Ramapo Masters of Science 
in Educational Technology

Tools and Concepts of Data Analysis: Dataweb

Adding Password Protection to Your Site (home)

Overview | Download Current Database | Adding Tables to the Database

Creating a Login Page | Password Protecting Pages within the Site | Adding Access Levels to a Login Scheme

Overview: Password Protection

The information you collect through your website is often more valuable than the site itself. When collecting data you take on responsibility for the security of that information. In most cases users who provide such information have the expectation that it will be kept private and secure. If you intend to make this data public you should make this fact known before information is collected. Since we will be creating web pages to view the information collected, we will need to provide a secure method of viewing it by protecting those pages through a password protection system. 

Top | Home

Downloading the Current Database

By this point in the process we have added a bit of test data to the database. This information likely exists only in the copy of the database that resides on the server - not on the local copy stored on your flash drive. In order to add password protection to this site, we will need to make changes to the database and send the revised copy to the server. If we do this without first downloading the data already collected, we will lose it. It is for this reason that we must bring down a copy of the remote database before making revisions. Then when the revised database is sent back to the server, the data will be included. In order to download the current database from the server:

• Open Dreamweaver

• Import your site definition if needed

• Open the file pane if needed

• Open the root folder if needed

• Open the data folder if needed

• Click on the database file | Click the "Get Files" button

• Click "Yes" or "Yes to all" when prompted to overwrite the local copy of the database

Top | Home

Adding a Login Table to the Database

In order to create a password protection systems we must create a table in the database that contains the usernames and passwords of those users allowed to access password protected areas of the site. If such a table does not already exist:

• Open the database through Dreamweaver

• Create a new table named usrsT

• Add the fields uname and pswd setting the data type to text for each field

• Save the table

• Switch to datasheet view and type the names and passwords of those who will view the restricted pages

• Close MS Access

• Push the database file up to the server

Top | Home

Creating a Login Page

In order for designated users to access restricted pages, they must know a username and password combination that exists in the database. The users must pass through a login page to verify that they possess the correct information. To create such a page:

• File | New

• ASP VBScript | Create

• Save the page naming it login.asp

Now we must create a form to check the users username and password against the database. We will create the form, create a table to position the form elements, create the form elements including a submit button, and use a wizard to create the rest of the login procedure.

• Insert | Form | Form

Click inside the form | Insert | Table

Set the table:

• 3 rows

• 2 columns

• Set table width, padding, and spacing as needed

• Pick "left" in the header section as our labels will be in the left column

• OK

• Click anywhere within the table | Click the table tag from the html trail 

• Set the width of the table to 760 pixels in the properties pane

• Select all the cells in the left column of the table

In the property pane,

• Set the width of the cells to 200 pixels

• Set the horizontal alignment to right

• Set the vertical alignment to baseline

• Select all the cells in the right column of the table

In the property pane,

• Set the width of the cells to 560 pixels

• Set the horizontal alignment to left

• Set the vertical alignment to baseline

• In the top left cell of the table type "Username"

• In the left cell of the second row of the table type "Password"

• Click in the upper right cell of the table | Insert | Form | Text Field

• Name the field uname and click OK

• Click in the middle right cell of the table

• Add the password form element (naming it pswd) as you did uname 

• Click on the newly inserted pswd form element

• Choose the "password" option in the properties pane

• Click in the lower right cell of the table | Insert | Form | Button

• Name it "Submit" | OK

Now use the wizard to create a login

• Insert | Data Objects | User Authentication | Log In User

The first section gives the form name and the names of the form elements you have created on the page.

• Verify that  the uname and pswd fields are propertly associated with the correct labels 

• Choose the connection string

• Choose the table from the database that contains your login information

• Verify that the uname field is associated with the Username Column
  (Reselect if needed)

• Verify that the pswd field is associated with the Password Column
  (Reselect if needed)

If the user logs in successfully they will be redirected to another page.

• Choose that page using the browse button next to the "If login succeeds,..." dropdown box

If the user fails during the login they will be redirected to another page. 

• Choose the login.asp using the browse button next to the "If login fails,..." 
  Dropdown box. This will cause the page to reload giving the user another opportunity to log in.

• Save the page, send it to the server and test it. 

To test the page, view it in the browser and attempt to log in using the incorrect username and/or password. You should be redirected to the same login page. Now attempt to log in again using a correct username/password combination. You should be redirected to your query control page.

Top | Home

Adding Password Protection to a Page

In order to password protect a page, you must first have created a login page as described above. To add password protection to a page:

Open the page

Insert | Data Objects | User Authentication | Restrict Access To Page

• Verify that Username and Password option is selected
  (unless the login was designed to allow access based on access level)

• Browse to the login page so that a user will be redirected to that page if they have not logged in.

• OK

• Save the page and send it to the server

To test the page, first log in, proceed to the page and add it to your favorites in Internet Explorer (favorites | Add to Favorites). Next close all copies of Internet Explorer completely. Reopen Internet Explorer and attempt to get to the page using the bookmark you created in favorites (Favorites | click on the text that indicates the page you just added). You should be redirected to the login page.

Top | Home

Adding Access Levels to a Login Scheme

Adding an access level parameter to your login scheme would allow you to grant access to particular pages of a website based on an access level assigned to each user. This can be a very useful feature. You may for example want to share some pages with fellow teachers but limit others so that you alone can access them. To modify an existing login scheme to add access level:

Create an Access Level field in the database table containing login information

• Open the database through Dreamweaver

• Open the table that contains your login information (usrsT)

• Add the field "acclvl" setting the data type to text

• Save the table

• Switch to datasheet view and type the access level of those who will view the restricted pages. You can type any text you wish, but try to develop a scheme that reflects the level of each user. For example you could create a "fullacc" category for yourself and anyone who has access to all pages. You could create a "teachacc" category for those pages that only teachers can access.

• Close MS Access

• Push the database file up to the server

Modify the login scheme on the login page

• Open the login page

• Open the Application pane if not already open

• choose the "Server Behavior" Tab

• You should see a "Log In User" behavior listed | Double click it

• At the bottom of the dialog box choose "Username, password, and Access Level"

• Use the dropdown menu to select the field in the database that contains the access level information

• OK 

• Save the page | Send it to the server

Modify the login scheme on each protected page to limit/allow access

• Open the protected page

• Open the Application Pane and choose the "Server Behavior" tab

• Double click the "Restrict Access To Page()" behavior

• Choose "Username, password, and Access Level"

• Click the "Define" Button

• Type the text that represents the appropriate access level in the box at the bottom and click the "+" sign. This text comes from the scheme you previously developed and matches what you typed in the acclvl field in the database (i.e. - fullacc, teachacc, etc.)

• To add more than one access level, repeat the process of typing the level and clicking the "+" sign. You may add as many as you wish. For example if I assigned myself "fullacc" as an access level, and I assigned all my teachers "teachacc" as an access level, I would need to assign both of these levels to any page that both teachers and I would need to access.

• When done, click OK

• You must repeat this process for each protected page

Top | Home

Site Designed and Maintained by rsciorra
Last Updated 04/25/08