A lot of users want to know how they can make a secure login facility for their website.
I am presuming you have a database of Username/Passwords that are allowed access to your site.
By secure login I mean that the client must login to view content, and cannot bypass this security by simply typing the URL to a page beyond the login screen into the browser. So lets cut to the chase...
1. The login... Obiously you need some sort of form to catch the users username and password, and pass it to the processing screen...
2. Validation... You then need to catch the username and password and varify them against the username/passwords in the database. If login is successful you need to set a session variable to true. If the login fails you need to generate an error.
*PAGE2.ASP* <% Username = Request.Form("USERNAME") Password = Request.Form("PASSWORD") 'Get username and password from previous page
SQL = "SELECT * FROM Users Where Username='" & Username & "'" set adoConn = Server.CreateObject ("ADODB.Connection") set adoRS = Server.CreateObject ("ADODB.RecordSet") dbPath = Server.MapPath("users.mdb") adoConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & dbPath adoRS.Open SQL,adoConn ' OPen a DSN less connection to an access database and get the username and password for the record where username=username
If adoRS.EOF Then 'The username doesn't exist, do an error. Response.Write "Username Doesn't Exist!" Else If Trim(Password) = Trim(adoRS("Password")) Then 'If the passwords match Session("LoggedIn")="TRUE" 'Set a session variable to true %> <SCRIPT LANGUAGE=VBSCRIPT> window.navigate "page3.asp" </SCRIPT> <% 'Forward user to next page Else 'Passwords don't match Response.Write "Password is incorrect" End If End IF set adoRS = Nothing set adoConn = Nothing %>
3. Checking... Now on each page that should be secured by this login, you need to add some code before the main page is rendered to check if the user is logged in...
*PAGE3.ASP* <% If Session("LoggedIN") <> "TRUE" Then Response.Redirect("error.asp") %> Page3 can be added to an include file, and included in any pages that need to be secured. If you want info on how to secure a site better after writing your FAQ, check out Ovatvvon (FAQ333-1522).