Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Apr 2004
    Posts
    80
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Login Script /w Access Database

    I have a simple log in script going that doesn't use a database, however things are starting to grow and I am no longer the only user of the section protected so I would like to be able to store usernames and passwords in a database and have the login check that rather than login.asp


    Here is the code I'm using. What would I have to do to make it work witha database?

    PHP Code:
    <%

    if 
    request.cookies("extended_members_area") = "qw339cmx" then response.redirect("index.asp")

    sub login()

    response.cookies("extended_members_area") = "qw339cmx"

    response.redirect("index.asp")

    end sub

    if request.form("username") = "Username" and request.form("password") = "Password" then login()

    %> 

  • #2
    Senior Coder A1ien51's Avatar
    Join Date
    Jun 2002
    Location
    Between DC and Baltimore In a Cave
    Posts
    2,717
    Thanks
    1
    Thanked 94 Times in 88 Posts
    Look at this and see if it helps..

    http://www.asp101.com/samples/login.asp

    Eric
    Tech Author [Ajax In Action, JavaScript: Visual Blueprint]

  • #3
    New Coder
    Join Date
    Apr 2004
    Posts
    80
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I read over that and downloaded the files earlier and didn't really understand it. I was actually wondering if there was a way to convert the code i'm using now into code that would check against the info in the database

  • #4
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,072
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Ted, Here is an example of a login script checking against a database. BTW unless you encrypt the password storing them in cookies is a security risk


    Code:
    Dim objConn, objRs, SQL, strUser, strPass
    strUser = Request.QueryString("UserID")
    strPass = Request.QueryString("password")
    Set objConn = Server.CreateObject("ADODB.Connection")
    objConn.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & dbPath & "myDB.mdb; Jet OLEDB:Database Password=myPW;"
    
    SQL = "SELECT * FROM users WHERE userID = '" & strUser & "' AND password = '" & strPass & "'"
    Set objRs = Server.CreateObject("ADODB.Recordset")
    objRs.Open SQL, objConn, adOpenStatic
    
    If Err.number <> 0 then
      TrapError Err.description
    End If
    
    If objRs.EOF Then  
    	Response.Write "<h2 align=center>Wrong UserID</h2>"		Response.write "<p>Click here to <a href=signin.asp>try again</a>."
    ElseIf objRs("password") <> strPass Then
    	Response.Write "<h2 align=center>Wrong Password</h2>"
    	Response.write "<p>Click here to <a href=signin.asp>try again</a>."
    Else 
               Session("LoggedIn") = True
    
    End If

  • #5
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,068
    Thanks
    0
    Thanked 256 Times in 252 Posts
    Quote Originally Posted by Ted Varnson
    I read over that and downloaded the files earlier and didn't really understand it. I was actually wondering if there was a way to convert the code i'm using now into code that would check against the info in the database
    Did you download the Database-Connected Version (the one at the bottom of that asp101 article) ? It is basically the same with what miranda posted.
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________

  • #6
    New Coder
    Join Date
    Apr 2004
    Posts
    80
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well what I dont understand about that is is there something I need to put on each page to check to see if the person trying to access a givin page is logged in?

  • #7
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,072
    Thanks
    4
    Thanked 8 Times in 8 Posts
    on top of EACH asp page put the following code (in order to restrict access to the pages they will need to be .asp)


    using a session variable
    Code:
    'this will look for the session variable and if it exists will allow the page
    'to process.  If it doesn't exist it will force redirect.
    If Session("LoggedIn") = False Then Response.Redirect "signin.asp"
    using a cookie you need to creat a cookie on the sign in page. Replace
    Session("LoggedIn") = True
    With
    Code:
    Response.Cookies("myCookie")("loggedIn") = "True"  
    'expire cookie in 1 hour 
    Response.Cookies("myCookie")("loggedIn").expires = DateAdd(h,1,Now())
    'or expire cookie in 30 minutes
    'Response.Cookies("myCookie")("loggedIn").expires = DateAdd(n,30,Now())
    now on each of the requested pages
    Code:
    'This will look for a cookie that is signed in.  Again this only works on
    'pages with the .asp extension
    If Request.Cookies("myCookie")("loggedIn") <> "True" Then Response.Redirect "signin.asp"
    Using cookies you could also check html pages with client side javascript.
    However, the downfall of a client side solution is the following
    A) If you redirect to signin with javascript, if cookie doesn't exist then the page will have already been loaded on the persons computer before the javascript does the redirect.
    B)if you redirect to correct page if cookie exists then there is still a pointer to correct page.

    So as you can see a client side solution is not a good way to secure the pages. Better off to use either one of the server side solutions.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •