J
Jim Perry
I am trying to password protect a couple of pages on a web site. I'm new to
ASP, and I'm pretty sure I'm doing something dumb. According to "Using
Frontpage 2003" by Paul Colligan, page 732, you can accomplish this by using
the code generated by the Database Interface Wizard. You take the code
generated in the Edit page and include it in the pages you want to protect.
This works fine as long as the correct userid/password is entered the first
time. However, if it is incorrect, the logon page is repeated with an
"Authorization Failed. Please try again." message. At this point, if the
correct userid/password is entered, I'm redirected to "database_editor.asp"
rather than to the requester page, which in my case is called
"contacts.asp".
Obviously, the length of the "requester" is being set to 0, but I don't
understand where or why. What am I doing wrong?
Thanks,
Jim
-------------------------> File "Login_Validate.asp" is
below ------------------
<!--#include file="login.asa"-->
<%
' if any of the variables do not match, create error message
if Request.Form("login") <> Username or Request.Form("password") <> Password
then
MsgErr = "<h3>Authorization Failed.</h3>" & "<br>" & "<a
href=login.asp>Please try again.</a>"
Response.Write MsgErr
' if correct, set the session variable and proceed
Else
Session(SiteId) = true
' redirect
If Len(Request("requester")) > 0 Then
Response.Redirect (Request("requester"))
Else
Response.Redirect "database_editor.asp"
End if
End if
%>
<body bgcolor="#FFFFFF">
-------------------------> File "login.asp" is below ------------------
<br clear=all>
<hr>
<FORM ACTION="Login_Validate.asp" METHOD="post">
<p>
<h3>Database Editor Login</h3>
<br>
<p>
<TABLE BORDER=0>
<TR>
<TD ALIGN="right">User name:</TD>
<TD><INPUT TYPE="text" NAME="login" size="10" VALUE=''></INPUT></TD>
</TR>
<TR>
<TD ALIGN="right">Password:</TD>
<TD><INPUT TYPE="password" NAME="password" size="10"
VALUE=''></INPUT></TD>
</TR>
<TR>
<TD>
<input TYPE="hidden" NAME="requester"
VALUE="<%=Server.HtmlEncode(Request("requester"))%>">
</TD>
<TD>
</TD>
</TR>
<TR>
<TD align="left">
<INPUT TYPE="submit" VALUE="Login"></INPUT>
</TD>
<TD>
</TD>
</TR>
</TABLE>
</FORM>
<p><!--webbot bot="PurpleText" PREVIEW="You may change your Database Editor
username and password by editing the file:
Sample_interface/Categories/editor/login.asa" --></p>
</body>
</html>
--------------------------------------
ASP, and I'm pretty sure I'm doing something dumb. According to "Using
Frontpage 2003" by Paul Colligan, page 732, you can accomplish this by using
the code generated by the Database Interface Wizard. You take the code
generated in the Edit page and include it in the pages you want to protect.
This works fine as long as the correct userid/password is entered the first
time. However, if it is incorrect, the logon page is repeated with an
"Authorization Failed. Please try again." message. At this point, if the
correct userid/password is entered, I'm redirected to "database_editor.asp"
rather than to the requester page, which in my case is called
"contacts.asp".
Obviously, the length of the "requester" is being set to 0, but I don't
understand where or why. What am I doing wrong?
Thanks,
Jim
-------------------------> File "Login_Validate.asp" is
below ------------------
<!--#include file="login.asa"-->
<%
' if any of the variables do not match, create error message
if Request.Form("login") <> Username or Request.Form("password") <> Password
then
MsgErr = "<h3>Authorization Failed.</h3>" & "<br>" & "<a
href=login.asp>Please try again.</a>"
Response.Write MsgErr
' if correct, set the session variable and proceed
Else
Session(SiteId) = true
' redirect
If Len(Request("requester")) > 0 Then
Response.Redirect (Request("requester"))
Else
Response.Redirect "database_editor.asp"
End if
End if
%>
<body bgcolor="#FFFFFF">
-------------------------> File "login.asp" is below ------------------
<br clear=all>
<hr>
<FORM ACTION="Login_Validate.asp" METHOD="post">
<p>
<h3>Database Editor Login</h3>
<br>
<p>
<TABLE BORDER=0>
<TR>
<TD ALIGN="right">User name:</TD>
<TD><INPUT TYPE="text" NAME="login" size="10" VALUE=''></INPUT></TD>
</TR>
<TR>
<TD ALIGN="right">Password:</TD>
<TD><INPUT TYPE="password" NAME="password" size="10"
VALUE=''></INPUT></TD>
</TR>
<TR>
<TD>
<input TYPE="hidden" NAME="requester"
VALUE="<%=Server.HtmlEncode(Request("requester"))%>">
</TD>
<TD>
</TD>
</TR>
<TR>
<TD align="left">
<INPUT TYPE="submit" VALUE="Login"></INPUT>
</TD>
<TD>
</TD>
</TR>
</TABLE>
</FORM>
<p><!--webbot bot="PurpleText" PREVIEW="You may change your Database Editor
username and password by editing the file:
Sample_interface/Categories/editor/login.asa" --></p>
</body>
</html>
--------------------------------------