INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS
Come Join Us!
- Talk With Other Members
- Be Notified Of Responses
To Your Posts
- Keyword Search
- Turn Off Ad Banners
- One-Click Access To Your
Favorite Forums
- Automated Signatures
On Your Posts
- Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.
Partner With Us!
"Best Of Breed" Forums Add Stickiness To Your Site
(Download This Button Today!)
Member Feedback
"...I have tons of books, have book marked tons of tutorials, which have helped, but this forum has answered those "impossible to find" solutions. I am thrilled with this site..."
Geography
Where in the world do Tek-Tips members come from?
|
Microsoft: Active Server Pages (ASP) FAQ
|
ASP 101
|
How can I make a secure login for my site?
Posted: 22 Aug 01
|
A lot of users want to know how they can make a secure login facility for their website.
I am presuming you have a database of Username/Passwords that are allowed access to your site.
By secure login I mean that the client must login to view content, and cannot bypass this security by simply typing the URL to a page beyond the login screen into the browser. So lets cut to the chase...
1. The login...
Obiously you need some sort of form to catch the users username and password, and pass it to the processing screen...
*PAGE1.ASP*
<FORM METHOD=POST ACTION=PAGE2.ASP>
<INPUT NAME=USERNAME>
<INPUT NAME=PASSWORD TYPE=PASSWORD>
<INPUT NAME=SUBMIT TYPE=SUBMIT VALUE=LOGIN>
</FORM>
2. Validation...
You then need to catch the username and password and varify them against the username/passwords in the database. If login is successful you need to set a session variable to true. If the login fails you need to generate an error.
*PAGE2.ASP*
<%
Username = Request.Form("USERNAME")
Password = Request.Form("PASSWORD")
'Get username and password from previous page
SQL = "SELECT * FROM Users Where Username='" & Username & "'"
set adoConn = Server.CreateObject ("ADODB.Connection")
set adoRS = Server.CreateObject ("ADODB.RecordSet")
dbPath = Server.MapPath("users.mdb")
adoConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & dbPath
adoRS.Open SQL,adoConn
' OPen a DSN less connection to an access database and get the username and password for the record where username=username
If adoRS.EOF Then
'The username doesn't exist, do an error.
Response.Write "Username Doesn't Exist!"
Else
If Trim(Password) = Trim(adoRS("Password")) Then
'If the passwords match
Session("LoggedIn")="TRUE"
'Set a session variable to true
%>
<SCRIPT LANGUAGE=VBSCRIPT>
window.navigate "page3.asp"
</SCRIPT>
<%
'Forward user to next page
Else
'Passwords don't match
Response.Write "Password is incorrect"
End If
End IF
set adoRS = Nothing
set adoConn = Nothing
%>
3. Checking...
Now on each page that should be secured by this login, you need to add some code before the main page is rendered to check if the user is logged in...
*PAGE3.ASP*
<%
If Session("LoggedIN") <> "TRUE" Then Response.Redirect("error.asp")
%>
Page3 can be added to an include file, and included in any pages that need to be secured. If you want info on how to secure a site better after writing your FAQ, check out Ovatvvon (FAQ333-1522).
Hope this helps someone. Mail me for more info at g@margamcc.com.
G |
Back to Microsoft: Active Server Pages (ASP) FAQ Index
Back to Microsoft: Active Server Pages (ASP) Forum
My FAQ Archive
 Email This FAQ To A Friend |
|
 |
|
