Here is a script that I'm currently using that works very well. It uses and Access table which contains the name passwords and IP addresses of everyone that will be accessing your site. You can specify where a persons can gain access by assigning them an IP address to a webpage. Check it out. All you have to do is create a table with the same names I have in bold, setup a DSN, copy and past this code into a page and your in business.
<%
'HERE IS THE CODE TO THE FORM:
Option Explicit
Dim strError, strSQL, objRS
'see if the form has been submitted
If Request.Form("action"
="login" Then
'the form has been submitted
'// validate the form
'check if a username has been entered
If Request.Form("username"
= "" Then _
strError = strError & "- Please enter a username<br>" & vbNewLine
'check if a password has been entered
If Request.Form("password"
= "" Then _
strError = strError & "- Please enter a password<br>" & vbNewLine
'// check if an error has occured
If strError = "" Then
'continue
'include database connection code
%>
<%
Set objConn = Server.CreateObject ("ADODB.Connection"
'Set Rlog = Server.CreateObject ("ADODB.Recordset"
Set oRS = Server.CreateObject ("ADODB.Recordset"
objConn.Open "ASPVOL"
'-- Declare your variables
Dim Cnt, cmdDC, RecordSet, oRS, bDate, eDate, objConn
'-- Create object and open database
Set cmdDC = Server.CreateObject("ADODB.Command"
cmdDC.ActiveConnection = objConn
%>
<%
'// create the SQL
strSQL = "SELECT RecordId,pass,address FROM StarAdmin WHERE Supervisors='" & _
fixQuotes(Request.Form("username") & "'"
'// run the SQL
Set objRS = objConn.Execute (strSQL)
'// see if there are any records returned
If objRS.EOF Then
'no username found
strError = "- Invalid username or password<br>" & vbNewLine
Else
'check password
If objRS("pass"
=Request.Form("password"
Then
'username/password valid
'save session data
Session("loggedin"
= True
Session("userid"
= objRS("RecordId"
'redirect to members area
Response.Redirect (objRS("address"
)
Response.End
Else
'invalid password
strError = "- Invalid username or password<br>" & vbNewLine
End If
End If
End If
If strError <> "" Then
'output the error message
'add extra HTML...
strError = "<p><font color=""#FF0000"">The following errors occured:" & _
"</font><br>" & vbNewLine & strError
End If
'display message in URL.. (ie thank you for registering)
If Request.QueryString("msg"
<> "" And strError = "" Then
strError = "<p>" & Request.QueryString("msg"
& "</p>"
End If
End If
Function fixQuotes(strData)
fixQuotes = Replace(strData,"'","''"
End Function
're-set session data (ie log out)
Session("loggedin"
=""
Session("userid"
=""
%>
<html>
<head>
<title>Members Area Login</title>
</head>
<body>
<h1 align="center">
<img border="0" src="Report1.jpg" width="170" height="164"></h1>
<p align="center">Please enter your username and password to this portion of the
site.</p>
<%=strError%>
<form action="ANewlogin.asp" method="POST">
<input type="hidden" name="action" value="login">
<div align="center">
<center>
<table border="0" style="border-collapse: collapse" bordercolor="#111111" cellpadding="0" cellspacing="0">
<tr>
<td><b>Username: </b></td>
<td>
<input type="text" maxlength=20 name="username"
value="<%=Server.HTMLEncode(Request.Form("username"
)%>" size="20"></td>
</tr>
<tr>
<td><b>Password: </b></td>
<td>
<input type="password" maxlength=20 name="password"
value="<%=Server.HTMLEncode(Request.Form("password"
)%>" size="20"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</center>
</div>
</form>
</body>
</html>
<%
Set cmdDC = Nothing
Set Cnt = Nothing
%>
I was wondering how I go about password protecting some admin pages on my site. For example, when they try to load the page, it pops up "please enter the password..." and then you are either granted or denied access.
