J
John C.
I have a company database which needs to be password protected. I have been
reading that a lot people suggest using the User system built into Access.
My only problem is that I already have a User/Password system on the company
Intranet, which is an ASP web server. I'm using a slightly modified version
of the ASP Login Script. (Found at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;321439)
The database i'm working on needs to have dual level access. For the
average user, they can add data to a data access page. But for management,
they need to have full access.
This is built into the ASP Login. It calls another database with
UserName/Password information as well as "Enabled" and "Admin" check boxes.
If set to "enabled", user has the add data page. If set to "admin", the user
can edit and delete entries. Using the ASP Login on the web page, how do I
get my data access page to varify the username/password/enabled/admin status?
I know it has to be in VB. I tried creating a module in Access that calls
the user authentication function (login.inc) from the ASP Login script. For
the login.inc to work in your asp page on the web all you have to do is
include this at the top of your asp page...
<% @language="vbscript" %>
<!--#include virtual="/logon/_private/logon.inc"-->
Is there some way I can have Access call this?
I'll attach the login.inc page below in case that helps...
---- login.inc ----
%
' Do not cache this page.
Response.CacheControl = "no-cache"
' Define the name of the users table.
Const USERS_TABLE = "tblUsers"
' Define the path to the logon page.
Const LOGON_PAGE = "/logon/logon.asp"
' Define the path to the logout page.
Const LOGOUT_PAGE = "/logon/logout.asp"
' Define the path to the logon database.
Const MDB_URL = "/logon/_private/logon.mdb"
Const dbUserName = "" ' username for db
Const dbPassword = "" ' password for db
' Check to see whether you have a current user name.
If Len(Session("uid")) = 0 Then
' Are you currently on the logon page?
If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("url")) Then
' If not, set a session variable for the page that made the request...
Session("REFERRER") = Request.ServerVariables("url")
' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE
End If
End If
' This function checks for a username/password combination.
Function ComparePassword(uid,pwd)
' Define your variables.
Dim strSQL, objCN, objRS
' Set up your SQL string.
strSQL = "SELECT * FROM " & USERS_TABLE & " WHERE (UID='" & uid & "' AND
PWD='" & pwd & "');"
' Create a database connection object.
Set objCN = Server.CreateObject("ADODB.Connection")
' Open the database connection object.
'objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" &
Server.MapPath(MDB_URL) & "; uid=admin; pwd="
objCN.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" &
Server.MapPath(MDB_URL), dbUserName, dbPassword
' Run the database query.
Set objRS = objCN.Execute(strSQL)
if Not objRS.EOF then
if len(objRS("Admin"))=4 then
Session("admin")="1" ' TRUE or true = 4 it's a little trick
else Session("admin")=Empty
end if
if len(objRS("Enabled"))=4 then
Session("enabled")="1"
else Session("enabled")=Empty
end if
ComparePassword = True
else
ComparePassword = False 'Wrong UID or PWD
end if
' Close your database objects.
Set objRS = Nothing
Set objCN = Nothing
End Function
Function isLogged() ' Function Return True for Logged User, something like
this must called in the begin of each protected asp file.
if Len(Session("uid"))=0 then
isLogged=False
else isLogged=True
end if
End Function
Function logState() ' Function Return String Shows user state in system and
logout text link
If Len(Session("uid")) = 0 Then
Response.Write "<p><b>You are not logged on.</b></p>"
Else
Response.Write "<p>You are logged on as: <b>" & Session("uid") &
"</b> | <a href='" & LOGOUT_PAGE & "'>Logout</a></p>"
End If
End Function
Function isAdmin() 'Function Return True for Admin and Else for other users.
isAdmin=Cbool(Len(Session("admin")))
End function
Function isEnabled() ' Function return True for Enabled users and Else for
others.
isEnabled=CBool(Len(Session("enabled")))
End function
%>
reading that a lot people suggest using the User system built into Access.
My only problem is that I already have a User/Password system on the company
Intranet, which is an ASP web server. I'm using a slightly modified version
of the ASP Login Script. (Found at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;321439)
The database i'm working on needs to have dual level access. For the
average user, they can add data to a data access page. But for management,
they need to have full access.
This is built into the ASP Login. It calls another database with
UserName/Password information as well as "Enabled" and "Admin" check boxes.
If set to "enabled", user has the add data page. If set to "admin", the user
can edit and delete entries. Using the ASP Login on the web page, how do I
get my data access page to varify the username/password/enabled/admin status?
I know it has to be in VB. I tried creating a module in Access that calls
the user authentication function (login.inc) from the ASP Login script. For
the login.inc to work in your asp page on the web all you have to do is
include this at the top of your asp page...
<% @language="vbscript" %>
<!--#include virtual="/logon/_private/logon.inc"-->
Is there some way I can have Access call this?
I'll attach the login.inc page below in case that helps...
---- login.inc ----
%
' Do not cache this page.
Response.CacheControl = "no-cache"
' Define the name of the users table.
Const USERS_TABLE = "tblUsers"
' Define the path to the logon page.
Const LOGON_PAGE = "/logon/logon.asp"
' Define the path to the logout page.
Const LOGOUT_PAGE = "/logon/logout.asp"
' Define the path to the logon database.
Const MDB_URL = "/logon/_private/logon.mdb"
Const dbUserName = "" ' username for db
Const dbPassword = "" ' password for db
' Check to see whether you have a current user name.
If Len(Session("uid")) = 0 Then
' Are you currently on the logon page?
If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("url")) Then
' If not, set a session variable for the page that made the request...
Session("REFERRER") = Request.ServerVariables("url")
' ...and redirect to the logon page.
Response.Redirect LOGON_PAGE
End If
End If
' This function checks for a username/password combination.
Function ComparePassword(uid,pwd)
' Define your variables.
Dim strSQL, objCN, objRS
' Set up your SQL string.
strSQL = "SELECT * FROM " & USERS_TABLE & " WHERE (UID='" & uid & "' AND
PWD='" & pwd & "');"
' Create a database connection object.
Set objCN = Server.CreateObject("ADODB.Connection")
' Open the database connection object.
'objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" &
Server.MapPath(MDB_URL) & "; uid=admin; pwd="
objCN.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" &
Server.MapPath(MDB_URL), dbUserName, dbPassword
' Run the database query.
Set objRS = objCN.Execute(strSQL)
if Not objRS.EOF then
if len(objRS("Admin"))=4 then
Session("admin")="1" ' TRUE or true = 4 it's a little trick
else Session("admin")=Empty
end if
if len(objRS("Enabled"))=4 then
Session("enabled")="1"
else Session("enabled")=Empty
end if
ComparePassword = True
else
ComparePassword = False 'Wrong UID or PWD
end if
' Close your database objects.
Set objRS = Nothing
Set objCN = Nothing
End Function
Function isLogged() ' Function Return True for Logged User, something like
this must called in the begin of each protected asp file.
if Len(Session("uid"))=0 then
isLogged=False
else isLogged=True
end if
End Function
Function logState() ' Function Return String Shows user state in system and
logout text link
If Len(Session("uid")) = 0 Then
Response.Write "<p><b>You are not logged on.</b></p>"
Else
Response.Write "<p>You are logged on as: <b>" & Session("uid") &
"</b> | <a href='" & LOGOUT_PAGE & "'>Logout</a></p>"
End If
End Function
Function isAdmin() 'Function Return True for Admin and Else for other users.
isAdmin=Cbool(Len(Session("admin")))
End function
Function isEnabled() ' Function return True for Enabled users and Else for
others.
isEnabled=CBool(Len(Session("enabled")))
End function
%>