How can you create "two different password-protected Web pages" by using FrontPage?

B

Beefminator

How can you create "two different password-protected Web pages" by
using FrontPage?

Provided by Microsoft support page, I followed the following
instructions on how to "password protect" webpages:
http://support.microsoft.com/default.aspx?scid=kb;en-us;825498
This support webpage was very effective.

Within in a web directory, is there a way to have two seperate
password-protected Web pages?

In other words, I would like to create a whole another seperate
username/passwords access database.

Thanks,
Jason
 
T

Tom [Pepper] Willett

Create a separate subweb.
--
===
Tom [Pepper] Willett
Microsoft MVP - FrontPage
---
FrontPage Support:
http://www.frontpagemvps.com/
About FrontPage 2003:
http://office.microsoft.com/home/office.aspx?assetid=FX01085802
===
| How can you create "two different password-protected Web pages" by
| using FrontPage?
|
| Provided by Microsoft support page, I followed the following
| instructions on how to "password protect" webpages:
| http://support.microsoft.com/default.aspx?scid=kb;en-us;825498
| This support webpage was very effective.
|
| Within in a web directory, is there a way to have two seperate
| password-protected Web pages?
|
| In other words, I would like to create a whole another seperate
| username/passwords access database.
|
| Thanks,
| Jason
|
 
B

Beefminator

Hey Tom! Thanks for the quick response.

I tried creating two seperatte subwebs, but I still have a security
issue. I created an example case of my security issue:

I have two seperate secure webpages, each has it own username/password
access database:

First one is....
http://walkhere.com/logon/passwordprotect.asp
username: dick
password: password1

Second one...
http://walkhere.com/logon2/passwordprotect.asp
username: jane
password: password2

If Dick tries to log into
http://walkhere.com/logon2/passwordprotect.asp, then he would
failed.However Dick can get around it, he can first log into
http://walkhere.com/logon/passwordprotect.asp and then go to
http://walkhere.com/logon2/passwordprotect.asp (because he's already
logged in).

Even after he logged in, I never want Dick accessing
http://walkhere.com/logon2/passwordprotect.asp.

What am I doing wrong in setting up the password protected web pages?
 
T

Thomas A. Rowe

You have to change the name of variable that you are testing to see if the user is logged in.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
B

Beefminator

What do you mean by "change the name of variable" ?

Forgive me Tom, I am not very good at Frontpage. Thanks for putting up
with me.
 
T

Thomas A. Rowe

If the variable that is use to check if the user is logged in is:

If Authenticated = 0 Then
Response.Redirect "Login.asp"
End if

In this case if "Authenticated = 1" then the user is allowed access to the pages with this code,
otherwise they are redirected to the login page.

Now you want to have a separate login test, then you need to rename "Authenticated" to something
different, such as "Authenticated2" for those set of pages.

Also, ASP sessions do not cross FP subwebs, so if you have the login for each set of page in their
own unique subweb with a unique database, then you wouldn't have to change anything.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
B

Beefminator

hmmmmm...you said to change "Authenticated" to something like
"Authenticated2".. where exactly do I make the change? The logon.asp or
in the text file "logon.inc"?

I don't blame you if you give up on me.
 
T

Thomas A. Rowe

I am guess that it would be the logon.inc file for the specific folder / subweb.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
B

Beefminator

This is what logon.inc looks like, this is for the 2nd subweb. Where
should I make the change?

<%
' Do not cache this page.
Response.CacheControl = "no-cache"

' Define the name of the users table.
Const USERS_TABLE = "tblUsers"
' Define the path to the logon page.
Const LOGON_PAGE = "/logon2/logon.asp"
' Define the path to the logon database.
Const MDB_URL = "/logon2/_private/logon.mdb"

' Check to see whether you have a current user name.
If Len(Session("UID")) = 0 Then
' Are you currently on the logon page?
If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
' If not, set a session variable for the page that made the
request...
Session("REFERRER") = Request.ServerVariables("URL")
' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE
End If
End If

' This function checks for a username/password combination.
Function ComparePassword(UID,PWD)
' Define your variables.
Dim strSQL, objCN, objRS
' Set up your SQL string.
strSQL = "SELECT * FROM " & USERS_TABLE & _
" WHERE (UID='" & ParseText(UID) & _
"' AND PWD='" & ParseText(PWD) & "');"
' Create a database connection object.
Set objCN = Server.CreateObject("ADODB.Connection")
' Open the database connection object.
objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _
Server.MapPath(MDB_URL) & "; uid=admin; pwd="
' Run the database query.
Set objRS = objCN.Execute(strSQL)
' Set the status to true/false for the database lookup.
ComparePassword = Not(objRS.EOF)
' Close your database objects.
Set objRS = Nothing
Set objCN = Nothing
End Function

' This function restricts text to alpha-numeric data only.
Function ParseText(TXT)
Dim intPos, strText, intText
For intPos = 1 TO Len(TXT)
intText = Asc(Mid(TXT,intPos,1))
If (intText > 47 And intText < 58) Or _
(intText > 64 And intText < 91) Or _
(intText > 96 And intText < 123) Then
strText = strText & Mid(TXT,intPos,1)
End if
Next
ParseText = strText
End Function
%>
 
T

Thomas A. Rowe

If you have individual subwebs and databases, then it should not be possible for one user to log in
to one subweb and then access another subweb without having to log in again.

However because of the way the script is written, I can see how this is happening. Also the database
need to be stored in the fpdb folder, which has specific permissions to protect the database, not
the _private folder.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
B

Beefminator

I am having a hard time creating subwebs. Is there some special setup
that the web client allows for this to happen?
 
T

Thomas A. Rowe

Open the site (root web) directly in FP, then create a folder, then select the folder, right click
and select convert to subweb / site.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
B

Beefminator

Thanks Tom

I tried this earlier today but I didn't have permission.

I just contacted web host server, they are converting the folders to
subwebs as we speak.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top