Erollisi Marr - The Nameless

Go Back   Erollisi Marr - The Nameless > EverQuest > Chit-Chat Lounge


Reply
 
Add/Share Add/Share Thread Tools Display Modes
Old 09-27-2002, 11:07 PM   #1
cnjmorris
Guest
 
Posts: n/a
Default More .ASP


OKay, I have a dynamic favorites list and I designed a login page and validation.

Once I finished this it dawned on me that this still doesn't keep people from reaching my modify page by direct link. I know I read this somewhere but I forget where.. but how do I check if someone came from a certain place (like page) and deny access if they didn't?

Thanks for any input.
  Reply With Quote
Old 09-29-2002, 07:53 PM   #2
Frostwolf Soulsong
Guest
 
Posts: n/a

Easiest way I know is set a global variable on the page you want them to come from. Then on the new page check to see if it matches...if it doesn't redirect tthem o some error page you have and tell them what is wrong.

Frosty
  Reply With Quote
Old 09-29-2002, 09:19 PM   #3
Tuan00Dorf
Guest
 
Posts: n/a

Once I finished this it dawned on me that this still doesn't keep people from reaching my modify page by direct link. I know I read this somewhere but I forget where.. but how do I check if someone came from a certain place (like page) and deny access if they didn't?
Denying by location coming from really isn't neccessary, why not just add validation on that page?

You can do something really simple, where validationcheck is checking the cookies, or however you have it done.

if NOT (validationcheck) then
Response.Redirect "whateverpage.asp"
end if

Did you mean something else?
  Reply With Quote
Old 09-29-2002, 10:00 PM   #4
cnjmorris
Guest
 
Posts: n/a

Well, to be honest I am doing this on my own. I am just folling around trying to learn as I go and I actually haven't played with cookies yet.

Even if I knew how to use cookies I would come here and ask, because what I am really asking is for a direction in which to head. If cookie validation is a good method then I can look up cookie handling. The problem is some people have cookies turned off or severely limited.

My thought was to use a hidden field and Form.Request to see if the return matches a variable on the target page. I just wanted to check if that was a good method or if people have better more commonly used ways.

Thanks for input though.

  Reply With Quote
Old 09-30-2002, 06:45 AM   #5
Martigan
Guest
 
Posts: n/a

On the first page, code it to where you get a flag set in your query string.

If you are building your query string then...

Example: secondpage.asp?page=name_of_first_page.

If you are using a Submit to go to the next page, make sure you have a hidden control in your first page with that flag set.

Example: <INPUT TYPE="HIDDEN" NAME="page" VALUE="name_of_first_page">


One your second page, have it check the value:

if ucase(Request("page")) <> "PAGE_YOU_ARE_LOOKING_FOR" then
response.write "Hey Butt Heimer! You have no authorization to view this stinking page!"
response.end
End If

  Reply With Quote
Old 09-30-2002, 08:41 AM   #6
Tuan00Dorf
Guest
 
Posts: n/a

The problem with adding a hidden value for authentication is all someone has to do is discover the hidden value and put that in when calling up the page.

So if you dont want to call admin.asp, you add this hidden value for PreviousPage=default.asp (or whatever)...

All someone has to do then is directly call admin.asp?PreviousPage=default.asp and it's the same type of bypass.

You should look into using cookies, they are extremely simple. And I woudln't say everyone has cookies off etc, almost all login methods use them. Some might be strict about cookies, but will allow cookies for a site if they are logging into it.
  Reply With Quote
Old 09-30-2002, 08:50 AM   #7
Martigan
Guest
 
Posts: n/a

You are right Tuan.

Another solution may be the following:

Create a Session variable called "LastPage". At the end of each ASP, do a...

Session("LastPage") = "ThisPageName"

At the beginning of the page you want to do the check on, check the Session variable...

if Ucase(Session("LastPage"))<>"PAGE_YOU_ARE_CHECKING_FOR" Then

Response.Write "No Access For You Buster!"
Response.End

End If


  Reply With Quote
Old 09-30-2002, 09:46 AM   #8
cnjmorris
Guest
 
Posts: n/a

Thanks guys, helps to know the benefits and drawbacks of different methods. Thinks you've given me enough to get this done.
  Reply With Quote
Old 09-30-2002, 09:48 AM   #9
Martigan
Guest
 
Posts: n/a

Actually, it is a conspiracy to cause you to fail miserably! It's just that none of us are stupid enough to let you in on our little diabolical scheme!
  Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 12:02 AM.


Powered by: vBulletin. Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.