Password Table with Session Variable

[Frank Py]

I found some asp that uses a session variable for password control. I
pass this session variable into my SQL statements so users can just see
records that apply to them. BTW, These passwords are not for high
security data.

Is there a way I can make this script more dynamic in terms of
administrative use? I would like to have a table with the passwords in
it, loop through the table and see if the submitted password meets the
session variable. Then I could just have a separate form for DB
passwords admin purposes. Would this be advisable? Help appreciated.
Code snip:
<%
Response.Buffer = True
Dim Password
Password = "apexapex"
If Request.Form("pass") = Password Then
Session("pass") = Request.Form("pass")
End If

Frank

*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[only me]

Would this be advisable : Yes

current scheme is a bit simplstic

i prefer a table of username and password and any other related personal
data such as statsu, email add to mail them their password when then forget
it (Note I didn't say IF)

collect username and pawwsord in form as now, then look them up in table, if
exist and password matches - bingo, set a "loggedin" session var = true or
use it to store user ID

much more flexible !


"Frank Py" <fpy@proactnet.com> wrote in message
news:#1rjPBySDHA.2256@TK2MSFTNGP11.phx.gbl...

> I found some asp that uses a session variable for password control. I
> pass this session variable into my SQL statements so users can just see
> records that apply to them. BTW, These passwords are not for high
> security data.
>
> Is there a way I can make this script more dynamic in terms of
> administrative use? I would like to have a table with the passwords in
> it, loop through the table and see if the submitted password meets the
> session variable. Then I could just have a separate form for DB
> passwords admin purposes. Would this be advisable? Help appreciated.
> Code snip:
> <%
> Response.Buffer = True
> Dim Password
> Password = "apexapex"
> If Request.Form("pass") = Password Then
> Session("pass") = Request.Form("pass")
> End If
>
> Frank
>
> *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
> Don't just participate in USENET...get rewarded for it!

[only me]

p.s. dont; loop thru the table

SELECT username,password FROM usertable WHERE username=" & request.form("u")
& " AND password =" & request.form("p")

your admin form would have to prevent multiple entries

"Frank Py" <fpy@proactnet.com> wrote in message
news:#1rjPBySDHA.2256@TK2MSFTNGP11.phx.gbl...

> I found some asp that uses a session variable for password control. I
> pass this session variable into my SQL statements so users can just see
> records that apply to them. BTW, These passwords are not for high
> security data.
>
> Is there a way I can make this script more dynamic in terms of
> administrative use? I would like to have a table with the passwords in
> it, loop through the table and see if the submitted password meets the
> session variable. Then I could just have a separate form for DB
> passwords admin purposes. Would this be advisable? Help appreciated.
> Code snip:
> <%
> Response.Buffer = True
> Dim Password
> Password = "apexapex"
> If Request.Form("pass") = Password Then
> Session("pass") = Request.Form("pass")
> End If
>
> Frank
>
> *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
> Don't just participate in USENET...get rewarded for it!