Frontpage 2002 password protected page

D

defraine

Hi,

I have been through most of the questions and answers that kind of relate to
my question with not much success.

I want to make the "Members" page on www.blarneyquick.com password
protected. I can't change any permissions on the server my website is hosted
on as it is locked down for security issues.

So can I easily re-create 1 page userid and password protected that I can
assign multiple userid's to?

Any advise muchily appreciated. I am using FrontPage 2002 and am fairly
good with HTML but have never used ASP and applicatiosn like that.

I know there is a Microsoft solution using ACCESS but I don't have it.

Thanks in advance, Sean.
 
D

defraine

Hi Thomas, I read that one, I don't have ACCESS. Is there NO other way at all?
Thanks
 
T

Thomas A. Rowe

You can create a form with the fields needed as indicated in the KB, then let FP create the Access
database for you, then you can follow the instruction in the KB article configure your site.

Your site must be hosted on a Windows IIS web server.

Note: The Kb indicates placing the database in the _private folder, this is wrong, the database need
to be in fpdb if FP doesn't automatically create it there.

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
D

defraine

Thanks Thomas, I'll give it a try.

Sean

Thomas A. Rowe said:
You can create a form with the fields needed as indicated in the KB, then let FP create the Access
database for you, then you can follow the instruction in the KB article configure your site.

Your site must be hosted on a Windows IIS web server.

Note: The Kb indicates placing the database in the _private folder, this is wrong, the database need
to be in fpdb if FP doesn't automatically create it there.

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
D

defraine

Thomas,

Regarding creating the form, can you advise how please, I have never done a
form before. I guess the form creation creates the ACCESS part you talk of?

Thaks again.
 
T

Thomas A. Rowe

With a web open, create a new page.

Insert Menu | Form

Click inside the dash line and then insert each field require, as indicated in the KB article.

Then under Form properties, Select Send to Database, click Ok. If you see a message about invalid
settings, select yes to correct, etc. then select Create Database.
--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
I

IdaSpode

Hi Thomas, I read that one, I don't have ACCESS. Is there NO other way at all?

Do you have Windows hosting or Unix/Linux hosting?

I have Unix hosting for most of my sites and use this method, but I
let the CPanel function "web protect" to do it for me.

http://www.euronet.nl/~arnow/htpasswd/documentation.html

You might also want to check with your host and/or explore your
domain's control panel for a password protection feature.

DJ
 
D

defraine

DJ,

Thanks, I am using Windows hosting. I have had a play on the domains
control panel and all the protection options are restricted :-(

Thanks again.
 
D

defraine

Hi Thomas,

I really am having problems creating the DB as in the KB via inserting a
FORM. Any pointers please?. How would I perform the following?

Step 3 - Create a database by using Microsoft Access
1. Start Microsoft Access.
2. On the File menu, click New.
3. In the list of choices, click Blank Database.
4. Name the file logon.mdb and save it to your desktop.
5. In the Tables section, click New.
6. In the list, click Design View, and then click OK.
7. Create two fields: a. For the Field Name, type UID. For the Data Type,
click Text, and then click Primary Key.
b. For the Field Name, type PWD. For the Data Type, click Text.

8. On the File menu, click Save. Name the table tblUsers, and then click OK.
9. On the View menu, click Datasheet View.
10. In the UID column, type testuser. In the PWD column, type password.
11. On the File menu, click Close to close the table.
12. Quit Microsoft Access.

Sorry to be a pain,
Cheers,
Sean
 
D

defraine

Can someone check KB321503 for me please? I have followed, however Step 6,
#4 does not bring me the LOGON page just the secure page again. I think it
something to do with the includes?

Thanks
 
R

Ronx

Have you placed the include file in the _private folder? If so, move to
elsewhere. It is possible that it is not being included in the secure
page because the permissions on the _private folder prevent it being
read.

Change the link in the secure page
<!--#include virtual="/logon/_private/logon.inc"-->
to suit the new location.

Do the same with all files the article says to place in the _private
folder.
--
Ron Symonds - Microsoft MVP (FrontPage)
Reply only to group - emails will be deleted unread.

http://www.rxs-enterprises.org/fp
 
D

defraine

Ronx,

Nope, I swear it is something easy and I am just being a muppet, you can
name which one!

When it says 'in the root folder of your logon Web' does that mean in the
top level web or logon subsite?

Currently I have website TEST, in that I have:
Subsite logon
default.asp
secure.asp
unsecure.asp
logon.asp

In Subsite LOGON I have:
logon.inc
logon.mdb

I have updated the include statements in logon.inc and .asp.

Help!
Cheers
 
R

Ronx

'in the root folder of your logon Web' means in the logon subweb.

In test you should have:
A default page with a link to default.asp in logon subweb.
Logon subweb
Other folders and files for the website

In Logon subweb:
All pages described in the article:
Default.asp
Logon.asp
Secure.asp
Unsecure.asp
Logon.inc
A folder named fpdb
fpdb folder contains logon.mdb

Note that you should let FrontPage create the fpdb folder - File->Import
the logon.mdb database and allow FrontPage to place it in the fpdb
folder. This creates the correct permissions for the database to be
secured from unauthorised downloading, and readable/writable by asp
pages.

The include is in secure.asp - logon.inc should not have any included
files.
--
Ron Symonds - Microsoft MVP (FrontPage)
Reply only to group - emails will be deleted unread.

http://www.rxs-enterprises.org/fp
 
D

defraine

OK, I am one last post away from giving up :-(

I am currently following the Frontpage 2000 KB 321503. I only have
Frontpage 2000 at work.

I have a website "test" that just contains index.html This has a link to
default.asp in my sub web "logon".

Sub web logon contains.
default.asp
unsecure.asp
secure.asp
logon.asp
logon.inc

fpdb contains logon.mdb created as instructed.
_private has no files in.

Now I preview default.asp - perfect.
I click on unsecure and get the unsecure page.
I click on secure and get the secure page, but never re-directs to logon.asp
I can't preview logon.asp although the outrput is fine from the preview tab
in page view.

Here is my secure.asp code, include changed from KB - ok?
<% @language="vbscript" %>
<!--#include virtual="/logon/logon.inc"-->
<html>
<head><title>Secure Page</title></head>
<body>
<h3>Secure Page</h3>
<p>You are logged on as:
<%
If Len(Session("UID")) = 0 Then
Response.Write "<b>You are not logged on.</b>"
Else
Response.Write "<b>" & Session("UID") & "</b>"
End If
%>
</p>
<p><a href="default.asp">Back to default</a></p>
</body>
</html>

Here is logon.asp, include again changed from KB - ok?
<% @language="vbscript" %>
<!--#include virtual="/logon/logon.inc"-->
<%
' Was this page posted to?
If UCase(Request.ServerVariables("HTTP_METHOD")) = "POST" Then
' If so, verify the username/password that was entered.
If ComparePassword(Request("UID"),Request("PWD")) Then
' If comparison was good, store the user name...
Session("UID") = Request("UID")
' ..and redirect back to the original page.
Response.Redirect Session("REFERRER")
End If
End If
%>
<html>
<head><title>Logon Page</title>
<style>
body { font-family: arial, helvetica }
table { background-color: #cccccc; font-size: 9pt; padding: 3px }
td { color: #000000; background-color: #cccccc; border-width: 0px }
th { color: #ffffff; background-color: #0000cc; border-width: 0px }
</style>
</head>
<body bgcolor="#000000" text="#ffffff">
<h3 align="center"> </h3>
<div align="center"><center>
<form action="<%=LOGON_PAGE%>" method="POST">
<table border="2" cellpadding="2" cellspacing="2">
<tr>
<th colspan="4" align="left">Enter User Name and Password</th>
</tr>
<tr>
<td> </td>
<td colspan="2" align="left">Please type your user name and password.</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="left">Site</td>
<td align="left"><%=Request.ServerVariables("SERVER_NAME")%> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="left">User Name</td>
<td align="left"><input name="UID" type="text" size="20"></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="left">Password</td>
<td align="left"><input name="PWD" type="password" size="20"></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td colspan="2" align="center"><input type="submit" value="LOGON"></td>
<td> </td>
</tr>
</table>
</form>
</center></div>
</body>
</html>

This is logon.inc, references in here also needed changing - ok?
<%
' Do not cache this page.
Response.CacheControl = "no-cache"

' Define the name of the users table.
Const USERS_TABLE = "tblUsers"
' Define the path to the logon page.
Const LOGON_PAGE = "/logon/logon.asp"
' Define the path to the logon database.
Const MDB_URL = "/logon/fpdb/logon.mdb"

' Check to see whether you have a current user name.
If Len(Session("UID")) = 0 Then
' Are you currently on the logon page?
If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
' If not, set a session variable for the page that made the request...
Session("REFERRER") = Request.ServerVariables("URL")
' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE
End If
End If

' This function checks for a username/password combination.
Function ComparePassword(UID,PWD)
' Define your variables.
Dim strSQL, objCN, objRS
' Set up your SQL string.
strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (UID='" & ParseText(UID) & _
"' AND PWD='" & ParseText(PWD) & "');"
' Create a database connection object.
Set objCN = Server.CreateObject("ADODB.Connection")
' Open the database connection object.
objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _
Server.MapPath(MDB_URL) & "; uid=admin; pwd="
' Run the database query.
Set objRS = objCN.Execute(strSQL)
' Set the status to true/false for the database lookup.
ComparePassword = Not(objRS.EOF)
' Close your database objects.
Set objRS = Nothing
Set objCN = Nothing
End Function

' This function restricts text to alpha-numeric data only.
Function ParseText(TXT)
Dim intPos, strText, intText
For intPos = 1 TO Len(TXT)
intText = Asc(Mid(TXT,intPos,1))
If (intText > 47 And intText < 58) Or _
(intText > 64 And intText < 91) Or _
(intText > 96 And intText < 123) Then
strText = strText & Mid(TXT,intPos,1)
End if
Next
ParseText = strText
End Function
%>

So basically my example never loads the logon.asp page, I can click between
the default, secure and unsecure pages, but never get to use the logon page
to check testuser and password.

Help please, if not too much trouble, could you try following the KB and see
if it works for you?

All I want to do is password protect 1 page :-(

Thanks again
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top