Forums
This topic is locked
Log In Server Behavior Problems
Posted 22 Mar 2002 18:33:41
1
has voted
22 Mar 2002 18:33:41 Aegis Kleais posted:
I know I'm new to UD4, however, despite my learning ASP and such, I'm able to use most of UD4's many features without problem. However, I have a place where I use the LOG IN server behavior to log a person into a restricted area.My current thought was to do it like this:
Give them a URL, ie:
www.page.com/secure.asp?id=232
And the ID would load the Record of their information.
But then it occured to me, that someone who logged in (another account) could just chage the "232" to a different number and if they found a valid one, they would be seeing someone elses private information.
So I have 2 questions here....
I want to do something like this: Create a field in the database that I call LOCK and give it a long random string like:
sdhf348r7sdvhkas8d7foefkjh4398t7ysdlkn34o8478osdyf
Then I give people an address of:
www.page.com/secure.asp?id=232?lock=sdhf348r7sdvhkas8d7foefkjh4398t7ysdlkn34o8478osdyf
So this means that they would have to not only get the ID number correct, but the LONG lock code as well. The only problem is that I don't think I can use the SIMPLE Query Builder when defining a recordset. I have to use the advanced one, and it shows something like:
SELECT *
FROM DSNConnection
WHERE id = 'MMColParam'
( MMColParam = Request.QueryString("id" )
So If I make MMColParam2 = Request.QueryString("lock" how do I add on some "AND WHERE lock = 'MMColParam2'" phrase to my SQL Query?
-------------------------------------------------------------------------------------
My other question had to do with loggin in using the LOG IN Server Behavior.
I need to know how people send the USERNAME of a USERNAME/PASSWORD login system upon successful verification.
I Thought I would Request a form value from whatever the user supplied in the USERNAME box, and then when defining the LOG IN server behavior, upon successful verification it would goto "secure.asp?username=<%= Request.Form("username" %>"
But when I press OK to get back to the webpage, I get loads of ASP code put into the design view. SO I know something went wrong. If I've done a good enough job of explaining what I need, I look forward to hearing your answers!
Replies
Replied 23 Mar 2002 01:24:44
23 Mar 2002 01:24:44 Dennis van Galen replied:
ok, here's a UDev rule, don't paste asp code in a visual editor as you did, you saw the result.
you did this:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>I Thought I would Request a form value from whatever the user supplied in the USERNAME box, and then when defining the LOG IN server behavior, upon successful verification it would goto "secure.asp?username=<%= Request.Form("username" %>"<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
the idea is correct, now do it again but leave out the <% Request....%> and after clicking ok switch to code view, now find the code that redirects you to "secure.asp?username=" and paste the <% Request.Form("username" %> behind the "=" sign and now try it out.
For the other thingy try:
SELECT *
FROM DSNConnection
WHERE id = 'MMColParam' AND lock = 'MMColParam2'
The simple mode is just to get a quick select from where order by statement, you will find yourself using it for that and quickly ending up in advanced where i spend most my time, if i'm not rewriting the codes or attempting to anyway <img src=../images/dmxzone/forum/icon_smile_wink.gif border=0 align=middle>
With kind regards,
Dennis van Galen
Webmaster KPN Services
Financial and Information Services
you did this:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>I Thought I would Request a form value from whatever the user supplied in the USERNAME box, and then when defining the LOG IN server behavior, upon successful verification it would goto "secure.asp?username=<%= Request.Form("username" %>"<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
the idea is correct, now do it again but leave out the <% Request....%> and after clicking ok switch to code view, now find the code that redirects you to "secure.asp?username=" and paste the <% Request.Form("username" %> behind the "=" sign and now try it out.
For the other thingy try:
SELECT *
FROM DSNConnection
WHERE id = 'MMColParam' AND lock = 'MMColParam2'
The simple mode is just to get a quick select from where order by statement, you will find yourself using it for that and quickly ending up in advanced where i spend most my time, if i'm not rewriting the codes or attempting to anyway <img src=../images/dmxzone/forum/icon_smile_wink.gif border=0 align=middle>
With kind regards,
Dennis van Galen
Webmaster KPN Services
Financial and Information Services
Replied 23 Mar 2002 03:43:12
23 Mar 2002 03:43:12 Aegis Kleais replied:
I made the following:
SELECT *
FROM DSNConnection
WHERE id = 'MMColParam' AND lock = 'MMColParam2'
-------------------------------------------------
MMColParam ----- Runtime value of 1 --- Request.QueryString("id"
MMColParam2 ---- Runtime value of 1 --- Request.QueryString("lock"
And I get a MS ODBC Data Mismatch Error.
ID is a MS Access Autonumber and LOCK is a MEMO
As for the "Don't paste code into the visual editor", is there any reason not to? Does UD4 just spaz out by design when I do that, but works fine when you cut and paste it?
My thanks for your help. It's really gettin me out of a pickle.
SELECT *
FROM DSNConnection
WHERE id = 'MMColParam' AND lock = 'MMColParam2'
-------------------------------------------------
MMColParam ----- Runtime value of 1 --- Request.QueryString("id"
MMColParam2 ---- Runtime value of 1 --- Request.QueryString("lock"
And I get a MS ODBC Data Mismatch Error.
ID is a MS Access Autonumber and LOCK is a MEMO
As for the "Don't paste code into the visual editor", is there any reason not to? Does UD4 just spaz out by design when I do that, but works fine when you cut and paste it?
My thanks for your help. It's really gettin me out of a pickle.