Your security should be based on a combination of checking against a list of
users in a table, and then a Session variable, which is checked on all the
pages you want to protect. You could do something along the lines of this:
Login.asp:
<%
Dim UserName
Dim Password
UserName = Request.Form("Username")
Password = Request.Form("Password")
If Len(UserName) > 0 Then
msql = ("SELECT Username, Pw FROM users WHERE Usuario='" & UserName & "'
AND Pw='" & Password & "'")
Set RS = Conn.Execute(msql)
If RS.EOF Then
ErrorMessage = "<P><font color=""red"">Usuario o contraseña
incorrecto</font></P>"
RS.Close
Conn.Close
Set RS = Nothing
Set Conn = Nothing
Else
RS.Close
Conn.Close
Set RS = Nothing
Set Conn = Nothing
Session("SecurityID") = "askljhsdfvljhdsfgkjlh3tkljasdlkskuh"
Response.redirect "yourpage.asp"
End If
End If
%>
<Form Method="Post" Action="login.asp">
User name: <Input Name="Username" size="15"><br>
Password: <Input Type="Password" Name="Password" size="15"><br>
<Input Type="submit" Value="Enter" Name="Login">
</Form>
(If you wan't more security, you should another function which generates
random Session variables for each user.)
On yourpage.asp (and any other page you want to protect, you should add the
following code at the top:
<%
If Session("SecurityID") <> "askljhsdfvljhdsfgkjlh3tkljasdlkskuh" Then
Response.Redirect "editweb.asp"
End If
%>
If you want any further assistance do not hestitate to contact me.
Cheers,
Trym Bagger
www.lacanela.com