| Author |
 Topic  |
|
|
gtw
Starting Member
45 Posts |
 Posted - 10 January 2003 : 14:28:13
|
Editorial: I am amazed about and grateful for the functions the Snitz Forum is enabling for me.
I have in mind a forum that would primarily give a logged on visitors permission to run custom *.asp scripts. These scripts would be enquiries to an access data base that produce various data dumps. The URLs for the scripts would essentially be the content of the messages in various "topics" limited to members only access in the various forums.
A member might copy the url in his browser and try to run it later but if attemted to be run by him or anyone else not logged on would receive the same message that such a user gets when he/she tries to access one of the topics in a forum that is open only to members.
Maybe there are better ways to get to where I want to go...but I very much like the features of this board great registration process and means where I can control the users access and can email them and so on...
I had two thoughts but I am not clever enough with code to determine if they make any sense... first maybe there is some script that I could add to the beginning of each the database enquiry asp scripts that looks for some key that a member is signed in...Another thought was maybe it was just a matter of where in the forum directories the database script asp pages are placed... BTW, if the answer to the question is that there is some script that can be added at the beginning...are there any limitations where this page can be located on the web site?
Any ideas or suggestions?
|
Edited by - ruirib on 10 January 2003 14:42:25 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 10 January 2003 : 14:42:02
|
You could include code to verify if the member is logged in. That's what's done in inc_header.asp.
Basically you'd need to include config.asp, inc_func_common.asp and then include the code in lines 113-121, inc_header.asp
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open strConnString
if (strAuthType = "nt") then
call NTauthenticate()
if (ChkAccountReg() = "1") then
call NTUser()
end if
end if
and then include the code between lines# 164-208, inc_header.asp
strDBNTUserName = Request.Cookies(strUniqueID & "User")("Name")
strDBNTFUserName = trim(chkString(Request.Form("Name"),"SQLString"))
if strDBNTFUserName = "" then strDBNTFUserName = trim(chkString(Request.Form("User"),"SQLString"))
if strAuthType = "nt" then
strDBNTUserName = Session(strCookieURL & "userID")
strDBNTFUserName = Session(strCookieURL & "userID")
end if
if strRequireReg = "1" and strDBNTUserName = "" then
if not Instr(strScriptName,"policy.asp") > 0 and _
not Instr(strScriptName,"register.asp") > 0 and _
not Instr(strScriptName,"password.asp") > 0 and _
not Instr(strScriptName,"faq.asp") > 0 and _
not Instr(strScriptName,"login.asp") > 0 then
scriptname = split(request.servervariables("SCRIPT_NAME"),"/")
if Request.QueryString <> "" then
Response.Redirect("login.asp?target=" & lcase(scriptname(ubound(scriptname))) & "?" & Request.QueryString)
else
Response.Redirect("login.asp?target=" & lcase(scriptname(ubound(scriptname))))
end if
end if
end if
select case Request.Form("Method_Type")
case "login"
strEncodedPassword = sha256("" & Request.Form("Password"))
select case chkUser(strDBNTFUserName, strEncodedPassword,-1)
case 1, 2, 3, 4
Call DoCookies(Request.Form("SavePassword"))
strLoginStatus = 1
case else
strLoginStatus = 0
end select
case "logout"
Call ClearCookies()
end select
if trim(strDBNTUserName) <> "" and trim(Request.Cookies(strUniqueID & "User")("Pword")) <> "" then
chkCookie = 1
mLev = cLng(chkUser(strDBNTUserName, Request.Cookies(strUniqueID & "User")("Pword"),-1))
chkCookie = 0
else
MemberID = -1
mLev = 0
end if
The files with this included code should be in the forum folder, or you'd need to be careful with the include statement.
Of course, if you wanted to have the forum header for those files, you could simply include config.asp and inc_header.asp and that would be it...
After inclusind either the pieces of code I talked about and the respective includes, or inc_header.asp, you can just test the mlev variable. If the user is logged in, mlev will have a value >= 1. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
Edited by - ruirib on 10 January 2003 14:45:54 |
 |
|
|
gtw
Starting Member
45 Posts |
Posted - 10 January 2003 : 19:11:47
|
I am making progress, but slowly
Let me confirm my understanding of your instructions.
I would like to try the very most simple revsision first
would that be to add these two lines in the beginning of the new asp page
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_header.asp" -->
or should it be the three lines
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_func_common.asp" -->
<!--#INCLUDE FILE="inc_header.asp" -->
Then if I were to try adding the specific script I would add these two lines at the beginning
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_func_common.asp" -->
followed by the lines you have cut from inc_header.asp
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 12 January 2003 : 18:33:38
|
quote:
Originally posted by gtw
I am making progress, but slowly
Let me confirm my understanding of your instructions.
I would like to try the very most simple revsision first
would that be to add these two lines in the beginning of the new asp page
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_header.asp" -->
Exactly.
quote:
or should it be the three lines
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_func_common.asp" -->
<!--#INCLUDE FILE="inc_header.asp" -->
No, since inc_header.asp includes inc_func_common.asp.
quote:
Then if I were to try adding the specific script I would add these two lines at the beginning
<!--#INCLUDE FILE="config.asp" -->
<!--#INCLUDE FILE="inc_func_common.asp" -->
followed by the lines you have cut from inc_header.asp
Yes.
And after either the includes or the includes plus the cut code, you'd still need to test the mlev value, to find out whether you have a logged in member or not. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
gtw
Starting Member
45 Posts |
Posted - 13 January 2003 : 12:49:44
|
Thanks, you are being very patient with me
So...the last detail is testing the mlev value...here is the logic I want...if the user is logged on (mlev >= 1) continue to run...if the user is not logged on, inform him he must be
If mlev >= 1 Then (continue to run)
else (go to the that says must be logged on)
what should I put between the ()
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 13 January 2003 : 13:13:50
|
if mlev > 0 then
Response.Write " <p align=""center""><font face=""" & strDefaultFontFace & """ size=""" & strHeaderFontSize & """ color=""" & strHiLiteFontColor & """>Sorry, you must be logged in to access this page!</font></p>"
Response.End
WriteFooter() '<- This only if you have written the forum's header as well.
end if
|
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
gtw
Starting Member
45 Posts |
Posted - 13 January 2003 : 16:11:26
|
Dear ruiribif
Thank you for all your help I changed the mlev > 0 above to mlev = 0 and then also added a redirect to login.asp so as to help the not logged on visitor take the next step...without the redirect there was some problem in the header log in ...gave an error message
You took some time and effort to get me this far...you may want to package this as a MOD and call it something like "CheckLoginstatus.asp" and all that users would have to do is add a line <!--#INCLUDE FILE="checkloginstatus.asp" --> in the first part of any asp program to be limited to logged on members
There is a gremlim associated with not logged on members fooling the check mlev value when they go directly to the protected page...the automatic logon and password memory sometimes gets them directly to the protected page...but I will work on that issue separately
thanks again |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 13 January 2003 : 16:50:41
|
quote:
Originally posted by gtw
Dear ruirib
Thank you for all your help I changed the mlev > 0 above to mlev = 0 and then also added a redirect to login.asp so as to help the not logged on visitor take the next step...without the redirect there was some problem in the header log in ...gave an error message
Of course. I'm sorry, that was an obvious mistake. I wrote several times in this thread that if mlev>=1 that meant that the user was logged in, that I fell into my own trap...
quote:
You took some time and effort to get me this far...you may want to package this as a MOD and call it something like "CheckLoginstatus.asp" and all that users would have to do is add a line <!--#INCLUDE FILE="checkloginstatus.asp" --> in the first part of any asp program to be limited to logged on members
If you feel like posting that as a mod, that's ok with me...
quote:
There is a gremlim associated with not logged on members fooling the check mlev value when they go directly to the protected page...the automatic logon and password memory sometimes gets them directly to the protected page...but I will work on that issue separately
What do you mean? Don't think I understood the error situation... |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
gtw
Starting Member
45 Posts |
Posted - 13 January 2003 : 18:19:40
|
Thanks for your continuing interest
My goal is to force members to log on before they can run a asp program "protected" as we have done above so as only logged on members can run it
here is such a page http://gtwassociates.com/GTWsubscriptions/FederalRegisterPolicy.asp
user test password test
A first time user non member will get steered to the log in page. So will a members who goes directly to that page during a session. Sometimes an existing member who has elected to save his password seems to get passed directly to the page...It seems to have something to do with going to that page for the first time during a session (forces login) or going back to that page after closing the window (but not specifically logging out) or visiting other pages...
What I believe to be a solultion to this would be to eliminate for my users even the option of saving their password...getting rid of that check box. I have seen the way to change the default saving of the password by getting rid of the text "Checked" (BTW, I was interested to see you as the source for that info too in a separate topic) Now I shall look for how to just get rid of that box altogether |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 13 January 2003 : 18:27:29
|
Why remove the box? I find it pretty useful, since it stops me from having to login everytime I visit this and other forums. And if the members have the cookies correctly set, you know who they are, why force them to have to insert the data again?
I would say everything is working as expected. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
| |
Topic |
|
Topic Locked
