Logon.asp
<html>
<head>
<title>Logon Form</title>
<%
Username="Administrator"
Password="Admin"
Validated = "OK"
if Strcomp(Request.Form("User"),Username,1)=0 AND Request.Form("password") = Password then
'Set the validation cookie and redirect the user to the original page.
Response.Cookies("ValidUser") = Validated
'Check where the users are coming from within the application.
If (Request.QueryString("from")<>"") then
Response.Redirect Request.QueryString("from")
else
'If the first page that the user accessed is the Logon page,
'direct them to the default page.
Response.Redirect "MyPage.asp"
End if
Else
' Only present the failure message if the user typed in something.
If Request.Form("User") <> "" then
Response.Write "<h3>Authorization Failed.</h3>" & "<br>" & _
"Please try again.<br> <br>"
End if
End if
%>
</head>
<body bgcolor="#FFFFFF">
<FORM ACTION=<%Response.Write "Logon.asp?"&Request.QueryString%> method="post">
<h3>Logon Page for MyPage.asp</h3>
<p>
Username:
<INPUT TYPE="text" NAME="User" VALUE='' size="20"></INPUT>
Password:
<INPUT TYPE="password" NAME="password" VALUE='' size="20"></INPUT>
<INPUT TYPE="submit" VALUE="Logon"></INPUT>
</FORM>
</body>
</html>
MyPage.asp
<%
Validated = "OK"
if Request.Cookies("ValidUser") <> Validated then
'Construct the URL for the current page.
dim s
s = "http://"
s = s & Request.ServerVariables("HTTP_HOST")
s = s & Request.ServerVariables("URL")
if Request.QueryString.Count > 0 THEN
s = s & "?" & Request.QueryString
end if
'Redirect unauthorized users to the logon page.
Response.Redirect "Logon.asp?from=" &Server.URLEncode(s)
End if
%>
<html>
<head>
<title>My Protected Page</title>
</head>
<body>
<p align="center">This is my secret information<br>
You cannot see it unless you<br>
are properly logged on!</p>
</body>
</html>
沒有留言:
張貼留言