 |
Dear Sir/Madame
I have a problem with my Query in Database
Ex: my table
PageId : Title : Page
1 struture <body> this is my
page using | <img
src="print.jpg">
When i retrieve it to page by using
<%=oRS("page")%> the query printpage.asp?PageID=1 it doesn't run.
Anyone Can help me
Thanks
Vannak
|
|
|
|
 |
|
 |
can you please send this to me?
|
|
|
|
 |
|
 |
You can find the missing page here:
http://www.codeproject.com/asp/IncludeProtection/pages.asp
Just open this link in your browser and save the page by 'File', 'Save As', then name it ("pages.asp"), without the parantheses, and hit Save -button.
|
|
|
|
 |
|
 |
COULD YOU SEND ME THIS FILE PLEASE YOU LL SAFE ME
|
|
|
|
 |
|
 |
Please update the site and/or send me the pages.asp. Also, please fix the navigation problem.... mentioned in an earlier post
|
|
|
|
 |
|
 |
Your missing the pages.asp page. It's not included in the files you can download. Could I get this?
Chris H.
|
|
|
|
 |
|
 |
In the version presented here, the user is lost when he does not know the userid/password. IMHO, you should always be able to get back to where you came from.
Now, the Back arrow loops into the login screen again.
Frans Verbaas
|
|
|
|
 |
|
 |
First, the Pages.asp file is unnecessary. The name of the ASP page being executed is available via Request.ServerVariables("SCRIPT_NAME"). This can then be passed on the request line as ID is now, or stored in a session variable.
Also, it's probably not a good idea to store the password as a cookie. (security breach) It would be better create some unique code which the ASP page can read as "User is successfully loged on", but give no information about the actual password
|
|
|
|
 |
|
 |
Your are right about the pages.asp.
But if the user has cheched the remmember me check box I need to make the logon persistent. How would I know that the user has a valid username and password throught the cookie values?
Thanks for your advice )
|
|
|
|
 |
|
 |
Note that you have two separate checks for UserID & Password; one for the values entered into the form, and one for the cookies. Now, once the person has entered the correct values into the form, you can put anything into the cookie --- the only requirement is that it pass the *other* check, and somehow identify the user.
Let's say that the user information is being stored in a database, with a sequenial id, then we could mathematically altered that number so that it's not obvious (say multiply it by 234) and store that as a cookie. Then we can simply derived that actual ID number from the cookie, and easily spot a forged cookie, all without storing the password locally
|
|
|
|
 |
|
 |
Hi,
on my sites I use the following login-mechanism: after verifying a valid user (userid, pwd) I put his current SessionID in a database. In this database I have informations about the user, his rights and all pages and page groups. When ever the user will open a new page my code checks if the user is logged in (his SessionID is in my database) and if this user has enough rights to see this page.
Well, this way needs also a cookie but this cookie will only include the SessionId, nothing else.
Well, actually I am currently writing on an article for the CodeProject explaing this in detail. Just give me some more time to finish it.
Tom.
|
|
|
|
 |
|
 |
When do you remove a sessionid from the database
|
|
|
|
 |
|
 |
You could do this with on function you call from time to time that checks the last access and to the session (of course you have to store the last access-time in a db-field) and then deletes the entry if the last access-time is too old.
Or you could write a task-sceduled script (vbs, pl, whatever) that does just the same.
Or maybe you could use one of those events in global.asa | | | |