Why won't the spooky-login protect this one page

	Home Register Search Help Login

Sponsors

Shopping Cart Software
Ecommerce software integrated into Frontpage, Dreamweaver and Golive templates. No monthly fees and available in ASP and PHP versions.

Website Templates
We also have a wide selection of Dreamweaver, Expression Web and Frontpage templates as well as webmaster tools and CSS layouts.

Frontpage website templates
Creative Website Templates for FrontPage, Dreamweaver, Flash, SwishMax

Search Forums

Recent Posts

Todays Posts
Most Active posts
Posts since last visit
My Recent Posts
Mark posts read

Why won't the spooky-login protect this one page

View related threads: (in this forum | in all forums)

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> Web Development >> ASP and Database >> Why won't the spooky-login protect this one page

Page: [1]

TimC

Posts: 199
From: Greenville SC (& or) Monterrey Mexico
Status: offline

Why won't the spooky-login protect this one page - 8/22/2001 20:10:00

The login protects all the other pages fine, but for some reason it lets users into this page without doing an automatic redirect. Since it can't find a user name it wont let them go any further, and I burried an "if then statement" further down that checks for a minimum authorization level in order to stop them from viewing the options, but I am still perplexed - I have several more pages (about 95 of them) to redo into this format, and I really didn't want to manually protect each pages content. I used the following code succesfully on other pages and it redirects fine, my fear is that it may have something to do with all the other unrelated script that gets used by the date function and the scrolling menubar however the code for these parts are below the <html> tags and spooky's code is at the very beginning.

Here is the code:

<%
Response.Buffer = True

DIM AccExpires
DIM COOKIE_NAME
COOKIE_NAME = "Spooky"

If Session("UserName") = "" AND Request.cookies(COOKIE_NAME)("T1aUs") = "" Then
Response.redirect "/login.asp?Redirect=" &Request.Servervariables("URL")
Elseif Request.cookies(COOKIE_NAME)("T1aUs") <> "" then
AccExpires = Request.cookies(COOKIE_NAME)("xExpires")
If Trim(AccExpires) <> "" AND isDate(AccExpires) then
If cDate(AccExpires) < Now() then
Response.redirect "/login.asp?Redirect=" &Request.Servervariables("URL")
End If
End if
End if
%>

<html>

<head>
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>view edit listings</title>
<script language=Javascript name="J-BotDateFormat" ><!--
// Webs Unlimited's J-BOTS FrontPage 2000 JavaScript Generator version 3.0
// Copyright Webs Unlimited 1998, 1999 All rights reserved - http://WebsUnlimited.com
// make an array of length n Needed for older javascript browsers
function makearray(n) {
this.length = n

YADA, YADA, and more YADA, then it goes to this -

<td valign="top" height="56" width="508" colspan="2">
<p align="center">
<%If Session("AccessLevel") >= "5" then %>

<%Else%> <b>Error.... What are you doing here?</b> <br>
<A href="login.asp">Go back and login!!</A>
<%End if%>
</td>

Which is how I wind up protectiong the "Grey Code" for a navigation bar from displaying the related page links.

I can paste the complete code if needed, but hopefully this will give enough of a clue.

------------------
TimC
"Good things come to those who wait...
. . but only that which was left by those who hustled" Abraham Lincoln

Spooky

Posts: 26599
Joined: 11/11/1998
From: Middle Earth
Status: offline

RE: Why won't the spooky-login protect this one page - 8/22/2001 20:12:00

I guess the obvious question, is whats different about this page than the others?

When something fails, Ill often write the variables to the page and then do a response.end so just the values are viewed.
This sometimes helps to see whats happening?

Email me some page details if you like, and Ill look closer at it

(in reply to TimC)

TimC

Posts: 199
From: Greenville SC (& or) Monterrey Mexico
Status: offline

RE: Why won't the spooky-login protect this one page - 8/23/2001 23:56:00

To elaborate a bit more [and then the answer becomes obvious]. The session username is how we identify a client. Without it any of the search, edit, or post pages would be blank because it would find no username records to match to.

The pages that were appearing to load unprotected were loading all the graphics, but all the db info was missing. The pages never raised a red flag about login and my clients would not understand why all their info was missing. I found the mistake quite by coincidence when just after clearing out all of my history/cookies/temp-internet folders [never mind why ] it mysteriously worked just one time

[I'll bet my whole next weeks paycheck that Spooky just got the answer, anyone got change for an American 50 cent piece ]

The working pages all were in a section that required a certain level of authorization and That code was taking care of the redirect not the inc_protection.asp.

And the answer was -

This Don't

If Session("UserName") = "" AND Request.cookies(COOKIE_NAME)("T1aUs") = "" Then

This Do

If Session("UserName") = "" OR Request.cookies(COOKIE_NAME)("T1aUs") = "" Then

I KNEW I SHOULD HAVE STOOD IN BED! this morning

TimC
Humble Webmaster

[This message has been edited by TimC (edited 08-24-2001).]

(in reply to TimC)


Spooky Posts: 26599 Joined: 11/11/1998 From: Middle Earth Status: offline	RE: Why won't the spooky-login protect this one page - 8/24/2001 20:58:00 Mind you, I had to stare at it for a while, but I havent slept for a while too (in reply to TimC)