Update statement
- פותח הנושא collie
- פורסם בתאריך
Login
Hi, I have a project with a few pages. The problem is that I don't want to allow the user to be able to view a page without first login in. The problem is with the edit.aspx page. If receives and sends a querystring such as http://www.mysite.co.il/editAd.asp?ad_id=30&cat_id=8&sub_id=25. Now if i enter the above querystring in the address toolbar of my browser it takes me to that edit page without prompting for a login password and username. I want to prevent it. If a user doesn't first login then he shouldn't be able to view his page. How can i do it? I thought that the following code should do it but it doesn't: By the way Myads.asp is the page before edit.aspx (both codes are attached in the file called code). *** Validate request to log in to this site. MM_LoginAction = Request.ServerVariables("URL") If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString MM_valUsername=CStr(Request.Form("Username")) If MM_valUsername <> "" Then MM_fldUserAuthorization="" MM_redirectLoginSuccess="myAds.asp" MM_redirectLoginFailed="myAds.asp" MM_flag="ADODB.Recordset" set MM_rsUser = Server.CreateObject(MM_flag) MM_rsUser.ActiveConnection = MM_connDUclassified_STRING MM_rsUser.Source = "SELECT U_ID, U_PASSWORD" If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization MM_rsUser.Source = MM_rsUser.Source & " FROM USERS WHERE U_ID='" & MM_valUsername &"' AND U_PASSWORD='" & CStr(Request.Form("Password")) & "'" MM_rsUser.CursorType = 0 MM_rsUser.CursorLocation = 2 MM_rsUser.LockType = 3 MM_rsUser.Open If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then ' username and password match - this is a valid user Session("MM_Username") = MM_valUsername If (MM_fldUserAuthorization <> "") Then Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value) Else Session("MM_UserAuthorization") = "" End If if CStr(Request.QueryString("accessdenied")) <> "" And false Then MM_redirectLoginSuccess = Request.QueryString("accessdenied") End If MM_rsUser.Close Response.Redirect(MM_redirectLoginSuccess) End If MM_rsUser.Close Response.Redirect(MM_redirectLoginFailed) End If If I just enter http://www.mysite.co.il/editAd.asp then login fails (that is good)
Hi, I have a project with a few pages. The problem is that I don't want to allow the user to be able to view a page without first login in. The problem is with the edit.aspx page. If receives and sends a querystring such as http://www.mysite.co.il/editAd.asp?ad_id=30&cat_id=8&sub_id=25. Now if i enter the above querystring in the address toolbar of my browser it takes me to that edit page without prompting for a login password and username. I want to prevent it. If a user doesn't first login then he shouldn't be able to view his page. How can i do it? I thought that the following code should do it but it doesn't: By the way Myads.asp is the page before edit.aspx (both codes are attached in the file called code). *** Validate request to log in to this site. MM_LoginAction = Request.ServerVariables("URL") If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString MM_valUsername=CStr(Request.Form("Username")) If MM_valUsername <> "" Then MM_fldUserAuthorization="" MM_redirectLoginSuccess="myAds.asp" MM_redirectLoginFailed="myAds.asp" MM_flag="ADODB.Recordset" set MM_rsUser = Server.CreateObject(MM_flag) MM_rsUser.ActiveConnection = MM_connDUclassified_STRING MM_rsUser.Source = "SELECT U_ID, U_PASSWORD" If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization MM_rsUser.Source = MM_rsUser.Source & " FROM USERS WHERE U_ID='" & MM_valUsername &"' AND U_PASSWORD='" & CStr(Request.Form("Password")) & "'" MM_rsUser.CursorType = 0 MM_rsUser.CursorLocation = 2 MM_rsUser.LockType = 3 MM_rsUser.Open If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then ' username and password match - this is a valid user Session("MM_Username") = MM_valUsername If (MM_fldUserAuthorization <> "") Then Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value) Else Session("MM_UserAuthorization") = "" End If if CStr(Request.QueryString("accessdenied")) <> "" And false Then MM_redirectLoginSuccess = Request.QueryString("accessdenied") End If MM_rsUser.Close Response.Redirect(MM_redirectLoginSuccess) End If MM_rsUser.Close Response.Redirect(MM_redirectLoginFailed) End If If I just enter http://www.mysite.co.il/editAd.asp then login fails (that is good)
Instead of
implementing your own security mechanism, consider using ASP.NET's built-in web forms authentication.
Are you using include files
for global static variables? if so, i recommend creating a different C# source file, with a class that contains the constants. Compile this file (using csc.exe), and place it in your bin sub directory. Afterwards, the class will be available from any aspx page, as long as you import the namespace
This is what i did so far but
i am getting the following error: -------------------------------------------------------------------------------- Compilation Error Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately. Compiler Error Message: BC30451: Name 'MM_connDUclassified_STRING' is not declared. Source Error: Line 6: <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> Line 7: <meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE"> Source File: http://localhost/mysite/Include_practice.aspx Line: 8 The only code that i have in the include.aspx file is this: <% MM_connDUclassified_STRING = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/database/DUclassified.mdb") %> In the aspx file that calls the include i have the following: in html: <%@ Page Language="vb" AutoEventWireup="false" Codebehind="Include_practice.aspx.vb" Inherits="ybay.include_practice"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <title>Include_practice</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE"> <meta content="VBScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <!--#include file="Connections/connDUclassified.asp" --> </HEAD> The aspx.vb has the following: Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load If Not Page.IsPostBack Then Dim MM_connDUclassified_STRING As New ADODB.Connection Dim rs As New ADODB.Recordset rs.Open("Select * from cats ORDER BY CAT_DATED DESC, MM_connDUclassified_STRING") Thanks
i am getting the following error: -------------------------------------------------------------------------------- Compilation Error Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately. Compiler Error Message: BC30451: Name 'MM_connDUclassified_STRING' is not declared. Source Error: Line 6: <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> Line 7: <meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE"> Source File: http://localhost/mysite/Include_practice.aspx Line: 8 The only code that i have in the include.aspx file is this: <% MM_connDUclassified_STRING = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/database/DUclassified.mdb") %> In the aspx file that calls the include i have the following: in html: <%@ Page Language="vb" AutoEventWireup="false" Codebehind="Include_practice.aspx.vb" Inherits="ybay.include_practice"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <title>Include_practice</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE"> <meta content="VBScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <!--#include file="Connections/connDUclassified.asp" --> </HEAD> The aspx.vb has the following: Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load If Not Page.IsPostBack Then Dim MM_connDUclassified_STRING As New ADODB.Connection Dim rs As New ADODB.Recordset rs.Open("Select * from cats ORDER BY CAT_DATED DESC, MM_connDUclassified_STRING") Thanks
Copyright©1996-2021,Tapuz Media Ltd. Forum software by XenForo® © 2010-2020 XenForo Ltd.