How can you create "two different password-protected Web pages" by
using FrontPage?

Provided by Microsoft support page, I followed the following
instructions on how to "password protect" webpages:
http://support.microsoft.com/default...b;en-us;825498
This support webpage was very effective.

Within in a web directory, is there a way to have two seperate
password-protected Web pages?

In other words, I would like to create a whole another seperate
username/passwords access database.

Thanks,
Jason

Create a separate subweb.
--
===
Tom [Pepper] Willett
Microsoft MVP - FrontPage
---
FrontPage Support:
http://www.frontpagemvps.com/
About FrontPage 2003:
http://office.microsoft.com/home/off...tid=FX01085802
===
"Beefminator" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
| How can you create "two different password-protected Web pages" by
| using FrontPage?
|
| Provided by Microsoft support page, I followed the following
| instructions on how to "password protect" webpages:
| http://support.microsoft.com/default...b;en-us;825498
| This support webpage was very effective.
|
| Within in a web directory, is there a way to have two seperate
| password-protected Web pages?
|
| In other words, I would like to create a whole another seperate
| username/passwords access database.
|
| Thanks,
| Jason
|

Hey Tom! Thanks for the quick response.

I tried creating two seperatte subwebs, but I still have a security
issue. I created an example case of my security issue:

I have two seperate secure webpages, each has it own username/password
access database:

First one is....
http://walkhere.com/logon/passwordprotect.asp
username: dick
password: password1

Second one...
http://walkhere.com/logon2/passwordprotect.asp
username: jane
password: password2

If Dick tries to log into
http://walkhere.com/logon2/passwordprotect.asp, then he would
failed.However Dick can get around it, he can first log into
http://walkhere.com/logon/passwordprotect.asp and then go to
http://walkhere.com/logon2/passwordprotect.asp (because he's already
logged in).

Even after he logged in, I never want Dick accessing
http://walkhere.com/logon2/passwordprotect.asp.

What am I doing wrong in setting up the password protected web pages?

You have to change the name of variable that you are testing to see if the user is logged in.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

"Beefminator" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hey Tom! Thanks for the quick response.
>
> I tried creating two seperatte subwebs, but I still have a security
> issue. I created an example case of my security issue:
>
> I have two seperate secure webpages, each has it own username/password
> access database:
>
> First one is....
> http://walkhere.com/logon/passwordprotect.asp
> username: dick
> password: password1
>
> Second one...
> http://walkhere.com/logon2/passwordprotect.asp
> username: jane
> password: password2
>
> If Dick tries to log into
> http://walkhere.com/logon2/passwordprotect.asp, then he would
> failed.However Dick can get around it, he can first log into
> http://walkhere.com/logon/passwordprotect.asp and then go to
> http://walkhere.com/logon2/passwordprotect.asp (because he's already
> logged in).
>
> Even after he logged in, I never want Dick accessing
> http://walkhere.com/logon2/passwordprotect.asp.
>
> What am I doing wrong in setting up the password protected web pages?
>

What do you mean by "change the name of variable" ?

Forgive me Tom, I am not very good at Frontpage. Thanks for putting up
with me.

If the variable that is use to check if the user is logged in is:

If Authenticated = 0 Then
Response.Redirect "Login.asp"
End if

In this case if "Authenticated = 1" then the user is allowed access to the pages with this code,
otherwise they are redirected to the login page.

Now you want to have a separate login test, then you need to rename "Authenticated" to something
different, such as "Authenticated2" for those set of pages.

Also, ASP sessions do not cross FP subwebs, so if you have the login for each set of page in their
own unique subweb with a unique database, then you wouldn't have to change anything.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

"Beefminator" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> What do you mean by "change the name of variable" ?
>
> Forgive me Tom, I am not very good at Frontpage. Thanks for putting up
> with me.
>

hmmmmm...you said to change "Authenticated" to something like
"Authenticated2".. where exactly do I make the change? The logon.asp or
in the text file "logon.inc"?

I don't blame you if you give up on me.

I am guess that it would be the logon.inc file for the specific folder / subweb.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

"Beefminator" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> hmmmmm...you said to change "Authenticated" to something like
> "Authenticated2".. where exactly do I make the change? The logon.asp or
> in the text file "logon.inc"?
>
> I don't blame you if you give up on me.
>

This is what logon.inc looks like, this is for the 2nd subweb. Where
should I make the change?

<%
' Do not cache this page.
Response.CacheControl = "no-cache"

' Define the name of the users table.
Const USERS_TABLE = "tblUsers"
' Define the path to the logon page.
Const LOGON_PAGE = "/logon2/logon.asp"
' Define the path to the logon database.
Const MDB_URL = "/logon2/_private/logon.mdb"

' Check to see whether you have a current user name.
If Len(Session("UID")) = 0 Then
' Are you currently on the logon page?
If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
' If not, set a session variable for the page that made the
request...
Session("REFERRER") = Request.ServerVariables("URL")
' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE
End If
End If

' This function checks for a username/password combination.
Function ComparePassword(UID,PWD)
' Define your variables.
Dim strSQL, objCN, objRS
' Set up your SQL string.
strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (UID='" & ParseText(UID) & _
"' AND PWD='" & ParseText(PWD) & "');"
' Create a database connection object.
Set objCN = Server.CreateObject("ADODB.Connection")
' Open the database connection object.
objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _
Server.MapPath(MDB_URL) & "; uid=admin; pwd="
' Run the database query.
Set objRS = objCN.Execute(strSQL)
' Set the status to true/false for the database lookup.
ComparePassword = Not(objRS.EOF)
' Close your database objects.
Set objRS = Nothing
Set objCN = Nothing
End Function

' This function restricts text to alpha-numeric data only.
Function ParseText(TXT)
Dim intPos, strText, intText
For intPos = 1 TO Len(TXT)
intText = Asc(Mid(TXT,intPos,1))
If (intText > 47 And intText < 58) Or _
(intText > 64 And intText < 91) Or _
(intText > 96 And intText < 123) Then
strText = strText & Mid(TXT,intPos,1)
End if
Next
ParseText = strText
End Function
%>

If you have individual subwebs and databases, then it should not be possible for one user to log in
to one subweb and then access another subweb without having to log in again.

However because of the way the script is written, I can see how this is happening. Also the database
need to be stored in the fpdb folder, which has specific permissions to protect the database, not
the _private folder.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

"Beefminator" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> This is what logon.inc looks like, this is for the 2nd subweb. Where
> should I make the change?
>
> <%
> ' Do not cache this page.
> Response.CacheControl = "no-cache"
>
> ' Define the name of the users table.
> Const USERS_TABLE = "tblUsers"
> ' Define the path to the logon page.
> Const LOGON_PAGE = "/logon2/logon.asp"
> ' Define the path to the logon database.
> Const MDB_URL = "/logon2/_private/logon.mdb"
>
> ' Check to see whether you have a current user name.
> If Len(Session("UID")) = 0 Then
> ' Are you currently on the logon page?
> If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
> ' If not, set a session variable for the page that made the
> request...
> Session("REFERRER") = Request.ServerVariables("URL")
> ' ...and redirect to the logon page.
> Response.Redirect LOGON_PAGE
> End If
> End If
>
> ' This function checks for a username/password combination.
> Function ComparePassword(UID,PWD)
> ' Define your variables.
> Dim strSQL, objCN, objRS
> ' Set up your SQL string.
> strSQL = "SELECT * FROM " & USERS_TABLE & _
> " WHERE (UID='" & ParseText(UID) & _
> "' AND PWD='" & ParseText(PWD) & "');"
> ' Create a database connection object.
> Set objCN = Server.CreateObject("ADODB.Connection")
> ' Open the database connection object.
> objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _
> Server.MapPath(MDB_URL) & "; uid=admin; pwd="
> ' Run the database query.
> Set objRS = objCN.Execute(strSQL)
> ' Set the status to true/false for the database lookup.
> ComparePassword = Not(objRS.EOF)
> ' Close your database objects.
> Set objRS = Nothing
> Set objCN = Nothing
> End Function
>
> ' This function restricts text to alpha-numeric data only.
> Function ParseText(TXT)
> Dim intPos, strText, intText
> For intPos = 1 TO Len(TXT)
> intText = Asc(Mid(TXT,intPos,1))
> If (intText > 47 And intText < 58) Or _
> (intText > 64 And intText < 91) Or _
> (intText > 96 And intText < 123) Then
> strText = strText & Mid(TXT,intPos,1)
> End if
> Next
> ParseText = strText
> End Function
> %>
>