Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
VB.NET 2002/2003 Basics For coders who are new to Visual Basic, working in .NET versions 2002 or 2003 (1.0 and 1.1).
Welcome to the p2p.wrox.com Forums.

You are currently viewing the VB.NET 2002/2003 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old October 27th, 2003, 03:48 PM
Authorized User
 
Join Date: Oct 2003
Location: , , .
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default Logout

Hi,

I have a project with a few pages. The problem is that I don't want to allow the user to be able to view a page without first login in. The problem is with the edit.aspx page. If receives and sends a querystring such as http://www.mysite.co.il/editAd.asp?a...id=8&sub_id=25.
Now if i enter the above querystring in the address toolbar of my browser it takes me to that edit page without prompting for a login password and username. I want to prevent it. If a user doesn't first login then he shouldn't be able to view his page. How can i do it?
If I just enter http://www.mysite.co.il/editAd.asp then login fails (that is good)

I thought that the following code should do it but it doesn't:
By the way Myads.asp is the page before edit.aspx (both codes are attached in the file called code).

*** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("Username"))
If MM_valUsername <> "" Then
  MM_fldUserAuthorization=""
  MM_redirectLoginSuccess="myAds.asp"
  MM_redirectLoginFailed="myAds.asp"
  MM_flag="ADODB.Recordset"
  set MM_rsUser = Server.CreateObject(MM_flag)
  MM_rsUser.ActiveConnection = MM_connDUclassified_STRING
  MM_rsUser.Source = "SELECT U_ID, U_PASSWORD"
  If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
  MM_rsUser.Source = MM_rsUser.Source & " FROM USERS WHERE U_ID='" & MM_valUsername &"' AND U_PASSWORD='" & CStr(Request.Form("Password")) & "'"
  MM_rsUser.CursorType = 0
  MM_rsUser.CursorLocation = 2
  MM_rsUser.LockType = 3
  MM_rsUser.Open
  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
  End If

  MM_rsUser.Close
  Response.Redirect(MM_redirectLoginFailed)
End If



 
Old October 28th, 2003, 10:16 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: Harrisburg, PA, USA.
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
Default

Hello,

Where you test to see if the user name is not an empty string, but if no user name is provided, no action is taken.

Let me know if I'm looking at this correctly.

Thanks,

Brian Mains




Similar Threads
Thread Thread Starter Forum Replies Last Post
Not able to logout urtrivedi Forum and Wrox.com Feedback 6 March 10th, 2008 12:52 PM
logout aceconcepts Beginning PHP 3 February 10th, 2006 03:22 PM
logout TIME and logout DATE crmpicco Classic ASP Databases 2 January 20th, 2005 12:01 AM
logout TIME and logout DATE crmpicco Classic ASP Basics 0 January 19th, 2005 07:57 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.