Belzar Posted May 12, 2006 Share Posted May 12, 2006 Hi again all, I know, I write on here a little to often. It's just that I learn so much from here :)I have this code that will password protect a page when using Internet Explorer, but it doesnt work when using almost any other browser (Netscape, Mozzilla...)This is the VBscript code i have written: <script type="text/vbscript"> password = Inputbox("Please enter the password:") do until password = "baby" msgbox "You have entered an incorrect password- Please try again." password = Inputbox("Please enter the password:") Loop</script> Maybe there is an asp code that I could use, or some way or another tweek this code to turn it into asp. Help please. Link to comment Share on other sites More sharing options...
Yahweh Posted May 12, 2006 Share Posted May 12, 2006 Belzar,VBScript as a client-side language is browser specific, it only works on IE. However, client-side VBScript is dead, NO ONE uses anymore. To get a password box that works on all browsers, you have to convert your script to client-side Javascript.However, there is a significant problem with using client-side scripts to password protect pages, namely on the basis that they don't protect anything at all. Anyone can view the source of your page and see everything you've written.Here are 2 ways to password protect pages, but here's a simpler ASP-specific way: <%Dim strPasswordstrPassword = request("password")if Password = "baby" then%> The rest of your page contents should go here.<%else%> <form action="<%=Request.ServerVariables("SCRIPT_NAME")%>" method="post"> What's the password:<br> <input type="password" name="password"> <p> <input type="Submit" value="Go!"> </p> </form><%end if%> Using this code, no one can see any code they shouldn't when they view your source.Alternatively, I like to use this method on my sites:Login.asp: 'You should always use a function like the one below to protect'against SQL injectionFunction SQLSecurity(strString) SQLSecurity = replace(strString, "'", "\'", 1, -1, vbBinaryCompare)End FunctionSub Login Dim Conn, RS, SQL, Redirect Redirect = True Conn = Server.CreateObject("ADODB.Connection") RS = Server.CreateObject("ADODB.Recordset") sql = "SELECT Count(*) as Count FROM my_table WHERE Username = " & _ "'" & SQLSecurity(Request.Cookies("Username")) & "' " & _ "AND Password = '" & SQLSecurity(Request.Cookies("Password")) & "';" Conn.Open my_connection_string RS.Open sql, Conn, 1, 1 if RS("Count") then Redirect = False end if RS.Close Conn.Close set conn = nothing set rs = nothing if Redirect = True then 'if a valid username and password is not found response.redirect "error.asp" end ifEnd Sub On any other page, all I have to do is insert the following two lines at the top of any page: <!--include file="login.asp"-->Call Login... rest of page goes here ... If the user is not logged in, then he or she is automatically redirected to an error.asp page. Otherwise, the page loads as normal. Link to comment Share on other sites More sharing options...
Belzar Posted May 13, 2006 Author Share Posted May 13, 2006 Belzar,VBScript as a client-side language is browser specific, it only works on IE. However, client-side VBScript is dead, NO ONE uses anymore. To get a password box that works on all browsers, you have to convert your script to client-side Javascript.However, there is a significant problem with using client-side scripts to password protect pages, namely on the basis that they don't protect anything at all. Anyone can view the source of your page and see everything you've written.Here are 2 ways to password protect pages, but here's a simpler ASP-specific way:<%Dim strPasswordstrPassword = request("password")if Password = "baby" then%> The rest of your page contents should go here.<%else%> <form action="<%=Request.ServerVariables("SCRIPT_NAME")%>" method="post"> What's the password:<br> <input type="password" name="password"> <p> <input type="Submit" value="Go!"> </p> </form><%end if%> Using this code, no one can see any code they shouldn't when they view your source.Alternatively, I like to use this method on my sites:Login.asp: 'You should always use a function like the one below to protect'against SQL injectionFunction SQLSecurity(strString) SQLSecurity = replace(strString, "'", "\'", 1, -1, vbBinaryCompare)End FunctionSub Login Dim Conn, RS, SQL, Redirect Redirect = True Conn = Server.CreateObject("ADODB.Connection") RS = Server.CreateObject("ADODB.Recordset") sql = "SELECT Count(*) as Count FROM my_table WHERE Username = " & _ "'" & SQLSecurity(Request.Cookies("Username")) & "' " & _ "AND Password = '" & SQLSecurity(Request.Cookies("Password")) & "';" Conn.Open my_connection_string RS.Open sql, Conn, 1, 1 if RS("Count") then Redirect = False end if RS.Close Conn.Close set conn = nothing set rs = nothing if Redirect = True then 'if a valid username and password is not found response.redirect "error.asp" end ifEnd Sub On any other page, all I have to do is insert the following two lines at the top of any page: <!--include file="login.asp"-->Call Login... rest of page goes here ... If the user is not logged in, then he or she is automatically redirected to an error.asp page. Otherwise, the page loads as normal. <{POST_SNAPBACK}> Wow, thats very good information. I am having trouble learning how to get into my database and such, like how to get people to sign up and create there own names. I mainly have trouble with it cuz i am unsure of how to code it correctly, but thats a whole nother problem thanks for your help on this one. Link to comment Share on other sites More sharing options...
Yahweh Posted May 13, 2006 Share Posted May 13, 2006 Wow, thats very good information. I am having trouble learning how to get into my database and such, like how to get people to sign up and create there own names. I mainly have trouble with it cuz i am unsure of how to code it correctly, but thats a whole nother problem thanks for your help on this one.<{POST_SNAPBACK}> If you need help on Login/Signup pages, let me know, and I can certainly help you out on them Link to comment Share on other sites More sharing options...
Belzar Posted May 13, 2006 Author Share Posted May 13, 2006 If you need help on Login/Signup pages, let me know, and I can certainly help you out on them <{POST_SNAPBACK}> to be honest, i could use help on those... i have tried many different things, i am the kind of person that only uses the code i write... i have only used codes from other people once i think, thats cuz it was a very confusing code. Here is my problem, I have mySQL database, but i am unsure of how exactly how to use it, its on another site, so i dont know how to connect to it. and then there is exactly how it all works, if you could help me, thanks greatly. Link to comment Share on other sites More sharing options...
Yahweh Posted May 13, 2006 Share Posted May 13, 2006 to be honest, i could use help on those... i have tried many different things, i am the kind of person that only uses the code i write... i have only used codes from other people once i think, thats cuz it was a very confusing code. Here is my problem, I have mySQL database, but i am unsure of how exactly how to use it, its on another site, so i dont know how to connect to it. and then there is exactly how it all works, if you could help me, thanks greatly.<{POST_SNAPBACK}> ConnectionStrings.com has a lot of information on the type of connection strings you should use to connect to your database.Basically, to connect to a database, you'll use this code:Dim ConnectionString, Conn, RS, SQLConnectionString = "something here" 'modify this lineConn = Server.CreateObject("ADODB.Connection")RS = Server.CreateObject("ADODB.RecordSet")SQL = "some SQL statement" 'modify this lineConn.Open ConnectionStringRS.Open sql1, Conn, 1, 1 'this opens a database in forward-only, read-only mode 'stuff hereRS.CloseConn.Close'Always set your recordsets and connections to nothing when you're done with themSet rs = nothingSet conn = nothing You only need to open a database connection once per page, and you need to open and close as many recordsets as SQL statements you plan on executing. After you are finished getting your information out of your databae and recordsets, close them immediately and set them equal to nothing to free up server resources.The value of ConnectionString variable depends on what type of database you're connecting to, and where the database is located relative to your ASP scripts.To connect to a MySQL database, use this connection string: ConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=mysqlServer;PORT=3306;DATABASE=myDatabase;" & _ "USER=myUsername;PASSWORD=myPassword;OPTION=18475;" For the part reading SERVER=mysqlServer, set that to the location of your sql server. If your ASP scripts and sqlServer are located on the same domain, then SERVER=localhost works most of the time. If that doesn't work, or if you are connecting to a remote database, just use the location of the sql server. A few examples: 'Connecting to a local database, where your database and scripts are'located on the same serverConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=localhost;PORT=3306;DATABASE=myDatabase;" & _ "USER=myUsername;PASSWORD=myPassword;OPTION=18475;"'Connecting to remote databaseConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=data.domain.com;PORT=3306;DATABASE=myDatabase;" & _ "USER=myUsername;PASSWORD=myPassword;OPTION=18475;" The USER and PASSWORD correspond to the username and password of your mySQL account (usually these will be identical to the username and password of your account on the remote server), and the DATABASE corresponds to the name of your database. Link to comment Share on other sites More sharing options...
Belzar Posted May 13, 2006 Author Share Posted May 13, 2006 ConnectionStrings.com has a lot of information on the type of connection strings you should use to connect to your database.Basically, to connect to a database, you'll use this code:Dim ConnectionString, Conn, RS, SQLConnectionString = "something here" 'modify this lineConn = Server.CreateObject("ADODB.Connection")RS = Server.CreateObject("ADODB.RecordSet")SQL = "some SQL statement" 'modify this lineConn.Open ConnectionStringRS.Open sql1, Conn, 1, 1 'this opens a database in forward-only, read-only mode 'stuff hereRS.CloseConn.Close'Always set your recordsets and connections to nothing when you're done with themSet rs = nothingSet conn = nothing You only need to open a database connection once per page, and you need to open and close as many recordsets as SQL statements you plan on executing. After you are finished getting your information out of your databae and recordsets, close them immediately and set them equal to nothing to free up server resources.The value of ConnectionString variable depends on what type of database you're connecting to, and where the database is located relative to your ASP scripts.To connect to a MySQL database, use this connection string: ConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=mysqlServer;PORT=3306;DATABASE=myDatabase;" & _ "USER=myUsername;PASSWORD=myPassword;OPTION=18475;" For the part reading SERVER=mysqlServer, set that to the location of your sql server. If your ASP scripts and sqlServer are located on the same domain, then SERVER=localhost works most of the time. If that doesn't work, or if you are connecting to a remote database, just use the location of the sql server. A few examples: 'Connecting to a local database, where your database and scripts are'located on the same serverConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=localhost;PORT=3306;DATABASE=myDatabase;" & _ "USER=myUsername;PASSWORD=myPassword;OPTION=18475;"'Connecting to remote databaseConnectionString = "DRIVER={MySQL ODBC 3.51 Driver};" & _ "SERVER=data.domain.com;PORT=3306;DATABASE=myDatabase;" & _ "USER=myUsername;PASSWORD=myPassword;OPTION=18475;" The USER and PASSWORD correspond to the username and password of your mySQL account (usually these will be identical to the username and password of your account on the remote server), and the DATABASE corresponds to the name of your database. <{POST_SNAPBACK}> Great, now i have learned how to use the database and connect to it, very tuff stuff, but i have a small understanding for it now and it is working for the guestbook thing, thank god Link to comment Share on other sites More sharing options...
Splurd Posted May 29, 2006 Share Posted May 29, 2006 Belzar,VBScript as a client-side language is browser specific, it only works on IE. However, client-side VBScript is dead, NO ONE uses anymore. To get a password box that works on all browsers, you have to convert your script to client-side Javascript.However, there is a significant problem with using client-side scripts to password protect pages, namely on the basis that they don't protect anything at all. Anyone can view the source of your page and see everything you've written.Here are 2 ways to password protect pages, but here's a simpler ASP-specific way:<%Dim strPasswordstrPassword = request("password")if Password = "baby" then%> The rest of your page contents should go here.<%else%> <form action="<%=Request.ServerVariables("SCRIPT_NAME")%>" method="post"> What's the password:<br> <input type="password" name="password"> <p> <input type="Submit" value="Go!"> </p> </form><%end if%> Using this code, no one can see any code they shouldn't when they view your source.Alternatively, I like to use this method on my sites:Login.asp: 'You should always use a function like the one below to protect'against SQL injectionFunction SQLSecurity(strString) SQLSecurity = replace(strString, "'", "\'", 1, -1, vbBinaryCompare)End FunctionSub Login Dim Conn, RS, SQL, Redirect Redirect = True Conn = Server.CreateObject("ADODB.Connection") RS = Server.CreateObject("ADODB.Recordset") sql = "SELECT Count(*) as Count FROM my_table WHERE Username = " & _ "'" & SQLSecurity(Request.Cookies("Username")) & "' " & _ "AND Password = '" & SQLSecurity(Request.Cookies("Password")) & "';" Conn.Open my_connection_string RS.Open sql, Conn, 1, 1 if RS("Count") then Redirect = False end if RS.Close Conn.Close set conn = nothing set rs = nothing if Redirect = True then 'if a valid username and password is not found response.redirect "error.asp" end ifEnd Sub On any other page, all I have to do is insert the following two lines at the top of any page: <!--include file="login.asp"-->Call Login... rest of page goes here ... If the user is not logged in, then he or she is automatically redirected to an error.asp page. Otherwise, the page loads as normal. <{POST_SNAPBACK}> Doesnt this mean you are storing the password in your cookies? Wont that be a security risk? Link to comment Share on other sites More sharing options...
justsomeguy Posted May 31, 2006 Share Posted May 31, 2006 Not if you encrypt the password. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now