www.PowerASP.com

Advanced Website Password Protection (LITE VERSION)

INFO ON PUCHASING THE FULL VERSION IS AVAILABLE AT
www.powerasp.com
It has many advanced features compared to the Lite Version.

Designed By Chris Williams (chris@powerasp.com)

Legal Requirements... If you use this password system.
The link and credit to PowerASP.com must remain within the Administration section.
The credit and link must remain in its original form at the top of the pages and cannot
be altered in any way except for colors. The colors must offer good contrast with the
backgrounds and must be easily visible.

I am trusting you to do this and that is the only stipulation of using this system.

DIRECTIONS (It is recommended that you read all of this carefully)

Copy the contents of this zip into the root of your website
The zip contains the following files and folders
FOLDER _database The database directory and sample database
FOLDER password_admin The Administration portion of this   
FILE check_user_inc.asp The password protection script
FILE simple_example.asp Example of how to include the password script and NOT check for access levels
Here are some things you need to do to get this working.

Manually specify the data path in check_user_inc.asp
This has to be set manually. You cannot use Server.MapPath because
this file will be included in every page you password protect.

EX:)
DATA_PATH = "C:\Inetpub\wwwroot\password\_database\passwords.mdb"

If you change the password for the access database set that also. See Access help files for information on changing a database password.

EX:)
ConnPasswords_RuntimePassword = "Xpass"
BTW.. That is a capital "X" and the rest is lower case.
If running NT make sure the Database or Database Directory has
Change permissions for the anonymous webserver account or you will get errors like.

[Microsoft][ODBC Microsoft Driver] Not a valid password.

This error is because the database could not be opened so it gives back this error message that ends up confusing everyone. Anyway if you see this error it is because the permissions have not been set.
Here is some additional info you might like to know.

By default there are 2 sample users.

ADMINS can add and remove other ADMINS...   You could easily modify the way all that works, but that is how I made this for now.

This is an Admin account. (Admins have access to the admin area.)
username test
password test

This user has Basic access. (A basic user can not access the admin area.)
username joe
password test

Use the Admin account to get into the Admin Area and manage users.
If you lose Admin access because you unchecked it or forgot the password
you will have to open the database up via Microsoft Access and add
Admin access to an existing user in order to gain access to the Web Admin again.
After a user logs in there are variables that you can always access.
They can be used to check various things or to display information
dynamically based on who has logged into the system.

Session("PASSWORDACCESS")
Session("FULL_NAME")
Session("PASSWORD")
Session("USERNAME")
Session("ADMIN")

You can display them on a page using Response.Write like so

<% Response.Write(Session("FULL_NAME")) %>

or like this

<% = Session("FULL_NAME") %>


Disclaimer... PowerASP and Chris Williams make no guarantee about the security this script offers. Use this at your own risk. To the best of knowledge it is very secure, but that doesn't mean there isn't a bug or some hacker will never find a way into it. We recommend you rigorously test it and change the password on the Access database before you start using this. That way if someone downloads your database they will a hard time getting anything useful out of it especially since the database supplied with this download is also encrypted. If you really want secure password protection you should port this to a SQL database.