Restrict Access on a Page
Snitz™ Forums 2000https://forum.snitz.com/forumTopic/Posts/59840?pagenum=1
05 November 2025, 08:46
Topic
Zuel
Restrict Access on a Page
12 October 2005, 16:36
Restrict Access on a Page
12 October 2005, 16:36
I am creating my own asp pages not relevent to the forums just the website itself and I included
config.asp
inc_func_secure.asp
inc_header.asp
To prevent people from accessing the page without logging in. Now is there is a way to incorporate the usergroup mod in that page so only a certain group or groups can see the page?
I think I will have to hardcode the values. Anyone play with this before?<
config.asp
inc_func_secure.asp
inc_header.asp
To prevent people from accessing the page without logging in. Now is there is a way to incorporate the usergroup mod in that page so only a certain group or groups can see the page?
I think I will have to hardcode the values. Anyone play with this before?<
Replies ...
AnonJr
12 October 2005, 17:09
12 October 2005, 17:09
Not entirely sure... but if you are using the forums user management you will also need to include inc_sha256.asp as well.<
Zuel
12 October 2005, 19:00
12 October 2005, 19:00
Works fine without it. But I'll include that file then test for a change.<
Zuel
12 October 2005, 19:02
12 October 2005, 19:02
Internal Server Error when I include inc_sha256.asp.
I didn't run it on my local machine so I don't know what threw the error. I'll just leave it off for now.
I basically took the same includes default.asp had.<
I didn't run it on my local machine so I don't know what threw the error. I'll just leave it off for now.
I basically took the same includes default.asp had.<
AnonJr
12 October 2005, 21:06
12 October 2005, 21:06
Odd... last time I left it out it wouldn't work... as long as its working 
<
<
Zuel
13 October 2005, 13:42
13 October 2005, 13:42
Back to the original question. Has anyone made a page restricted to a usergroup only?<
Roger Fredriksson
13 October 2005, 14:11
13 October 2005, 14:11
While waiting for some real Snitzer to answer I would test to use USERGROUP_ID in a query based on the table FORUM_USERGROUPS and FORUM_USERGROUPS_MEMBER for checking if the user has access to the page or not.<
Zuel
13 October 2005, 22:36
Having said that. I need to make a SQL script that says something similar too:
dbo.FORUM_USERGROUP_USERS
SELECT MEMBER_ID
WHERE USERGROUP_ID = 1 or USERGROUP_ID = 2
Then I need a way to check MEMBER_ID vs their ID. If it doesn't match, then Response.Redirect, else show page.
If anyone gets this, can you please point me in the right direction.
Thanks!<
13 October 2005, 22:36
Originally posted by Roger Fredriksson
While waiting for some real Snitzer to answer I would test to use USERGROUP_ID in a query based on the table FORUM_USERGROUPS and FORUM_USERGROUPS_MEMBER for checking if the user has access to the page or not.
Having said that. I need to make a SQL script that says something similar too:
dbo.FORUM_USERGROUP_USERS
SELECT MEMBER_ID
WHERE USERGROUP_ID = 1 or USERGROUP_ID = 2
Then I need a way to check MEMBER_ID vs their ID. If it doesn't match, then Response.Redirect, else show page.
If anyone gets this, can you please point me in the right direction.
Thanks!<
Roger Fredriksson
14 October 2005, 06:03
14 October 2005, 06:03
MemberID is present when you include the files in your post above. Cheating by using Access i get this SQL:
SELECT [FORUM_USERGROUPS].[USERGROUP_ID], [FORUM_USERGROUP_MEMBERS].[MEMBER_ID] FROM FORUM_USERGROUPS INNER JOIN FORUM_USERGROUP_MEMBERS ON [FORUM_USERGROUPS].[USERGROUP_ID]=[FORUM_USERGROUP_MEMBERS].[USERGROUP_ID] WHERE ((([FORUM_USERGROUPS].[USERGROUP_ID])=2 Or ([FORUM_USERGROUPS].[USERGROUP_ID])=3) And (([FORUM_USERGROUP_MEMBERS].[MEMBER_ID])=[MemberID]));
After generating the recordset it ought to be some easy way to find out if it is empty(=redirect) or not(=access) (While Not objRS.EOF....?) Haven´t got the time just now to look it up - I´ll be back in a couple of hours if no one else steps in and tell you the smartest way to do what originally asked for. (If I am lost I do hope they also delete my posts)<
SELECT [FORUM_USERGROUPS].[USERGROUP_ID], [FORUM_USERGROUP_MEMBERS].[MEMBER_ID] FROM FORUM_USERGROUPS INNER JOIN FORUM_USERGROUP_MEMBERS ON [FORUM_USERGROUPS].[USERGROUP_ID]=[FORUM_USERGROUP_MEMBERS].[USERGROUP_ID] WHERE ((([FORUM_USERGROUPS].[USERGROUP_ID])=2 Or ([FORUM_USERGROUPS].[USERGROUP_ID])=3) And (([FORUM_USERGROUP_MEMBERS].[MEMBER_ID])=[MemberID]));
After generating the recordset it ought to be some easy way to find out if it is empty(=redirect) or not(=access) (While Not objRS.EOF....?) Haven´t got the time just now to look it up - I´ll be back in a couple of hours if no one else steps in and tell you the smartest way to do what originally asked for. (If I am lost I do hope they also delete my posts)<
Roger Fredriksson
14 October 2005, 18:31
14 October 2005, 18:31
The easy way: If oRS.RecordCount = 0 then redirect else acess (a kind of shorthand asp!!) should do the trick, would it not?<
Zuel
15 October 2005, 01:01
15 October 2005, 01:01
Man, thanks for the info. I will test it out when I get some sleep. <
<
Roger Fredriksson
15 October 2005, 06:06
15 October 2005, 06:06
You are welcome, please let me know if it works.<
Zuel
16 October 2005, 21:58
16 October 2005, 21:58
How would I go about on putting this in the code? I get the following error:
Error Type:
Microsoft VBScript compilation (0x800A03FD)
Expected 'Case'
file path, line 28, column 7
SELECT [FORUM_USERGROUPS].[USERGROUP_ID], [FORUM_USERGROUP_MEMBERS].[MEMBER_ID] FROM FORUM_USERGROUPS INNER JOIN FORUM_USERGROUP_MEMBERS ON [FORUM_USERGROUPS].[USERGROUP_ID]=[FORUM_USERGROUP_MEMBERS].[USERGROUP_ID] WHERE ((([FORUM_USERGROUPS].[USERGROUP_ID])=1 Or ([FORUM_USERGROUPS].[USERGROUP_ID])=2) And (([FORUM_USERGROUP_MEMBERS].[MEMBER_ID])=[MemberID]));
------^<
Error Type:
Microsoft VBScript compilation (0x800A03FD)
Expected 'Case'
file path, line 28, column 7
SELECT [FORUM_USERGROUPS].[USERGROUP_ID], [FORUM_USERGROUP_MEMBERS].[MEMBER_ID] FROM FORUM_USERGROUPS INNER JOIN FORUM_USERGROUP_MEMBERS ON [FORUM_USERGROUPS].[USERGROUP_ID]=[FORUM_USERGROUP_MEMBERS].[USERGROUP_ID] WHERE ((([FORUM_USERGROUPS].[USERGROUP_ID])=1 Or ([FORUM_USERGROUPS].[USERGROUP_ID])=2) And (([FORUM_USERGROUP_MEMBERS].[MEMBER_ID])=[MemberID]));
------^<
Roger Fredriksson
17 October 2005, 05:58
17 October 2005, 05:58
Hm, you shouldn´t use the code without necessary changes due to how asp works. I will send you asp-code later today.<
Roger Fredriksson
17 October 2005, 10:27
17 October 2005, 10:27
This one works on my local server.Only config and inc_header and a connection-file to your db is needed at the top of the page. Remember that I am just a 'copy & past'- coder and I would very much appreciate if a genuine coder looked at my attempt to help you.
<
Code:
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_header.asp" -->
<!-- #include file="connection_snitz.asp" -->
<%
'ADO constants used in this file
adUseClient = 3
oSql = "SELECT FORUM_USERGROUPS.USERGROUP_ID, FORUM_USERGROUP_MEMBERS.MEMBER_ID" & _
" FROM FORUM_USERGROUPS INNER JOIN FORUM_USERGROUP_MEMBERS ON FORUM_USERGROUPS.USERGROUP_ID = FORUM_USERGROUP_MEMBERS.USERGROUP_ID" & _
" WHERE (((FORUM_USERGROUPS.USERGROUP_ID)=1 Or (FORUM_USERGROUPS.USERGROUP_ID)=3) AND ((FORUM_USERGROUP_MEMBERS.MEMBER_ID)="&[MemberID]&"))"
Set oRS = Server.CreateObject("ADODB.Recordset")
oRS.CursorLocation = adUseClient
oRS.CacheSize = 5
oRS.Open oSql, cnObj
foundrecs = oRS.RecordCount
ors.close
set ors =nothing
if foundrecs = 0 then
Response.Write ("no access to page")
Response.End
else
Response.Write ("welcome to the page")
Response.End
end if
%>
tribaliztic
17 October 2005, 10:41
17 October 2005, 10:41
There is a variable in the user groups mod for this already, I can't check my codes at the moment but if I remember I'll have a look tonight.
<
Roger Fredriksson
17 October 2005, 12:54
17 October 2005, 12:54
tribaliztic, it wouldn´t surprise me a bit if the solution is very simple. My solution has really nothing to do with the user groups mod, it only uses the tables usergroups and usergroups_member. As far as I can see the main disadvantage with my solution is that Zuel has to hard-code the number of which usergroup has accesss to the non-Snitz-page.<
Zuel
18 October 2005, 20:17
Sorry, I haven't been around for a bit. Been working late and class.
I'll test it out now.<
18 October 2005, 20:17
Originally posted by Roger Fredriksson
tribaliztic, it wouldn´t surprise me a bit if the solution is very simple. My solution has really nothing to do with the user groups mod, it only uses the tables usergroups and usergroups_member. As far as I can see the main disadvantage with my solution is that Zuel has to hard-code the number of which usergroup has accesss to the non-Snitz-page.
Sorry, I haven't been around for a bit. Been working late and class.
I'll test it out now.<
Zuel
18 October 2005, 20:18
18 October 2005, 20:18
Wait a minute...what is the connection_snitz.asp include file?<
tribaliztic
19 October 2005, 02:59
19 October 2005, 02:59
Probably the config.asp-page?
<
Roger Fredriksson
19 October 2005, 06:06
The file connection_snitz.asp looks like this :
<
19 October 2005, 06:06
Originally posted by ZuelRemember that I am a non-pro-coder with code that works. I would appreciate if some Snitzer stepped in and gave you a pro-solution too.
Wait a minute...what is the connection_snitz.asp include file?
The file connection_snitz.asp looks like this :
Code:
<%'Construct database path
sPath = Request.ServerVariables("Path_Translated")
'Response.Write ("sPath=" & sPath & "<br>")
sPath = Left(sPath,InStrRev(sPath,"\"))
'Open Connection and Recordset
set cnObj = Server.CreateObject("ADODB.Connection")
'Response.Write ("Create Object OK<br>")
cnObj.Open "Provider=Microsoft.Jet.OLEDB.4.0; User ID=Admin; Password=; Data Source=" & sPath & "../your_folder_for_db/name_of_your_db.mdb; Persist Security Info=True;"%>
Zuel
21 October 2005, 11:47
21 October 2005, 11:47
Sorry for the late response. Been working on a few other projects at the same time 
<
<
tribaliztic
24 October 2005, 03:34
24 October 2005, 03:34
Did you solve this or should I dig up my solution?
<
Zuel
24 October 2005, 09:41
24 October 2005, 09:41
Not yet. Still playing around with it though.<
Zuel
24 October 2005, 10:09
24 October 2005, 10:09
Okay it is working!
Roger's method works except for a few things I had to change.
FORUM_USERGROUPS_MEMBERS doesn't exist. It is actually called FORUM_USERGROUP_USERS.
Also I get a syntax error when trying to set the ADO Constant. So I just commented that line out. 'adUseClient = 3
Everything else works as it should.
Also as a note, this will not pick up members who aren't assigned to any usergroup. Which is good, so if user is undefined then deny them.
Thanks Roger!<
Roger's method works except for a few things I had to change.
FORUM_USERGROUPS_MEMBERS doesn't exist. It is actually called FORUM_USERGROUP_USERS.
Also I get a syntax error when trying to set the ADO Constant. So I just commented that line out. 'adUseClient = 3
Everything else works as it should.
Also as a note, this will not pick up members who aren't assigned to any usergroup. Which is good, so if user is undefined then deny them.
Thanks Roger!<
Zuel
24 October 2005, 10:29
24 October 2005, 10:29
Awe, I tried to carry over the pages to the server and I get an internal server error. I can't get this line to point to my database correctly.
cnObj.Open "Provider=Microsoft.Jet.OLEDB.4.0; User ID=Admin; Password=; Data Source=" & sPath & "../your_folder_for_db/name_of_your_db.mdb; Persist Security Info=True;"%><
cnObj.Open "Provider=Microsoft.Jet.OLEDB.4.0; User ID=Admin; Password=; Data Source=" & sPath & "../your_folder_for_db/name_of_your_db.mdb; Persist Security Info=True;"%><
tribaliztic
24 October 2005, 10:49
24 October 2005, 10:49
Can't you use your already established connection from config.asp?
<
Roger Fredriksson
24 October 2005, 14:19
24 October 2005, 14:19
Tribaliztic, you are right. Delete the file connection_snitz.asp. In my first post with code: replace the line
ors.Open oSql, cnobj
with
oRS.Open oSql, strConnString
<
ors.Open oSql, cnobj
with
oRS.Open oSql, strConnString
<
Zuel
25 October 2005, 10:23
25 October 2005, 10:23
Bah, still get an internal server error with that. Man I wish I had debugging enabled on the server. I'm going to try to push for it.
I think I killed the server....it doesn't come up now.<
I think I killed the server....it doesn't come up now.<
Zuel
25 October 2005, 10:36
25 October 2005, 10:36
Just talked to my website contact, he's going to try to push for debugging. I don't think the code killed the server I think there is a timeout feature that is causing the internal server errors.
I can't wait to fix the problem, I got it working on localhost perfect!<
I can't wait to fix the problem, I got it working on localhost perfect!<
tribaliztic
16 November 2005, 05:05
16 November 2005, 05:05
Well, I've stumbled upon some problems...
If I add a group to another group, then check the second group via the code in this thread, I get no hit. How does this work? =)
User1 is a member of usergroupA. I have usergroupA and usergroupB, I add usergroupA INTO usergroupB, then check for User1 in usergroupB and get no hit. <
User1 is a member of usergroupA. I have usergroupA and usergroupB, I add usergroupA INTO usergroupB, then check for User1 in usergroupB and get no hit. <
pdrg
16 November 2005, 05:22
Depending on what tools you're using, you may find server-side debugging more problematic than just doing without - Visual Interdev *could* Server-side debug, but only with a *perfect* environment (full moon, blood of a chicken, etc), and probably wasted more hours with people trying to get it working than it ever saved in productivity. MS people didn't use SS Debugging, and informally often recommneded against it.
Not saying 'don't do it' at all, just a friendly warning that if you can't get it working, don't invest too much time in it!<
16 November 2005, 05:22
Originally posted by Zuel
Bah, still get an internal server error with that. Man I wish I had debugging enabled on the server. I'm going to try to push for it.
Depending on what tools you're using, you may find server-side debugging more problematic than just doing without - Visual Interdev *could* Server-side debug, but only with a *perfect* environment (full moon, blood of a chicken, etc), and probably wasted more hours with people trying to get it working than it ever saved in productivity. MS people didn't use SS Debugging, and informally often recommneded against it.
Not saying 'don't do it' at all, just a friendly warning that if you can't get it working, don't invest too much time in it!<