INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

ASP 101

How can I make a secure login for my site? by Geee
Posted: 22 Aug 01

A lot of users want to know how they can make a secure login facility for their website.

I am presuming you have a database of Username/Passwords that are allowed access to your site.

By secure login I mean that the client must login to view content, and cannot bypass this security by simply typing the URL to a page beyond the login screen into the browser. So lets cut to the chase...

1. The login...
Obiously you need some sort of form to catch the users username and password, and pass it to the processing screen...

*PAGE1.ASP*
<FORM METHOD=POST ACTION=PAGE2.ASP>
<INPUT NAME=USERNAME>
<INPUT NAME=PASSWORD TYPE=PASSWORD>
<INPUT NAME=SUBMIT TYPE=SUBMIT VALUE=LOGIN>
</FORM>

2. Validation...
You then need to catch the username and password and varify them against the username/passwords in the database. If login is successful you need to set a session variable to true. If the login fails you need to generate an error.

*PAGE2.ASP*
<%
Username = Request.Form("USERNAME")
Password = Request.Form("PASSWORD")
  'Get username and password from previous page

SQL = "SELECT * FROM Users Where Username='" & Username & "'"
set adoConn = Server.CreateObject ("ADODB.Connection")
set adoRS   = Server.CreateObject ("ADODB.RecordSet")
dbPath = Server.MapPath("users.mdb")
adoConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & dbPath
adoRS.Open SQL,adoConn
  ' OPen a DSN less connection to an access database and get the username and password for the record where username=username

If adoRS.EOF Then
  'The username doesn't exist, do an error.
  Response.Write "Username Doesn't Exist!"
Else
  If Trim(Password) = Trim(adoRS("Password")) Then
    'If the passwords match
  Session("LoggedIn")="TRUE"
     'Set a session variable to true
%>
     <SCRIPT LANGUAGE=VBSCRIPT>
         window.navigate "page3.asp"
     </SCRIPT>
<%
     'Forward user to next page
  Else
     'Passwords don't match
     Response.Write "Password is incorrect"
  End If
End IF
set adoRS = Nothing
set adoConn = Nothing
%>

3. Checking...
Now on each page that should be secured by this login, you need to add some code before the main page is rendered to check if the user is logged in...

*PAGE3.ASP*
<%
If Session("LoggedIN") <> "TRUE" Then Response.Redirect("error.asp")
%>
Page3 can be added to an include file, and included in any pages that need to be secured. If you want info on how to secure a site better after writing your FAQ, check out Ovatvvon (FAQ333-1522).

Hope this helps someone. Mail me for more info at g@margamcc.com.

G

Back to Microsoft: ASP (Active Server Pages) FAQ Index
Back to Microsoft: ASP (Active Server Pages) Forum

My Archive

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close