• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

ASP and MS Access Database Password Protection multiple pages Database-Connected Auto-Navigation

Good Day. i believe there is an easy fix for this but I am missing it.
My entire password protection is based on code found at:
http://www.asp101.com/samples/login.asp
I am using the Database-Connected Auto-Navigation Version

I have a internal website (IIS) that has a login. I have the user's built in to an MS Acces table.
From the site main page they enter the User ID and Password are redirected to the sub-page specifically for them (There are 6 different "sub-pages"). Here is the catch. On each "sub-page" there are 2 additional links (specific to only that "sub-page") that I want to protect as well. Meaning they can not follow these links unless they logged in to begin with.

I know there should be an include file on the Subpage and on the 2 additional link pages. I am just not sure how or what to use as script for that. Below is the script for the initial login and it works fine.
<%
 
If Request.Form("action") <> "validate_login" Then
	%>
	<form method="post">
	<input type="hidden" name="action" value="validate_login" />
	<table border="5">
		<tr>
			<td align="right">Login:</td>
			<td><input type="text" name="login" /></td>
		</tr>
		<tr>
			<td align="right">Password:</td>
			<td><input type="password" name="password" /></td>
		</tr>
		<tr>
			<td align="right"></TD>
			<td><input type="submit" VALUE="Login" /></td>
		</tr>
	</table>
	</form>
 
	<%
Else
	Dim cnnLogin
	Dim rstLogin
	Dim strSQL
	Dim strUsername, strPassword, strURL
 
	strUsername = Request.Form("login")
	strPassword = Request.Form("password")
	
	If Len(strUsername) > 25 Or Len(strPassword) > 25 Then
		strUsername = ""
		strPassword = ""
	Else
		strUsername = Replace(strUsername, "'", "''")
		strPassword = Replace(strPassword, "'", "''")
	End If
 
	strSQL = "SELECT * FROM tblLoginInfo " _
		& "WHERE username='" & strUsername & "' " _
		& "AND password='" & strPassword & "';"
 
	Set cnnLogin = Server.CreateObject("ADODB.Connection")
	cnnLogin.Open("DRIVER={Microsoft Access Driver (*.mdb)};" _
		& "DBQ=" & Server.MapPath("Proactive.mdb"))
 
	Set rstLogin = cnnLogin.Execute(strSQL)
 
	If rstLogin.EOF Then
		Session("username") = ""
		strURL = ""
		%>
		<p>
		<font size="4" face="arial,helvetica"><strong>
		Login Failed - Please verify username and password.
		</strong></font>
		</p>
		<p>
		<a href="login_db_nav.asp">Try Again</a>
		</p>
		<%
		'Response.End
	Else
		Session("username") = rstLogin.Fields("username").Value
		strURL = rstLogin.Fields("destination").Value
 
		Response.Redirect("" & strURL)
	End If
 
	' Clean Up
	rstLogin.Close
	Set rstLogin = Nothing
	cnnLogin.Close
	Set cnnLogin = Nothing
End If
%>

Open in new window

0
vzdog
Asked:
vzdog
  • 2
1 Solution
 
vzdogAuthor Commented:
By the way I did build an Include file called scure.asp.
But it doesnt not work correctly. see below.
--- Begin secure.asp ---
<%
if Session("validate_login") <> True then
  session("failedAttempt") = True
  response.redirect "login.asp"
end if
%>
--- End secure.asp ---

Open in new window

0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
this oughta work for you:

--- Begin secure.asp ---
<%
if Len( Session("username") ) <= 0 then
    response.redirect "login.asp"
end if
%>
--- End secure.asp ---
0
 
vzdogAuthor Commented:
worked like a charm! Thanks ! BD..
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now