Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP 3 Classic ASP Active Server Pages 3.0 > Classic ASP Basics
Password Reminder
Register
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 22nd, 2004, 11:32 AM
Registered User
 
Join Date: Jun 2004
Location: , Oh, .
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Displaying options specific to the admin


Ok here is my situation....
I have a site that multiple users can login to and add, edit, or delete plant outages. What I need to do is enable the admin to be able to add, edit or delete the users who can input the outage information.
Currently what happens is the user logs in and it takes them to the page where they select whether they want to add, edit or delete an outage. What I want to do is make it so that when the username=admin and they are directed to the add, edit or delete page, I want the link that will take the admin to the Account Outages Maintenance page to display. If the username isn't admin then the link simply wouldn't appear and they would procede as usual.
Here is the code I have so far and its not working, I even tried Response.Write and that didn't work either so I am at a loss right now *sigh*:(......



<%
strusername=Request.Form("username")
strpassword=Request.Form("pass")

session("username")=strusername
session("pass")=strpassword
%>

<%If strusername = "admin" Then
%>
    <a href="default.asp?Action=viewall">Accounts Maintenance</A>
<%
End If
%>

<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY link="#FF6633" alink="#FF6633" vlink="#FF6633">
<form method="post" action="default.asp?Action=select">
<center>
<h2>Please choose from the following:</h2>
Please note that only one location's information can be manipulated at a time


<br>
<center>
<table>
<tr>
    <td>I would like to:</td>
    <td><input type="radio" name="pref" value="add" checked>Add an outage</td>
    <td><input type="radio" name="pref" value="edit">Edit an outage</td>
    <td><input type="radio" name="pref" value="delete">Delete an outage</td>
</tr>
<tr>
    <td colspan="4">&nbsp;</td>
</tr>
<tr>
    <td>For which location?</td>
    <td><input type="radio" name="loc" value="Springfield" checked>Springfield<br>
    <input type="radio" name="loc" value="Conway">Conway</td>
    <td><input type="radio" name="loc" value="Tulsa">Tulsa<br>

    <input type="radio" name="loc" value="Garland">Garland</td>
    <td><input type="radio" name="loc" value="Chatham">Chatham<br>
    <input type="radio" name="loc" value="Escobedo">Escobedo</td>
    <td><input type="radio" name="loc" value="Cantera">Cantera</td>
</tr>
<tr>
    <td>&nbsp;</td>
</tr>
<tr>
    <td colspan="4" align="center"><input type="submit" value="Submit"><input type="reset" value="Reset"></td>
</tr>
</table>
</form>
</BODY>
</HTML>
Reply With Quote
  #2 (permalink)  
Old June 22nd, 2004, 12:59 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: Harrisburg, PA, USA.
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
Default

Hello,

Do you have a login page, or is this an intranet app with windows authentication specified? Could the administrator be entering "Admin" and it's throwing that off? Maybe you want to do a lower(Session("username")) when comparing.

Brian
Reply With Quote
  #3 (permalink)  
Old June 23rd, 2004, 04:11 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Bangalore, KA, India.
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
Default

Can you do a response.write before this code to see what is there in session's strusername? Then you can use that value in the if condition to compare.

Code:
response.write strusername & "<BR>"
<%If strusername = "admin" Then %>
It is better to do a LCASE or UCASE on both values when comparing, as Brian suggested.

Code:
<%If UCASE(strusername) = UCASE("admin") Then %>
Hope that helps.
Cheers!

_________________________
-Vijay G
Strive for Perfection
Reply With Quote
  #4 (permalink)  
Old June 23rd, 2004, 05:18 AM
Friend of Wrox
 
Join Date: Oct 2003
Location: Cochin, Kerala, India.
Posts: 463
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to madhukp
Default

You may trim the username also. i.e. like below.

<%If ucase(trim(strusername)) = ucase("admin") Then %>
Reply With Quote
  #5 (permalink)  
Old June 23rd, 2004, 05:25 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Bangalore, KA, India.
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi madhukp,

I have a doubt if one has to trim that at all, because when I try logging in as " admin ", I shouldn't be allowed to login, saying "username invalid". So there shouldn't be a necessity to TRIM that at all, as what was used while logging in is stored in session("strusername")

Cheers!

_________________________
-Vijay G
Strive for Perfection
Reply With Quote
  #6 (permalink)  
Old June 23rd, 2004, 06:37 AM
Friend of Wrox
 
Join Date: Oct 2003
Location: Cochin, Kerala, India.
Posts: 463
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to madhukp
Default

That is personal, I think. I usually permit white spaces in the usernames and passwords. I will trim username and password before checking equality.

While adding usernames to db also, I will trim them. So there won't be two users madhu and madhu<space>. It is a policy decision whether to treat madhu and madhu<space> as two different users, I think.
Reply With Quote
  #7 (permalink)  
Old June 23rd, 2004, 06:49 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

I agree this is a policy issue, as most programming languages don't really bother about a space. However, IMO, every policy should forbid usernames to start or end with a space. The fact that you needed to type madhu<space> instead of madhu illustrates the fact that for the average human it is pretty hard to see that the username starts or ends with a space. This will cause a lot of problems when users try to register, or logon to your system.

The same applies to passwords, but to a lesser extend. It's not uncommon to communicate usernames and passwords through paper (bank accounts, new ISP subscriptions etc etc come to mind). A leading or trailing space will not be visible on paper, unless you know what you're looking for. So, also in these cases, the policy should prevent leading and trailing spaces.

I can imagine a few circumstances where they wouldn't matter, but personally I would stay far away from using them.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Pistola by Incubus (Track 7 from the album: A Crow Left To The Murder) What's This?
Reply With Quote
  #8 (permalink)  
Old June 23rd, 2004, 07:01 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Bangalore, KA, India.
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi Madhukp,

Yes you are right, there cannot be 2 users that way.

IMO that is bad practice of allowing users to think that you accept space in usernames/passwords. In general spaces are not allowed for such things. This might let the user think that his userid is "hisname<space>", as you are manipulating it by trimming the space programatically, which the user is not aware of. And this might lead the user to think of using space inbetween too, like "his<space>name".

So IMO it is a good practice to let the user know that spaces are not allowed with the userid or pwd.

Cheers!

_________________________
-Vijay G
Strive for Perfection
Reply With Quote
  #9 (permalink)  
Old June 23rd, 2004, 07:04 AM
Friend of Wrox
 
Join Date: Oct 2003
Location: Cochin, Kerala, India.
Posts: 463
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to madhukp
Default

I agree with you Imar. That is why I am trimming username and password before putting into DB. I am against using whitespaces at the head/tail of username / password.

What I mean is When user types in usernames/passwords in the login form, I permit white spaces (Sorry for not wording it properly). I am doing it with specific intention that if by chance any space gets introduced at the end, it should not prevent him from getting in. Anyway there won't be any usernames with trailing / leading blanks.
Reply With Quote
  #10 (permalink)  
Old June 23rd, 2004, 07:08 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Yeah, I already understood that from your previous message. I think that's good practice. I had no intention to disagree with you or to proof you wrong; I just wanted to respond on the "policy" part.....

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Made For TV Movie by Incubus (Track 11 from the album: A Crow Left To The Murder) What's This?
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Images from Master pages not displaying in Admin sstuber BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 1 May 11th, 2008 06:06 PM
Search specific data from specific columns yogeshyl SQL Language 1 January 16th, 2008 11:12 AM
Copy specific data in specific cells of sheet2 yogeshyl Excel VBA 1 May 14th, 2007 07:40 AM
Displaying a specific record on a webpage sswingle Classic ASP Basics 8 March 20th, 2006 12:30 AM



All times are GMT -4. The time now is 02:59 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.