Access Restriction with Classic ASP

Asked

Viewed 98 times

0

I am placing a restriction of access clause.

I created a table with people who can access, my intention is that those who can access are directed to the page and those who cannot be directed to another

But there’s something wrong

usuario = right(Request.servervariables("LOGON_USER"),7)

set RSUSER = conexao.execute("SELECT usuario FROM tabela ")


if usuario = RSUSER("usuario") 
    then response.redirect("../index.asp")
    else 
    response.redirect("acesso_restrito.asp")
}
asp access-control

  • I believe a WHERE clause is missing: "SELECT usuario FROM tabela WHERE usuario = '"& usuario &"'"

  • I guess that’s not it, as I will not display specific user data. I want to see if the user is listed in the table and if it is listed it can go to a certain page.

  • Without using WHERE vc will select the whole table.

2 answers

1

I believe that you should check whether the user is contained in the table or not, rather than only consisting of the query return. I am considering that there is a LOGIN field in the table. If it is another field, only use in WHERE. Example:

usuario = right(Request.servervariables("LOGON_USER"),7)
set RSUSER = conexao.execute("SELECT TOP 1 1 FROM tabela WHERE login = " & usuario )
'aqui verifico se contém retorno. Se sim, significa que o usuário está na tabela em quetão.
if not RSUSER.EOF then 
    response.redirect("../index.asp")
else 
    response.redirect("acesso_restrito.asp")
end if

conexao.close()

  • so... no login, is the windows login itself that is open on the computer, but the person does not pass a form to log in

  • No problem. But you will hit your variable "user" with some information in the table "table". Right? Doing as I described will work. In your IF you had consisted of "user = RSUSER("user")". It means that the "user" field of your table contains the possible information returned in your user variable. Right?

0

I got it! In fact, all that was missing was a loop to go through the entire table records.

  • 1

    Edit your answer and put the complete code of your solution that worked. This will help other users who might have the same question as yours.

Browser other questions tagged asp access-control

You are not signed in. Login or sign up in order to post.