DAFAUTH.INI / handling of login error

[GregMillerPhotography]

When using a DAFAUTH.INI to control access to specific files, the user sees a blank page that says "unauthorized user". I would prefer to have this display a page that I create with my standard header and nav bar so the user can click on a link within my site. Anyone knwo how to do that?

Thanks in advance.

[community-manager]

Hello Greg, are you refering to your Wiki installation or something else? Can I get your URL please. Thank you.

[GregMillerPhotography]

This not related to a Wiki installation. This is just a web page that I want to limit access to by having a userid/password. The web page is http://jamesbleecker.com/secure/PrivateTest.shtml.

[Nigel_Yates]

Greg,

Have you thought of using an ASP login script instead of DAF? All you'd need for that is a Microsoft Access database with a USERS table in it that stores usernames and passwords, and the following script.

If you have a login.html page with a form containing a username and password text feilds and a submit button you'd want to have the submit button call the verify.asp script. Below is an example of what I mean.

<DIV ID="LogIn">
<FORM ACTION="verify.asp" METHOD=POST>
Username:
<INPUT TYPE=TEXT SIZE=20 NAME=USERNAME>


Password:
<INPUT TYPE=PASSWORD SIZE=20 NAME=USERPASSWORD>




<INPUT TYPE=SUBMIT VALUE="Login Now">
</DIV>


The next step would be to setup the verify.asp script.


~~~~~~~~~~~ verify.asp script ~~~~~~~~~~~~~

Copy the contents of the script, everything starting at the <% and ending at %>. Save the file as verify.asp. You'll need to change the "yourdomainname.com" to your domain and you would need to make sure that the path to the DB is correct.

<%
set cnn = server.createobject("adodb.connection")
cnn.open "DRIVER={Microsoft Access Driver (*.mdb)};" & _
"DBQ=e:\inetpub\clients\yourdomainname.com\cgi-bin\databasename.mdb"

' Now it's time for the query. We need to check the user information
' against the Users table

SQL_query = "SELECT * FROM login WHERE " & _
"Username='" & Request.Form("UserName") & "' AND " & _
"Password='" & Request.Form("UserPassword") & "' "
Set Rs = cnn.Execute(SQL_query)


' We now check if the user is valid. If user is valid, the recordset MUST
' haverecord. Otherwise it is empty. If user exists, we set authentication
' status to 1 and send the user to appropriate page, Else send the user
' back to login.asp

Session("Authenticated") = 0

WHILE NOT Rs.EOF
If Rs("Username") = Request.Form("UserName") And Rs("Password") = Request.Form("UserPassword") THEN
Session("User_ID") = Rs("Login_ID")
Session("Authenticated") = 1
Response.Redirect ("test.asp")
else
RS.MoveNext
end if

WEND

' If the WHILE loop does not cause the Authenticated veriable to be set to 1 (meaning
' a successful login) then the loop ends and the script forces the person logging in
' back to the login page, or any other page you want.

Response.Redirect ("login.asp")
%>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It might seem complicated but try it out. I used to use DAF to protect but i found ASP coding gave me more options. Plus I no longer had to pay for the DAF service once I figured out how to do it this way.

Cheers,

Nigel