How do I send back "hackers" ?

<i><b>Originally posted by : agamemnon (agamemnon@hotsheet.com)</b></i><br />I've made a logon page that (if OK) sends you to the members page, but if someone types the address of the members page can get there bypassing the logon.<br />How can I test that the one that got to the members page came from the logon page ?<br /><br />Can someone help me? Thank you.<br />

<i><b>Originally posted by : Demosthenes (Clark@Powernet.net)</b></i><br />The solution is easy. In your Member LogIn Form, insert this:<br /><br /><INPUT TYPE="Hidden" NAME="AccessGranted" VALUE="1"><br /><br />Now, on your "members only" page, at the top, add this:<br /><br /><% IF Request.Form("AccessGranted") = 1 THEN<br />(The rest of the Member Page code here)<br />ELSE<br />(Code to send them back to the main page, or simply put the login code here again)<br />END IF %><br /><br />What this does: When the Member's Only page is accessed, it checks to see if they used the Login form. If they did, it will get the Variable "AccessGranted" returned as 1, and all the user to proceed. If the value is not returned, then the user obviously did not use the login form and will in turn be sent back to the main page, or be given another Login form.<br /><br />I hope I made that simple to understand... if you have problems, contact me at Clark@Powernet.net.<br /><br />Demosthenes<br /><br />------------<br />agamemnon at 6/15/2001 12:19:55 AM<br /><br />I've made a logon page that (if OK) sends you to the members page, but if someone types the address of the members page can get there bypassing the logon.<br />How can I test that the one that got to the members page came from the logon page ?<br /><br />Can someone help me? Thank you.<br />

<i><b>Originally posted by : Heino Lenting (HeinoLenting@Hotmail.com)</b></i><br />This solution is to easy. It's not safe! If a hacker make an easy form with only AccessGranted Value = 1 he can enter your "Members only" page!<br /><br />See you later,<br /><br />HeinoLenting@Hotmail.com<br /><br /><br /><br />------------<br />Demosthenes at 6/15/2001 2:30:26 AM<br /><br />The solution is easy. In your Member LogIn Form, insert this:<br /><br /><INPUT TYPE="Hidden" NAME="AccessGranted" VALUE="1"><br /><br />Now, on your "members only" page, at the top, add this:<br /><br /><% IF Request.Form("AccessGranted") = 1 THEN<br />(The rest of the Member Page code here)<br />ELSE<br />(Code to send them back to the main page, or simply put the login code here again)<br />END IF %><br /><br />What this does: When the Member's Only page is accessed, it checks to see if they used the Login form. If they did, it will get the Variable "AccessGranted" returned as 1, and all the user to proceed. If the value is not returned, then the user obviously did not use the login form and will in turn be sent back to the main page, or be given another Login form.<br /><br />I hope I made that simple to understand... if you have problems, contact me at Clark@Powernet.net.<br /><br />Demosthenes<br /><br />------------<br />agamemnon at 6/15/2001 12:19:55 AM<br /><br />I've made a logon page that (if OK) sends you to the members page, but if someone types the address of the members page can get there bypassing the logon.<br />How can I test that the one that got to the members page came from the logon page ?<br /><br />Can someone help me? Thank you.<br />

<i><b>Originally posted by : agamemnon</b></i><br />Thank you both, but Heino is right.<br />That's not a safe way.<br />I think I got it with the session object and includes to every page in the members area.<br /><br />(CHECK USER PAGE)<br />If (Request.Form("Password")) = strOK then<br /> Session("UserOK") = True<br />Else<br /> Session("UserOK") = False<br /><br />(MEMBERS AREA)<br />If Session("UserOK") = False then<br /> Response.Redirect"getoutofhere.htm"<br /><br />It seems to work.<br /><br /><br /><br />------------<br />Heino Lenting at 6/17/2001 6:14:04 AM<br /><br />This solution is to easy. It's not safe! If a hacker make an easy form with only AccessGranted Value = 1 he can enter your "Members only" page!<br /><br />See you later,<br /><br />HeinoLenting@Hotmail.com<br /><br /><br /><br />------------<br />Demosthenes at 6/15/2001 2:30:26 AM<br /><br />The solution is easy. In your Member LogIn Form, insert this:<br /><br /><INPUT TYPE="Hidden" NAME="AccessGranted" VALUE="1"><br /><br />Now, on your "members only" page, at the top, add this:<br /><br /><% IF Request.Form("AccessGranted") = 1 THEN<br />(The rest of the Member Page code here)<br />ELSE<br />(Code to send them back to the main page, or simply put the login code here again)<br />END IF %><br /><br />What this does: When the Member's Only page is accessed, it checks to see if they used the Login form. If they did, it will get the Variable "AccessGranted" returned as 1, and all the user to proceed. If the value is not returned, then the user obviously did not use the login form and will in turn be sent back to the main page, or be given another Login form.<br /><br />I hope I made that simple to understand... if you have problems, contact me at Clark@Powernet.net.<br /><br />Demosthenes<br /><br />------------<br />agamemnon at 6/15/2001 12:19:55 AM<br /><br />I've made a logon page that (if OK) sends you to the members page, but if someone types the address of the members page can get there bypassing the logon.<br />How can I test that the one that got to the members page came from the logon page ?<br /><br />Can someone help me? Thank you.<br />