Securing a site with login scripts

These functions can be used on certain pages you want password protected.

First create a file called includelogin.asp with this content:

<%
 Response.Buffer = True
 

Function ValidateLogin( sId, sPwd )
     ' For you to validate ID and PASSWORD
     ' Maybe against a database
     ' Here we have hardcoded some OK id:s and passwords
     '
     ValidateLogin = False
 
    If sId = "test" AND sPwd="secret" Then
         ValidateLogin = True
     ElseIF sId = "user2" AND sPwd="pwd2" Then
         ValidateLogin = True
     End If
 End Function
 

Dim sText, fBack
 
fBack = False
 If Request.Form("dologin") = "yes" Then
     'Try to login
     If ValidateLogin( Request.Form("id"),Request.Form("pwd") ) = True Then
         'It is OK!!!
         'We are logged in so lets go back to the file that included us
         fBack = True
         Session("logonid") = Request.Form("id")
     Else
         sText = "Wrong password or user id"
     End If
 Else
     'We are not trying to login...
     If Session("loginid") <> "" Then
         '
         fBack = True
         'We are logged in so lets go back to the file that included us
     Else
         sText = "Please login"
     End If
 End If
 
If fBack = False Then %>
 
    <html>
 
    <head>
     <title>You need to login</title>
     </head>
 
    <body>
 
    <%=sText%>    
     <%
     Dim sURL
     sURL = Request.ServerVariables("SCRIPT_NAME")
     If Request.ServerVariables("QUERY_STRING") <> "" Then
         '
         sURL = sURL & "?" & Request.ServerVariables("QUERY_STRING")
     End If
     %>
     <form method="POST" action="<%=sURL%>">
     <input type="hidden" name="dologin" value="yes">
       <table border="0" width="100%">
         <tr>
       <td>Loginname:</td>
       <td><input name="id" size="20"></td>
     </tr>
     <tr>
       <td>Password:</td>
       <td><input type="password" name="pwd" size="20"></td>
     </tr>
   </table>
   <p><input type="submit" value="Login" name="B1"></p>
     </form>
 
    </body>
 
    </html>
 <%    
     Response.End
 End If
 %>
Then, in the file you want secured just include the file the first thing you do:
<!--#include file="includelogin.asp"-->

You could of course modify the includelogin.asp file so it looks a little nicer but that's up to you!

The secret here ( what makes it so easy to use ) is the use of  Request.QueryString("SCRIPT_NAME") and Request.QueryString("QUERY_STRING"). This makes it work on any ASP code, even if you are calling it with parameters ( like test.asp?id=123 ).

When the right password is entered all those parameters will be transferred to the script as it should.

 

asp security login login script


Back To Top
© 1998 - 2024 psacake.com
Version 7.21 | Advertise on this site