Password Protected Page - Redirect [Archive]

Click to See Complete Forum and Search --> : Password Protected Page - Redirect

theflyingminst

03-26-2008, 01:29 AM

Hi, I am trying to implement this code in a password protected area of my website. The point is to redirect the user back to the page they were trying to view when they were logged out. The problem is that it's redirecting to the unauthorized page (used when it's been determined the login session has ended) rather than the page they were booted off from.

<%

Response.Redirect ("/?page=" &_
Request.ServerVariables("URL"))

%>

Any idea's? Thanks.

yamaharuss

03-26-2008, 11:53 AM

Can you post your complete code? Where does this code exist? In the logon page or in the protected page?

Protectedpage.asp:

If NOT Session("LoggedOn") then ' OR WHATEVER YOU USE
thisPage = "http://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("URL") ) & "?" & Request.ServerVariables("QUERY_STRING") )
Response.redirect("logon.asp?Page="&thisPage)
End If

logon.asp:

'check logon blah
If logon then
strPage=Request.querystring("Page")
If Page <> "" then
response.redirect(strPage)
else
response.redirect("welcome.asp")
end if
else
' logon failed
end if

This was quick and untested but should give you an idea

theflyingminst

03-26-2008, 12:51 PM

Your code's definitely got me on the right path now, thanks so much!

theflyingminst

03-26-2008, 04:22 PM

Hey I just tried implementing the code and it isn't redirecting to the last viewed page.

In an include page called logincheck.asp (I have on every protected page), I have this code:

<%
Response.Expires = -1000
Response.ExpiresAbsolute = Now() - 1
If request.cookies("UserName") = "" AND Session("UserName") = "" then
thisPage = "http://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("URL") & "?" & Request.ServerVariables("QUERY_STRING")
Response.Redirect ("unauthorized.asp")
Response.End
End If
%>

<%
Response.Expires = -1000
Response.ExpiresAbsolute = Now() - 1
If Session("UserName") = "" then
thisPage = "http://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("URL") & "?" & Request.ServerVariables("QUERY_STRING")
Response.Redirect ("unauthorized.asp")
Response.End
End If
%>

And then in a page called Validate.asp, I have this:

If Page <> "" then
response.redirect(strPage)
else
response.redirect("start.asp")
end if

Else
Session("Message") = ("Login Failed! Incorrect Username & Password.")
Response.Redirect ("default.asp")
Response.End
End If

And it just redirects back to the main login area.

yamaharuss

03-26-2008, 04:26 PM

I don't see a redirect to a login page. What is the login page and can you post the login code? Maybe you're not setting the sessions correctly.

From the code you posted it appears you are setting the session name after the validation code.

yamaharuss

03-26-2008, 04:35 PM

add this code to the top of one of your protected pages:

response.write("cookie username = "&request.cookies("UserName")&" )
response.write("session username = "&Session("UserName")&" )
response.end

I don't see a need to use cookies AND session during validation

theflyingminst

03-26-2008, 05:05 PM

Are you saying that I can use cookies to get a redirect back to the page they were looking at last when they were logged out?

yamaharuss

03-26-2008, 05:08 PM

No need to change the redirect code.. they will only be redirected if they pass validation, correct? So the problem is with the cookies/sessions, right?

theflyingminst

03-26-2008, 05:14 PM

Ok I gotcha. Well here's the entire Validate page:

<%@ Language=VBScript %>

<%Response.Expires = -1 %>
<%Response.ExpiresAbsolute = Now() - 1 %>
<%Response.AddHeader "pragma", "no-cache" %>
<%Response.AddHeader "cache-control", "private" %>
<%Response.CacheControl = "no-cache" %>

<%
Response.Expires = -1000
Response.Buffer = True
Response.Clear
%>

<% Dim MyLogin

Set MyLogin = Server.CreateObject("ADODB.Connection")
ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)};"
ConnStr = ConnStr & "DBQ=" & Server.MapPath("../db/users.mdb")
MyLogin.Open(ConnStr)

SQLtemp = "SELECT * FROM CustRecords WHERE Cust_UserName = '" & Request.Form("username") & "' AND Cust_Password = '" & Request.Form("userpassword") & "'"
Set rs = MyLogin.Execute(SQLtemp)

If Request.Form("username") = "" AND Request.Form("userpassword") = "" Then
Session("Message") = ("Login Failed! Please enter your Username & Password.")
Response.Redirect ("default.asp")
Response.End
End If

If Request.Form("username") = "" Then
Session("Message") = ("Login Failed! Please enter your Username.")
Response.Redirect ("default.asp")
Response.End
End If

If Request.Form("userpassword") = "" Then
Session("Message") = ("Login Failed! Please enter your Password.")
Response.Redirect ("default.asp")
Response.End
End If

If rs.eof then
rs.Close
MyLogin.Close
set MyLogin = Nothing
Session("Message") = ("Login Failed! Incorrect Username & Password.")
Response.Redirect ("default.asp")
Response.End
End If

while not rs.eof

If Request.Form("username") = rs("Cust_UserName") AND Request.Form("userpassword") = rs("Cust_Password") Then

dim Your_UserName
Your_UserName = rs("Cust_UserName")
dim Date_In
Date_In = rs("Entry_Date")

Response.Cookies("UserName") = Your_UserName
Response.Cookies("still") = Date_In

dim Your_Country
Your_Country = rs("Cust_Country")
Date_In = rs("Entry_Date")

Response.Cookies("Country") = Your_Country
Response.Cookies("still") = Date_In

Session.TimeOut = 20
Session("UserName") = "Yes"

strPage=Request.querystring("Page")

If Page <> "" then
response.redirect(strPage)
else
response.redirect("start.asp")
end if

Else
Session("Message") = ("Login Failed! Incorrect Username & Password.")
Response.Redirect ("default.asp")
Response.End
End If

rs.MoveNext
Wend

OnError Response.Redirect ("default.asp")

rs.Close
MyLogin.Close
set MyLogin = Nothing

%>

Here's the entire Logincheck Page:

<%Response.Expires = -1 %>
<%Response.ExpiresAbsolute = Now() - 1 %>
<%Response.AddHeader "pragma", "no-cache" %>
<%Response.AddHeader "cache-control", "private" %>
<%Response.CacheControl = "no-cache" %>

<%
Response.Expires = -1000
Response.Buffer = True
Response.Clear
%>

<%Your_UserName = request.cookies("UserName")%>
<%Your_Country = request.cookies("Country")%>
<%Date_In = request.cookies("still")%>

<%
Response.Expires = -1000
Response.ExpiresAbsolute = Now() - 1
If request.cookies("UserName") = "" AND Session("UserName") = "" then
thisPage = "http://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("URL") & "?" & Request.ServerVariables("QUERY_STRING")
Response.Redirect ("unauthorized.asp")
Response.End
End If
%>

<%
Response.Expires = -1000
Response.ExpiresAbsolute = Now() - 1
If Session("UserName") = "" then
thisPage = "http://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("URL") & "?" & Request.ServerVariables("QUERY_STRING")
Response.Redirect ("unauthorized.asp")
Response.End
End If
%>



<html>

<head>
<style>

IMG.th { width: 168px }

</style>

</head>

<body background="../backgrnd-blue-1.jpg">

<div align="center">
<table border="0" width="955" id="table1" height="80">
<tr>
<td width="245" height="23"> </td>
<td align="center" rowspan="3" bgcolor="#F8F8F8">


 


</td>
<td width="6" height="23" bgcolor="#F8F8F8"> </td>
<td width="235" align="right" height="23" bgcolor="#F8F8F8">
<a target="_self" href="../start.asp">Home</a></td>
</tr>
<tr>
<td width="245" height="23"> </td>
<td width="6" height="23" bgcolor="#F8F8F8"> </td>
<td width="235" align="right" height="23" bgcolor="#F8F8F8"><a href="logout.asp" target="_top">
Logout</a>
</td>
</tr>
<tr>
<td width="245" height="26"> </td>
<td width="6" height="26" bgcolor="#F8F8F8"> </td>
<td width="235" align="right" height="26" bgcolor="#F8F8F8">
<a href="information.asp?UserLoggedIn=<% =Your_UserName %>" target="_top">My Account Info</a>
</td>
</tr>
</table>

 

<center>
</div>

</body>

</html>

And heres the entire Unauthorized Page:

<%@ EnableSessionState=False %>

<%Response.Expires = -1 %>
<%Response.ExpiresAbsolute = Now() - 1 %>
<%Response.AddHeader "pragma", "no-cache" %>
<%Response.AddHeader "cache-control", "private" %>
<%Response.CacheControl = "no-cache" %>

<%
Response.Expires = -1000
Response.Buffer = True
Response.Clear
%>

<html>

<head>
<title>Access Denied</title>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<link rel="stylesheet" type="text/css" href="data/css.css">
<STYLE TYPE="text/css">

BODY
{
scrollbar-base-color: #7782C3;
scrollbar-arrow-color: #ffffff;
scrollbar-DarkShadow-Color: #000000;
}
</STYLE>
</head>

<body background="../backgrnd-blue-1.jpg">

 
 
    Access Denied!
 
You are
trying to visit MEMBERS AREA of our site. 
To continue
please <a href="default.asp" target="_top">Click
Here</a>
 
 
 

</body>

</html>

yamaharuss

03-26-2008, 05:41 PM

Why use an unauthorized page, just send them to the validate page if they are not logged on...

Here's your validate.asp code:

<%@ Language=VBScript %>

<%Response.Expires = -1 %>
<%Response.ExpiresAbsolute = Now() - 1 %>
<%Response.AddHeader "pragma", "no-cache" %>
<%Response.AddHeader "cache-control", "private" %>
<%Response.CacheControl = "no-cache" %>

<%
Response.Buffer = True
Response.Clear

' TAKE CARE OF CLEANING UP FORM FIELDS AND BLOCK SQL INJECTION
strUsername = TRIM(Request.Form("username"))
strPassword = TRIM(Request.Form("userpassword"))
strPage=Request.querystring("Page")
%>
<script language=javascript runat=server>
function inStrGrp(src,reg) {
var regex=new RegExp("[" + reg + "]","i");
return regex.test(src);
}
</script>
<%
If inStrGrp(strUsername,"!,<>'@#%$^&*()+=") = True Then
Session("Message") = ("Login Failed! Invalid Character.")
Response.Redirect ("default.asp")
Response.End

ElseIf inStrGrp(strPassword,"!,<>'@#%$^&*()+=") = True Then
Session("Message") = ("Login Failed! Invalid Character.")
Response.Redirect ("default.asp")
Response.End
End If

If strUsername = "" AND Request.Form("userpassword") = "" Then
Session("Message") = ("Login Failed! Please enter your Username & Password.")
Response.Redirect ("default.asp")
Response.End
End If

If strUsername = "" Then
Session("Message") = ("Login Failed! Please enter your Username.")
Response.Redirect ("default.asp")
Response.End
End If

If strPassword = "" Then
Session("Message") = ("Login Failed! Please enter your Password.")
Response.Redirect ("default.asp")
Response.End
End If

Dim MyLogin,Your_UserName,Date_In,Your_Country

Set MyLogin = Server.CreateObject("ADODB.Connection")
ConnStr = "DRIVER={Microsoft Access Driver (*.mdb)};"
ConnStr = ConnStr & "DBQ=" & Server.MapPath("../db/users.mdb")
MyLogin.Open(ConnStr)

SQLtemp = "SELECT * FROM CustRecords WHERE Cust_UserName = '" & strUsername & "' AND Cust_Password = '" & strPassword & "'"
Set rs = MyLogin.Execute(SQLtemp)
If not rs.eof then

Your_UserName = rs("Cust_UserName")
Date_In = rs("Entry_Date")
Your_Country = rs("Cust_Country")
Date_In = rs("Entry_Date")

Response.Cookies("MySite")("UserName") = Your_UserName
Response.Cookies("MySite")("still") = Date_In
Response.Cookies("MySite")("Country") = Your_Country
Response.Cookies("MySite")("still") = Date_In
Response.Cookies("MySite").Expires = DateAdd("m", 1, Now())
Session.TimeOut = 20
Session("UserName") = Your_UserName

' SUCCESS, LETS SEND THEM ON
If strPage <> "" then
response.redirect(strPage)
else
response.redirect("start.asp")
end if

Else
' LOGON FAILED, SEND THEM BACK
Session("Message") = ("Login Failed! Incorrect Username & Password.")
Response.Redirect ("default.asp")
Response.End
End If

OnError Response.Redirect ("default.asp")
rs.Close
MyLogin.Close
set MyLogin = Nothing

%>

Here's the Logincheck include:

<%Response.Expires = -1 %>
<%Response.ExpiresAbsolute = Now() - 1 %>
<%Response.AddHeader "pragma", "no-cache" %>
<%Response.AddHeader "cache-control", "private" %>
<%Response.CacheControl = "no-cache" %>

<%
If Session("UserName") = "" then
thisPage = "http://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("URL") & "?" & Request.ServerVariables("QUERY_STRING")
Response.Redirect ("validate.asp?Page="&URLEncode(thisPage))
Response.End
End If
%>

Untested but should be pretty close.

theflyingminst

03-26-2008, 05:55 PM

Cool thanks. I got an eroror on this line though:

Response.Redirect ("validate.asp?Page="&URLEncode(thisPage))

----------------------------------------
Microsoft VBScript runtime error '800a000d'

Type mismatch: 'URLEncode'

/members/login/resources/logincheck.asp, line 10
------------------------------------------

yamaharuss

03-26-2008, 05:56 PM

sorry.. should be

Server.URLEncode

theflyingminst

03-26-2008, 06:07 PM

Ok, there we go. Thanks so much for all your help!