|
:-DA user has to log on to my website. If he requests a page and is not logged on, then he is directed to the logon page. Once logged he should be redirected to page that he/she originally requested. As far is what I can understand is the I have to use Request.ServerVariables("HTTP_REFERER"). The value is not passed through, it comes through blank. I have debugged it many times, still no luck. Is this something that must be set on IIS? Can some please help? And then secondly, is there any way that I can increase the security of my login code? Any help will be appreciated!!!
Here is my calling page:
<%@ LANGUAGE=VBScript ENABLESESSIONSTATE=True %>
<%
If IsEmpty(Session("username")) Then
Response.Redirect "login.asp"
End If
%>
Here is my ASP code on my login page:
<%@ LANGUAGE=VBScript ENABLESESSIONSTATE=True %>
<%
'-----------------------------------------------------------------------------
' Declare variables
'-----------------------------------------------------------------------------
Dim objConn, objRs
Dim strSQL
Dim boolIsPost
Dim strUserName, strPassword
Dim strErrorTitle, strError, boolHasError
'-----------------------------------------------------------------------------
' Setup the response object
'-----------------------------------------------------------------------------
Call SetupResponse()
'-----------------------------------------------------------------------------
' Open database connection
'-----------------------------------------------------------------------------
Set objConn = GetDBConnection()
'-----------------------------------------------------------------------------
' Determine whether form was posted
'-----------------------------------------------------------------------------
boolIsPost = CBool(Request.Form("IsPost"))
If boolIsPost Then
' Get username and password
strUserName = Request.Form("username")
strPassword = Request.Form("password")
If Len(strUserName) < 8 Or Len(strUserName) > 30 Then
boolHasError = True
ElseIf Len(strPassword) < 8 Or Len(strPassword) > 30 Then
boolHasError = True
Else ' If all is ok
Set objRs = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT User_Username FROM tblUser WHERE User_Username = '" & strUserName & "' " & _
"AND User_Password = '" & strPassword & "'"
objRs.Open strSQL ,objConn, adOpenKeyset, adLockOptimistic
' If no match was found
If objRs.EOF Then
boolHasError = True
Else
' Set the Session variables
Session("username") = strUserName
' Redirect to original page
Response.Redirect Request.ServerVariables("HTTP_REFERER")
'Response.Redirect "default.asp"
End If
' Close and release resources
objRs.Close
Set objRs = Nothing
End If
End If
%>
...Rest of HTML Code goes here...
|
|
|
|
|
Hi Brendan,
You can't depend on HTTP_REFERER always being populated. It will only be passed if the user clicks a link that leads to this page, and their browser supports it. So you'll want to have an alternate page to redirect them to in case there is no value present for HTTP_REFERER.
Datagrid Girl
|
|
|
|
|
An easy solution is to include a script in every page that needs login, which leads the user to the login page passing along the name of the script originally requested, in a variable. If the login was succesful, you can redirect to this page.
|
|
|
|
|
Can you please supply some sample code?
|
|
|
|
|
pseudocode:
<?
chk_user_logged_in("this_page_name.asp")
blah blah
?>
at the start of every page that needs a logged in user
a common file u include everywhere:
function chk_user_logged_in($referer)
{
// do the logged in check (cookies etc)
if (!logged_in)
do_user_login($referer)
return;
}
the login function / page
<?
// process login form and get user credentials
redirect($referer)
?>
hope that explains it
its real easy when u see the light
<hr size='1' color='darkblue'><font color=black><small><i>"there is no spoon"</i><br><a href="http://www.8028finder.com" target="_new"><small><b>biz stuff</b></small></a> <a href="http://www.8028finder.com/lauren" target="_new"><small><b>about me</b></small></a>
|
|
|
|
|
If you have a look at my login code, do you think this is secure enough? If not can you maybe help me find sample code. I have looked on most places on the Internet, but all is the same.
|
|
|
|
|
|
If you have a look at my login code, do you think this is secure enough? If not can you maybe help me find sample code. I have looked on most places on the Internet, but all is the same.
|
|
|
|
|
Does anyone know how to automatically log someone onto an NT 4 Server based on their IP Address?
I want to setup a folder that automatically allows certain IP Address ranges to have access in combination with a set of NT Users (who need to logon). The simplest method I can think of, is to protect the folder based on NT Username, then automatically assign an appropriate Username/password for those users with certaoin IP Addresses. This would also make logging of access alot easier.
Any ideas?
|
|
|
|
|
hey guys
anyone know how to make a whole table cell a hyperlink (without putting an image in it that is) ?
im kinda stuck
:/
"there is no spoon" biz stuff about me
|
|
|
|
|
Yup, wait for XHTML 2.0 when href can be attributed to any body element.
Till then, you have to use JavaScript: Add a onclick handler to the td e.g. <td onclick="alert('Clicked');" width="400" height="400">clickable</td>
Oh yeah, and to get it to redirect like a hyperlink use document.location = 'http://www.bob.com/'
regards,
Paul Watson
Bluegrass
South Africa
Brian Welsch wrote:
"blah blah blah, maybe a potato?" while translating my Afrikaans.
Crikey! ain't life grand?
Einstein says...
|
|
|
|
|
|
way cool indeed ... !!!
Maximilien Lincourt
"Never underestimate the bandwidth of a station wagon filled with backup tapes." ("Computer Networks" by Andrew S Tannenbaum )
|
|
|
|
|
hey paul
is there any way to change the cursor to the hyperlink hand when it goes over the area i marked as a link?
im just wondering how i can indicate to a user how it is a link - i could change the bgcolor i know but the cursor idea grabs me if its possible
and u being a genius at this stuff and all.....
"there is no spoon" biz stuff about me
|
|
|
|
|
onmouseover="this.style='cursor: hand'"
I think...
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
|
An even better way is to go
blah
NATHAN RIDLEY
Web Application Developer
email: nathan @ netlab.com.au
[remove the spaces before and after the @ symbol]
|
|
|
|
|
hey nathan
i just got around to trying this method out
and its simplicity is outstanding
thnx so much
"there is no spoon" biz stuff about me
|
|
|
|
|
Hockey's way works but rather than hassle with a new event handler, just put the cursor: hand; style in a style class in your CSS file and attach it to the td . Or do it inline e.g. ...td style="cursor: hand;"... .
regards,
Paul Watson
Bluegrass
South Africa
Brian Welsch wrote:
"blah blah blah, maybe a potato?" while translating my Afrikaans.
Crikey! ain't life grand?
Einstein says...
|
|
|
|
|
heh
i did it already
but thnx so much for the heads up
"there is no spoon" biz stuff about me
|
|
|
|
|
Set the following CSS attributes on the <a> tag:
<br />
display: block;<br />
width: 100%;<br />
height: 100%;<br />
The second attribute is for IE compatibility and the third is if your table cell is taller than the link.
- Mike
|
|
|
|
|
I am having an interesting, but very annoying problem related to making web service requests from .NET to a Perl SOAP::Lite web service that is running on Linux. Here is the situation:
(1) In most cases, we are able to make web service calls from ASP.NET to the Perl web service just fine. There may be problems, but the test methods that we've tried seem to work fine.
(2) A .NET console application is able to make calls to the Perl web service without any visible problems.
(3) The problem comes in when the Perl web service throws a SoapException. When this happens and the web service was called from the ASP.NET client, a System.Runtime.Serialization.SerializationException is thrown that says the following:
An unhandled exception of type 'System.Runtime.Serialization.SerializationException' occurred in Unknown Module.
Additional information: The type System.Web.Services.Protocols.SoapException in Assembly System.Web.Services, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f57f11d50a3a is not marked as serializable.
What is confusing is that we can make make the same call from a .NET console application to the Perl web service and it works properly, throwing a SoapException.
In each of the clients (ASP.NET & .NET console app), a web reference to the Perl web service was created the exact same way in Visual Studio based on a WSDL file, so there are no apparent differences in that area.
In summary, we are finding a difference in behavior between an ASP.NET client and a .NET console application and I can't figure out what the difference is between them.
If anyone has any suggestions or information on this, it would be most appreciated.
Thank you,
Clark Laughlin
|
|
|
|
|
Hi,
I'm writing a PHP script that runs on my computer, and I was wondering if anyone knows how to retrieve the internet IP of my computer (even if it's behind a router). I tried using gethostbyname('localhost'); and gethostbyname('MYCOMPUTERNAME');, both simply return the IP of the computer within the network.
Joel Holdsworth
|
|
|
|
|
I'm having the same problem...I used ipconfig though...which works for all computers inside my home's router but nothing appears to work when entered remotely
If you figure it out lemme know please...
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
You need to have another server (outside of your network) that you can access to get your external IP (or, as an alternative, a program running on your router that you can query).
There are quite a few servers on the web that you can query to get your external IP as seen by the Internet (the first is the easiest to query, but you may want others to fall back on in case the first is down):
http://www.phpfreaks.com/myip.php[^]
http://www.whatismyip.com/[^]
http://www.networkports.net/yourip.php[^]
- Mike
|
|
|
|