User Management

Understanding User Management

In the discussion of the first module, we will learn about the user management. User management will determine and classify users into different levels according to the needs of users of web-based applications, if we are already familiar with the operating system Linux, Unix and its variants, this will greatly help us in understanding the user management for the operating system using the user menagement very well, even terhasap permissions of a file. Identical to the existing user menagent in the system where the root user is supreme, identical to this, the web site also implement the "match" method meraka use. A simple example for a user is a classification level which acts as the admin user (root in * nix operating systems) and a user acting as a normal user. If our great web-based application so there will be more detail pembagaian user, not just a regular user adamin and there are also known as sub-admin user level 1, level 2 and onwards user. Usually as the admin user has full authority to user management (add, delete and modify user), are granted access to update, delete, publish, Unpublish, pending, remove the news, to upload files, for advertising and so forth. While the normal user (usually) can only access the page containing personal biographical data, for example, can read news, make comments, but do not update the news, can read the ads and enter your application letter and other rights are certainly different user rights as the admin. To add a description, other examples eg a textile company. In no part of the company's Finance, HR, Sales, Purchasing, Warehouse and course management section or in this case is the director. Each piece or we call it user-level, has a group of people as a user and of course have the rights and obligations and interests different for each section. For example, people in the Finance section of course can only access about
finance-related course, and part storage can only be associated with the subject accessing the warehouse alone, while for the director he certainly does not need detailed information about sales transactions at any time, but it only takes and access information about total sales and profit per day, per month or per year. For example, the company wanted to create a web based application that is integrated, it would require the user to give the management of access rights each user according to their share. In this discussion, there are prerequisites that you must have, among other things: you can create a virtual directory, you already understand database design, able to create a database with MS. Access, understand and be able to run ASP scripts and understand the process of connecting to a database using OLE DB to perform operations add data, delete data or update data. Because the discussion of user management, there will be described in detail how you should make the process of connecting to a data base for operations addition of data and so on. The important thing here is how
create a web based application that has a user level.

To create a simple application that has a user level we will use the example above, the classification has made ​​the application user that acts as the admin and user classifications that acts as a normal user. Means, this application will have two types of user levels, between other:

- ADMIN
Has the full right and authority to user management, namely add users, delete users and modify user. admin has rights for news updates.
- USER
Have the right to access personal pages containing biographical data and read the latest news

Setting up a Virtual Directory

Make a new directory, for example C: Inetpub \ wwroot \ www. create a directory is a new virtual directory named www. Do not forget to turn executed on the virtual directory. The whole file to be used for making user management application will be stored in this directory.

Setting up the Database

The first step to make user management application is prepared database. In this discussion, we will use Ms. Access as a base data. Create a database with the name user.mdb, save it in a directory
C: Inetpub \ wwroot \ www \ db \. There are three tables are required, among other things:

- Table tblGroup
Used to store the user id and a description of the group user. This table consists of two columns, the first column as the primary key column group_id and the Description field for the description user.
Ms.Access table structure is as follows:

Fill in the table above with the following:

Creating Include Files

To facilitate the management of ASP script writing, then we will make a separate script files (with the extension *. Inc.) which then will be in-include several pages into polling applications as needed. There are two scripts that we will create, the script to connect to the database (file name conn.inc) and scripts to close the connection to the database (close.inc). Save this file into the directory C: Inetpub \ wwroot \ www \ inc

<%
Dim oConn, sql
Set oConn = Server.CreateObject("ADODB.Connection")
oConn.Open "provider=Microsoft.Jet.OLEDB.4.0;data source=" &
server.mappath(".") & "..\db\user.mdb"
Sub CloseConn
On Error Resume Next
oConn.Close
Set oConn = Nothing
End Sub
%>




Creating the Login Page

To create a user management application, after making virtual directory and database, then, is that the login page. There are several techniques in create a user login, among others:

- Using hidden form. This method is not flexible, because it requires each
page check the data sent by the form, so that if the user moved the page without pressing the submit button, will be deemed invalid.
- Using cookies. This method is quite good, as it allows flexibility
user in moving the page. But these cookies are applicable period during browser has not been turned off, making it less safe. Imagine if you leave the browser in a state has not closed, then there are others who wear them.
- Using the session. This is what will be discussed. IIS is packed with facilities
state management is very good, through the concept of application and session. To make the user login page, still required the use of file global.asa.


The login page uses FORM to transmit data. Use method = POST in the form so that the password can not be seen through the querystring.

<% Response.Buffer = TRUE%>
<! - # include file = "inc / conn.inc" ->


<html>
<head>
<title> login.asp </ title>
<meta http-equiv="expires" content="-1" />
<meta http-equiv="Pragma" content="no-cache" />
</ head>
<body>
<PRE>
<CENTER>
please Login
The source code is name="form1" method="post">
Username: <input type="text" name="login">
Password: <input type="password" name="password">
<BR>
<input type="submit" name="submit" value="Login">
</ form>
</ CENTER>
</ PRE>
</ body> </ html>
<%
'-------------- ---------------- User authentication
'This will determine the length of the session timeout. If the user does not
'Make a request page at all in the time period
'Specified, then the session will be deleted. The default is 20 minutes.
'In the example below is set to 5 minutes.
Session.timeout = 5

if

request.form ("submit") <> "" then
name = request.form ("login")
pass = request.form ("password")


sql = "select * from tbluser where name = '" & name & "' and password = '" & pass & "'" set rs = oconn.execute (sql)
if rs.eof then
set rs = oconn.execute (sql)
if rs.eof then
'If you can not find the name and pass at the table, there is a message
response.write "<center> User name or Password Wrong! </ center>"
elseif rs ("group_id") = "2" then
session ("verified") = "yes"
session ("username") = name
session ("userid") = rs ("group_id")
response.redirect "user.asp"
else
session ("verified") = "yes"
session ("username") = name
response.redirect "admin.asp"
end if
rs.close
set rs = nothing
end if
%>
<! - # include file = "inc / close.inc" ->

Save with Login.asp file name in the directory C: Inetpub \ wwroot \ www \. Will look like the following: