Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How can I make a secure login for my site?

ASP 101

How can I make a secure login for my site?

by Geee Posted Aug 22, 2001 (Edited Aug 22, 2001)

A lot of users want to know how they can make a secure login facility for their website.

I am presuming you have a database of Username/Passwords that are allowed access to your site.

By secure login I mean that the client must login to view content, and cannot bypass this security by simply typing the URL to a page beyond the login screen into the browser. So lets cut to the chase...

1. The login...
Obiously you need some sort of form to catch the users username and password, and pass it to the processing screen...

*PAGE1.ASP*
<FORM METHOD=POST ACTION=PAGE2.ASP>
<INPUT NAME=USERNAME>
<INPUT NAME=PASSWORD TYPE=PASSWORD>
<INPUT NAME=SUBMIT TYPE=SUBMIT VALUE=LOGIN>
</FORM>

2. Validation...
You then need to catch the username and password and varify them against the username/passwords in the database. If login is successful you need to set a session variable to true. If the login fails you need to generate an error.

*PAGE2.ASP*
<%
Username = Request.Form("USERNAME")
Password = Request.Form("PASSWORD")
'Get username and password from previous page

SQL = "SELECT * FROM Users Where Username='" & Username & "'"
set adoConn = Server.CreateObject ("ADODB.Connection")
set adoRS = Server.CreateObject ("ADODB.RecordSet")
dbPath = Server.MapPath("users.mdb")
adoConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & dbPath
adoRS.Open SQL,adoConn
' OPen a DSN less connection to an access database and get the username and password for the record where username=username

If adoRS.EOF Then
'The username doesn't exist, do an error.
Response.Write "Username Doesn't Exist!"
Else
If Trim(Password) = Trim(adoRS("Password")) Then
'If the passwords match
Session("LoggedIn")="TRUE"
'Set a session variable to true
%>
<SCRIPT LANGUAGE=VBSCRIPT>
window.navigate "page3.asp"
</SCRIPT>
<%
'Forward user to next page
Else
'Passwords don't match
Response.Write "Password is incorrect"
End If
End IF
set adoRS = Nothing
set adoConn = Nothing
%>

3. Checking...
Now on each page that should be secured by this login, you need to add some code before the main page is rendered to check if the user is logged in...

*PAGE3.ASP*
<%
If Session("LoggedIN") <> "TRUE" Then Response.Redirect("error.asp")
%>
Page3 can be added to an include file, and included in any pages that need to be secured. If you want info on how to secure a site better after writing your FAQ, check out Ovatvvon (faq333-1522).

Hope this helps someone. Mail me for more info at g@margamcc.com.

G

Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Back

Top