Security for the Store Manager

 

Introduction.  While we want just about everyone to be able to access our store web, we do not want anyone to be able to start working on our overall store web and get inside the store manager.  This is best done through some additional ASP pages.

The following table gives a brief description of the four ASPs we will develop in this page.

 

Security ASP Description
Login.asp This provides a form for the potential user to enter a username and password.
ManagerMenu.asp This is the processing script for the Login.asp and it also provides the links to the functionality within the store manager if the user enters the correct username and password.
ValidateCheck.asp This ASP checks whether the user has correctly entered the username and password by determining whether a particular Session("Validated") variable is set to True.  If they fail the check then they are redirected to the Login.asp.

This ASP is included in all of the other store manager pages at the very beginning
NavInclude.asp The top navigation include for all of the pages in the store manager.

 

The ASPs follow.  First we have the Login.asp.

The Login.asp.  This first ASP is a relatively simple HTML form that submits its inputs to the ManagerMenu.asp.  You should name this file Login.asp.  You should probably upload this file to a StoreManager subfolder of your WildWillies directory in order to keep your store management developments in a more isolated location.

The purpose of thois ASP is to

  1. Create a form that posts its inputs to theManagerMenu.asp.
  2. Take inputs in text boxes for the username and password.
  3. Submit the results when the submit button is pressed.

The code follows.

 

<%@ Language=VBScript %>
<HTML>
<!-- Login.asp - Login in page for the site administrator. -->

<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY>

<B>Please login:</b><BR><BR>

<!-- Start the form for the user to enter in their username and password. -->
<form method="post" action="ManagerMenu.asp">

<table>
<tr>
<td align="right">Username:</td>
<td>
 <!-- The input text box for the username. --> 
<input type="text" value="" name="username">
</td>
</tr>

<tr>
<td align="right">Password:</td>
<td>
 <!-- The input text box for the password. --> 
<input type="password" value="" name="password">
</td>
<tr>

<tr>
<td colspan="2">
 <!-- The submit button for the form. -->
<input type="Submit" value="Submit" name="Submit">
</td>
</tr>

</table>

</form>

</BODY>
</HTML>

 

After you upload this ASP and access it in your web you should see something like the following.

 

 

For future reference you should know that the 

username = Admin

password = Password

You should not change these so that I can check your work with fewer hoops to jump through.

The ManagerMenu.asp.  Now we need to present and explain the code for the menu that guides the overall store manager interface.  This next file should be called ManagerMenu.asp.

The basic content of the ASP is

  1. Check whether the user has correctly entered the username and password.
  2. If they haven't then they are routed back to the Login.asp
  3. If they have then the menu of links to other pages in the store manager is displayed.

 

<%@ Language=VBScript %>
<%
' ****************************************************
' ManagerMenu.asp - Provides a menu listing of options
' for the store.
' ****************************************************

' Check the login in to ensure it meets the administrative requirements.
if request("username") <> "Admin" OR _
request("password") <> "Password" then

' Redirect to the login.asp page.
Response.Redirect "login.asp"

else

' Indicate the shopper has been validated
Session("Validated") = true 

end if

%>

<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY>

<!-- Welcome the user -->
<center>
<BR><BR><b>
Welcome to Wild Willie's CD Store Order Manager. 
Select a function below:
</b><br></br>

<!-- Build a table to show the management opitons. -->
<table border="1" cellpadding="3" cellspacing="3">
<tr>
<th>Function</th>
</tr>
<tr>
 <!-- Manage products -->
<td><a href="ListProducts.asp">
Manage Products<a></td>
</tr>
<tr>
 <!-- Manage departments. -->
<td><a href="ListDepts.asp">
Manage Departments</a></td>
</tr>
<tr>
 <!-- Manage tax -->
<td><a href="ManageTax.asp">
Manage Tax</a></td>
</tr>
<tr>
 <!-- Manage shipping -->
<td><a href="ManageShipping.asp">
Manage Shipping</a></td>
</tr>
<tr>
 <!-- Manage orders -->
<td><a href="ManageOrders.asp">
Manage Orders</a></td>
</tr>
</table>
</center>

</BODY>
</HTML>

 

Upon successfully uploading this ASP to your StoreManager subfolder and correctly entering the username and password you should see the following screen.

 

 

At this point, none of these links is active.  Now we can move on to our two include ASPs.

The ValidateCheck.asp.  Now we can present a little ASP code snippet that will be included in each page of the store manager to determine whether the user has correctly entered the username and password during this session.

The following code should be saved in a file called ValidateCheck.asp and uploaded to the StoreManager/Include subfolder of the WildWillies web.

The code very simply

  1. Determines whether the Session("Validated") has been set to True for this user for this session to prevent them circumventing security.  If it hasn't, they are redirected to the Login.asp.

 

<%
' ****************************************************
' ValidateCheck.asp - Ensures that the manager has 
' been validated.
' ****************************************************

' Check our session variable to see if the user has
' been validated. This will help to ensure that 
' none of the admin pages are accessed with out
' authorization.
if Session("Validated") <> true then

' Redirect back to the login page.
Response.Redirect("login.asp")

end if

%>

 

The NavInclude.asp.  Now we can present a little ASP code snippet that will be included in each page of the store manager to give a common top bar navigation on every page.

The following code should be saved in a file called NavInclude.asp and uploaded to the StoreManager/Include subfolder of the WildWillies web.

The code very simply

  1. gives a horizontal listing of the main links layered between two horizontal rules.

 

 

<!-- NavInclude.asp - Top navigation include for the site manager.-->
<hr>

<center>

<!-- Link to the listing of products -->
<a href="ListProducts.asp">Manage Products<a> | 

<!-- Link to the listing of departments -->
<a href="ListDepts.asp">Manage Departments</a> | 

<!-- Link to the management of the tax settings -->
<a href="ManageTax.asp">Manage Tax</a> | 

<!-- Link to the management of the shipping settings. -->
<a href="ManageShipping.asp">Manage Shipping</a> | 

<!-- Link to the management of the orders. -->
<a href="ManageOrders.asp">Manage Orders</a> | 

</center>

<hr>

 

Make sure you put both of these include ASPs in the Include subfolder of the StoreManager subfolder of the WildWillies web.  If you don't, then future ASP pages we develop will not be able to find them.