Hey all! I have an asp form which has a maintenance button on it. I need to hide/unhide this button based on the username of the person who is logged on to my form. So, how would I get the username of the person and then hide the button if their username is not valid? If possible, I want to use server-side VBScript to do this. Thanks in advance!
Without knowing if you're using a database and coding blind, I'd best guess at using something like...
<%
'could be request.form or request.querystring
if trim(request("username")) = "AdminName" then
Response.Write "<input name=""Adminbtn"" type=""button"" id=""Adminbtn"" value=""Maintenance"" onclick=""callsomefunction()"" />"
end if
%>
this code checks the username, for example if the request.querystring was "AdminName" ie: yourasp.asp?username=AdminName, then the button is written to the page, otherwise it isn't.Thanks for the reply! I am not asking the user to enter their username, so will this code still work? I need to somehow get their username by how they are logged on to their computer.....On some operating systems using the IE browser only you can get the computer name of a visitor through the use of ActiveX, here's a link with more on that <!-- m --><a class="postlink" href="http://www.codeproject.com/vbscript/userinfo.asp">http://www.codeproject.com/vbscript/userinfo.asp</a><!-- m -->
I personally wouldn't do that unless I knew all the users use IE and are on a trusted LAN (local area network), so they wouldn't worry about running ActiveX.
Although you can't get the computer name of the user with ASP you can get the I.P address, so another option would be to allow the button based on the right I.P, something like..
<%
if Request.ServerVariables("remote_addr") = "127.0.0.1" then ' the Admin I.P
Response.Write "<input name=""Adminbtn"" type=""button"" id=""Adminbtn"" value=""Maintenance"" onclick=""callsomefunction()"" />"
end if
%>
Of course, the downside to this is if the Admin has a dynamic I.P address and not a static one then the I.P will need updating everytime it changes.
The normal way of doing this is to have only the admins/mods login to the site to get the extra buttons/functions and the passwords and usernames are stored in a database, the database can then keep them logged in while visiting all the page on the site, although a database isn't really needed unless you need to login lots of Admins/users across many pages, if it is to be used on one page by one or two people then you can still use the first example, like this...
example here..
<!-- m --><a class="postlink" href="http://www.jj4.org/users/eddy9/test.asp">http://www.jj4.org/users/eddy9/test.asp</a><!-- m -->
code is..
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>test</title>
</head>
<body>
<form action="test.asp" method="post">
<pre>
Name: <input type="textbox" id="Aname" name="Aname" />
Pass: <input type="textbox" id="Apass" name="Apass" />
<input type="submit" value="Submit" />
</pre>
</form>
<%
dim ps,ad
ps = request.form("Apass")
ad = request.form("Aname")
if (ps = "pass" AND ad = "Admin") then
Response.Write "<input name=""Adminbtn"" type=""button"" id=""Adminbtn"" value=""Maintenance"" onclick=""callsomefunction()"" />"
end if
%>
</body>
</html>I would use session to do controlling normally. After the user login, get the user's group id to create a session variable. So, you can use this session group id in every control you want.
Without knowing if you're using a database and coding blind, I'd best guess at using something like...<%
'could be request.form or request.querystring
if trim(request("username")) = "AdminName" then
Response.Write "<input name=""Adminbtn"" type=""button"" id=""Adminbtn"" value=""Maintenance"" onclick=""callsomefunction()"" />"
end if
%>
this code checks the username, for example if the request.querystring was "AdminName" ie: yourasp.asp?username=AdminName, then the button is written to the page, otherwise it isn't.Thanks for the reply! I am not asking the user to enter their username, so will this code still work? I need to somehow get their username by how they are logged on to their computer.....On some operating systems using the IE browser only you can get the computer name of a visitor through the use of ActiveX, here's a link with more on that <!-- m --><a class="postlink" href="http://www.codeproject.com/vbscript/userinfo.asp">http://www.codeproject.com/vbscript/userinfo.asp</a><!-- m -->
I personally wouldn't do that unless I knew all the users use IE and are on a trusted LAN (local area network), so they wouldn't worry about running ActiveX.
Although you can't get the computer name of the user with ASP you can get the I.P address, so another option would be to allow the button based on the right I.P, something like..
<%
if Request.ServerVariables("remote_addr") = "127.0.0.1" then ' the Admin I.P
Response.Write "<input name=""Adminbtn"" type=""button"" id=""Adminbtn"" value=""Maintenance"" onclick=""callsomefunction()"" />"
end if
%>
Of course, the downside to this is if the Admin has a dynamic I.P address and not a static one then the I.P will need updating everytime it changes.
The normal way of doing this is to have only the admins/mods login to the site to get the extra buttons/functions and the passwords and usernames are stored in a database, the database can then keep them logged in while visiting all the page on the site, although a database isn't really needed unless you need to login lots of Admins/users across many pages, if it is to be used on one page by one or two people then you can still use the first example, like this...
example here..
<!-- m --><a class="postlink" href="http://www.jj4.org/users/eddy9/test.asp">http://www.jj4.org/users/eddy9/test.asp</a><!-- m -->
code is..
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>test</title>
</head>
<body>
<form action="test.asp" method="post">
<pre>
Name: <input type="textbox" id="Aname" name="Aname" />
Pass: <input type="textbox" id="Apass" name="Apass" />
<input type="submit" value="Submit" />
</pre>
</form>
<%
dim ps,ad
ps = request.form("Apass")
ad = request.form("Aname")
if (ps = "pass" AND ad = "Admin") then
Response.Write "<input name=""Adminbtn"" type=""button"" id=""Adminbtn"" value=""Maintenance"" onclick=""callsomefunction()"" />"
end if
%>
</body>
</html>I would use session to do controlling normally. After the user login, get the user's group id to create a session variable. So, you can use this session group id in every control you want.