| Author |
 Topic  |
|
|
JGonier
Starting Member
USA
44 Posts |
 Posted - 14 May 2001 : 16:05:58
|
Without giving out to much info to my site, here is what I am trying to do.
1. I have a site at www.DOMAINX.com that anyone can view.
2. I have a folder inside of this domain called employees (which is for employees only).
I have other files inside the employees folder which I want only the employees to view.
4. The forum is in the forum folder inside the employees folder.
Now here is what I want to do.
When the employee clicks the "Employees Only" link from the main web site I want it to go to the Index.asp page inside the employees folder. On this page all I want to show is the login and password fields. I will be handling all the registration to the forum, so no need to be redirected to register.asp.
When the employee logs in from the login screen it will pull the information from the forum database as well as the database cookie and then redirect them to the index2.asp page inside the employees folder which will have links to other employee only areas as well as to the forum.
This way they will already be logged in when they get to the forum but also provides security to the employees only section. However, I would need some kind of code to place at the top of every page inside the employees folder checking if they have logged in, and if not redirect them to the login page.
I have been playing around with the code in the default.asp; inc_top.asp; config.asp and functions.asp to put together a page that will do what I am looking for, however I am having no luck (don't know anything about ASP, just cut and paste parts of code to new page), and I am now looking here for help in the direction I need to go or if there is some kind of download that includes files that will do this already.
I could just setup my IIS server to require that folder request NT Authenticate, but then I would have to setup everyone an ID on my server (which I don't want to do).
Any help on this would be great.
If any of the Snitz Moderators or Admins need more information, or need to see my site to see what I am trying to do, I can provide more info. by email.
Sincerely,
JGonier
|
|
|
JGonier
Starting Member
USA
44 Posts |
Posted - 14 May 2001 : 17:11:11
|
Whoever moved this here, sorry for placing it in the general section. I wasn't sure where to put this but I thought the general area was a good start.
Again, sorry.
|
 |
|
|
JGonier
Starting Member
USA
44 Posts |
Posted - 14 May 2001 : 20:55:31
|
I found just what I was looking for. YAA HOO!!!
If anyone wants to know what to do to achieve what I was looking for, go here.
http://www.kamath.com/tutorials/tut003_auth.asp
Simple but effective. and with a few changes in the code I was able to pull the information from my forum database to gain authentication.
Thanks to everyone who helped......Oh, that was me this time. Well, thanks to everyone who has helped me in the past.
Sincerely,
JGonier
Edited by - JGonier on 14 May 2001 20:59:37 |
|
|
|
wedont
Junior Member
Canada
344 Posts |
Posted - 18 May 2001 : 10:51:16
|
JGonier,
Is there any particular reason why you could'nt use the "already configured Private forum" option to achieve this?
Wedont
snitz ver3.1 sr2
access 2k. |
|
|
|
JGonier
Starting Member
USA
44 Posts |
Posted - 18 May 2001 : 12:05:48
|
Yes, because I didn't want people to see the forum at all, nothing, nada unless they were logged in the the employee section first.
Using the private forums way of snitz would only hide the forums until logged in, but people would still be able to see other areas of the forum. I don't want anyone to see any of it until logged in first to the site.
Get the idea?
Sincerely,
JGonier |
|
|
|
wedont
Junior Member
Canada
344 Posts |
Posted - 18 May 2001 : 13:02:20
|
Thanks JGonier,
Since your link has been dead this morning, it's not clear to me if you have a "general" forum and an "Employes Only" forum using the same Db. Plus an extra Db for the "authorisation" (=1 or =0) to access a distinct forum ID (the employees's one").
Or you only have one forum (employees) and wanted to secure the access and hide its existance to your website's visitor?
I'm no expert! Butif you have 2 (visitors and employees) forum, using the script(+DB) you proposed (authorise=0 or 1), only adding the check "if forumID= x and if authorise=1 then..." in the inc_top_asp would do the job ?
Wedont
snitz ver3.1 sr2
access 2k.
Edited by - wedont on 18 May 2001 13:04:07
Edited by - wedont on 18 May 2001 13:10:48 |
|
|
|
JGonier
Starting Member
USA
44 Posts |
Posted - 19 May 2001 : 02:37:44
|
Ok, let's see if I can clear this up for you on what I was trying to do.
Follow this outline.....
I have a site with seven pages that are viewable to the public, from these pages employees can click a link taking them to the employee only section. This section has five different areas which the forum is one of them. The employees only sections main page has links to all the other employee only pages, including the forum.
This employee only section needed to be non-viewable to the public, therefor requiring a login. Since I did not want to use a second database for the employee login ID's, I was looking for a solution to require login using the ID's that I had created for them in the forum.
What I found and I am now using (since I am not an ASP programmer, nor did I want to spend the time tweeking the forum code) is this....
I am using the global.asa to create a session state. All the employee only pages are then checking if this state is true. If it is not, it redirects them to the login page. The login page is setting up the session state by compairing what they typed in against the forum database. If the user name and password they typed in match to one of the user names and passwords in the forum database it sets the session state to true.
Now that their session state is true, all pages requiring the check will see that it is and allow them to view the page, otherwise they get redirected back to the login page.
I am not sure what link you were trying to look at since I did not post it in the forum. However, If you wish to see what I did the link is as follows.....
http://www.taloninvestigation.com
The navagation bar on the left has the link to the employees only section. When you click on the link take note as to what page the link is pointing to (index.asp) however, the page you get instead is the login.asp page. Why? Because your session state to have access to index.asp was not set to true. Once you have logged in, it will then redirect you to the index.asp page which has all the links to the other employees only section.
Hope this clears it up a little bit more for you.
Edited by - JGonier on 19 May 2001 02:46:42 |
|
|
|
wedont
Junior Member
Canada
344 Posts |
Posted - 19 May 2001 : 23:13:06
|
Thanks JGonier,
That cleared it up! Your forum is for the employees only (plus some other files).Which would have only needed the cookie "check" of the forum's inc_top_asp. But, the global.asa is fine too!
ps. " I have a site at www.DOMAINX.com that anyone can view" (It's still out!)
-I guess I'm not "anyone" !
Wedont
snitz ver3.1 sr2
access 2k.
Edited by - wedont on 19 May 2001 23:19:21 |
|
|
|
JGonier
Starting Member
USA
44 Posts |
Posted - 21 May 2001 : 06:14:24
|
www.DOMAINX.com is a fake.......Oh, why bother. You just don't get it.
Sincerely,
JGonier |
|
|
|
wedont
Junior Member
Canada
344 Posts |
Posted - 21 May 2001 : 20:35:25
|
Cause, knowing that there was only an "employees" forum, it would have been simple to use the "inc_top_asp" as your "login_page_asp" adding a check in "inc_top_asp" like:
if mlev=o then
response.redirect "login_page_asp"
also adding the check in "inc_top_short_asp"
should have prety much sealed it. Than including your "inc_top_asp", you could have add all the "employees" pages in the same directory.
But hey! why bother?
Cause'I'm nice! 
Wedont
snitz ver3.1 sr2
access 2k. |
|
|
| |
Topic |
|
Topic Locked
