 |
| Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0 |
Welcome to the p2p.wrox.com Forums.
You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
September 23rd, 2003, 02:12 PM
|
|
Authorized User
|
|
Join Date: Jun 2003
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
|
|
Authorized site access
Hi,
I have a human resource web base application developed in ASP with SQL 2000 server in my company intranet. The application allows human resource personnel to keep track of employees' vacation and sick leave hours, posting each employee vacation and sick hour earned at the end of each month, viewing vacation/sick earned and taken reports through Crystal Report by passing some parameters. HR personnel also can edit each employee vacation/sick earned or taken record using Form.
For security, I set up a HR personnel user login to access this intranet site. As a result, only HR personnel is authorized to use this site. Now I need to set up a login that allows each employee to access to the site and view his/her own vacation/sick report without a chance to see other employee's record. Would anyone know how to approach this solution? I really appreciate your prompt reply.
Thanks,
Q
|
|
September 23rd, 2003, 02:26 PM
|
 |
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Hi there,
Well, it all depends on how you want them to log in. If you need to pass an additional username and password, you can store those and use them to query the database. This is pretty easy to implement and provides you with the possibility to fine tune your own security.
Alternatively, if they log on using Integrated Security, you can retrieve the user name from Request.ServerVariables("AUTH_USER") or Request.ServerVariables("LOGON_USER")
You can then use this Windows logon name in your queries, either directly, or you could look up some internal User ID based on this name, depending on your application design.
HtH,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
|
|
September 23rd, 2003, 03:14 PM
|
|
Authorized User
|
|
Join Date: Jun 2003
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
|
|
Hi Irmar,
Thanks for the quick reply. For now, I need to pass an additional username and password. However, I already had a employee table in a HR database, I plan to create a User Register Form with username, userid,password textboxes, etc... to store additional username and password in which username and userid have to be match with employee name and empid in my exisiting Employee table. Do you think it is possible?
At my first post, I forgot to give example how HR personnel view each employee records. For example, when HR personnel clicks the List Time Off hyperlink, a List Time Off Form open with Department dropdown box, Name dropdown box, Month dropdown box, and Year dropdown box and a List button. Selecting a particular department from Department dropdown box, a list of employee names of selected department will be listed, then HR personnel continues to select employee name he wants to view the record from Name dropdown box, selecting month and year from Month dropdown box and Year dropdown box, and click the List button, a list of vacation and sick taken records will be displayed in a table format.
For each record in the table, there is a delete/edit link that HR can either delete or edit the record. If Edit link is clicked, another Edit Time Off Form displays where record can be edited.
At this point, how can I pass the addition username and userid to the List Time Off form and Edit Time Off form? Would you explain more about the steps for the implementation that use additional username and password.
Thanks a lot,
Q
|
|
September 24th, 2003, 02:33 AM
|
|
Friend of Wrox
|
|
Join Date: Sep 2003
Posts: 171
Thanks: 0
Thanked 1 Time in 1 Post
|
|
I'm not sure if you are talking about passing the user id to another ASP report or not. Assuming you are...
Are the Employees using the same form that the HR person is using? If so, you can capture the UserId upon login for both and set it as a session variable (e.g. Session("UserId") = 101, assuming 101 is the user's id). Then insert in your report that criteria to filter out just the user's info. You will most likely need a method of determining whether the user is the HR person. Possibly a field in your Employee table to flag it, likewise setting that value as a session variable upon login (e.g. Session("HrPerson"). 0 for Non-HrPerson and 1 for Hr-Person.
<%
set rs = server.createobject("adodb.recordset")
sql = "select * from TimeOff"
sql = sql & " where field1 = '" & Value1 & "'"
if Session("HrPerson") = 0 then
sql = sql & " and EmployeeId = " & Session("UserId")
end if
rs.open sql, db, 3, 3
%>
Does this help at all?
|
|
|
