user privilege.

[dennisa]

I have created a website using asp. I split the directory for the website. one for user and the other for administrator.from the index page I can access both.so, I want to restrict any user to access administrator's pages.maybe I can prompt for password from the index page....but let say that user know the address, he can still screw my database by accessing the pages for administrator. for examples:>>this is the address for the index pagehttp://10.20.30.27/webnilai/index.htm>>this is the address for administrator pagehttp://10.20.30.27/admin/admin.htmand of course there are the other pages in the admin folder such us add_record.htm, add_record.asp, etc.so, anonymous user can manipulate my database if he knows the address.I want to restrict any user from accessing the administrator's pages.so eventhough he knows the address, he will be prompted to put his password and username.how can I do that?any idea??or can I attach the Username value or Password value in rs.querystring ??? so I dont bother to set security for database??

[netcracker]

u need to make an admin panel... :)make the users login before they can acces any of that page by inserting in the begining, before the rest of the code:

if not session("auth_granted")="true" then	response.Redirect "login.asp"	response.end

reed these:http://w3schools.invisionzone.com/index.php?showtopic=11http://www.w3schools.com/asp/default.asp