Yes Ron, I see that yours works as it should. My asp code was cut and paste
from the MS article. Only differences is that I created the website in my
local computer (I use a slow web host server) and therefore when publishing I
had to change the page links. Here are the asp codes of the logon.asp page
and the logon.inc page:
Logon.asp
<% @language="vbscript" %> <!--#include virtual="/_private/logon.inc"--> <%
' Was this page posted to? If UCase(Request.ServerVariables("HTTP_METHOD")) =
"POST" Then ' If so, check the username/password that was entered. If
ComparePassword(Request("UID"),Request("PWD")) Then ' If comparison was good,
store the user name... Session("UID") = Request("UID") ' ...and redirect back
to the original page. Response.Redirect Session("REFERRER") End If End If %>
<html> <head><title>Logon Page</title> <style> body { font-family: arial,
helvetica } table { background-color: #cccccc; font-size: 9pt; padding: 3px }
td { color: #000000; background-color: #cccccc; border-width: 0px } th {
color: #ffffff; background-color: #0000cc; border-width: 0px } </style>
</head> <body bgcolor="#000000" text="#ffffff"> <h3 align="center"> </h3>
<div align="center"><center> <form action="<%=LOGON_PAGE%>" method="POST">
<table border="2" cellpadding="2" cellspacing="2"> <tr> <th colspan="4"
align="left">Enter User Name and Password</th> </tr> <tr> <td> </td> <td
colspan="2" align="left">Please type your user name and password.</td>
<td> </td> </tr> <tr> <td> </td> <td align="left">Site</td> <td
align="left"><%=Request.ServerVariables("SERVER_NAME")%> </td> <td> </td>
</tr> <tr> <td> </td> <td align="left">User Name</td> <td align="left"><input
name="UID" type="text" size="20"></td> <td> </td> </tr> <tr> <td> </td> <td
align="left">Password</td> <td align="left"><input name="PWD" type="password"
size="20"></td> <td> </td> </tr> <tr> <td> </td> <td colspan="2"
align="center"><input type="submit" value="LOGON"></td> <td> </td> </tr>
</table> </form> </center></div> </body> </html>
Logon.inc (located in the _private folder):
<% ' Do not cache this page. Response.CacheControl = "no-cache" ' Define the
name of the users table. Const USERS_TABLE = "tblUsers" ' Define the path to
the logon page. Const LOGON_PAGE = "/logon.asp" ' Define the path to the
logon database. Const MDB_URL = "/_private/logon.mdb" ' Check to see whether
you have a current user name. If Len(Session("UID")) = 0 Then ' Are you
currently on the logon page? If LCase(LOGON_PAGE) <>
LCase(Request.ServerVariables("URL")) Then ' If not, set a session variable
for the page that made the request... Session("REFERRER") =
Request.ServerVariables("URL") ' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE End If End If ' This function checks for a
username/password combination. Function ComparePassword(UID,PWD) ' Define
your variables. Dim strSQL, objCN, objRS ' Set up your SQL string. strSQL =
"SELECT * FROM " & USERS_TABLE & _ " WHERE (UID='" & ParseText(UID) & _ "'
AND PWD='" & ParseText(PWD) & "');" ' Create a database connection object.
Set objCN = Server.CreateObject("ADODB.Connection") ' Open the database
connection object. objCN.Open "driver={Microsoft Access Driver (*.mdb)};
dbq=" & _ Server.MapPath(MDB_URL) & "; uid=admin; pwd=" ' Run the database
query. Set objRS = objCN.Execute(strSQL) ' Set the status to true/false for
the database lookup. ComparePassword = Not(objRS.EOF) ' Close your database
objects. Set objRS = Nothing Set objCN = Nothing End Function ' This function
restricts text to alpha-numeric data only. Function ParseText(TXT) Dim
intPos, strText, intText For intPos = 1 TO Len(TXT) intText =
Asc(Mid(TXT,intPos,1)) If (intText > 47 And intText < 59) Or _ (intText > 64
And intText < 91) Or _ (intText > 96 And intText < 123) Then strText =
strText & Mid(TXT,intPos,1) End if Next ParseText = strText End Function %>
And here is the passwordprotect.asp code:
<% @language="vbscript" %> <!--#include virtual="/_private/logon.inc"-->
<html> <head><title>Password-Protected Page</title></head> <body>
<h3>Password-Protected Page</h3> <p>You are logged on as: <% If
Len(Session("UID")) = 0 Then Response.Write "<b>You are not logged on.</b>"
Else Response.Write "<b>" & Session("UID") & "</b>" End If %> </p> <p><a
href="default.asp">Back to default</a> </body> </html>
All coming straight from the article.
Questions:
1. Is there some hidden files in FP that redirects pages?
2. where does the session("UID") get assigned a value?
3. do we need a default value for the UID and PWD?
Thanks a lot,
Ed