Login Maintanance

**shweta123** · Feb 29 '08, 04:54 PM

Hi,

One method can be that :
You can create a table in the database which will store the login details of the administrator.T his table will roughly contain following fields :

1) AdministratorId -
Description:int eger
2) LoginDateTime -
Description :datetime value
3) LoginStatus -
Description :
Will contain Boolean value
Eachtime when user logs in ,make LoginStatus =1
Eachtime when user logs out, make LoginStatus =0

Now,in your page when the Administrator logs in , check the LoginStatus of the the admistrator. If it is 1 do not allow him access to the administrator page.

Originally posted by chirag1989

Hi
I m makin Intranet based Library Management System
On Homepage i have asked user to enter their login id
and select from one option button weather he is a administrator or
member.So as per his id and selected option he is been redirected to
his corresponding account.If he is member then his account page is opened
and if he is admin the he is taken to admin page where he can interact wid database.
I want that whenever Administrator has logged in from any computer on network
no other person can login as administrator as admin is to be only one person.
So to provide security I want to do this.
So the thing to be done is only one person at a time can enter as administrator
from the whole network.
How can i do this ???
Can I use application or session objects and global.asa file ?
If yes then how

**chirag1989** · Mar 3 '08, 01:58 PM

I have done the same thing but the problem is that when he log out with the log off button it will run well as when he clicks on log off the value in database is again reset to 0 so this will run well.
but when he will close the site using close button on title bar then i cant change the value in database and set it to 0 so when he tries to login in again
he will not allowed as the value will be 1
now wat to do ??
So m thinkin of trying session or application events in Global.asa file
but how to use session or application variable ?
and wat to use session or application

**shweta123** · Mar 3 '08, 04:44 PM

Hi,

If you want to do it using Application and session variable following are the steps for doing this:

1) When the user Logs in into the application set the session and application variables.

Login.asp
<%
Dim username
Dim userRights

'Set the session variables for username and his rights
Session("LoginN ame") = username
Session("Rights ") = userRights

'Set the application variable

'Check if user is having Administrator rights
If(Session("Rig hts") = "Administrator" )
if (Application("A dminLogin") = false) OR (Application("A dminLogin") = "")
Application.Loc k()
'Make the adminstrative Login = true
Application("Ad minLogin")= true
Application.Unl ock()
else
Response.write( "Login is not allowed")
end if
End if
%>

2) Now on Global.asa write the following code :
The following code will take care of the situation that if user closes the form by clicking on cross button of title bar.

Sub Application_OnE nd()
Application.Loc k()
'Make the adminstrative Login = false
Application("Ad minLogin")= false
Application.UnL ock()
End Sub

Sub Session_OnEnd()
'Clear session variables
Session("LoginN ame") = ""
Session("Rights ") = ""
End sub

Originally posted by chirag1989

I have done the same thing but the problem is that when he log out with the log off button it will run well as when he clicks on log off the value in database is again reset to 0 so this will run well.
but when he will close the site using close button on title bar then i cant change the value in database and set it to 0 so when he tries to login in again
he will not allowed as the value will be 1
now wat to do ??
So m thinkin of trying session or application events in Global.asa file
but how to use session or application variable ?
and wat to use session or application

**jhardman** · Mar 5 '08, 05:43 AM

Originally posted by chirag1989

I have done the same thing but the problem is that when he log out with the log off button it will run well as when he clicks on log off the value in database is again reset to 0 so this will run well.
but when he will close the site using close button on title bar then i cant change the value in database and set it to 0 so when he tries to login in again
he will not allowed as the value will be 1
now wat to do ??
So m thinkin of trying session or application events in Global.asa file
but how to use session or application variable ?
and wat to use session or application

Try using a combination of session and application variables, and one is some kind of timer. Every time the admin loads a page the timer should be reset. If someone attempts to log in as the admin, and the last admin hasn't re-loaded a page in 30 minutes (or whatever time limit you like), then you might as well log him out and start over. This is fairly easy to program using only ASP, if it gives you any trouble, ask and I can clarify.

Only slightly more difficult would be incorporating a refreshing frame or ajax code that updates the timer very often (this could be a very minimally coded page or only a fragment that the server could handle in less than a second) and if the admin is off for more than 30 seconds log him out. Does this make sense?

Jared

**chirag1989** · Mar 6 '08, 05:44 PM

Hi shweta
I have tried your code
its working, at a time only one admin can login
but when the admin logsoff still it doesnt allow to log in as admin
following is my code
plzz check it out

Code:

if opt="adm" then
  
   response.Cookies("sna")="Administrator"
	
   sql="Select * from DBA where Aid='"&login&"' and Apwd='"&pass&"'" 
   rsb.open sql,con

   'rsd.open "select * from flag",conn
   'flag=rs(0).value		  		
        
       'if flag=1 then response.Redirect("Error.asp")

          'rsd("a")=1
          'rsd.update

      Session("Rights")="Administrator"
		
	If(Session("Rights") = "Administrator") then

		if (Application("AdminLogin") = false) OR Application("AdminLogin") = "" then
		
		    Application.Lock() 
		     '  Make the adminstrative Login = true
		        Application("AdminLogin")= true
		    Application.Unlock()
			
		 else
				
		      Response.redirect("Error.asp")
		
                                 end if
               End if

    if rsb.eof then response.redirect("Error.asp")
	   	
    response.redirect("DBA.asp")
	
	
end if

**shweta123** · Mar 7 '08, 09:40 AM

Hi,

1) Following code need to be added to your existing code in global.asa file.

Code:

   Sub Session_OnEnd()
       If Session("Rights") = "Administrator"
         Application.Lock()
         'Make the adminstrative Login = false 
         Application("AdminLogin")= false
        Application.UnLock()
      End if
 End Sub

2) In your existing code make the following changes :

'''''''''''''Do the following step only if selection is "Admin" and useName and password is correct.

Code:

     If(!rsb.Eof) then
          Session("Rights")="Administrator"
     end if

3) On your logoff page clear the session and application variables

If Session("Rights ") = "Administra tor"
Application.Loc k()
'Make the adminstrative Login = false
Application("Ad minLogin") = false
Application.UnL ock()
End if

Session("LoginN ame") =""
Session("Rights ") =""

Originally posted by chirag1989

Hi shweta
I have tried your code
its working, at a time only one admin can login
but when the admin logsoff still it doesnt allow to log in as admin
following is my code
plzz check it out

Code:

if opt="adm" then
  
   response.Cookies("sna")="Administrator"
	
   sql="Select * from DBA where Aid='"&login&"' and Apwd='"&pass&"'" 
   rsb.open sql,con

   'rsd.open "select * from flag",conn
   'flag=rs(0).value		  		
        
       'if flag=1 then response.Redirect("Error.asp")

          'rsd("a")=1
          'rsd.update

      Session("Rights")="Administrator"
		
	If(Session("Rights") = "Administrator") then

		if (Application("AdminLogin") = false) OR Application("AdminLogin") = "" then
		
		    Application.Lock() 
		     '  Make the adminstrative Login = true
		        Application("AdminLogin")= true
		    Application.Unlock()
			
		 else
				
		      Response.redirect("Error.asp")
		
                                 end if
               End if

    if rsb.eof then response.redirect("Error.asp")
	   	
    response.redirect("DBA.asp")
	
	
end if

**chirag1989** · Mar 8 '08, 06:58 AM

Originally posted by shweta123

Hi,

1) Following code need to be added to your existing code in global.asa file.

Code:

   Sub Session_OnEnd()
       If Session("Rights") = "Administrator"
         Application.Lock()
         'Make the adminstrative Login = false 
         Application("AdminLogin")= false
        Application.UnLock()
      End if
 End Sub

2) In your existing code make the following changes :

'''''''''''''Do the following step only if selection is "Admin" and useName and password is correct.

Code:

     If(!rsb.Eof) then
          Session("Rights")="Administrator"
     end if

3) On your logoff page clear the session and application variables

If Session("Rights ") = "Administra tor"
Application.Loc k()
'Make the adminstrative Login = false
Application("Ad minLogin") = false
Application.UnL ock()
End if

Session("LoginN ame") =""
Session("Rights ") =""

Thanks for reply
I have put the code
when admin logsvout using logs off button
its workin well but when i use close button
its no cleaning the application variables
in global.asa file
this is code of global.asa file
instead of true/false i have used 0 and 1

Code:

<script language=Vbscript runat=server>

Sub Application_OnEnd()
Application.Lock()
'Make the adminstrative Login = false 
Application("AdminLogin")= 0
Application.UnLock()
End Sub


Sub Session_OnEnd()
       If Session("Rights") = "Administrator"
         Application.Lock()
         'Make the adminstrative Login = false 
         Application("AdminLogin")= 0
        Application.UnLock()
      End if
 End Sub


</script>

**shweta123** · Mar 10 '08, 03:31 PM

Hi,

After clicking the close button Application_OnE nd event is called where the code for clearing Application("Ad minLogin") is written . So please check if that event is executed or not after close application.

**chirag1989** · Mar 11 '08, 12:05 PM

Originally posted by shweta123

Hi,

After clicking the close button Application_OnE nd event is called where the code for clearing Application("Ad minLogin") is written . So please check if that event is executed or not after close application.

sorry but
how do i check that
i have never used application variable
or global.asa file

**shweta123** · Mar 17 '08, 03:52 PM

Hi,

Hope you still need this

As you can not check the code written into Global.asa file ,
you can make sure of writing the code for clearing all the session related variables as well as application variables at the appropriate places like
on your LogOff page, on ErrorPage etc.

Originally posted by chirag1989

sorry but
how do i check that
i have never used application variable
or global.asa file

Login Maintanance

Login Maintanance

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment