in IIS.... and i'm trying to add a login and password to only allow users to get into a folder...  externally.    

i created a login.asp and a default.asp but they are not currently working... is there anyone out there that could provide me some code to help me get this done.. thanks.
0
Comment
Question by:d01970g
7 Comments
 
LVL 18

Expert Comment

by:ingwa
ID: 17154869
Hi there,

Macromedia Dreamweaver MX has an excellant set of pre-built scripts for your requirements.  In the server behaviours rollout you have scripts to make sure the user is logged in, to log in, log out and to create user logins.  It is also group based should you wish to give various privillages such as admin, user, and guest.  

The check credentials page looks like this:

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<%
// *** Restrict Access To Page: Grant or deny access to this page
var MM_authorizedUsers="1,2,3";
var MM_authFailedURL="login.asp";
var MM_grantAccess=false;
if (String(Session("MM_Username")) != "undefined") {
  if (false || (String(Session("MM_UserAuthorization"))=="") || (MM_authorizedUsers.indexOf(String(Session("MM_UserAuthorization"))) >=0)) {
    MM_grantAccess = true;
  }
}
if (!MM_grantAccess) {
  var MM_qsChar = "?";
  if (MM_authFailedURL.indexOf("?") >= 0) MM_qsChar = "&";
  var MM_referrer = Request.ServerVariables("URL");
  if (String(Request.QueryString()).length > 0) MM_referrer = MM_referrer + "?" + String(Request.QueryString());
  MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied=" + Server.URLEncode(MM_referrer);
  Response.Redirect(MM_authFailedURL);
}
%>

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<!--#include file="/Connections/database.asp" -->
// *** The file in the include statement above is the database connector file.  Dreamweaver creates this automatically for you when you set up your database.
<%
// *** Validate request to log in to this site.
var MM_LoginAction = Request.ServerVariables("URL");
if (Request.QueryString!="") MM_LoginAction += "?" + Server.HTMLEncode(Request.QueryString);
var MM_valUsername=String(Request.Form("uname"));
if (MM_valUsername != "undefined") {
  var MM_fldUserAuthorization="group_id";
  var MM_redirectLoginSuccess="checkout.asp";
  var MM_redirectLoginFailed="login.asp";
  var MM_flag="ADODB.Recordset";
  var MM_rsUser = Server.CreateObject(MM_flag);
  MM_rsUser.ActiveConnection = MM_database_STRING;
  MM_rsUser.Source = "SELECT user_login, user_password";
  if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization;
  MM_rsUser.Source += " FROM redstone.users WHERE user_login='" + MM_valUsername.replace(/'/g, "''") + "' AND user_password='" + String(Request.Form("pword")).replace(/'/g, "''") + "'";
  MM_rsUser.CursorType = 0;
  MM_rsUser.CursorLocation = 2;
  MM_rsUser.LockType = 3;
  MM_rsUser.Open();
  if (!MM_rsUser.EOF || !MM_rsUser.BOF) {
    // username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername;
    if (MM_fldUserAuthorization != "") {
      Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);
    } else {
      Session("MM_UserAuthorization") = "";
    }
    if (String(Request.QueryString("accessdenied")) != "undefined" && true) {
      MM_redirectLoginSuccess = Request.QueryString("accessdenied");
    }
    MM_rsUser.Close();
    Response.Redirect(MM_redirectLoginSuccess);
  }
  MM_rsUser.Close();
  Response.Redirect(MM_redirectLoginFailed);
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
  <p>Username:
    <input name="uname" type="text" id="uname">
</p>
  <p>Password:
    <input name="pword" type="text" id="pword">
    <input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>


When you create your database, make sure you have a username, password and group ID fields.  You may even consider an encryption alogrithm for the passwords like md5.  

Hope this helps.

It is worth noting that Macromedia Dreamweaver MX has a 30 day trial whereby you can use the features to fully create your authentication system.  And the scripts are not trial based either.

Hope that this helps.

Mark
0
 

Author Comment

by:d01970g
ID: 17156109
i want to do it in HTML.... how can i have multiple logins?  i was able to create one login and password....
0
 
LVL 2

Accepted Solution

by:
masoncooper earned 250 total points
ID: 17156317
If it's just a single login/password you want, you might want to consider just setting security on the site.  By allowing only one (or a few) Windows accounts to access a portion of the site, you don't even need to write your own login/password script.

Just create a virtual directory in IIS and point that to the protected portion of your site.  Then under "Directory Security", remove Anonymous Access and turn on "Windows Authentication".  Now just create an account you give to web users and you'll be all set!

For additional security, you can modify the folder-level permissions on that directory so that only that web-account and yourself has access to the files contained within.
0
 
LVL 4

Assisted Solution

by:daluu
daluu earned 250 total points
ID: 17158429
masoncooper's suggestion is a good option for limited login accounts. IIS is not as great as Apache where you can use .htaccess & .htpasswd files that are independent of the OS user accounts to provision website access priviledges, however...

For Apache like access in IIS, check out the free IISPassword utility from Troxo at
http://www.troxo.com/products/iispassword/

It's easy to use and worked great when I tried it out.

As for custom coded login validation, this is what you do:

1. create web form with text fields for login, etc. set to send to a script page (e.g. ASP). This assumes you know HTML web forms and stuff.

2. At your script page, you compare the form field content to the login account data stored in either your ASP page, some file, or a database. If ok, allow access via URL redirection or have script load actual content. If no match, then block access via URL redirection or no show content.

NOTE: for security you may wish to encrypt the login data on your login form before it is submitted across the internet to your script page. In this case, you compare the encrypted values to the encrypted values stored in file or database, etc. This is easy to do with Perl or PHP using crypt() or md5() function. With ASP, you can consider using a Javascript MD5 script to do the job for you, sample given here. If you questions about this, let me know.

http://i.1asphost.com/daluu/jshash.htm
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now