Page access and user login

nicpon · #1 (**permalink**) 09-06-05, 04:03 PM

Hello,
I have couple pages in vbscript with mssql and I would like to ad two things:

1. When somebody is looking throught my pages and i want to make so that they can't go to included page without clicking on the link. For example, my home.asp has few includes and if someone knows the path to the included files they can directly then view that file by typing the path in addreess bar. So, I want to create somthing that will say you can access this page directly or will redirect them to some other page.

2. Also i want to create https for few files and without logging in people should be able to view this files. What I was thinking haveing login.asp with login box and then some code on every page i want to be secure to check if that person is looged in or not. If yes then display the content of the secure page if not redirect to login page.

I need some guidelines on how to achieve this two things.
Thank you

permalink · #2 (**permalink**) 09-06-05, 04:31 PM

1
if request.ServerVariables("SCRIPT_NAME") = "script name" then
response.redirect("homepage.asp")
end if

2. you need a ssl certificate to be able to do https

once you have that part of number 2 let me know and i will give you some advice on logins

nicpon · #3 (**permalink**) 09-06-05, 05:43 PM

I have the ssl certificate right now. Tha web i`m running right now has ssl cert. and people accessing this web have to login in order to proceed to the secure sections. But they dont know that they can acces some of these pages without logging in by typing the path for specific file.
Right now when they log in they are taken to their profile instantly no matter from where they are coming. I want to change it so that for example if someone clicks on link(that is in secure) and they are not logged in it will riderect them to login page and upon successful login that person will proceed to the destination they intendet to go at the begging.

permalink · #4 (**permalink**) 09-06-05, 05:55 PM

ok

create an include file called logged in

if session("name")="" or isnull(session("name"))=true then
response.redirect("login.asp")
end if

on the login, use request.ServerVariables("HTTP_REFERER") to redirect them back to the page they came from.

edit:
fixed the server variable

nicpon · #5 (**permalink**) 09-07-05, 03:40 PM

How about using SSL how do I implement that ??
I made thie logged.asp file with this code

Code:

if request.ServerVariables("URL") = request.ServerVariables("URL") then
response.Write("You cannot access this file directly")
else
if session("name")="" or isnull(session("name"))=true then
response.redirect("../login2.asp")
else
response.Redirect("../ProfileDisplay.asp")
end if
end if

and then i included that file
with this command

Code:

<!--#include file="includes/logged.asp"-->

in the main file and i got You cannot access this file directly msg.
I'm doing something wrong here. That logged.asp file is in includes dir and then login2 and profiledisplay in root, I aslo want to protect logged.asp from viewing.

permalink · #6 (**permalink**) 09-07-05, 08:07 PM

ssl is a server based thing.

your logged file does not look like a valide file to me as the first if statement will always be true.

nicpon · #7 (**permalink**) 09-08-05, 04:45 PM

I relized that too.
I made some changes this is my logged.asp

Code:

if session("email")="" or isnull(session("email"))=true then
response.redirect("../login2.asp")
end if

and if i access this file throught vrowser directly i get alertmsg saying
redirectoin limits for this url exceded. Unable to load requested page. This may be cause by the cookie that are blocked.
What should i do with this ?
Also how can i set session vars ??

I forgot to say that if i use response.redirect("login2.asp") instead the one above it works fine.Why ?

permalink · #8 (**permalink**) 09-08-05, 07:55 PM

the file you are including logged in is in the same folder as the file you are attempting to redirect to.

to set a session cookie
session("my name here") = "my value here"

nicpon · #9 (**permalink**) 09-09-05, 08:53 AM

The file is not in the same folder. thats why i have ../ but when i put in the same folder then its working fine.

nicpon · #10 (**permalink**) 09-09-05, 04:47 PM

I fixed the error about cookies.
But know i have different problem:
I form on the page that has action post to asp file that is validating all the entered information. Now when there is an error it goes back to form page and displays an error msg but all the data i entered before submition is gone and all the fields are empty.
How can keep whatever is entered at the first time and then when they click send and smeone is redirected back to original page all the fields have info from before ??