Hi,

I'm creating a website using ASP and an Access backend.

To use the site you will need to login in.

I haven't wrote a login script before, has anyone an examples? or tips? I take it cookies will be the best?

Ta

Holty

Here you go... you can do all this on one page but I prefer to do it on separate pages...

Form page - default.asp

I'll leave out all the non relevant stuff

<form name="login" method="post" action="checklogin.asp">
<input type="text" name="uname">
<input type="text" name="pword">
<input type="submit" value="&nbsp;Submit&nbsp;">


checklogin.asp
This processes the form and compares to database

<% @LANGUAGE = VBSCRIPT %>
<% Option Explicit %>
<%
Dim uname, pword
uname = Request.Form("uname")
pword = Request.Form("pword")

Dim cmdGetUser, rsGetUser
Set cmdGetUser = Server.CreateObject.Command
cmdGetUSer.ActiveConnection = your connection string here
cmdGetUser.CommandText = "SELECT * FROM tbl_Users WHERE tblUsers.Username = '" & uname "'"
cmdGetUser.CommandType = adCmdText

Set rsGetUser = cmdGetUser.Execute

Set cmdGetUser = Nothing

While Not rsGetUser.EOF

If UCase(uname) = Ucase(rsGetUser("username")) Then
If UCase(pword) = Ucase(rsGetUser("password")) Then
Session("UserID") = rsGetUser("UserID")
Response.Redirect "success.asp"
Else
Response.Redirect "default.asp?error=password"
End If
Else
Response.Redirect "default.asp?error=username"
End If

rsGetUser.Close()
Set rsGetUser = Nothing
%>


success.asp
You only get here if the login was successful. Then on this page and each page you want behind the login (or even better as an include file) use the following.

Dim checkLogin
checkLogin = Session.Contents("UserID")

If checkLogin = "" OR IsNull(checkLogin) Then
Response.Redirect "default.asp?error=timeout"
End If

Form page - default.asp
Add to this form page below the form. It's checks the error querystring and returns the appropriate error.


Dim errorResult
errorResult = Request.QueryString("error")

Select Case(errorResult)
Case "username"
Response.Write "The username you entered is invalid. Please try again"
Case "password"
Response.Write "The password you entered in invalid. Please try again"
Case "timeout"
Response.Write "Either your user session has timed out or you have logged out. Please log in again"
End Select


I haven't added any formatting, etc... but what I normally do is create an 'error' style in my stylesheet (red and bold) and then format any error messages with that.

I tend to use a session variable for actual log in, unless someone checks the 'Remember Me' box, in which case I set a cookie and use that persistently. I haven't put that here though since wanted to keep this fairly simple. Either solution relies on the users browser allowing cookies anyway.

It's also normally a good idea just to check with javascript that both the username and password field have something in them of the right format and right length - but I've not put that here.

Hope this helps

Dominic :D

I also have a basic registration/login script here (http://www.solidscripts.com/downloads/login.zip).

It's pretty much the same deal, users are required to answer an email before they can access the site.

My script is pretty basic, and should be fairly easy to understand, but one of these days I'm going to write a much easier to configure, all in one page version (I wrote that awhile back, and it's amazing how much you learn in a few months!).

Thanks guys, great work from both of you!!

What would I do without this forum?!!:D

No problem - my pleasure...

BTW - are you a bit of a javascript/regexp expert???

If so, could youu go have a look at this thread for me...

http://www.codingforums.com/showthread.php?s=&threadid=9241

Am having a few probs validating a URL with reg exp.

Dominic :D