Author: Li Yanfang, etc.
Excerpt from Sidi.com
The main purpose of setting the firewall for the webpage is to provide different services to different visitors according to the content of the webpage. Using Java Script or VB Script, it is easy for us to do this. However, the source code of the webpage can be seen in the customer browser. Visitors can view the user identification method used, which is just a surface firewall. ASP is the middle layer of the client/server structure on the web. Although it uses script language (Java Script, VB Script, etc.), the program code is running on the server. You can only see the dynamic HTML file output output by ASP on the client. , But ASP still has some loopholes, and you can also see the source code of the ASP program. At this time, through ASP and SQL Server, we can design simple, efficient and reliable applications. Let's briefly introduce its establishment process.
1. Establish login
Establish a visitor Login and Password on SQL Server.
2. Create a database DSN on the network server
Use the "ODBC Data Source Manager" in the "Control Panel" to create an ODBC data resource name for a database, that is, DSN, so that you can connect the specific database by using the database DSN in the future.
"ODBC Data Source Manager" provides three DSNs, which are user DSN, system DSN and file DSN. Among them, the user DSN will save the corresponding configuration information in the registry of Windows, but only allows the creation of the DSN login user to use. System DSN also preserves related configuration information in the system registry, but unlike the user DSN, the system DSN allows all users of all login servers to use.
Unlike the above two database DSN, the file DSN saves the specific configuration information in a specific file on the hard disk. The file DSN allows all users to log in to the server, and even without any user login, it can also provide access support for database DSN. In addition, because the file DSN is stored in a hard disk file, it can be easily copied into other machines. In this way, users can use the DSN created directly on other machines without any changes to the system registry.
In the above three database DSNs, users are recommended to choose system DSN or file DSN. If users prefer the gradients of the file DSN, they can obtain higher security guarantee by setting the access permissions of the file under the NT system.
Establish a new DSN, the user first selects "Add", and then selects the user to establish a connected database type in the pop -up window and select the "SQL Server" item in the list. If the user creates a file DSN, click the "Next" button and enter the file name and storage path of the file DSN to be established in the subsequent dialog box. If the user builds the system DSN, click the "Complete" button.
After selecting the database, the user needs to set the database DSN. Users need to choose a specific server for providing database services, set the user name and password, and the database they will be connected.
Third, programming
The following is a simple page firewall function. This page only limits users of the internal network of this unit to visit (hereby assume that the IP address of the internal network is between 10.61.96. to 10.65.97.). Name and password. Here is the servervariables property of the Request object to obtain the value of the environment variable through it.
The program source code (Firewall.asp) is as follows:
<Html>
<Head>
"Meta HTTP-EQUIV = Content-Type Content = Text/HTML; Charset = GB_2312-80>
"Meta name = General Content = Microsoft FrontPage Express 2.0>
<Title> Firewall.asp </Title>
</Head>
"Body Background =#800080>
< /%
'Use Request.servervariables (Remote_addr) to get the IP address and save it in the variable remoteip
Remoteip = Request.servervariables (Remote_addr)
stip = cstr (remoteip)
'Get the value of the third paragraph of the IP address and save it in the stip
for i = 1 to 2
stip = Right (stip, len (stip) -Instr (1, stip ,.)))
next
stip = left (stip, Instr (1, STIP,.) 1)
'IP address validity test and password verification, including two aspects: if the IP address is compliant, passed the verification; if the IP address is not met, the input input user name and password are correct
if (left (remoteip, 5) <> 10.61 or stip <96 or stip> 97) then
username = request.form (t1)
password = request.form (t2)
set fs = createObject (scripting.filesystemObject)
set thisfile = fs.openTextFile (dsn.txt)
db_loc = thisfile.readline
thisfile.close
CNSTR = DB_LOC && uid = && Username &&; && PID = && Password
On error resume next
set cn = server.createObject (Adodb.connection)
cn.open cnstr
if ERR = 3709 THEN %>
"FONT COLOR =#FF0000> I'm sorry, user: <%= username%> does not access the right, or the password is incorrect! <br> </font> </p>
"Form Method = POST"
"P Align = Center> Username:" Input Type = Text name = T1 SIZE = 20> password: "Input Type = Password Name = T2 SIZE = 20>" Input Type = Submit Value = e = b1> <input type = Reset Value = All rewritten name = B2>
</P>
</Form>
<%END If
cn.close
set cn = Nothing%>
< %Else %>
Congratulations, you have passed the verification, you can use the resources of this site directly!
<%End IF%>
</Body>
</Html>
Slightly modify the above information such as IP address, the program can run.
Of course, the above firewall function is only realized in a page. If a website has multiple pages, you can set a session variable to sign the user, and judge in the page below.
Note: I didn't look at the original text well, and my friends introduced me. If you feel bad, don't watch it. Anyway, we are dotnet now. Essence Ha ha