Simple User Access Control in ASP

zhaozj2021-02-16  156

The normal way to pass the parameters between the page of the site is to query the string by the URL, or by setting a hidden domain in the form. The other two popular methods are cookies or use the ASP session variable. In this article, how to use cookie and session variables to manage access to site pages.

Using cookie to track the traditional way to track the visitor access page is to use cookies, cookies is a text file stored on one end of the user. When the user accesses the appropriate domain, these files are sent to the server. As a basic application, cookie is used as a means of verifying and distinguishing a registered user when the user has access to the site, without having to enter the registration information again. Similarly, you can use cookies to save some of the settings of the user's last access site. Using cookies in ASP is very simple, you can use the request object's cookies collection to retrieve all Cookie values ​​saved on the client, and then create or modify the cookie value using the Cookies collection of the Response object and saved to the client. Like many objects in the ASP, a cookie can not only be one of the collection, but also a collection. Creating a single cookie is very simple, the code is as follows: response.cookies ("item-name") = "item-value" Creates a cookie containing multiple values, code is: response.cookies ("item-name") ("" Sub-item-name ") =" Sub-item-value "Set the cookie domain property, path properties, and use expiration time, the relevant code is: response.cookies (" item-name "). domain =" Domain-URL "" Item-name "). Path =" Virtual-path "response.cookies (" item-name "). EXPIRES = # Date # The following example creates a cookie selection in the browser side, pay attention: must Create a cookie before the browser outputs any information, because they are part of HTTP Headers: <% response.cookies ("SimpleCookie") = "SimpleExample" Response.Cookies ("Value1") = "Value1" Response .Cookies ( "CompoundCookie") ( "Value2") = "Value2" Response.Cookies ( "TimedCookie") = "TimedExample" Response.Cookies ( "TimedCookie"). path = "/" apply to our entire site Response.Cookies ("TIMEDCOOKIE"). Expires = # 10/10/2005 #%> ... read cookies can read by using the Request object and traverses the cookie collection All Cookie's full content. If some cookies contain multiple values, they are output by traversing that cookie itself.

Reading the cookie collection </ title> </ head> <body> <b> the contents of your cookies area: </ b> <p> <table cellpadding = 0 cellspacing = 0> <% For Each Item in Request.CookiesIf Request.Cookies (Item) .HasKeys Thenuse another For ... Each to iterate this collectionFor Each ItemKey in Request.Cookies (Item) Response.Write Item & "(" & ItemKey & ") = "_ & Request.Cookies (itemkey) &" <br> "Next Elseprint The Complete Cookie String As NormalReSponse.write Item &" = "& Request.Cookies (item) &" <br> "end ifxT% > </ Table> </ body> </ html> The figure below shows the results of performing the above code. However, when you now close your browser and turn it on, run these code, except that all values ​​for TimeCookie have disappeared. This is because only TimeCookie sets "useless time", which is automatically disappeared when the browser is turned off.</p> <p>Here you will discuss issues that use cookies to save login information and see how to use the cookie value between the ASP page. But remember that cookies are only sent to the same location as the previous visit, that is, cookies can take effect in the environment at initial settings. If no cookie's Path property is set, its value is default that the virtual path in which it is created. Here is an example description Save login information to cookies. Since the "use expiration time" is not set, the Cookie does not exist after the current user session. ... Response.Cookies ("V1") = "<% = Request (" V1 ")%>" UserName Response.cookies ("V2") = "<% = Request ("V2")%> "Password Response.cookies (" user "). Path =" / adminstuff "Apply to Admin Pages ... You can now find this cookie in each page requested by the user, if not found Redirect users to login page: ... if ("V1") ("V1") <> "alexhomer") _ or (Request.Cookies ("V2") < > "Secret") THEN RESE.REDIRECT "default.asp? Nogood = yes & v1 =" & required.cookies ("V1") END IF ... Using ASP SESSION Variable Tracking Accessors In addition to using cookie, we It is also possible to make full use of the session variables in the ASP. We can save values ​​in the user session variable, as long as the session variable is active, these saved values ​​can be utilized. Typically, these session variables will remain 20 minutes after the user's last request page unless we use the session.abandon method to explicitly release these session variables. At the same time, you can use the session.timeout attribute in the ASP script to set this expiration time. Tracking visits using session variables is safer than using cookies, because the content of the user's session variable does not pass on the network with the page request. In addition to the initial login, the username and password (or any value) have been saved on the server. We can distinguish between and certified visits, save their login information in their own session object. This information is taken from their own session object when verifying the visitor is needed.</p> <p>For example, in the page submitted after the user logs in, add the following code: ... session ("username") = Request ("v1") UserName from logon Dialog form session ("password") = request ("v2" Password from logon Dialog Form ... Then, when you need to authenticate the visitor, find these cookies and retrieve the username and password from it: ... if ("UserName") <> "alexhomer") _ or Session ("Password") <> "Secret") Then Response.Redirect "Default.asp? Nogood = YES & V1 =" & session ("username") End if ... Using session variables Although session variables are easy to use And it is safe than other methods, but there are still some problems. First, only the visitor's browser supports cookies, the session variable can work. Although most browsers now support cookies, remember that visitors can refuse to use it (this depends on the security settings of the browser). Second, especially in IIS4, the session variable may be lost halfway when the browser requests multiple pages. Usually, this vulnerability can be reduced to the minimum: ○ Only one global.asa file is used, placed under the root of the site. Nested applications with multiple Global.asa may cause session variables to use offline. ○ Confirm that the IUSE account or the group to which it belongs to the Global.asa file is read at least, and IIS has anonymous access. ○ To confirm that you all the page you use the same characters. Netscape (and other browser) for /thisfolder/thisfile.asp and /thisfolder/thisfile.asp These two links are treated as two different files in two different directories. So when you retrieve a cookie from the page, it may have an error because of the case of case. Save login information in the database If you need to track a large number of visitor's information, it will become difficult to manage using the Include file. At this time, we can use the database. With this technology, it is equally applicable to the case where the visitor is joined or online registration, and they join the user list. There is no further discussion on this issue. It is very simple to use the database to handle all the procedures! When the user provides the login information, use SQL's select command to find the input username in the database and retrieve the matching password. If the password retrieved is consistent with the input password, it allows them to enter the next step: strsql = "select spassword from users" _ & "where susername =" & requirements "V1") & "" Join the login information "however, Joining a new user is a small problem. We must pay attention if users do not exist in the database and decide to join them using ASP.</p> <p>In other words, when the user fills in new information, there may be another user using the same username to do the same thing, and the latter is moving fast, first saving information in the database, so that the former will not be completed. There are 2 obvious ways to avoid this phenomenon. One way is to automatically establish a new record with a empty password, and the user can modify it: strsql = "INTO USERS (SUSERNAME, SPASSWORD)" _ & "VALUES (" & Request ("V1") & ", NULL "A better way is: If the new record is created successfully, use a process to return a special value (such as a username), or if it is not successful, returns an error message. In this way, users can choose a new username. The following example is to use the SQL Server stored procedure. If you join the new record success, return to the user name. If the username already exists, return to the empty string: create procedure adduser @s_user varchar (12), @s_pword varchar (12) asif EXISTS (SELECT * FROM Users WHERE sUserName = @s_user) SELECT ELSEBEGININSERT INTO Users (sUserName, sPassword) VALUES (@s_user, @s_pword) SELECT sUserName FROM Users WHERE sUsername = @s_userEND this process may be performed in ADO, and check Return Value to confirm if it is successful. If you fail, you will notify the user to select a new username. There are some code to describe how to use the above-described stored procedures, you can find these code from the file downloaded in this article.</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-8346.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="8346" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.052</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'j8oTh2YPg_2BnoSaNMulyTI7zhJ5S3j0F8rtJpsSqu9fYt3AYGyrZwJbuOl49jTqboycGv9Pv4BXz1BCPL'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>