scottr
May 4th, 2000, 07:48 AM
Hi i put togher the following code and thought it might be useful for security login and stuff like that
if the password is good then it will be redirected to a page called loginaccepted.asp if it is bad then
logindeclined.asp.
the database structure is as follows:
username -Text
password -Text
userlevel -Text
all the code below is on a page called login.asp
<%@ Language=VBScript %>
<%
'check to see if there is anything there
If Not IsEmpty(Request.Form("UserName")) Then
Dim conn
Dim rs
Dim strconn
Dim struserName
Dim strpassWord
Dim struserLevel
strconn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= whatever your path is"
goes here
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open strconn
Set rs = Server.CreateObject("ADODB.Recordset")
sql= "SELECT * FROM userlist WHERE username = '" &
Request.Form("UserName") & "' AND password = '" & Request.Form("password") &
"'"
rs.Open sql, conn
'this will check if there are no records, it it is
'true then boom that means that there are no records
'if rs.BOF and rs.EOF then
'end if
If Not rs.EOF Then
' User exists
'make sure to close out all the connections before redirecting
struserName = rs.Fields("userName")
strpassWord = rs.Fields("password")
struserLevel = rs.Fields("userLevel")
session("username") = struserName
session("password") = strpassWord
session("userlevel") = struserLevel
'
'close out recordset
rs.Close
Set rs = Nothing
conn.Close
Set conn = Nothing
Response.redirect ("loginaccepted.asp")
Else
'not there direct them to do bad
'close out recordset
rs.Close
Set rs = Nothing
conn.Close
Set conn = Nothing
' User does not exist
session("ErrorMessage") = "Your account number is invalid"
Response.redirect ("logindeclined.asp")
End If
End If
%>
<HTML>
<HEAD>
<META name="VI60_DefaultClientScript" Content="VBScript">
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<Script Language=VBScript>
</Script>
<BODY>
<form action=login.asp method=post>
<P>
<TABLE border=1 cellPadding=1 cellSpacing=1 width=53.14% height=90
style="HEIGHT: 90px; WIDTH: 220px">
<TR>
<TD>login</TD>
<TD>
<INPUT id=text1 name=UserName></TD></TR>
<TR>
<TD>Password</TD>
<TD>
<INPUT id=password name=password type=password></TD></TR>
<TR>
<TD colSpan=2><INPUT id=submit1 name=submit1 onkeyup= CheckValue()
type=submit value=Submit>***<INPUT id=reset1 name=reset1
type=reset value=Reset></TD></TR></TABLE></P></form>
</BODY>
</HTML>
after you done with the page you could put this on the top of everypage
<%If Session("userlevel")< 2 Then
Response.redirect "login.asp?" & Request.ServerVariables("SCRIPT_NAME")
End If %>
and it will kick out whoever doesnt have that level. you could also do something in the
global asa file to verify if there is anything in the session, if there is then let thme in, if not
then redirect them to the login page:
Sub Session_OnStart()
' If user hasn't entered profile
' information redirect them to the profile page
' If Request.Cookies("username") = "" Then
' profilePage = "login.asp"
' currentPage = Request.ServerVariables("SCRIPT_NAME")
' Session("requestedPage") = currentpage
' Do a case-insensitive compare, and if they
' don't match, send the user to the start page.
' If strcomp(currentPage,profilePage,1) Then
' Response.Redirect(profilePage)
' End If
' End If
End Sub
this works, i 've been working on it for the past two days
if the password is good then it will be redirected to a page called loginaccepted.asp if it is bad then
logindeclined.asp.
the database structure is as follows:
username -Text
password -Text
userlevel -Text
all the code below is on a page called login.asp
<%@ Language=VBScript %>
<%
'check to see if there is anything there
If Not IsEmpty(Request.Form("UserName")) Then
Dim conn
Dim rs
Dim strconn
Dim struserName
Dim strpassWord
Dim struserLevel
strconn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= whatever your path is"
goes here
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open strconn
Set rs = Server.CreateObject("ADODB.Recordset")
sql= "SELECT * FROM userlist WHERE username = '" &
Request.Form("UserName") & "' AND password = '" & Request.Form("password") &
"'"
rs.Open sql, conn
'this will check if there are no records, it it is
'true then boom that means that there are no records
'if rs.BOF and rs.EOF then
'end if
If Not rs.EOF Then
' User exists
'make sure to close out all the connections before redirecting
struserName = rs.Fields("userName")
strpassWord = rs.Fields("password")
struserLevel = rs.Fields("userLevel")
session("username") = struserName
session("password") = strpassWord
session("userlevel") = struserLevel
'
'close out recordset
rs.Close
Set rs = Nothing
conn.Close
Set conn = Nothing
Response.redirect ("loginaccepted.asp")
Else
'not there direct them to do bad
'close out recordset
rs.Close
Set rs = Nothing
conn.Close
Set conn = Nothing
' User does not exist
session("ErrorMessage") = "Your account number is invalid"
Response.redirect ("logindeclined.asp")
End If
End If
%>
<HTML>
<HEAD>
<META name="VI60_DefaultClientScript" Content="VBScript">
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<Script Language=VBScript>
</Script>
<BODY>
<form action=login.asp method=post>
<P>
<TABLE border=1 cellPadding=1 cellSpacing=1 width=53.14% height=90
style="HEIGHT: 90px; WIDTH: 220px">
<TR>
<TD>login</TD>
<TD>
<INPUT id=text1 name=UserName></TD></TR>
<TR>
<TD>Password</TD>
<TD>
<INPUT id=password name=password type=password></TD></TR>
<TR>
<TD colSpan=2><INPUT id=submit1 name=submit1 onkeyup= CheckValue()
type=submit value=Submit>***<INPUT id=reset1 name=reset1
type=reset value=Reset></TD></TR></TABLE></P></form>
</BODY>
</HTML>
after you done with the page you could put this on the top of everypage
<%If Session("userlevel")< 2 Then
Response.redirect "login.asp?" & Request.ServerVariables("SCRIPT_NAME")
End If %>
and it will kick out whoever doesnt have that level. you could also do something in the
global asa file to verify if there is anything in the session, if there is then let thme in, if not
then redirect them to the login page:
Sub Session_OnStart()
' If user hasn't entered profile
' information redirect them to the profile page
' If Request.Cookies("username") = "" Then
' profilePage = "login.asp"
' currentPage = Request.ServerVariables("SCRIPT_NAME")
' Session("requestedPage") = currentpage
' Do a case-insensitive compare, and if they
' don't match, send the user to the start page.
' If strcomp(currentPage,profilePage,1) Then
' Response.Redirect(profilePage)
' End If
' End If
End Sub
this works, i 've been working on it for the past two days