Frontpage: need help with password protect login with asp

[Guest]

When using the follwoing instructions:

http://support.microsoft.com/default.aspx?scid=kb;en-us;825451&Product=fpw

I can publish and visit all the pages on my asp enabled server. However I
can go straight into the protected page without having to logon. It seems
that the query for a passord does not happen. By the way, I can view the
logon.asp page perfectly well in Preview with Browser and the links seem to
be fine. What am I doing wrong? I feel I am very close but.....

I use FP 2003, windows XP SP1, broadband connection and an FP extensions and
asp enabled server.

Thanks
EdH

 

[Mike Mueller]

Are you using an asp extension?

Can you post a sample?

Mike


EdH wrote:
: When using the follwoing instructions:
:
:
http://support.microsoft.com/default.aspx?scid=kb;en-us;825451&Product=fpw
:
: I can publish and visit all the pages on my asp enabled
: server. However I can go straight into the protected page
: without having to logon. It seems that the query for a
: passord does not happen. By the way, I can view the
: logon.asp page perfectly well in Preview with Browser and
: the links seem to be fine. What am I doing wrong? I feel
: I am very close but.....
:
: I use FP 2003, windows XP SP1, broadband connection and
: an FP extensions and asp enabled server.
:
: Thanks
: EdH

 

[Guest]

And yes, they are all .asp pages
EdH

 

[Guest]

Hi Mike. Thanks for quick response. Checkout my test website at
hanburybrown.com
The coding is verbatim as per the instructions in the MS article listed.

When you click on Protected page it just goes into the page without login.
Do you want to see the logon.inc file?

Thanks
Ed

 

[Ronx]

Those instructions show how to set up a subweb with unique
permissions. All protected pages should be within that subweb.

The page you show uses
http://support.microsoft.com/default.aspx?scid=kb;en-us;825498

My version of this is at www.rxs-enterprises.org/test_logon.htm
It is impossible to see where yours is failing without seeing the ASP
code.

 

[Guest]

Yes Ron, I see that yours works as it should. My asp code was cut and paste
from the MS article. Only differences is that I created the website in my
local computer (I use a slow web host server) and therefore when publishing I
had to change the page links. Here are the asp codes of the logon.asp page
and the logon.inc page:

Logon.asp

<% @language="vbscript" %> <!--#include virtual="/_private/logon.inc"--> <%
' Was this page posted to? If UCase(Request.ServerVariables("HTTP_METHOD")) =
"POST" Then ' If so, check the username/password that was entered. If
ComparePassword(Request("UID"),Request("PWD")) Then ' If comparison was good,
store the user name... Session("UID") = Request("UID") ' ...and redirect back
to the original page. Response.Redirect Session("REFERRER") End If End If %>
<html> <head><title>Logon Page</title> <style> body { font-family: arial,
helvetica } table { background-color: #cccccc; font-size: 9pt; padding: 3px }
td { color: #000000; background-color: #cccccc; border-width: 0px } th {
color: #ffffff; background-color: #0000cc; border-width: 0px } </style>
</head> <body bgcolor="#000000" text="#ffffff"> <h3 align="center"> </h3>
<div align="center"><center> <form action="<%=LOGON_PAGE%>" method="POST">
<table border="2" cellpadding="2" cellspacing="2"> <tr> <th colspan="4"
align="left">Enter User Name and Password</th> </tr> <tr> <td> </td> <td
colspan="2" align="left">Please type your user name and password.</td>
<td> </td> </tr> <tr> <td> </td> <td align="left">Site</td> <td
align="left"><%=Request.ServerVariables("SERVER_NAME")%> </td> <td> </td>
</tr> <tr> <td> </td> <td align="left">User Name</td> <td align="left"><input
name="UID" type="text" size="20"></td> <td> </td> </tr> <tr> <td> </td> <td
align="left">Password</td> <td align="left"><input name="PWD" type="password"
size="20"></td> <td> </td> </tr> <tr> <td> </td> <td colspan="2"
align="center"><input type="submit" value="LOGON"></td> <td> </td> </tr>
</table> </form> </center></div> </body> </html>

Logon.inc (located in the _private folder):

<% ' Do not cache this page. Response.CacheControl = "no-cache" ' Define the
name of the users table. Const USERS_TABLE = "tblUsers" ' Define the path to
the logon page. Const LOGON_PAGE = "/logon.asp" ' Define the path to the
logon database. Const MDB_URL = "/_private/logon.mdb" ' Check to see whether
you have a current user name. If Len(Session("UID")) = 0 Then ' Are you
currently on the logon page? If LCase(LOGON_PAGE) <>
LCase(Request.ServerVariables("URL")) Then ' If not, set a session variable
for the page that made the request... Session("REFERRER") =
Request.ServerVariables("URL") ' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE End If End If ' This function checks for a
username/password combination. Function ComparePassword(UID,PWD) ' Define
your variables. Dim strSQL, objCN, objRS ' Set up your SQL string. strSQL =
"SELECT * FROM " & USERS_TABLE & _ " WHERE (UID='" & ParseText(UID) & _ "'
AND PWD='" & ParseText(PWD) & "');" ' Create a database connection object.
Set objCN = Server.CreateObject("ADODB.Connection") ' Open the database
connection object. objCN.Open "driver={Microsoft Access Driver (*.mdb)};
dbq=" & _ Server.MapPath(MDB_URL) & "; uid=admin; pwd=" ' Run the database
query. Set objRS = objCN.Execute(strSQL) ' Set the status to true/false for
the database lookup. ComparePassword = Not(objRS.EOF) ' Close your database
objects. Set objRS = Nothing Set objCN = Nothing End Function ' This function
restricts text to alpha-numeric data only. Function ParseText(TXT) Dim
intPos, strText, intText For intPos = 1 TO Len(TXT) intText =
Asc(Mid(TXT,intPos,1)) If (intText > 47 And intText < 59) Or _ (intText > 64
And intText < 91) Or _ (intText > 96 And intText < 123) Then strText =
strText & Mid(TXT,intPos,1) End if Next ParseText = strText End Function %>

And here is the passwordprotect.asp code:

<% @language="vbscript" %> <!--#include virtual="/_private/logon.inc"-->
<html> <head><title>Password-Protected Page</title></head> <body>
<h3>Password-Protected Page</h3> <p>You are logged on as: <% If
Len(Session("UID")) = 0 Then Response.Write "<b>You are not logged on.</b>"
Else Response.Write "<b>" & Session("UID") & "</b>" End If %> </p> <p><a
href="default.asp">Back to default</a> </body> </html>

All coming straight from the article.
Questions:

1. Is there some hidden files in FP that redirects pages?
2. where does the session("UID") get assigned a value?
3. do we need a default value for the UID and PWD?

Thanks a lot,
Ed

 

[Ronx]

Your removal of white space has caused some lines of code to become
comments.
Example:
' Was this page posted to? If
UCase(Request.ServerVariables("HTTP_METHOD")) =
"POST" Then ' If so, check the username/password that was entered. If
ComparePassword(Request("UID"),Request("PWD")) Then ' If comparison
was good,
store the user name... Session("UID") = Request("UID") ' ...and
redirect back
to the original page. Response.Redirect Session("REFERRER") End If End
If %>

should be

' Was this page posted to?

If UCase(Request.ServerVariables("HTTP_METHOD")) = "POST" Then

'If so, check the username/password that was entered.

If ComparePassword(Request("UID"),Request("PWD")) Then

' If comparison was good, store the user name...

Session("UID") = Request("UID")

' ...and redirect back to the original page.

Response.Redirect Session("REFERRER")

End If

End If

%>

I have deliberately double-spaced each line to avoid word wrap
problems.

If you used the HTML optimisation features then do NOT remove all
whitespace.
Some browsers choke on long lines of code, and (if you used it here)
it seems it also breaks script. IMO, the only safe optimisation is
removal of leading whitespace, the other choices may break something
you need.

 

[Guest]

Hi Ron. I think you got it.

I have been copying and pasting the code for the web pages from the MS
article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;825451&Product=fpw

When I paste the code to the pages in FP the code is pasted all in ONE long
line. How can I avoid this? Do I need to type the code by hand? Is there a
better way to 'cut and paste'?

Thanks for your prompt answer.
EdH

 

[Guest]

Sorry, I keep referring to the wrong article. I am using:

http://support.microsoft.com/default.aspx?scid=kb;en-us;825498

to set my password protected website using ASP.

EdH

 

[Thomas A. Rowe]

You need to copy to notepad first, then into FP.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WebMaster Resources(tm)

FrontPage Resources, WebCircle, MS KB Quick Links, etc.
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================

 

[Ronx]

First, there is NO code in that article - that article discusses
subwebs with unique permissions.

I usually copy from the web page into Notepad, then from Notepad into
Code view in FrontPage. I have never had a problem with line endings
disappearing.

 

[Guest]

OK problem solved.

By carefully copying directly from the MS article into FP (as opposed thru
MS Word as I was doing before) I managed to get the site working well. I will
try copying thru Notepad next time as suggested by you and Thomas Rowe.

Amazing what dropping some empty spaces can do to your code...

I have other FP login questions but i will start a different thread as this
one is SOLVED!

Thanks a lot to all who answered.
EdH