...

View Full Version : Login Script /w Access Database



Ted Varnson
09-02-2004, 04:00 PM
I have a simple log in script going that doesn't use a database, however things are starting to grow and I am no longer the only user of the section protected so I would like to be able to store usernames and passwords in a database and have the login check that rather than login.asp


Here is the code I'm using. What would I have to do to make it work witha database?


<%

if request.cookies("extended_members_area") = "qw339cmx" then response.redirect("index.asp")

sub login()

response.cookies("extended_members_area") = "qw339cmx"

response.redirect("index.asp")

end sub

if request.form("username") = "Username" and request.form("password") = "Password" then login()

%>

A1ien51
09-02-2004, 06:35 PM
Look at this and see if it helps..

http://www.asp101.com/samples/login.asp

Eric

Ted Varnson
09-02-2004, 07:14 PM
I read over that and downloaded the files earlier and didn't really understand it. I was actually wondering if there was a way to convert the code i'm using now into code that would check against the info in the database

miranda
09-03-2004, 03:02 AM
Ted, Here is an example of a login script checking against a database. BTW unless you encrypt the password storing them in cookies is a security risk




Dim objConn, objRs, SQL, strUser, strPass
strUser = Request.QueryString("UserID")
strPass = Request.QueryString("password")
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & dbPath & "myDB.mdb; Jet OLEDB:Database Password=myPW;"

SQL = "SELECT * FROM users WHERE userID = '" & strUser & "' AND password = '" & strPass & "'"
Set objRs = Server.CreateObject("ADODB.Recordset")
objRs.Open SQL, objConn, adOpenStatic

If Err.number <> 0 then
TrapError Err.description
End If

If objRs.EOF Then
Response.Write "<h2 align=center>Wrong UserID</h2>" Response.write "<p>Click here to <a href=signin.asp>try again</a>."
ElseIf objRs("password") <> strPass Then
Response.Write "<h2 align=center>Wrong Password</h2>"
Response.write "<p>Click here to <a href=signin.asp>try again</a>."
Else
Session("LoggedIn") = True

End If

glenngv
09-03-2004, 12:42 PM
I read over that and downloaded the files earlier and didn't really understand it. I was actually wondering if there was a way to convert the code i'm using now into code that would check against the info in the database
Did you download the Database-Connected Version (http://www.asp101.com/samples/download/login_db.zip) (the one at the bottom of that asp101 article) ? It is basically the same with what miranda posted.

Ted Varnson
09-03-2004, 08:43 PM
Well what I dont understand about that is is there something I need to put on each page to check to see if the person trying to access a givin page is logged in?

miranda
09-03-2004, 11:17 PM
on top of EACH asp page put the following code (in order to restrict access to the pages they will need to be .asp)


using a session variable


'this will look for the session variable and if it exists will allow the page
'to process. If it doesn't exist it will force redirect.
If Session("LoggedIn") = False Then Response.Redirect "signin.asp"



using a cookie you need to creat a cookie on the sign in page. Replace
Session("LoggedIn") = True
With


Response.Cookies("myCookie")("loggedIn") = "True"
'expire cookie in 1 hour
Response.Cookies("myCookie")("loggedIn").expires = DateAdd(h,1,Now())
'or expire cookie in 30 minutes
'Response.Cookies("myCookie")("loggedIn").expires = DateAdd(n,30,Now())

now on each of the requested pages


'This will look for a cookie that is signed in. Again this only works on
'pages with the .asp extension
If Request.Cookies("myCookie")("loggedIn") <> "True" Then Response.Redirect "signin.asp"


Using cookies you could also check html pages with client side javascript.
However, the downfall of a client side solution is the following
A) If you redirect to signin with javascript, if cookie doesn't exist then the page will have already been loaded on the persons computer before the javascript does the redirect.
B)if you redirect to correct page if cookie exists then there is still a pointer to correct page.

So as you can see a client side solution is not a good way to secure the pages. Better off to use either one of the server side solutions.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum