A lot of users want to know how they can make a secure login facility for their website.
I am presuming you have a database of Username/Passwords that are allowed access to your site.
By secure login I mean that the client must login to view content, and cannot bypass this security by simply typing the URL to a page beyond the login screen into the browser. So lets cut to the chase...
1. The login...
Obiously you need some sort of form to catch the users username and password, and pass it to the processing screen...
2. Validation...
You then need to catch the username and password and varify them against the username/passwords in the database. If login is successful you need to set a session variable to true. If the login fails you need to generate an error.
*PAGE2.ASP*
<%
Username = Request.Form("USERNAME")
Password = Request.Form("PASSWORD")
'Get username and password from previous page
SQL = "SELECT * FROM Users Where Username='" & Username & "'"
set adoConn = Server.CreateObject ("ADODB.Connection")
set adoRS = Server.CreateObject ("ADODB.RecordSet")
dbPath = Server.MapPath("users.mdb")
adoConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & dbPath
adoRS.Open SQL,adoConn
' OPen a DSN less connection to an access database and get the username and password for the record where username=username
If adoRS.EOF Then
'The username doesn't exist, do an error.
Response.Write "Username Doesn't Exist!"
Else
If Trim(Password) = Trim(adoRS("Password")) Then
'If the passwords match
Session("LoggedIn")="TRUE"
'Set a session variable to true
%>
<SCRIPT LANGUAGE=VBSCRIPT>
window.navigate "page3.asp"
</SCRIPT>
<%
'Forward user to next page
Else
'Passwords don't match
Response.Write "Password is incorrect"
End If
End IF
set adoRS = Nothing
set adoConn = Nothing
%>
3. Checking...
Now on each page that should be secured by this login, you need to add some code before the main page is rendered to check if the user is logged in...
*PAGE3.ASP*
<%
If Session("LoggedIN") <> "TRUE" Then Response.Redirect("error.asp")
%>
Page3 can be added to an include file, and included in any pages that need to be secured. If you want info on how to secure a site better after writing your FAQ, check out Ovatvvon (faq333-1522).
Hope this helps someone. Mail me for more info at g@margamcc.com.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.