psacake

Securing a site with login scripts

  1. Home
  2. ASP
  3. Securing a site with login scripts

These functions can be used on certain pages you want password protected.

First create a file called includelogin.asp with this content:

<%
 Response.Buffer = True
 

Function ValidateLogin( sId, sPwd )
     ' For you to validate ID and PASSWORD
     ' Maybe against a database
     ' Here we have hardcoded some OK id:s and passwords
     '
     ValidateLogin = False
 
    If sId = "test" AND sPwd="secret" Then
         ValidateLogin = True
     ElseIF sId = "user2" AND sPwd="pwd2" Then
         ValidateLogin = True
     End If
 End Function
 

Dim sText, fBack
 
fBack = False
 If Request.Form("dologin") = "yes" Then
     'Try to login
     If ValidateLogin( Request.Form("id"),Request.Form("pwd") ) = True Then
         'It is OK!!!
         'We are logged in so lets go back to the file that included us
         fBack = True
         Session("logonid") = Request.Form("id")
     Else
         sText = "Wrong password or user id"
     End If
 Else
     'We are not trying to login...
     If Session("loginid") <> "" Then
         '
         fBack = True
         'We are logged in so lets go back to the file that included us
     Else
         sText = "Please login"
     End If
 End If
 
If fBack = False Then %>
 
    <html>
 
    <head>
     <title>You need to login</title>
     </head>
 
    <body>
 
    <%=sText%>    
     <%
     Dim sURL
     sURL = Request.ServerVariables("SCRIPT_NAME")
     If Request.ServerVariables("QUERY_STRING") <> "" Then
         '
         sURL = sURL & "?" & Request.ServerVariables("QUERY_STRING")
     End If
     %>
     <form method="POST" action="<%=sURL%>">
     <input type="hidden" name="dologin" value="yes">
       <table border="0" width="100%">
         <tr>
       <td>Loginname:</td>
       <td><input name="id" size="20"></td>
     </tr>
     <tr>
       <td>Password:</td>
       <td><input type="password" name="pwd" size="20"></td>
     </tr>
   </table>
   <p><input type="submit" value="Login" name="B1"></p>
     </form>
 
    </body>
 
    </html>
 <%    
     Response.End
 End If
 %>
Then, in the file you want secured just include the file the first thing you do: 
<!--#include file="includelogin.asp"-->

You could of course modify the includelogin.asp file so it looks a little nicer but that's up to you!

The secret here ( what makes it so easy to use ) is the use of  Request.QueryString("SCRIPT_NAME") and Request.QueryString("QUERY_STRING"). This makes it work on any ASP code, even if you are calling it with parameters ( like test.asp?id=123 ).

When the right password is entered all those parameters will be transferred to the script as it should.

 

asp security login login script

 Ariat
 Boston Scally Co.
 The Clink Room
 Robinhood
 2GB Space Free
 CurrentCodes.com
 Donate Life
 The 50 smartest things to do with your money
 Airplane Meals
 Process Library

Users online now: 540
Back To Top
© 1998 - 2024 psacake.com
Version 7.21 | Advertise on this site