I am trying to make the forums on my Message Board password protected even for admins. Normally if you password protect a forum, admins still have access to that forum. To get around this, I have modified the following code by commenting out the first few lines (skips check for admin status). This works and makes it so that ALL users have to login. The only problem I have now is that the cookies are being dropped for all user types. I have tested this with and without the modified code, and the cookie is still being dropped and the user is logged out when they return to the Message Board. Any help or insight would be appreciated.
'##############################################
'## Private Forums ##
'##############################################
sub chkUser4()
'if mLev = 4 then
'exit sub
'end if
'## Forum_SQL
strSql = "SELECT " & strTablePrefix & "FORUM.F_PRIVATEFORUMS, " & strTablePrefix & "FORUM.F_SUBJECT, " & strTablePrefix & "FORUM.F_PASSWORD_NEW "
strSql = strSql & " FROM " & strTablePrefix & "FORUM "
strSql = strSql & " WHERE " & strTablePrefix & "FORUM.Forum_ID = " & Request.QueryString("FORUM_ID")
set rsStatus = my_conn.Execute (strSql)
dim Users
If cint(rsStatus("F_PRIVATEFORUMS")) <> 0 then
Select case cint(rsStatus("F_PRIVATEFORUMS"))
case 0
'## Do Nothing
case 1, 6 '## Allowed Users
UserNum = getNewMemberNumber()
MatchFound = isAllowedMember(Request.QueryString("FORUM_ID"), cint(UserNum))
if MatchFound then
exit sub
else
doNotAllowed
Response.end
end if
case 2 '## password
select case Request.Cookies(strUniqueID & "User")("PRIVATE_" & rsStatus("F_SUBJECT"))
case rsStatus("F_PASSWORD_NEW")
'## OK
case else
if Request("pass") = "" then
doPasswordForm
Response.End
else
if Request("pass") <> rsStatus("F_PASSWORD_NEW") then
Response.Write "Invalid password! <a href='" & Request.ServerVariables("HTTP_REFERER") & "'>Back</a>"
Response.End
else
if strSetCookieToForum = 1 then
Response.Cookies(strUniqueID & "User").Path = strCookieURL
end if
Response.Cookies(strUniqueID & "User")("PRIVATE_" & rsStatus("F_SUBJECT")) = Request("pass")
end if
end if
end select
case 3 '## Either Password or Allowed
UserNum = getNewMemberNumber()
MatchFound = isAllowedMember(Request.QueryString("FORUM_ID"), cint(UserNum))
if MatchFound then
exit sub
else
select case Request.Cookies(strUniqueID & "User")("PRIVATE_" & rsStatus("F_SUBJECT"))
case rsStatus("F_PASSWORD_NEW")
'## OK
case else
if Request("pass") = "" then
doLoginForm
Response.End
else
if Request("pass") <> rsStatus("F_PASSWORD_NEW") then
Response.Write "Invalid password! <a href='" & Request.ServerVariables("HTTP_REFERER") & "'>Back</a>"
Response.End
else
if strSetCookieToForum = 1 then
Response.Cookies(strUniqueID & "User").Path = strCookieURL
end if
Response.Cookies(strUniqueID & "User")("PRIVATE_" & rsStatus("F_SUBJECT")) = Request("pass")
end if
end if
end select
end if
'## code added 07/13/2000
case 7 '## members or password
if (strDBNTUserName = "") then
select case Request.Cookies(strUniqueID & "User")("PRIVATE_" & rsStatus("F_SUBJECT"))
case rsStatus("F_PASSWORD_NEW")
'## OK
case else
if Request("pass") = "" then
doLoginForm
Response.End
else
if Request("pass") <> rsStatus("F_PASSWORD_NEW") then
Response.Write "Invalid password! <a href='" & Request.ServerVariables("HTTP_REFERER") & "'>Back</a>"
Response.End
else
if strSetCookieToForum = 1 then
Response.Cookies(strUniqueID & "User").Path = strCookieURL
end if
Response.Cookies(strUniqueID & "User")("PRIVATE_" & rsStatus("F_SUBJECT")) = Request("pass")
end if
end if
end select
end if
'## end code added 07/13/2000
case 4, 5 '## members only
if strDBNTUserName = "" then
doNotLoggedInForm
end if
case 8, 9
NTGroupSTR = Split(strNTGroupsSTR, ", ")
NTGroupDBSTR = Split(rsStatus("F_PASSWORD_NEW"), ", ")
For i = 0 to ubound(NTGroupDBSTR)
for j = 0 to ubound(NTGroupSTR)
if NTGroupDBSTR(i) = NTGroupSTR(j) then
exit SUB
end if
next
next
doNotAllowed
Response.end
case else
Response.Write "<BR>ERROR: Invalid forum type: " & rsStatus("F_PRIVATEFORUMS")
Response.end
end select
end if
'my_Conn.Close
'set my_Conn = nothing
end sub
Edited by - adamch25 on 17 July 2001 02:21:20
Topic Locked
Posted - 17 July 2001 : 02:18:50
