User Authentication

[Terry Murray]

Hi All:

I would like to have certain areas of a site that I am developing password
protected but I am not sure how to go about doing this. I know that I
definitely do not want to use Session variables (as the client may have
cookies disabled). So the other option I guess is to have the
username/password checked against a database. I am not sure how to proceed
with this, though, as there may be more than 1 page that has to be
password-protected. Most likely all of the password protected pages will
reside in the same directory or at least have the same parent directory.
Any suggestions:

Keep in mind, that at this stage, the database being used is being created
in Access

Thanks in advance


Terry

[Peter James]

Terry

Presumably you want the pages protected so that, austensibly, only you can
access them?

Create a table in your db with two columns ( 3 if there will be more than
one authorised user - the third being an ID autonumber). Uname and Pword
for example. Enter your chosen words for both columns.

Create an html form with input type text, input type password and a submit
button. Form action Post. Submit to an ASP that compares your input data
to your saved data in the db. If both user name and password match, then
set a session variable to true and redirect to wherever you want to go next,
an admin menu page perhaps.

If either user name or password fails to match, set the same session
variable to false and redirect to, for example, unauthorised.html.

On each page that you want kept private, at the top, place code like this:

<% @ LANGUAGE="VBSCRIPT" %>
<% Option Explicit
If Not Session("adminOK") OR IsNull(Session("adminOK")) = True Then
Response.Redirect("unauthorised.html")
End If
%>

This will stop the casually curious, but obviously not the determined
hacker.

HTH

Peter

"Terry Murray" <tgmurray@rogers.com> wrote in message
news:kKL0b.206953$4UE.277@news01.bloor.is.net.cabl e.rogers.com...

> Hi All:
>
> I would like to have certain areas of a site that I am developing password
> protected but I am not sure how to go about doing this. I know that I
> definitely do not want to use Session variables (as the client may have
> cookies disabled). So the other option I guess is to have the
> username/password checked against a database. I am not sure how to

proceed

> with this, though, as there may be more than 1 page that has to be
> password-protected. Most likely all of the password protected pages will
> reside in the same directory or at least have the same parent directory.
> Any suggestions:
>
> Keep in mind, that at this stage, the database being used is being created
> in Access
>
> Thanks in advance
>
>
> Terry
>
>
>

[despondent]

An alternative to this I use is a separate sessions DB table, where
you set a user's ID to active after a successful authentication. That
way you don't have to use session variables at all. I also assign
unique session IDs so I'm not passing login names as a querystring.
This has the added advantage of storing login/logout times depending
on how you want to implement it.

>Terry
>
>Presumably you want the pages protected so that, austensibly, only you can
>access them?
>
>Create a table in your db with two columns ( 3 if there will be more than
>one authorised user - the third being an ID autonumber). Uname and Pword
>for example. Enter your chosen words for both columns.
>
>Create an html form with input type text, input type password and a submit
>button. Form action Post. Submit to an ASP that compares your input data
>to your saved data in the db. If both user name and password match, then
>set a session variable to true and redirect to wherever you want to go next,
>an admin menu page perhaps.
>
>If either user name or password fails to match, set the same session
>variable to false and redirect to, for example, unauthorised.html.
>
>On each page that you want kept private, at the top, place code like this:
>
><% @ LANGUAGE="VBSCRIPT" %>
><% Option Explicit
>If Not Session("adminOK") OR IsNull(Session("adminOK")) = True Then
> Response.Redirect("unauthorised.html")
>End If
> %>
>
>This will stop the casually curious, but obviously not the determined
>hacker.
>
>HTH
>
>Peter
>
>"Terry Murray" <tgmurray@rogers.com> wrote in message
>news:kKL0b.206953$4UE.277@news01.bloor.is.net.cab le.rogers.com...

>> Hi All:
>>
>> I would like to have certain areas of a site that I am developing password
>> protected but I am not sure how to go about doing this. I know that I
>> definitely do not want to use Session variables (as the client may have
>> cookies disabled). So the other option I guess is to have the
>> username/password checked against a database. I am not sure how to

>proceed

>> with this, though, as there may be more than 1 page that has to be
>> password-protected. Most likely all of the password protected pages will
>> reside in the same directory or at least have the same parent directory.
>> Any suggestions:
>>
>> Keep in mind, that at this stage, the database being used is being created
>> in Access
>>
>> Thanks in advance
>>
>>
>> Terry
>>
>>
>>

>

[Joe]

goto [url]www.aspin.com[/url] and do a search for password. You'll find some great stuff

[Terry Murray]

Thanks for the quick response. If I am understanding what you are
suggesting correctly does that mean that each time a user accesses a page in
that directory a check is made in the username/password table to see if
he/she exists? If the user exists then an entry is made into the sessions
DB table which would generate a session id number (perhaps just an
autonumber in the database). Then each time a user accesses a page in that
directory a check is made to see if that session id exists in the sessions
DB table. Am I correct in assuming than this is how this approach could be
implemented. Also, perhaps the session id would not be an autonumber in the
table maybe a random number could be generated.

Thanks again

Terry

"despondent" <the@despondent.net> wrote in message
news:8oe7kvgocvfn56ef2aam1pfhn27lc5bums@4ax.com...

> An alternative to this I use is a separate sessions DB table, where
> you set a user's ID to active after a successful authentication. That
> way you don't have to use session variables at all. I also assign
> unique session IDs so I'm not passing login names as a querystring.
> This has the added advantage of storing login/logout times depending
> on how you want to implement it.
>

> >Terry
> >
> >Presumably you want the pages protected so that, austensibly, only you

can

> >access them?
> >
> >Create a table in your db with two columns ( 3 if there will be more than
> >one authorised user - the third being an ID autonumber). Uname and Pword
> >for example. Enter your chosen words for both columns.
> >
> >Create an html form with input type text, input type password and a

submit

> >button. Form action Post. Submit to an ASP that compares your input

data

> >to your saved data in the db. If both user name and password match, then
> >set a session variable to true and redirect to wherever you want to go

next,

> >an admin menu page perhaps.
> >
> >If either user name or password fails to match, set the same session
> >variable to false and redirect to, for example, unauthorised.html.
> >
> >On each page that you want kept private, at the top, place code like

this:

> >
> ><% @ LANGUAGE="VBSCRIPT" %>
> ><% Option Explicit
> >If Not Session("adminOK") OR IsNull(Session("adminOK")) = True Then
> > Response.Redirect("unauthorised.html")
> >End If
> > %>
> >
> >This will stop the casually curious, but obviously not the determined
> >hacker.
> >
> >HTH
> >
> >Peter
> >
> >"Terry Murray" <tgmurray@rogers.com> wrote in message
> >news:kKL0b.206953$4UE.277@news01.bloor.is.net.cab le.rogers.com...

> >> Hi All:
> >>
> >> I would like to have certain areas of a site that I am developing

password

> >> protected but I am not sure how to go about doing this. I know that I
> >> definitely do not want to use Session variables (as the client may have
> >> cookies disabled). So the other option I guess is to have the
> >> username/password checked against a database. I am not sure how to

> >proceed

> >> with this, though, as there may be more than 1 page that has to be
> >> password-protected. Most likely all of the password protected pages

will

> >> reside in the same directory or at least have the same parent

directory.

> >> Any suggestions:
> >>
> >> Keep in mind, that at this stage, the database being used is being

created

> >> in Access
> >>
> >> Thanks in advance
> >>
> >>
> >> Terry
> >>
> >>
> >>

> >

>

[Zahia~]

Hi there....
I need to setup a user authentication (ASP VBScript). An administrator user
will assign the username and password of the users who will have access to the
site and then the normal login process for those registered users.
Any sample application or an extension that might do the above.
Any input would be appreciated.
Thanks
Z

[Manuel Socarras]

read the DW help topics "Site configuration for dynamic sites" and
"Creating access restricted pages" (or something like this)

Zahia~ wrote:

> Hi there....
> I need to setup a user authentication (ASP VBScript). An administrator user
> will assign the username and password of the users who will have access to the
> site and then the normal login process for those registered users.
> Any sample application or an extension that might do the above.
> Any input would be appreciated.
> Thanks
> Z
>

[CarlGrint]

I have some free tutorials which might help you in this area

[url]http://www.cgw3.co.uk/tutorials/tutorial.asp?TutorialID=31&CategoryID=3[/url]
[url]http://www.cgw3.co.uk/tutorials/tutorial.asp?TutorialID=37&CategoryID=3[/url]
[url]http://www.dmxzone.com/showDetail.asp?TypeId=28&NewsId=7645[/url]


Originally posted by: Zahia~
Hi there....
I need to setup a user authentication (ASP VBScript). An administrator user
will assign the username and password of the users who will have access to the
site and then the normal login process for those registered users.
Any sample application or an extension that might do the above.
Any input would be appreciated.
Thanks
Z

[Tyler01]

im having trouble usin the user authentication in dreamweaver mx 2004 for php.
i v folow tutorials in both web designer and dreamweaver bible. I have followed
step by step again and again. but the login in nor restrcin access works
propely, the just act as if the passwords are wrong! is there something im
missin?

>select login in user
>select form
>select fields
>select connection
>select table and colums
>then if login succeeds goto...

if login in fails goes to...

>restric access

do i need to add a variable of sum sort? o hav never done this b4 and its
doesnt say anywhere that i need to do:confused;

[Tyler01]

right then i have just been read something sayin that I need to turn register_globals to on, does anyone one know about this?

[Tyler01]

i am using east PHP 1.8