Good Morning, I am wondering if anyone knew of a good login script, to look up from an Access DB,
Any assistance would be cracking!
Cheers
Richard
Richard Noon
Any assistance would be cracking!
Cheers
Richard
Richard Noon
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Login Script
- Thread starter rjn2001
- Start date
what have you tried so far?
Tony
[red]_________________________________________________________________[/red]
Webmaster -
Tony
[red]_________________________________________________________________[/red]
Webmaster -
- Thread starter
- #3
Which is quite primative, and a couple of others which i dont have the URL for....I am currently using (Alot of code follows)
Which is fine, but I have just had to change my site to take account for my idiot boss...so we no longer have UserID, but E_Mail
Would it be easier to edit this script?, I do want to get rid of some of the code in it, as it is quite bulky really.
Code:
Dim strSQL 'Database query sring
Dim strUserName 'Holds the user name
Dim objMD5 'Hold MD5 Obj
Dim strTotalTries 'Holds No of Tries
Dim blnAuto 'Holds Auto Login
Dim redir 'Holds Redirection Page
Dim blnCookies 'Holds Cookies Navigation
Dim tm2
blnCookies = Cbool(Request.form("blnCookies"))
' are actually working.
if NOT Request.Cookies("Zone")("test") = "OK" then blnCookies = True
strUserName = formatSQLInput(Request.Form("txtUserName"))
if NOT Request.form(".tries") <> "" then
Response.Redirect("default.asp?encrypt=MD5&.tries=0" & strTotalTries & "&au=FORM&SN=" & strUserName & "")
end if
if Session("BruteForce")=True then
if NOT Lcase(Decrypt(Request.Form("token"),Request.Form("cryptKey"))) = Lcase(Trim(Mid(Request.Form("key_ent"), 1, 6))) then response.redirect("default.asp?encrypt=MD5&.tries=0" & strTotalTries & "&au=Security&SN=" & strUserName & "")
end if
redir = request.form("rd")
Set objMD5 = New MD5 'Intializating MD5 Object
'Initalise the MD5 as Password variable
objMD5.Text = Request.Form("txtUserPass")
'Initalise the strUserName variable
blnAuto = Request.Form("aulogin")
response.write strUserName
response.write objMD5.HEXMD5
'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")
'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblUsers.Password, tblUsers.date_join, tblUsers.blocked FROM tblUsers WHERE tblUsers.UserID ='" & strUserName & "'"
'Query the database
rsCheckUser.Open strSQL, strCon
Dim rand 'Holds session random Key
Dim guid 'Genrate 64-Bit Guid
'GUID is Very much effective in MailBox Security
guid = CreateWindowsGUID()
rand = RandomPW(10)+RandomPW(5) ' Genrates Random Session Key of Length 10+5 More Secure than 15
strTotalTries = CInt(Request.Form(".tries"))+1
'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then
'Read in the password for the user from the database in MD5 RSA Hash
If lcase(objMD5.HEXMD5) = rsCheckUser("Password") Then
'If the password is correct then set the session variable to True
Session("" & Rand & "") = True
'UPDATED TEXT: use for checking account duration
if blnTrial = True then
if year(now()) - year(rsCheckUser("date_join")) >= Cdbl(intTrialPeriod/365) then response.redirect("default.asp?au=expire")
if month(now()) - month(rsCheckUser("date_join")) >= Cdbl(intTrialPeriod/30) then response.redirect("default.asp?au=expire")
if Day(now()) - Day(rsCheckUser("date_join")) >= intTrialPeriod then response.redirect("default.asp?au=expire")
End if
'End of UPDATE EE 2.25
if rsCheckUser("Blocked") = True then Response.redirect("default.asp?au=blocked")
'FOr Online Status
'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")
'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "Update tblUsers SET Activity = Yes , rand_key = '" & Rand & "' , sid = '" & guid & "' WHERE tblUsers.UserID ='" & strUserName & "'"
'Query the database
rsCheckUser.Open strsql, strCon
'Close Objects before redirecting
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
if NOT blnCookies = True then
'Writes the cookie
Response.Cookies("Zone").Expires = Now()
Response.Cookies("Zone")("UserID") = strUserName
Response.Cookies("Zone")("Key") = rand
Response.Cookies("Zone")("Auto") = blnAuto
Response.Cookies("Zone")("GUID")= guid
Response.Cookies("Zone").Expires = DateAdd("yyyy", 1, Now())
'Redirect to the authorised user page and send the users name
if redir <> "" then
Response.Redirect"" & redir & "?.rand=" & rand
End if
Response.Redirect"Menu.asp?.rand=" & rand
else
if redir <> "" then
Response.Redirect"" & redir & "?__sid=" & guid
End if
Response.Redirect"Menu.asp?__sid="& guid
End if
End If
End If
'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
Session("try") = strTotalTries
'If the script is still running then the user must not be authorised
Session("" & Rand & "") = False
'Redirect to the unautorised user page
Response.Redirect("default.asp?encrypt=MD5&.tries=" & strTotalTries & "&au=WRONG&SN=" & strUserName & "")Richard Noon
- Thread starter
- #5
No, it is on the tinternet, I want to have the login for this, i am currently using the login script on this site
Richard Noon
Richard Noon
you could still use email as the query...to cut out 'bots' have the user fill out the form and submit the form info and cdo email it back w/ their info and a link w/ their email address in the string...so when they click on it there are two things it does...1 it's a valid email because someone clicked on that site. 2 you can look up that email in database to again validate...then have user enter their password...just a though...many FREE host sites do this and works great...good look
- Status
Similar threads
- Locked
- Question
- Locked
- Question