how to prevent a loop with asp - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

how to prevent a loop with asp

I have a script on my website that allows me to protect my website so only people who logged into the site are able to see the protected pages. here are my question:

i used a cookie in my login script with the following code

If (not rs.BOF) and (not rs.EOF) then
Response.Cookies("Username") = rs.Fields("User_name")
Response.Write Request.Cookies("url to my protected page")

else
Response.Redirect "http://www.yourwebsite.com/access-denied-page.html"
end if

here is the code for the protected page which calls the check.asp file:



and here is the check.asp file

<%if Request.Cookies("User_name") <> "" then
Response.Redirect ("send them to view the web site")
session("submitted")="false"
else
'send them back to login page
Response.Redirect "Login.htm"
Response.End
end if%>

when i type in a wrong password I have the change to retype the password and when the password id right than i go back to the index.page but as it is password protected i go through the same procedure again.

Comments

  • bagles1bagles1 Posts: 54Member
    Well here is a simple way to get around your dilemma. If you are redirecting or posting back to the same page. Hope this helps.

    <%
    strAction = Request("formaction")

    select case strAction
    case "checklogin"
    call checkLogin
    case else
    call doLogin
    end select

    sub checkLogin()
    ' do login check here
    ' if login is correct then
    ' call success procedure
    ' else
    ' call failure procedure
    ' end if
    call failureProcedure
    end sub

    sub successProcedure() %>


    Login Success

    SUCCESS



    <% end sub

    sub failureProcedure() %>


    Login Failure

    FAILURE



    <% end sub

    sub doLogin()
    %>



    Login Test










    <% end sub %>

    -Bagles1
  • abrauchiabrauchi Posts: 14Member
    Thank you for this explenation. Does this script mean that I can place it into each single page I would like to protect? And all I need to do is placeing my login check in here? Or will i just redirect from this script to the login page? I know I am stupdi. But I am new in the field and I have a hard time to understand the logic in some of the things. I was able to understand the c++ I did. But i don't know why I have such a hard time to understand this stuff........

    : Well here is a simple way to get around your dilemma. If you are redirecting or posting back to the same page. Hope this helps.
    :
    : <%
    : strAction = Request("formaction")
    :
    : select case strAction
    : case "checklogin"
    : call checkLogin
    : case else
    : call doLogin
    : end select
    :
    : sub checkLogin()
    : ' do login check here
    : ' if login is correct then
    : ' call success procedure
    : ' else
    : ' call failure procedure
    : ' end if
    : call failureProcedure
    : end sub
    :
    : sub successProcedure() %>
    :
    :
    : Login Success
    :
    :
    :

    SUCCESS

    :
    :
    : <% end sub
    :
    : sub failureProcedure() %>
    :
    :
    : Login Failure
    :
    :
    :

    FAILURE

    :
    :
    : <% end sub
    :
    : sub doLogin()
    : %>
    :
    :
    :
    : Login Test
    :
    :
    :
    :
    :
    :
    :
    :
    :
    :
    : <% end sub %>
    :
    : -Bagles1
    :

  • bagles1bagles1 Posts: 54Member
    <%
    ' This script is only inserted on your login page.
    ' I have commented the logic behind this script,
    ' please read below to follow along. If you still
    ' don't understand I will try to explain further.

    ' This is a check to see if the page has been posted
    ' back to. If not it will be empty.
    strAction = Request("formaction")

    ' Here we are checking to see what the value of strAction is
    ' and then call the appropriate procedure. The procedures will
    ' only be "checkLogin" which is where you would check if the
    ' username and password are valid or "doLogin" which displays
    ' the login form.
    select case strAction
    case "checklogin"
    call checkLogin
    case else
    call doLogin
    end select

    ' In this procedure you will be validating the users login
    ' information that was submitted in the form.
    sub checkLogin()
    ' do login check here.
    ' This is where you will query the database and see
    ' if the username and password are correct.
    ' if login is correct then
    ' If you are going to be checking if the user
    ' has successfully logged in on every page after
    ' this one then you might set a simple session variable
    ' here and then call the success procedure. Like this:
    ' Session("isLoggedIn") = "yes"
    ' On every page after this one you will just check to see
    ' if the Session variable = "yes" or not.
    ' call success procedure
    ' else
    ' call failure procedure
    ' end if
    end sub

    ' This procedure would just display information to the user who has
    ' successfully logged in.
    sub successProcedure() %>


    Login Success

    SUCCESS



    <% end sub

    ' This procedure would just display information to the user who has
    ' not successfully logged in.
    sub failureProcedure() %>


    Login Failure

    FAILURE



    <% end sub

    ' Procedure to display the Login form so that the user has the opportunity
    ' to login in to the site.
    sub doLogin()
    %>



    Login Test










    <% end sub %>

    -Bagles1


  • abrauchiabrauchi Posts: 14Member
    Thank you so much for your help i will try it out and see what i can do with it.
Sign In or Register to comment.