restrict access to page based on querystring value

G

GTN170777

Hi there, I've got the standard Dreamweaver restrict access to page behaviour
below –

<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="1,2,3"
MM_authFailedURL="index.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
It restricts access to the page based upon the following values –

MM_Username
MM_UserAuthorization

I believe that is checking to see whether MM_Username exists and if so
checking to see if the MM_UserAuthorization value is either 1, 2 or 3

I the event that both exist access is granted, in the event that one or
neither exist it redirects the user to MM_authFailedURL (index.asp)

What I would like to do is build a similar behaviour, but that only checks
one value, so instead of checking MM_Username & MM_UserAuthorization it
checks to see whether the variable ACC (which is sent through
Request.QueryString) equals either –

Occ User
Reg User
Reg User5
Reg User10
Multi User

And in the event that ACC as one of the values above Access is granted, in
the event that this is not the case the user is redirected to info.asp.



Any ideas on how to do this would be great -

Thanks
 
B

Brynn

I use straight C# web apps with ajax, xml, blah blah blah now.

But when I used ASP VBScript a great site to pick up quick code and
really easy place to learn was ASP101.com

Here is a link to a sample login script using classic asp.
http://asp101.com/samples/login.asp

Spend one night on ASP101.com, and you'll pick up a ton on their
http://asp101.com/samples page.

Hope that helps,
Brynn

P.S.
If you are going to do be doing web apps long term, I recommend
picking up some ASP.net.
 
G

GTN170777

Hi Brynn,

Thanks for the link, useful site,..

I have tried playing with the code a little and had put the following
together --

<%
If Request.QueryString("ACC") NOT LIKE '%User%' Then
Response.Redirect("info.asp")
end if
%>

Hoping that this would only display the existing page if the variable ACC
contains User....

When I test it, it looks like NOT LIKE does not work, as this is the error i
get....


Microsoft VBScript compilation error '800a03f9'

Expected 'Then'

/employer/register.asp, line 6

If Request.QueryString("ACC") NOT LIKE '%User%' Then


Any ideas?? |Many thanks
 
B

Bob Barrows [MVP]

GTN170777 said:
Hi Brynn,

Thanks for the link, useful site,..

I have tried playing with the code a little and had put the following
together --

<%
If Request.QueryString("ACC") NOT LIKE '%User%' Then
vbscript <> sql

You have the option of using regex or Instr. Here is how it would look
with Instr:
dim acc
acc = Request.QueryString("ACC")
if Instr(acc, "User") > 0 then

Don't forget, Instr is case-sensitive. If you don't want case to be a
factor:
if Instr(lcase(acc), "user") > 0 then
 
G

GTN170777

Spot on again Bob, thanks

Bob Barrows said:
vbscript <> sql

You have the option of using regex or Instr. Here is how it would look
with Instr:
dim acc
acc = Request.QueryString("ACC")
if Instr(acc, "User") > 0 then

Don't forget, Instr is case-sensitive. If you don't want case to be a
factor:
if Instr(lcase(acc), "user") > 0 then


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
 
E

Evertjan.

=?Utf-8?B?R1ROMTcwNzc3?= wrote on 25 feb 2008 in
microsoft.public.inetserver.asp.general:
<%
If Request.QueryString("ACC") NOT LIKE '%User%' Then

VBS does not understand apostrophed strings as litteral strings.

So this line will show an compilation error.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top