Hi im new to asp
i can build insert,delete,update forms for my SQL7
database but need to build a members password vaidation
asp form that searches my database for the correct password and username and if not correct then display an
password error form how would i do this.!!
thanks
ps and do you know of any good asp help sites

put this in login.asp

<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work

Dim Error_Msg

login = Request.Form("login")
If login = "login_again" Then
Session("UserLoggedIn") = ""
ShowLogin
Else
If Session("UserLoggedIn") = "true" Then
AlreadyLoggedIn
Else
If login = "true" Then
CheckLogin
Else
ShowLogin
End If
End If
End If

Sub ShowLogin
Response.Write(Error_Msg & "<br>")
%>
<form name=form1 action=login.asp method=post>
User Name : <input type=text name=username><br>
Password : <input type=password name=userpwd><br>
<input type=hidden name=login value=true>
<input type=submit value="Login">
</form>
<%
End Sub

Sub AlreadyLoggedIn
%>
You are already logged in.
Do you want to logout or login as a different user?
<form name=form2 action=login.asp method=post>
<input type=submit name=button1 value='Yes'>
<input type=hidden name=login value='login_again'>
</form>
<%
End Sub

Sub CheckLogin
Dim Conn, cStr, sql, RS, username, userpwd
username = Request.Form("username")
userpwd = Request.Form("userpwd")
Set Conn = Server.CreateObject("ADODB.Connection")
cStr = "DRIVER={Microsoft Access Driver (*.mdb)};"
cStr = cStr & "DBQ=" & Server.MapPath("password.mdb") & ";"
Conn.Open(cStr)
sql = "select username from UserTable where username = '" & LCase(username) & "'"
sql = sql & " and userpwd = '" & LCase(userpwd) & "'"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
Error_Msg = "Login Failed. Try Again."
ShowLogin
Else
Session("UserLoggedIn") = "true"
Response.Redirect "otherpage.asp"
End If
End Sub
%>


put this in the other pages

<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so your Response.Redirect will work

If Session("UserLoggedIn") <> "true" Then
Response.Redirect("login.asp")
End If
%>

Whatever you want on the form here...


there you go

I've done something very similar to this myself, something I've been wondering though is what would happen to someone using a version 3 browser when looking at these pages as I beleive version 3 browsers don't support the http response message that is returned by response.redirect ??

Regards
Ian.

thanky for posting that code bcut my server is an SQL
server not an access database
please help me!!

so it can't run that code?

if answer = no
sorry i can't help u then...
else
what's the matter then?
end if

I'm just curious..

Why does anyone care about v3 browsers?

That is like trying to make sure that your code will work with Windows 3.1.

Why would anyone have not upgraded their browser since the v3 generation of browsers? That's two (nearly 3) generations of software ago.

Well the site HAS been designed for only version 4 browsers and above so i guess i'm not really worried about version 3 browsers ... not that i think we can just ignore then.

My main concern was given that version 3 browsers don't support response.redirct could this allow someone with an old browser to bypass the security model i'm using (check session variable at start of each page, if not correct value redirect).

Ian.

Instead of using Response.Redirect, you could use Response.Write to create a jscript redirect like:


If Len(Session("UserId"))=0 Then
Response.Write "<SCRIPT language='JavaScript'>"
Response.Write "window.parent.parent.location.href='default.asp';"
Response.Write "</SCRIPT>"
Response.End
End if



Which should work with any javascript-enabled browser and break out of frames to display the login page.