login.asa modify

[Guest]

I would like to add a second or third user to allow editing of the database
editor.
I found the file containing the username and password and added a second one
well the second username and password works the first one doesn't.
Username="12"
Password="12"
Username="23"
Password="23"

Do I need to change the login validate with

if Request.Form("Login") <> Username or Request.Form("Password") <> Password
or if Request.Form("Login") <> Username2 or Request.Form("Password") <>
Password2 Then MsgErr =


Curious

 

[Guest]

Ok I figured it out Here what I did.

I opened login.asa

Added username2=""
password2=""

Then I Edited Login_Validate.asp to read as follows


<!--#include file="login.asa"-->


<%
' if any of the variables match, create send to editor
if Request.Form("login") = Username or Request.Form("password") = Password
then

Session(SiteId) = true

' redirect
If Len(Request("requester")) > 0 Then
Response.Redirect (Request("requester"))
Else
Response.Redirect "database_editor.asp"

End if

Else if Request.Form("login") = Username2 or Request.Form("password") =
Password2 then

Session(SiteId) = true

' redirect
If Len(Request("requester")) > 0 Then
Response.Redirect (Request("requester"))
Else
Response.Redirect "database_editor.asp"

End if
Else


MsgErr = "<h3>Authorization Failed.</h3>" & "<br>" & "<a
href=login.asp>Please try again.</a>"
Response.Write MsgErr

End if

End if
%>

<span bgcolor="#FFFFFF"><p>
</span>

 

[Stefan B Rusynko]

That becomes a pretty worthless login since both username2 and password2 are empty fields, and the username and password are the
same
- allowing virtually anyone to login
Set them to some real non-empty different values as in

Username="12"
Passwd="34"
Username2="56"
Passw2="789"

Then just check it once (based on form field names of login and password)
- below 1st line is all on 1 line!

If (Request.Form("login") = Username And Request.Form("password") = Passwd) OR (Request.Form("login") = Username2 And
Request.Form("password") = Passwd2) Then

Session(SiteId) = true
' redirect
If Len(Request("requester")) > 0 Then
Response.Redirect (Request("requester"))
Else
Response.Redirect "database_editor.asp"
End if
Else
MsgErr = "<h3>Authorization Failed.</h3>" & "<br>" & "<a href=login.asp>Please try again.</a>"
Response.Write MsgErr
End If

--




| Ok I figured it out Here what I did.
|
| I opened login.asa
|
| Added username2=""
| password2=""
|
| Then I Edited Login_Validate.asp to read as follows
|
|
| <!--#include file="login.asa"-->
|
|
| <%
| ' if any of the variables match, create send to editor
| if Request.Form("login") = Username or Request.Form("password") = Password
| then
|
| Session(SiteId) = true
|
| ' redirect
| If Len(Request("requester")) > 0 Then
| Response.Redirect (Request("requester"))
| Else
| Response.Redirect "database_editor.asp"
|
| End if
|
| Else if Request.Form("login") = Username2 or Request.Form("password") =
| Password2 then
|
| Session(SiteId) = true
|
| ' redirect
| If Len(Request("requester")) > 0 Then
| Response.Redirect (Request("requester"))
| Else
| Response.Redirect "database_editor.asp"
|
| End if
| Else
|
|
| MsgErr = "<h3>Authorization Failed.</h3>" & "<br>" & "<a
| href=login.asp>Please try again.</a>"
| Response.Write MsgErr
|
| End if
|
| End if
| %>
|
| <span bgcolor="#FFFFFF"><p>
| </span>
|
|
|
|
|
|
| "Norfeem" wrote:
|
| > I would like to add a second or third user to allow editing of the database
| > editor.
| > I found the file containing the username and password and added a second one
| > well the second username and password works the first one doesn't.
| > Username="12"
| > Password="12"
| > Username="23"
| > Password="23"
| >
| > Do I need to change the login validate with
| >
| > if Request.Form("Login") <> Username or Request.Form("Password") <> Password
| > or if Request.Form("Login") <> Username2 or Request.Form("Password") <>
| > Password2 Then MsgErr =
| >
| >
| > Curious
| >
| >
| >