restrict access to page based on querystring value

TheMSsForum.com: The Microsoft Software Forum

Hi there, I've got the standard Dreamweaver restrict access to page behaviour
below â??

<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="1,2,3"
MM_authFailedURL="index.asp"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
(InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
MM_grantAccess = true
End If
End If
If Not MM_grantAccess Then
MM_qsChar = "?"
If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
MM_referrer = Request.ServerVariables("URL")
if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QueryString()
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)
Response.Redirect(MM_authFailedURL)
End If
%>
It restricts access to the page based upon the following values â??

MM_Username
MM_UserAuthorization

I believe that is checking to see whether MM_Username exists and if so
checking to see if the MM_UserAuthorization value is either 1, 2 or 3

I the event that both exist access is granted, in the event that one or
neither exist it redirects the user to MM_authFailedURL (index.asp)

What I would like to do is build a similar behaviour, but that only checks
one value, so instead of checking MM_Username & MM_UserAuthorization it
checks to see whether the variable ACC (which is sent through
Request.QueryString) equals either â??

Occ User
Reg User
Reg User5
Reg User10
Multi User

And in the event that ACC as one of the values above Access is granted, in
the event that this is not the case the user is redirected to info.asp.



Any ideas on how to do this would be great -

Thanks
Top

Re: restrict access to page based on querystring value by Brynn

Brynn
Sat Feb 23 08:39:48 CST 2008

I use straight C# web apps with ajax, xml, blah blah blah now.

But when I used ASP VBScript a great site to pick up quick code and
really easy place to learn was ASP101.com

Here is a link to a sample login script using classic asp.
http://asp101.com/samples/login.asp

Spend one night on ASP101.com, and you'll pick up a ton on their
http://asp101.com/samples page.

Hope that helps,
Brynn

P.S.
If you are going to do be doing web apps long term, I recommend
picking up some ASP.net.
Top

Re: restrict access to page based on querystring value by GTN170777

GTN170777
Mon Feb 25 10:39:00 CST 2008

Hi Brynn,

Thanks for the link, useful site,..

I have tried playing with the code a little and had put the following
together --

<%
If Request.QueryString("ACC") NOT LIKE '%User%' Then
Response.Redirect("info.asp")
end if
%>

Hoping that this would only display the existing page if the variable ACC
contains User....

When I test it, it looks like NOT LIKE does not work, as this is the error i
get....


Microsoft VBScript compilation error '800a03f9'

Expected 'Then'

/employer/register.asp, line 6

If Request.QueryString("ACC") NOT LIKE '%User%' Then


Any ideas?? |Many thanks





"Brynn" wrote:

> I use straight C# web apps with ajax, xml, blah blah blah now.
>
> But when I used ASP VBScript a great site to pick up quick code and
> really easy place to learn was ASP101.com
>
> Here is a link to a sample login script using classic asp.
> http://asp101.com/samples/login.asp
>
> Spend one night on ASP101.com, and you'll pick up a ton on their
> http://asp101.com/samples page.
>
> Hope that helps,
> Brynn
>
> P.S.
> If you are going to do be doing web apps long term, I recommend
> picking up some ASP.net.
>
Top

Re: restrict access to page based on querystring value by Bob

Bob
Mon Feb 25 10:58:57 CST 2008

GTN170777 wrote:
> Hi Brynn,
>
> Thanks for the link, useful site,..
>
> I have tried playing with the code a little and had put the following
> together --
>
> <%
> If Request.QueryString("ACC") NOT LIKE '%User%' Then
vbscript <> sql

You have the option of using regex or Instr. Here is how it would look
with Instr:
dim acc
acc = Request.QueryString("ACC")
if Instr(acc, "User") > 0 then

Don't forget, Instr is case-sensitive. If you don't want case to be a
factor:
if Instr(lcase(acc), "user") > 0 then


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


Top

Re: restrict access to page based on querystring value by GTN170777

GTN170777
Mon Feb 25 11:11:09 CST 2008

Spot on again Bob, thanks

"Bob Barrows [MVP]" wrote:

> GTN170777 wrote:
> > Hi Brynn,
> >
> > Thanks for the link, useful site,..
> >
> > I have tried playing with the code a little and had put the following
> > together --
> >
> > <%
> > If Request.QueryString("ACC") NOT LIKE '%User%' Then
> vbscript <> sql
>
> You have the option of using regex or Instr. Here is how it would look
> with Instr:
> dim acc
> acc = Request.QueryString("ACC")
> if Instr(acc, "User") > 0 then
>
> Don't forget, Instr is case-sensitive. If you don't want case to be a
> factor:
> if Instr(lcase(acc), "user") > 0 then
>
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
>
>
>
Top

Re: restrict access to page based on querystring value by Evertjan

Evertjan
Mon Feb 25 16:26:02 CST 2008

=?Utf-8?B?R1ROMTcwNzc3?= wrote on 25 feb 2008 in
microsoft.public.inetserver.asp.general:

> <%
> If Request.QueryString("ACC") NOT LIKE '%User%' Then

VBS does not understand apostrophed strings as litteral strings.

So this line will show an compilation error.


--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Top