Two methods of page limit access in ASP

Access | page

When you design a Web page, you often experience certain pages with restricted access. For example, some products of a company are only allowed to be browsed by one or some suppliers or customers. So how do we achieve this? In this paper, the author will introduce several methods to restrict the client's access rights.

In general, we face three situations in the design process: a page that only allows a user to browse, a page that only allows some users to browse and some pages only to allow certain users to browse. The first situation is very simple, the author no longer described, the following will be a detailed description of the latter two types of design methods.

　　One, one page allows only some users to browse

The customer's information is saved in the database and is allowed to be accessed by retrieving the name and password entered by the customer in the database.
protect.asp File Limit access page

〈html〉〈head〉〈title〉 Sadie homepage 〈/title〉〈/head〉〈body bgcolor= "#00FFFF"

Here you can enter additional content for this page

〈form action= "protect.asp" method= "POST"

Please enter your name:

〈input type= "text" name= "text"

Please enter the password: 〈input type= "password" size= "Name="

〈input type= "Submit" Name= "B1" value= "Query" 〉〈/p〉〈/form〉

〈%set conn=server.createobject ("Adodb.connection")

Conn.Open "Asptest"

′asptest is the name of the database where the form permission where the customer information resides

sql1= "Selectfrom permission where xm= '" &&request.form ("text") && "' and Mima= '" && Request.Form ("password") && "'"

Set Rs=conn.execute (SQL1)%〉

If the name and password entered by the customer are present in the database, hyperlinks to the page product.asp are displayed

〈% if not rs.eof then%〉〈a href= "Product.asp" the company's products 〈/a〉

〈%end if%〉〈/body〉〈/html〉

　　 second, some of the pages to allow only some users to browse

We can design a login page register.asp, if the customer is not logged in, in the access to each of the restrictions on the page to force customers to first access the page register.asp implementation login. Automatically return to the page you just visited after successfully logging in. We can use cookies and session two ways to achieve.

1. Use cookies to achieve

If the customer has already logged in, the login information is recorded in the client's cookies, and the client can then browse directly to other restricted access pages.

Register.asp

〈% if Request.Form ("B1") = "Submit" Then

Set Conn=server.createobject ("Adodb.connection")

Conn.Open "Asptest"

Sql1= "SELECT * from permission where xm= '" &&request.form ("name") && "' and Mima= '" && Request.Form ("password") && "'"

Set Rs=conn.execute (SQL1)

If not rs.eof then

Response.Cookies ("register") = "true"

Rs.close

Conn.close

End If

If the user's information is present in the database, record the user's successful login mark into the cookie

End if%〉

〈html〉〈head〉〈/head〉

〈body bgcolor= "#c0c0c0"

〈p align= "center" 〉〈big〉〈big〉〈big〉 Dear customer, please login! 〈/big〉〈/big〉〈/big〉〈/p〉〈hr〉

〈form action= "Register.asp" method= "Post" Name= "Form1"

〈div align= "Center" 〉〈p〉 Name:

〈input name= "name" size= "13" 〉〈/p〉

〈p〉 Password: 〈input name= "Password"

Size= "type=" "Password" 〉〈/p〉〈/div〉

〈div align= "right" 〉〈input type= "Submit" Name= "B1" value= "submitted" 〉〈/div〉〈/form〉〈/body〉〈/html〉

protect.asp File Limit access page

〈%if request.cookies ("register") 〈〉 "true" then

Response.Redirect "Register.asp"

End if%〉

If the customer is not logged in, force the customer to log in

〈html〉〈head〉〈/head〉

〈body bgcolor= "#00FFFF"

This is the content of the page that needs to be protected

〈/body〉〈/html〉

2. Implement with session

Session is a user-level global variable, we will log the customer successfully logged into the session, users can directly browse other restricted access to the page.

Global.asp

〈script Language=vbscript runat=server〉

Sub Session_OnStart

Session ("register") = "false"

It records the customer's successful login information

Session ("Lognumber") =0

The number of times a customer attempts to log on is recorded, up to three attempts are allowed

Session ("prescript") = ""

The page is recorded by the customer to be accessed so that the page can be returned after logging in

End Sub

〈/script〉

Register.asp

〈% if Request.Form ("B1") = "Submit" Then

Set

Conn=server.createobject ("Adodb.connection")

Conn.Open "Asptest"

Sql1= "SELECT * from permission where xm= '" &&request.form ("name") && "' and Mima= '" && Request.Form ("password") && "'"

Set Rs=conn.execute (SQL1)

If not rs.eof then

Session ("register") = "true"

If the user's information is present in the database, record the user's successful login mark to the Register variable

Rs.close

Conn.close

Response.Redirect session ("Prescript")

To automatically return to the page you have just visited after successful login

End If

If session ("Lognumber") 〈3 Then

Session ("lognumber") =

Session ("Lognumber") +1

Response.Redirect "Register.asp"

Else

Response.Redirect "Sorry.asp"

End If

It allows you to attempt to log on three times, and if none succeeds, disable access and display the page at the same time sorry.asp

End if%〉

〈html〉〈head〉〈/head〉

〈body bgcolor= "#c0c0c0"

〈p align= "center" 〉〈big〉〈big〉

〈marquee align= "Middle"

Behavior= "Alternate" welcome you to visit, please login first! 〈/marquee〉〈br〉

〈%if session ("Lognumber") 〉0 then%〉

Wrong input! Please re-enter your name and password!

〈% End if%〉

〈/big〉〈/big〉〈/p〉〈hr〉

〈form action= "Register.asp" method= "Post" Name= "Form1"

〈div align= "Center" 〉〈p〉 Name:

〈input name= "name" size= "13" 〉〈/p〉

〈p〉 Password: 〈input name= "Password"

Size= "type=" "Password" 〉〈/p〉〈/div〉

〈div align= "right" 〉〈input type= "Submit" Name= "B1" value= "submitted"

〈/div〉〈/form〉〈/body〉〈/html〉

protect.asp File Limit access page

〈% If session ("register") 〈〉 "true" then

Session ("prescript") =

Request.ServerVariables ("Script_name")

Response.Redirect "Register.asp"

End if%〉

It records the path of the page to the Prescript variable and forces the customer to log in

〈html〉〈head〉

〈meta http-equiv= "Content-type"

Content= "text/html; Charset=gb_2312-80 "〉〈/head〉

〈body bgcolor= "#00FFFF"

Here you can enter a script for other content on this page

〈/body〉〈/html〉

These methods can be used flexibly by the designers according to the needs of the system.