Jump to content

user privilege.


dennisa
 Share

Recommended Posts

I have created a website using asp. I split the directory for the website. one for user and the other for administrator.from the index page I can access both.so, I want to restrict any user to access administrator's pages.maybe I can prompt for password from the index page....but let say that user know the address, he can still screw my database by accessing the pages for administrator. for examples:>>this is the address for the index pagehttp://10.20.30.27/webnilai/index.htm>>this is the address for administrator pagehttp://10.20.30.27/admin/admin.htmand of course there are the other pages in the admin folder such us add_record.htm, add_record.asp, etc.so, anonymous user can manipulate my database if he knows the address.I want to restrict any user from accessing the administrator's pages.so eventhough he knows the address, he will be prompted to put his password and username.how can I do that?any idea??or can I attach the Username value or Password value in rs.querystring ??? so I dont bother to set security for database??

Link to comment
Share on other sites

u need to make an admin panel... :)make the users login before they can acces any of that page by inserting in the begining, before the rest of the code:

if not session("auth_granted")="true" then	response.Redirect "login.asp"	response.end

reed these:http://w3schools.invisionzone.com/index.php?showtopic=11http://www.w3schools.com/asp/default.asp

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...