p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   Classic ASP Databases (http://p2p.wrox.com/forumdisplay.php?f=62)
-   -   Admin login help (http://p2p.wrox.com/showthread.php?t=41931)

banned May 1st, 2006 06:43 AM

Admin login help
 
Hi guys first post here but long time visitor, i have been building an asp website for a highschool project, and this forum has been a god send and has helped me greatly, however there is one aspect of my asp that im having trouble with and that is with the admin login.

at the moment i have a session login for every user that redirects them to a page called Groups.asp,

it works like this, user starts of at index.asp --> username and password or then passed onto check_user.asp

check_user.asp ----> checks the users login against the database info & if correct sends them to Groups.asp

login code can be seen below



If thisRecordset("Password") = Request.Form("Password") Then
                username = request.Form("StudentID")
                session("thisusername") = username
                session("cust_passed") = true
                Response.Redirect "Group.asp"



I also have the following code in each page to ensure users are logged in before they can view the page.

<%if session("cust_passed") = false then%>
    <p><%Response.Redirect("index.asp")%>


however on my site i have a navigation header that has an admin button on it, which at the moment every user can access just by clicking on it.

would it be possible to just redirect administrator straight to the admin section when they login? in which case i could just remove the admin button from the navigation and it wouldnt really matter about other people accessing the page as they wouldnt have any direct link to it.

if any other information is needed please say

cheers in advance

Banned [8D]

Kati May 8th, 2006 04:34 AM

Hi banned

First thing you have to do is to add a field to your "Users" Table ,"level" for instance . Then for every user you can specify whether the user is an "admin" or not.

Then when the user logs in, you check the level field , if it's "admin" then redirect the user to admin's control panel, else redirect them to another page .

BTW why not writing the code with wich you check a user as a function and calling it on every page ?
It's more flexible and secure . You don't have to change it one by one on every page whenever there's a change in codes .

Hope it helps :)


banned May 8th, 2006 07:50 PM

hi Kati thanks for the reply, that sounds very interesting i will look into it and let you know the results



All times are GMT -4. The time now is 04:32 AM.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.