|
Custom Security/Authentication #2
To implement custom security via a database, we
use the following scripts that we will present the source code for:
Here is the securitylogin.asp script:
filename=/learn/test/securitylogin.asp
<html><head>
<title>securitylogin.asp</title>
</head><body bgcolor="#FFFFFF">
<form action="securityloginrespond.asp" method="POST">
Sign In Page:<p>
Name -> <input NAME="userName" size="20"><br>
Password -> <input NAME="userPassword" size="20"><br>
<input type="submit"><input type="reset">
</form></body></html>
Here is the securityloginrespond.asp script:
filename=/learn/test/securityloginrespond.asp
<html><head>
<TITLE>securityloginrespond.asp</TITLE>
</head><body bgcolor="#FFFFFF">
<%
myname=request.form("username")
mypassword=request.form("userpassword")
set conntemp=server.createobject("adodb.connection")
dbname="/learn/test/secret/customsecurity.mdb"
myconnect="PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE="
myconnect=myconnect & server.mappath(dbname)& ";"
conntemp.Open myconnect
sqltemp="select * from users where user='"
sqltemp=sqltemp & myname & "'"
set rstemp=conntemp.execute(SQLTemp)
If rstemp.eof then%>
we don't have a user named <%=Myname%> on file!<br>
Try <A href='securitylogin.asp'>Logging in</a> again
<%response.end
end if
If rstemp("Password")=mypassword then
session("name")=rstemp("user")
session("securitylevel")=rstemp("securitylevel")
response.write "Security Level=" & session("securitylevel")
else%>
Password Unrecognized<br>
Try <A href='securitylogin.asp'>Logging in</a> again
<%response.end
end if
rstemp.close
conntemp.close
set rstemp=nothing
set conntemp=nothing
%>
</body></html>
Here is the securitylogout.asp script:
filename=/learn/test/securitylogout.asp
<html><head>
<title>securitylogout.asp</title></head>
<body>
<%
session.abandon
%>
Logged out Now!!!
</body>
</html>
Here is the securitylevel1required.aspscript:
filename=/learn/test/securitylevel1required.asp
<%
response.expires=0
if session("securitylevel")>0 then
' nothing to do
else
response.redirect "securityunauthorized.asp"
end if
%>
Here is the securityunauthorized.asp script:
filename=/learn/test/xml/XMLlibrary.asp
<%
adPersistXML=1
Function GenXML (objRs)
set stmXML = CreateObject("ADODB.Stream")
If Not objRs.EOF Then
objRs.Save stmXML, adPersistXML ' needs ADO 2.5
End If
GenXML = stmXML.ReadText
Set stmXML = Nothing
End Function
Function GetCityXML ()
' Database connection - Usually kept in an include file, but presented for display purposes
strConnection = "DSN=student;UID=student;PWD=magic;"
Set objConn = Server.CreateObject ("ADODB.Connection")
objConn.Open strConnection
strSQL = "SELECT DISTINCT city FROM publishers"
Set objRs = objConn.Execute (strSQL)
GetCityXML = GenXML(objRs)
Set objConn = Nothing
Set objRs = Nothing
End Function
Function RenderXML (strXML,strStyleSheet)
Set objXML = CreateObject("MSXML.DOMDocument")
Set objXSL = CreateObject("MSXML.DOMDocument")
objXML.loadXML(strXML)
objXSL.load(Server.MapPath(strStyleSheet))
Response.Write objXML.transformNode (objXSL)
Set objXML = Nothing
Set objXSL = Nothing
End Function
Sub DisplayCityTable()
if Application("City") = "" then Application("City") = GetCityXML()
strStyleSheet = "table.xsl"
Call RenderXML (Application("City"),strStyleSheet)
End Sub
Sub DisplayCityList()
if Application("City") = "" then Application("City") = GetCityXML()
strStyleSheet = "listbox.xsl"
Call RenderXML (Application("City"),strStyleSheet)
End Sub
%>
Here is the securitytestlevel1.asp script:
filename=/learn/test/securitytestlevel1.asp
<!--#include file="securitylevel1required.asp"-->
<html><head>
<title>New Page </title>
<META HTTP-EQUIV="Expires" CONTENT="Tue, 04 Dec 1993 21:29:02 GMT">
</head><body>
My level 1 secret is Pretty Hot!!!<br>
Our president may not be as honest as we believed!
</body>
</html>
|