Need Help with Login and Restrict Access To Page Server Behavior in Dreamwaver MX
Does any one have a link to very detailed instructions (with pictures if possible) on how to create a login in Dreamweaver MX that uses the Username, Password and Access Level. I need to control access to a bunch of web pages on my site. The Access Level is going to be set to just 2 levels, either 1 – for Admin level or 2 for Non-Admin Level.
When I go to a web page (like for instance one where users can insert records into a table) and in Dreamweaver for that specific page I try to set a Server Behavior to Restrict Access To Page, and I select to Restrict based on Username, Password and Access Level. Then I type in 2 levels (1 and 2). Then I select a page to go to if access is denied. The page is called ADMIN_ACCESS_DENIED.asp Then I click the OK button and then the following error or warning message appears:
You have selected a security method of Username, Password and Access Level. Either the log in page does not have this security method selected or no user log in page has been defined. Define a log in page using the Log In User server behavior.
Then I click the OK button on the message, which goes away. I check the code for the page and Dreamweaver generates the following code:
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="1"
MM_authFailedURL="../../ADMIN_ACCESS_DENIED.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
I do have a log in page that I use called ISSALOGIN.asp. Here is the code for my log in page:
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/sar.asp" -->
<%
Dim rsCurrentUser__MMColParam
rsCurrentUser__MMColParam = "1"
If (Request.QueryString("User_Name") <> "") Then
rsCurrentUser__MMColParam = Request.QueryString("User_Name")
End If
%>
<%
Dim rsCurrentUser
Dim rsCurrentUser_numRows
Set rsCurrentUser = Server.CreateObject("ADODB.Recordset")
rsCurrentUser.ActiveConnection = MM_sar_STRING
rsCurrentUser.Source = "SELECT Password, User_Name FROM dbo.Users WHERE User_Name = '" + Replace(rsCurrentUser__MMColParam, "'", "''") + "'"
rsCurrentUser.CursorType = 0
rsCurrentUser.CursorLocation = 2
rsCurrentUser.LockType = 1
rsCurrentUser.Open()
rsCurrentUser_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Request.QueryString
MM_valUsername=CStr(Request.Form("User_Name"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
'MM_redirectLoginSuccess="view.htm"
MM_redirectLoginSuccess="SARTSISSA/images/indexframeset.htm"
MM_redirectLoginFailed="GetLOGIN.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_sar_STRING
MM_rsUser.Source = "SELECT User_Name, Password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM dbo.Users WHERE User_Name='" & Replace(MM_valUsername,"'","''") &"' AND Password='" & Replace(Request.Form("Password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<html>
<head>
<title>LogIn</title>
<meta http-equiv="Content-Type" content="text/html; charset="iso"-8859-1">
</head>
<body class="sub">
<br>
<form ACTION="<%=MM_LoginAction%>" method="POST" name="Login" id="Login">
<table width="87%" border="1" cellpadding="1" cellspacing="0" bordercolor="#CCCCCC" bgcolor="#BBD7FF" class="TitleColor">
<tr style="vertical-align: top">
<td height="223"> <table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr class="HeaderColor">
<td colspan="2" style="vertical-align: top"> <h3><font face="Arial, Helvetica, sans-serif">SARTS
Library Access Sign In</font></h3></td>
</tr>
<tr style="vertical-align: top">
<td width="32%" class="TitleColor"> <label for="username"><strong><font face="Arial, Helvetica, sans-serif">User
Name</font></strong></label> <br> <input name="User_Name" type="text" id="User_Name" size="25">
<p> </p>
<label for="password"><strong><font face="Arial, Helvetica, sans-serif">User
Password</font></strong></label> <br> <input name="Password" type="Password" id="Password" size="25">
<p>
<input type="submit" name="ButtonName" value="Enter">
<input type="reset" name="Reset" value="Reset">
</p></td>
<td width="68%" class="StoryContentColor"> <h4><font face="Arial, Helvetica, sans-serif">Instructions:</font></h4>
<p> <font size="-1" face="Arial, Helvetica, sans-serif">Please use
your first letter of first name and full lastname as user name(for
example - WSmith). <br>
If you are not a current registered user you will be forwarded
to the login registration page to register for access.</font></p></td>
</tr>
</table></td>
</tr>
</table>
</form>
</body>
</html>
<%
rsCurrentUser.Close()
Set rsCurrentUser = Nothing
%>
I noticed in my login page called ISSALOGIN.asp that I do not have the field called ‘Access_Level’ in my SQL query which is found in a table called ‘Users’. How do I add the ‘Access_Level’ to the code for the ISSALOGIN.asp page? What would be the syntax?
Also, what am I doing wrong that I keep getting that error message I mentioned above (You have selected a security method of Username, Password …) when I try to generate the Server Behavior to Restrict Access To Page? Is the code on the page that I need to restrict access to looking for a reference to the login page called ISSALOGIN.asp?
Any help on this matter would be greatly appreciated.
Thank you,
Cheryl D.
Comments
Be the first to write a comment
You must me logged in to write a comment.