Free! Building a website with Restricted Access: Part 1
In this tutorial we will be creating a site, which has several user levels.
We will be using the standard behaviours of Dreamweaver MX 02/04 and we will also add some new ones.
Part one of the tutorial will be covering the Set-up of the site, creating an Access database and providing login access to our site, along with a registration facility.
We will be creating a Login page using the standard Dreamweaver behaviour, and then altering the code to allow us to use a single login page for both Administration and Standard users.
Show visitors Name on each page, after login
Now, throughout your site, you can call on the Session, MM_UserID you created in the previous section, to filter a recordset from the website_users table to show the visitors details on a page.
So as an example we are going to do just that.
Open your welcome.asp page.
Create a recordset, name it rsuserdetails
You need to set the recordset to filter as
SELECT AccountID, UserAccessLevel, UserAddress1, UserAddress2, UserCityTown, UserCountry, UserDOB, UserEmail, UserFaxno, UserForename, UserPostcode, UserRegion, UserSurname, UserTelephone
FROM Website_users
WHERE AccountID = varUserID
Set
VarUserID as Session("MM_UserID")
That is it, your recordset will now contain all the visitor information, and you can place the data on your page.
You can place the UserForename and UserSurname on the welcome.page and other pages, to personalise each page to the visitor, you can also use it to insert into records for a specific visitor so they can view only their records, or when providing a facility for the visitor to update their details.
Remember that sometimes errors occur, so to ensure your page does not throw up an ASP error if the record can not be found for your visitor, select the UserForename and UserSurname on the page, then in Server Behaviours, select Show Region and Show If Recordset is Not Empty, select rsuserdetails as the recordset
This will ensure that if a record cannot be found for our visitor, then elements from the recordset will not be shown.
If you wish to add a record specifically for this user, then in your form, you would place a Hidden field, name it, such as txtUserID, and set the value of the field to <%=rsuserdetails("AccountID")%> or Session("MM_UserID") if you do not want to add a recordset to your page.
This would enable you to store multiple records in a single table of your database for all your visitors, but only allow each visitor to see their own records, simply by setting the recordset that called the records out of the table to a filter of:
Where Idcolumn = Session MM_UserID
Where Idcolumn was the name you had given the field in your records table that you inserted the AccountID into your form via the hidden field.
Summary
So in this first part of the tutorial we have created a database to house our website_users table, and added all the columns to the website_users table to contain our registered users details.
You need to make sure that you enter into each column that requires one, a default value. See chapter 2 for the list of columns, and their required default’s.
We have produced our login page to enable our registered users to access parts of our website which are restricted and provided a registration page to enable new visitors to register for an account, with a confirmation page to display their access details.
Finally we utalised the ability to add additional Sessions to pass through each user’s AccountID so we could filter a recordset on each page, and show a welcome with each visitors Name, thus giving a personal approach.
Do remember that all your pages which require a login before you view them, need to have the Restrict Access to page behaviour applied, or visitors will be able to browse to your pages simply by typing the address in their browser, it is not enough to simply add a login page with the Login Behaviour applied.
In order to reduce any potential errors, it is a good idea to add a Show Region…If Recordset is Not Empty around any element you add to a page from your user details recordset.
If you display any dates/times or currency from the database and live outside of the United States, it can be a good idea to ensure that your localised formatting is applied instead of the default US format.
You can just add a few lines of code to each page where you wish to format.
<%
‘Sets the Locale ID session property to UK
Session.LCID = 2057
%>
For a full World list visit http://www.webwizguide.info/asp/faq/date_time_settings.asp
In Part II of this tutorial we will continue with our web site by adding the ability to allow our registered visitors to update their details or recall their login details and extend the login script to track each time a user logs in.
Contents Part II
- Introduction
- Add in Tracking when a User logs in and logs out
- Add tracking when a user login fails, lock account after 3 failed attempts
- Create a Forget User details to enable users to request their access details to be emailed to them.
- Enable visitors to update their own details.
- User account administration
Carl Grint
" Since graduating from university, I have worked with Charities and the Public sector, with my longest time being 3 years with the NHS until returning to freelance in 2003.
I would like to think my diverse experience of working for both the Public and Private sector gives me a good all rounding which enables me to approach projects with a unique perspective and enables me to bring new thoughts and initiatives to my work.
I have always enjoyed passing on the lessons I have learned so other developers can bypass the 'working out' time I had to go through, and writing my first two articles for DMXzone has given me a chance to pass on what I think are some good ways to improve on the standard Authentication behaviours Macromedia supply with Dreamweaver."