Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    New Coder
    Join Date
    Jun 2004
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    About Locking Pages?

    Hi.

    I POSTED in the wrong forum yesterday (in Javascript forum, but I think i meant to post in this ASP Forum. Sorry about the confusion, and I have already made a note on the other forum. Please disregard the post in the other forum. Sorry.)


    But I wanted to ask if there is a way i guess to perhaps "lock" pages with some sort of javascript? I want to make my website so that if a user wanted to view other pages besides the homepage, the login page would be generated and they would have to log in first, then they would be allowed to be view the other pages.

    Also, after the user has logged in, they will see the URLs of the pages besides the homepage. The next time the user returns to my website, if the user decides to just type in the URLs of the other pages besides the homepage, I want the login page to be prompted, thus preventing users from just viewing my website without logging in.

    Lastly, I wanted to also ask if the "lock" javascript would be the same to prevent the user from clicking the "BACK" button and returning to the website pages AFTER they have logged out?? If the script is not the same, what would it be?


    Can anyone help me with a script to prevent this??

    P.S. I am using ASP for my website.


    Thanks in advance. Your help is greatly appreciated.


    -j3nnif3r.

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Do these pages all exist already and you're wanting to add this or is this a new project and you're looking at how you'll accomplish this task?
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #3
    New Coder
    Join Date
    Jun 2004
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Roy.

    I have already created the pages for the website. I just want to implement the locking of the pages so that a user who has not logged into the website cannot access any other pages other than the homepage, and that after a user logs into the website, that they are allowed to view any pages within the website.

    Noting the fact that after a user logs out, even if they have not closed the browser window, the user may not click the back button and return to the page they were previously viewing.

    Can you help me with this??

    Thank you in advance.

    -j3nnif3r.

  • #4
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,075
    Thanks
    0
    Thanked 256 Times in 252 Posts
    When a user logs in successfully to the site, set a session variable then in every page, check for the existence of that session variable. When the session variable does not exist, redirect to the login page. When the user logs out destroy the session variable.
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________

  • #5
    New Coder
    Join Date
    Jun 2004
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Glenn.

    Could you help me with the script for the session variable and where i would incorporate the script in my pages?? Thank you for your response.


    -j3nnif3r.

  • #6
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,075
    Thanks
    0
    Thanked 256 Times in 252 Posts
    Put this in your script when login is successful

    session("user") = username

    The username variable contains whatever the username of the currently login user is. You may choose to put different user info there.

    Then put this at the very beginning of each of the asp page:
    Code:
    if session("user")="" then
       response.redirect "login.asp"
       response.end
    end if
    You may put that code in an external file and include it in every asp page.
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________

  • #7
    New to the CF scene
    Join Date
    Jul 2004
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hey

    First of all I would recommend against using the Session Variable method and storing a username in a session variable as it would be a hacking paradise.

    Generate a Code every time a person logs in and there password and username mactches. Store the code in a cookie and in the database. Then match the passwords up each time a person tries to access a restricted page.

    e.g)
    Add this to a Login File

    Use the Code Below to generate a Code if the Login is OK. (Untested)
    Add this after the password and username match!

    Dim strCode
    Dim strVariable
    Do Until Len(strCode) => 30
    Randomize()
    strVariable = Int(Rnd * 1000) Mod 15
    If strVariable >= 1 AND strVariable <= 9 Then
    strCode = strCode & strVariable
    ElseIf strVariable = "10" Then
    strCode = strCode & "a"
    ElseIf strVariable = "11" Then
    strCode = strCode & "b"
    ElseIf strVariable = "12" Then
    strCode = strCode & "c"
    ElseIf strVariable = "13" Then
    strCode = strCode & "d"
    ElseIf strVariable = "14" Then
    strCode = strCode & "e"
    ElseIf strVariable = "15" Then
    strCode = strCode & "f"
    Else strCode = strCode & "z"

    End If
    Loop

    'Set the Variable to the Cookie
    Response.Cookies("cookiename")("Code") = strCode
    'Set the Variable to the Recordset
    rsMyRecordset.Fields("codecolumn") = strCode
    rsMyRecordSet.Update

    Use this to check your pages
    If Request.Cookies("cookiename")("Code") <> rsMyRecordset("codecolumn") Then
    Response.Redirect("login.asp")
    End If
    Last edited by sxar; 08-10-2004 at 07:22 AM.

  • #8
    Senior Coder
    Join Date
    Apr 2003
    Location
    England
    Posts
    1,192
    Thanks
    5
    Thanked 13 Times in 13 Posts
    personally i prefer to just do glen's session thing but with cookies and just encrypt/decrypt the cookies whenver you want, there are various asp tutorials out there on encryption and you can mix and match how you want and put this in a function that will do it all for you so you can just write with

    dataToEncrypt = "someperson"
    encryptionkey = "somerandomencryptionkey"

    response.cookies("username") = (myEncrypt(dataToEncrypt, encryptionkey))

    and read with
    if dataToEncrypt <> myDecrypt(request.cookies("username"), encryptionkey) then response.redirect "logout.asp"

    where logout.asp would wipe the cookies they have and redirect to the login page

    i try to put all my login data in 1 cookie and then split it when its being read

  • #9
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I forgot to ask whether this was an Intranet application or an Internet application. For the former, you can set up IIS to use their network login and make your pages secure behind the network but for the internet you need to look at one of these schemes. Please be aware that sessions carry an overhead so a high volume web site will run out of resources much sooner so the exact approach you need to take will depend on how much traffic you expect both now and in the future.

    None of the solutions offered so far are complete answers yet but with a little more information I think we can direct you to a complete answer.
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #10
    New Coder
    Join Date
    Jun 2004
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi.

    I think perhaps i may have used the wrong term, I meant that i want to SECURE the pages on my website. I am using the internet.

    I have created a default page at the moment where anyone who first visits my website will see the homepage, but it will be the default.htm page. On this default homepage, the search box and links are visible to the user, but they are non-useable, so that any visitor to my page cannot access any of the pages in my website.

    I want the user to first log in, then they will be directed to the ACTUAL website with the homepage now being homepage.htm where all the links and searchbox are now accessable to the user. After the user has logged in, he/she will have seen the URLs of the pages within my website.

    After the user logs out, i want to prevent them from just typing in the URLs of the pages within my website, and then gaining successful access to the website - I WANT the user to always need to sign in before accessing any pages in my website.

    I hope this updated information may help anyone who would like to help me.

    Thanks everyone for your help. I greatly appreciate it.


    -j3nnif3r.

  • #11
    New Coder
    Join Date
    Jun 2004
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Also, I wanted to add that after a user logs out, I want them to successfully log out, so that they MAY NOT hit the back button and return to the page they were previously viewin


    -j3nnif3r.

  • #12
    New Coder
    Join Date
    Aug 2004
    Location
    Saint Peters, Missouri, USA
    Posts
    15
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Oh, Jennifer (w/ the backward E's)

    I have a somewhat similar problem; and I'll start another thread just to describe my situation (hope that starting a similar thread isn't frowned upon).
    Look for "Damned BACK button reads from cache & ignores "Expires" meta-tag
    " in the subject line.

  • #13
    New Coder
    Join Date
    Jun 2004
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi abacus.

    I have the same problem occuring, but however, that is NOT my only problem. Could anyone else help?


    THis is what I needed assistance on:

    think perhaps i may have used the wrong term, I meant that i want to SECURE the pages on my website. I am using the internet.

    I have created a default page at the moment where anyone who first visits my website will see the homepage, but it will be the default.htm page. On this default homepage, the search box and links are visible to the user, but they are non-useable, so that any visitor to my page cannot access any of the pages in my website.

    I want the user to first log in, then they will be directed to the ACTUAL website with the homepage now being homepage.htm where all the links and searchbox are now accessable to the user. After the user has logged in, he/she will have seen the URLs of the pages within my website.

    After the user logs out, i want to prevent them from just typing in the URLs of the pages within my website, and then gaining successful access to the website - I WANT the user to always need to sign in before accessing any pages in my website.




    Thank you in advance to anyone who may help me resolve this problem.


    Roy, I hope this gives you a better understanding of what I am trying to achieve with my website.



    -j3nnif3r.

  • #14
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,072
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Jennifer,

    Using either method shown by Glenn and sxar will work. However keep in mind that you will need to rename each page to .asp instead of .html . The method Glenn shows is what I have used on a number of sites that do not have a large server load.


    using this method you would do this to each page that is restricted
    Code:
    <% 
    if session("user")="" then
       response.redirect "login.asp"
       response.end
    end if
    
     %>  
    <html>
    <head>
    <title></title>
    </head>
    <body>
    
    </body>
    </html>
    The logout.asp page only needs the following code
    Code:
    session("user") = ""
    session.abandon
    'you can redirect the user to the home page 
    Response.Redirect "default.htm"

  • #15
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Jennifer,

    You've got some solutions offered here that'll work fine as long as your site doesn't start taking hundreds of hits per minute. If you expect a high volume of activity then using ASP session variables becomes a problem and you'll have to switch to using session cookies instead but that will make your site inaccessible to anyone who's blocking session cookies (there'll only be a few of those though).

    If the users taking advantage of the "Back" button is also a problem then you may also have to change your links to use the "location.replace" mechanism to prevent the history used by the back button from being created that will however also block the use of the back button while a user is still logged in and may irritate your users. Be very careful about modifying any aspect of how the users interact with their browsers and only do so when the need for that is truly important.
    Check out the Forum Search. It's the short path to getting great results from this forum.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •