|
| |||||||
 | « Previous Thread | Next Thread » |
| | LinkBack (1) | Thread Tools | Display Modes |
March 24th, 2008, 04:50 PM
| ||||
| ||||
 Basic Login Script (using MS Acesss) Here is a sample of a basic login script for your website. You will find just one page. The form simply submits the page to itself to verify that the user information is accurate and the user email (or name) matches the password for that account. The following is simply the HTML form that you will need for the users to fill out their information. You can change the field names or how the form works, this is just an example of the form: Code: <form name="login" method="post" action="">
<table width="400" border="0" cellspacing="0" cellpadding="2">
<tr>
<td>Email Address</td>
<td><input name="UserEmail" type="text" value="<%= UserEmail %>" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="UserPassword" type="password" value="<%= UserPassword %>" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Login" /></td>
</tr>
</table>
</form>
You will need this function to help stop SQL injection by replacing the single quotes with two single quotes: Code: '-- Simple function to replace single quotes -- Function ValidateStr(strValue) strTemp = strValue strTemp = Trim(strTemp) strTemp = Replace(strTemp,"'","''") ValidateStr = strTemp End Function Code: '-- Check that form has been submitted --
If Request.Form("Submit") = "Login" Then
'-- Grab form values --
UserEmail = ValidateStr(Request.Form("UserEmail"))
UserPassword = ValidateStr(Request.Form("UserPassword"))
Code: ' -- Check if both email and password were submitted - If UserEmail = "" OR UserPassword = "" Then strError = "You must enter both an email address and password." End If Code: ' -- If no errors, continue --
If strError = "" Then
'-- Connect to DB and create recordset --
Set conn = Server.CreateObject("ADODB.Connection")
conn.Provider = "Microsoft.Jet.OLEDB.4.0"
conn.Open Server.MapPath("login.mdb")
Set rsLogin = Server.CreateObject("ADODB.recordset")
'-- Select the data from the DB using the submitted information --
strSQL = "SELECT UserID, UserEmail, UserPassword FROM tblUsers WHERE UserEmail = '" & UserEmail & "' AND UserPassword = '" & UserPassword & "'"
rsLogin.Open strSQL, conn
Code: ' -- Check that user exists --
If Not rsLogin.EOF Then
'-- If match found, and user exists, then set session variable --
Session("UserID") = rsLogin("UserID")
' -- Redirect to protected page --
Response.Redirect "profile.asp"
Else
strError = "Login failed."
End If
End If
End If
Code: <%= strError %> Once the user is logged in, you can reference the user ID by pulling the value from the session: Code: UserID = Session("UserID")
 |
| The Following User Says Thank You to BLaaaaaaaaaarche For This Useful Post: | ||
jmurrayhead (June 5th, 2008) | ||
| Sponsored Links |
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
LinkBacks (?)
LinkBack to this Thread: http://www.developerbarn.com/classic-asp/66-basic-login-script-using-ms-acesss.html | ||||
| Posted By | For | Type | Date | |
| ASP Poll - ASP Free | This thread | Refback | April 23rd, 2008 04:32 AM | |
| Sponsored Links |
| ASP.NET Resource Index a directory of ASP.NET tutorials, applications, scripts, assemblies and articles for the novice to professional developer. Free Web Directory Including Chats and Forums Resources, Offer automatic, instant and free directory submissions. | URLZ Web Directory URLZ Web Directory Free Web Directory - Add Your Link The Little Web Directory | Free Web Directory Pegasus free web directory is a free directory organised by categories. Web Directory & SEO Services dirroot web directory |
Linear Mode
