dennisa Posted February 14, 2006 Share Posted February 14, 2006 I have created a website using asp. I split the directory for the website. one for user and the other for administrator.from the index page I can access both.so, I want to restrict any user to access administrator's pages.maybe I can prompt for password from the index page....but let say that user know the address, he can still screw my database by accessing the pages for administrator. for examples:>>this is the address for the index pagehttp://10.20.30.27/webnilai/index.htm>>this is the address for administrator pagehttp://10.20.30.27/admin/admin.htmand of course there are the other pages in the admin folder such us add_record.htm, add_record.asp, etc.so, anonymous user can manipulate my database if he knows the address.I want to restrict any user from accessing the administrator's pages.so eventhough he knows the address, he will be prompted to put his password and username.how can I do that?any idea??or can I attach the Username value or Password value in rs.querystring ??? so I dont bother to set security for database?? Link to comment Share on other sites More sharing options...
netcracker Posted February 14, 2006 Share Posted February 14, 2006 u need to make an admin panel... :)make the users login before they can acces any of that page by inserting in the begining, before the rest of the code: if not session("auth_granted")="true" then response.Redirect "login.asp" response.end reed these:http://w3schools.invisionzone.com/index.php?showtopic=11http://www.w3schools.com/asp/default.asp Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now