Wrox Programmer Forums
|
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 22nd, 2004, 11:32 AM
Registered User
 
Join Date: Jun 2004
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Displaying options specific to the admin


Ok here is my situation....
I have a site that multiple users can login to and add, edit, or delete plant outages. What I need to do is enable the admin to be able to add, edit or delete the users who can input the outage information.
Currently what happens is the user logs in and it takes them to the page where they select whether they want to add, edit or delete an outage. What I want to do is make it so that when the username=admin and they are directed to the add, edit or delete page, I want the link that will take the admin to the Account Outages Maintenance page to display. If the username isn't admin then the link simply wouldn't appear and they would procede as usual.
Here is the code I have so far and its not working, I even tried Response.Write and that didn't work either so I am at a loss right now *sigh*:(......



<%
strusername=Request.Form("username")
strpassword=Request.Form("pass")

session("username")=strusername
session("pass")=strpassword
%>

<%If strusername = "admin" Then
%>
    <a href="default.asp?Action=viewall">Accounts Maintenance</A>
<%
End If
%>

<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY link="#FF6633" alink="#FF6633" vlink="#FF6633">
<form method="post" action="default.asp?Action=select">
<center>
<h2>Please choose from the following:</h2>
Please note that only one location's information can be manipulated at a time


<br>
<center>
<table>
<tr>
    <td>I would like to:</td>
    <td><input type="radio" name="pref" value="add" checked>Add an outage</td>
    <td><input type="radio" name="pref" value="edit">Edit an outage</td>
    <td><input type="radio" name="pref" value="delete">Delete an outage</td>
</tr>
<tr>
    <td colspan="4">&nbsp;</td>
</tr>
<tr>
    <td>For which location?</td>
    <td><input type="radio" name="loc" value="Springfield" checked>Springfield<br>
    <input type="radio" name="loc" value="Conway">Conway</td>
    <td><input type="radio" name="loc" value="Tulsa">Tulsa<br>

    <input type="radio" name="loc" value="Garland">Garland</td>
    <td><input type="radio" name="loc" value="Chatham">Chatham<br>
    <input type="radio" name="loc" value="Escobedo">Escobedo</td>
    <td><input type="radio" name="loc" value="Cantera">Cantera</td>
</tr>
<tr>
    <td>&nbsp;</td>
</tr>
<tr>
    <td colspan="4" align="center"><input type="submit" value="Submit"><input type="reset" value="Reset"></td>
</tr>
</table>
</form>
</BODY>
</HTML>
 
Old June 22nd, 2004, 12:59 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
Default

Hello,

Do you have a login page, or is this an intranet app with windows authentication specified? Could the administrator be entering "Admin" and it's throwing that off? Maybe you want to do a lower(Session("username")) when comparing.

Brian
 
Old June 23rd, 2004, 04:11 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
Default

Can you do a response.write before this code to see what is there in session's strusername? Then you can use that value in the if condition to compare.

Code:
response.write strusername & "<BR>"
<%If strusername = "admin" Then %>
It is better to do a LCASE or UCASE on both values when comparing, as Brian suggested.

Code:
<%If UCASE(strusername) = UCASE("admin") Then %>
Hope that helps.
Cheers!

_________________________
-Vijay G
Strive for Perfection
 
Old June 23rd, 2004, 05:18 AM
Friend of Wrox
 
Join Date: Oct 2003
Posts: 463
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to madhukp
Default

You may trim the username also. i.e. like below.

<%If ucase(trim(strusername)) = ucase("admin") Then %>
 
Old June 23rd, 2004, 05:25 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi madhukp,

I have a doubt if one has to trim that at all, because when I try logging in as " admin ", I shouldn't be allowed to login, saying "username invalid". So there shouldn't be a necessity to TRIM that at all, as what was used while logging in is stored in session("strusername")

Cheers!

_________________________
-Vijay G
Strive for Perfection
 
Old June 23rd, 2004, 06:37 AM
Friend of Wrox
 
Join Date: Oct 2003
Posts: 463
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to madhukp
Default

That is personal, I think. I usually permit white spaces in the usernames and passwords. I will trim username and password before checking equality.

While adding usernames to db also, I will trim them. So there won't be two users madhu and madhu<space>. It is a policy decision whether to treat madhu and madhu<space> as two different users, I think.
 
Old June 23rd, 2004, 06:49 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

I agree this is a policy issue, as most programming languages don't really bother about a space. However, IMO, every policy should forbid usernames to start or end with a space. The fact that you needed to type madhu<space> instead of madhu illustrates the fact that for the average human it is pretty hard to see that the username starts or ends with a space. This will cause a lot of problems when users try to register, or logon to your system.

The same applies to passwords, but to a lesser extend. It's not uncommon to communicate usernames and passwords through paper (bank accounts, new ISP subscriptions etc etc come to mind). A leading or trailing space will not be visible on paper, unless you know what you're looking for. So, also in these cases, the policy should prevent leading and trailing spaces.

I can imagine a few circumstances where they wouldn't matter, but personally I would stay far away from using them.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Pistola by Incubus (Track 7 from the album: A Crow Left To The Murder) What's This?
 
Old June 23rd, 2004, 07:01 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi Madhukp,

Yes you are right, there cannot be 2 users that way.

IMO that is bad practice of allowing users to think that you accept space in usernames/passwords. In general spaces are not allowed for such things. This might let the user think that his userid is "hisname<space>", as you are manipulating it by trimming the space programatically, which the user is not aware of. And this might lead the user to think of using space inbetween too, like "his<space>name".

So IMO it is a good practice to let the user know that spaces are not allowed with the userid or pwd.

Cheers!

_________________________
-Vijay G
Strive for Perfection
 
Old June 23rd, 2004, 07:04 AM
Friend of Wrox
 
Join Date: Oct 2003
Posts: 463
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to madhukp
Default

I agree with you Imar. That is why I am trimming username and password before putting into DB. I am against using whitespaces at the head/tail of username / password.

What I mean is When user types in usernames/passwords in the login form, I permit white spaces (Sorry for not wording it properly). I am doing it with specific intention that if by chance any space gets introduced at the end, it should not prevent him from getting in. Anyway there won't be any usernames with trailing / leading blanks.
 
Old June 23rd, 2004, 07:08 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Yeah, I already understood that from your previous message. I think that's good practice. I had no intention to disagree with you or to proof you wrong; I just wanted to respond on the "policy" part.....

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Made For TV Movie by Incubus (Track 11 from the album: A Crow Left To The Murder) What's This?





Similar Threads
Thread Thread Starter Forum Replies Last Post
Images from Master pages not displaying in Admin sstuber BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 1 May 11th, 2008 06:06 PM
Search specific data from specific columns yogeshyl SQL Language 1 January 16th, 2008 11:12 AM
Copy specific data in specific cells of sheet2 yogeshyl Excel VBA 1 May 14th, 2007 07:40 AM
Displaying a specific record on a webpage sswingle Classic ASP Basics 8 March 20th, 2006 12:30 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.