Link to home
Start Free TrialLog in
Avatar of vzdog
vzdog

asked on

ASP and MS Access Database Password Protection multiple pages Database-Connected Auto-Navigation

Good Day. i believe there is an easy fix for this but I am missing it.
My entire password protection is based on code found at:
http://www.asp101.com/samples/login.asp
I am using the Database-Connected Auto-Navigation Version

I have a internal website (IIS) that has a login. I have the user's built in to an MS Acces table.
From the site main page they enter the User ID and Password are redirected to the sub-page specifically for them (There are 6 different "sub-pages"). Here is the catch. On each "sub-page" there are 2 additional links (specific to only that "sub-page") that I want to protect as well. Meaning they can not follow these links unless they logged in to begin with.

I know there should be an include file on the Subpage and on the 2 additional link pages. I am just not sure how or what to use as script for that. Below is the script for the initial login and it works fine.
<%
 
If Request.Form("action") <> "validate_login" Then
	%>
	<form method="post">
	<input type="hidden" name="action" value="validate_login" />
	<table border="5">
		<tr>
			<td align="right">Login:</td>
			<td><input type="text" name="login" /></td>
		</tr>
		<tr>
			<td align="right">Password:</td>
			<td><input type="password" name="password" /></td>
		</tr>
		<tr>
			<td align="right"></TD>
			<td><input type="submit" VALUE="Login" /></td>
		</tr>
	</table>
	</form>
 
	<%
Else
	Dim cnnLogin
	Dim rstLogin
	Dim strSQL
	Dim strUsername, strPassword, strURL
 
	strUsername = Request.Form("login")
	strPassword = Request.Form("password")
	
	If Len(strUsername) > 25 Or Len(strPassword) > 25 Then
		strUsername = ""
		strPassword = ""
	Else
		strUsername = Replace(strUsername, "'", "''")
		strPassword = Replace(strPassword, "'", "''")
	End If
 
	strSQL = "SELECT * FROM tblLoginInfo " _
		& "WHERE username='" & strUsername & "' " _
		& "AND password='" & strPassword & "';"
 
	Set cnnLogin = Server.CreateObject("ADODB.Connection")
	cnnLogin.Open("DRIVER={Microsoft Access Driver (*.mdb)};" _
		& "DBQ=" & Server.MapPath("Proactive.mdb"))
 
	Set rstLogin = cnnLogin.Execute(strSQL)
 
	If rstLogin.EOF Then
		Session("username") = ""
		strURL = ""
		%>
		<p>
		<font size="4" face="arial,helvetica"><strong>
		Login Failed - Please verify username and password.
		</strong></font>
		</p>
		<p>
		<a href="login_db_nav.asp">Try Again</a>
		</p>
		<%
		'Response.End
	Else
		Session("username") = rstLogin.Fields("username").Value
		strURL = rstLogin.Fields("destination").Value
 
		Response.Redirect("" & strURL)
	End If
 
	' Clean Up
	rstLogin.Close
	Set rstLogin = Nothing
	cnnLogin.Close
	Set cnnLogin = Nothing
End If
%>

Open in new window

Avatar of vzdog
vzdog

ASKER

By the way I did build an Include file called scure.asp.
But it doesnt not work correctly. see below.
--- Begin secure.asp ---
<%
if Session("validate_login") <> True then
  session("failedAttempt") = True
  response.redirect "login.asp"
end if
%>
--- End secure.asp ---

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Big Monty
Big Monty
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of vzdog

ASKER

worked like a charm! Thanks ! BD..