| Author |
 Topic  |
|
|
dbianco
Starting Member
7 Posts |
 Posted - 28 April 2001 : 08:04:19
|
Hi
I have set up snitz and it works well but I was wanting to restrict access to all pages and require that users register first.
I am using the login feature for my login for the site but for example I want people to login before they can do a search or look at the list of members.
Usually with login programs you put an inc file at the top which redirects to the login page if a person has failde to login...does snitz do it in the same way. If yes which inc file do I use. If no...what is the code that I have to put on each of the pages.
Thank you in advance
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 28 April 2001 : 08:18:33
|
If you set all forums to members only, it will require an account before allowing access to the forums, although the default.asp will display.
|
 |
|
|
MorningZ
Junior Member
USA
169 Posts |
Posted - 28 April 2001 : 10:58:44
|
at the very top of inc_top.asp
<!--#INCLUDE FILE="inc_requirelogin.asp" -->
add the include file i just whipped up and tested ( of course, you may want to "pretty it up" )
Here's the file itself, put it in the "forum" directory
It looks right away for the forum cookies being sent, if not, presents the user with the login form, checks the fields, if good login, set the cookes and refresh on itself ( default.asp ), if bad login, keep the login screen there
any further Q's, feel free to post.... ( i have never messed around with the "Snitz Permissions", perhaps i should and something like this is built in, but hey, i am an ASP programmer first and foremost  )
Edited by - MorningZ on 28 April 2001 11:00:40 |
|
|
|
dbianco
Starting Member
7 Posts |
Posted - 29 April 2001 : 02:32:28
|
MorningZ
Your code is nearly there.
First off I get an error which says
Microsoft VBScript runtime error '800a01a8'
Object required: 'objConn'
/inc_requirelogin.asp, line 10
Line 10 is:
set rsCheck = objConn.Execute (strSQL)
The issue with your current solution is that if a person has not registered they have no way of doing so because there is only the login screen but no register option as there is on the top of the snitz forum. That is why I was thinking that If people tryed to click profile, members or search that they would have to register before they could gain access. Currently you can search the web board without registering - I was wanting to change this.
Ultimately though your script was along my original idea that the first page was a normal login page where people could login (also allow them to register) which would be integrated with the forum. Do you have the script to do this?
your help is greatly appreciated
Dbianco
|
|
|
|
MorningZ
Junior Member
USA
169 Posts |
Posted - 29 April 2001 : 08:05:55
|
Light Bulb time...
check it, just thought of this:
quote:
<%
'Contents of "inc_requirelogin.asp"
'Require login to even see the board
if Not len( Request.Cookies(strUniqueID & "user")("name") ) > 0 then
Response.Redirect("policy.asp")
end if
%>
Bam, the cookie isnt set ( so they are not logged in ), they are presesnted with the first step of registration ( you could alternatively Response.Redirect to "register.asp" to skip this step ) AND they are presented in the top right corner with a way to login, and all pretty like, heh heh
no muss, no fuss
-Steve
|
|
|
|
dbianco
Starting Member
7 Posts |
Posted - 29 April 2001 : 09:55:27
|
Hi Steve
I am getting a pop up box that says
"Internet Explorer cannot open the internet site http://www..../policy.asp
A redirection problem occurred"
Do you know what may be causing this?
regards
Dbianco
|
|
|
|
MorningZ
Junior Member
USA
169 Posts |
|
|
dbianco
Starting Member
7 Posts |
Posted - 29 April 2001 : 11:51:26
|
Hi Steve
I have both those pages and they work ok when you register normally.
The problem I think is is that there looks like to be a looping problem because the page keeps trying to load (but never does complete the process of redirection) the page just keeps saying "done" at the bottom of the browser and does the process again...but the screen remains white and nothing is displayed.
Regards
Dbianco ;)
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 29 April 2001 : 17:06:19
|
quote:
alternatively try:
Response.Redirect("register.asp")
Just to let you know, you can't go directly to register.asp. You have to go in from the policy.asp page. There is a check in the register.asp to see if the user came from the policy.asp page first, if they didn't it will kindly give you an error.
|
|
|
|
MorningZ
Junior Member
USA
169 Posts |
Posted - 29 April 2001 : 19:48:29
|
ugg.. i just now spent 45 mins messing with it after reading this last reply... its going to have to wait, i was REALLY close ( the only catch was after login or registration, it brought you to "policy.asp", but you refresh, it went to default ( which is where we want it to go )
|
|
|
|
blackinwhite
Average Member
Turkey
657 Posts |
Posted - 30 April 2001 : 07:40:37
|
after the instructions above, I have changed the inc_requirelogin.asp file
<%
'Contents of "inc_requirelogin.asp"
'Require login to even see the board
if Not len( Request.Cookies(strUniqueID & "user")("name") ) > 0 then
Response.Redirect("register.asp")
end if
%>
<html><body>
<br><br><br><br>
<b><font size="2" face="verdana">Login <%= strLabel %></font></b>
<hr>
<form method="post" action="default.asp?f=chk">
Login:<br>
<input type="text" size="10" name="name"><br><br>
Pass:<br>
<input type="password" size="10" name="password"><br><br>
<input type="submit" name="submit" value="login">
</form><br><br><br>
</body>
</html>
<%
Response.Flush
Response.End
end if
%>
then I got this error:
quote:
Microsoft VBScript compilation error '800a0400'
Expected statement
/akteam/inc_requirelogin.asp, line 26
end if
^
|
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 30 April 2001 : 10:21:22
|
b & w
There is an extra "end if" closing tag at the end of the code you posted.
======
Doug G
======
Edited by - Doug G on 30 April 2001 10:22:51 |
|
|
|
WildBill
Starting Member
USA
14 Posts |
Posted - 31 May 2001 : 08:41:51
|
I just wanted to bring this topic back up again. I would like to implement the same thing on one of our customer's websites since it needs to be a closed bbs type system.
Has anyone completed a working mod for this? I would really like to be able to have the logon page first and then get access to the board w/o seeing the forums before you sign in. My client wants to keep private info in it with board meeting minutes and such and only wants their staff to get access to view the content or even see the forums.
Thanks in advance for anyone's help.
Bill Kramer
Director of Technology Services
Systemedics, Inc. |
|
|
|
WildBill
Starting Member
USA
14 Posts |
Posted - 05 June 2001 : 14:05:17
|
Top !
Bill Kramer
Director of Technology Services
Systemedics, Inc. |
|
|
|
JGonier
Starting Member
USA
44 Posts |
Posted - 06 June 2001 : 14:05:14
|
Here is just a thought everyone looking for a "require login B4 access to whole forum" mod. If you are trying to keep people from seing the whole forum (such as what I did) and you opt to use the cookie from the forum keep this in mind.
If your employee/visitor visits the site and logs in via the cookie option and the little check box that says "remember me" is either left checked or checked by user and that person just closes out there browser, then anyone else who uses that computer can just log right in without having to log in.
This may not be a big issue if on intranet, but if access can be gained by internet and these people are viewing the forum from school, work, library, friends PC, etc. then anyone else using those computers has potential access right into the forum if the user didn't logout properly.
I am using a session variable in a global.asa along with a loging page that checks if the session is true or not. If the session is true (by logging in, which is getting the login information from the forum database) then it sends you to the forum default page. If the session is false, it just keeps giving you the login page.
Here is a topic regarding this method.
Topic
Or This one too.
Topic 2
Using cookies is a great way to go, but it does have security issues, such as what I just mentioned. Using a session state, when the browser is closed, the session is killed. Thus leaving no security risks (unless the person never closes there web browser), but even that is solved using the session state. If the person is idle for some time the session state kills itself.
Hope this helps.
Sincerely,
JGonier |
|
|
| |
Topic |
|
Topic Locked
