Securing a site with login scripts   
 

These functions can be used on certain pages you want password protected.

First create a file called includelogin.asp with this content:

 

<%
Response.Buffer = True


Function ValidateLogin( sId, sPwd )
    ' For you to validate ID and PASSWORD
    ' Maybe against a database
    ' Here we have hardcoded some OK id:s and passwords
    '
    ValidateLogin = False

    If sId = "test" AND sPwd="secret" Then
        ValidateLogin = True
    ElseIF sId = "user2" AND sPwd="pwd2" Then
        ValidateLogin = True
    End If
End Function


Dim sText, fBack

fBack = False
If Request.Form("dologin") = "yes" Then
    'Try to login
    If ValidateLogin( Request.Form("id"),Request.Form("pwd") ) = True Then
        'It is OK!!!
        'We are logged in so lets go back to the file that included us
        fBack = True
        Session("logonid") = Request.Form("id")
    Else
        sText = "Wrong password or user id"
    End If
Else
    'We are not trying to login...
    If Session("loginid") <> "" Then
        '
        fBack = True
        'We are logged in so lets go back to the file that included us
    Else
        sText = "Please login"
    End If
End If

If fBack = False Then %>

    <html>

    <head>
    <title>You need to login</title>
    </head>

    <body>

    <%=sText%>    
    <%
    Dim sURL
    sURL = Request.ServerVariables("SCRIPT_NAME")
    If Request.ServerVariables("QUERY_STRING") <> "" Then
        '
        sURL = sURL & "?" & Request.ServerVariables("QUERY_STRING")
    End If
    %>
    <form method="POST" action="<%=sURL%>">
    <input type="hidden" name="dologin" value="yes">
      <table border="0" width="100%">
        <tr>
      <td>Loginname:</td>
      <td><input name="id" size="20"></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input type="password" name="pwd" size="20"></td>
    </tr>
  </table>
  <p><input type="submit" value="Login" name="B1"></p>
    </form>

    </body>

    </html>
<%    
    Response.End
End If
%>

Then, in the file you want secured just include the file the first thing you do:
<!--#include file="includelogin.asp"-->

You could of course modify the includelogin.asp file so it looks a little nicer but that's up to you!

The secret here ( what makes it so easy to use ) is the use of  Request.QueryString("SCRIPT_NAME") and Request.QueryString("QUERY_STRING"). This makes it work on any ASP code, even if you are calling it with parameters ( like test.asp?id=123 ).

When the right password is entered all those parameters will be transferred to the script as it should.

 
My3C's
perrychicker
It's easy... it's a PSACAKE!
Back | Tell A Friend | Search this Site
© 1998 - 2008 psacake.com
Version 3.23

Send me One Million FREE Guaranteed Visitors