A Simple Login Script

Written by:dimport
Published by:Nightscript
Published on:2003-06-21 07:19:46
Topic:asp

Ever wanted to do you own login page with authentication against users in a database. Here's how using HTML forms, ASP and MS Access.

HTML tags as follows:
<form name="login" action="login.asp" method="post">
<p>
Username: <input type="text" name="username">
<p>
Password: <input type="password" name="password">
<p>
<input type="submit" name="submit" value="Log In">
</form>


ASP code for login.asp:

<%
Dim dbUser
 session( "User" ) = Request.Form( "Username" )
session( "Password" ) = Request.Form( "Password" )
 
 Set dbUser = Server.CreateObject( "ADODB.Recordset" )
dbUser.Open "SELECT * From User WHERE username = '" & session( "User" ) & "'", "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath( "dbyourdb.mdb" ) & "; PWD=yourpass"
 If Err.Number Then
    Response.Write "<SCRIPT>location.href = 'error.asp'</SCRIPT>"
End If
 If session( "User" ) <> dbUser.Fields( "Username" ) Then
    If session( "Password" ) <> dbUser.Fields( "Password" ) Then
        session( "Log" ) = False
        Response.Write "<SCRIPT>location.href = 'error.asp'</SCRIPT>"
    Else
        Response.Write "<SCRIPT>location.href = 'error.asp'</SCRIPT>"
    End If
ElseIf session( "User" ) = dbUser.Fields( "Username" ) Then
    If session( "Password" ) = dbUser.Fields( "Password" ) Then
        session( "Log" ) = True
        Response.Write "<SCRIPT>location.href = 'Default.asp'</SCRIPT>"
    Else
        session( "Log" ) = False
        Response.Write "<SCRIPT>location.href = 'error.asp'</SCRIPT>"
    End If
End If
dbUser.Close
%>


Use the line:

 If session("Log") = True Then
  Show your content
Else
  Tell them to log in
End If


To see if they are logged in or not.

You need an Access database with a table called User which has the fields Username and Password.

The script to create new users is as follows:

HTML form:

 <form name="form1" method="post" action="newuser.asp">
Username:
            <input type="text" name="username">
Password:
            <input type="password" name="password1" maxlength="16">
Retype Password:
            <input type="password" name="password2" maxlength="16">
      <input type="submit" name="Submit" value="Submit">
</form>


The newuser.asp file is as follows:
<%
Dim username, password1, password2, used
 username = Request.Form( "Username" )
password1 = Request.Form( "Password1" )
password2 = Request.Form( "Password2" )
 username = Replace( username, "'", "''" )
password1 = Replace( password1, "'", "''" )
password2 = Replace( password2, "'", "''" )
 used = False
 If Username = "" Then
    Response.Redirect( "error.asp" )
End If
 If password1 = password2 Then
    Set dbCheck = Server.CreateObject( "ADODB.Recordset" )
    dbCheck.Open "SELECT * FROM User", "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath( "dbyourdb.mdb" ) & "; PWD=yourpass"
    While Not dbCheck.EOF
        If username = dbCheck.Fields( "username" ) Then
            used = True
        End If
    dbCheck.MoveNext
    Wend
Else
    Response.Write "<SCRIPT>location.href = 'error.asp'</SCRIPT>"
End If
 dbCheck.Close
 If used = False Then
    Set dbCreate = Server.CreateObject( "ADODB.Connection" )
    dbCreate.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath( "dbyourdb.mdb" ) & "; PWD=yourpass"
    dbCreate.Execute( "INSERT INTO User ( username, password ) VALUES ( '" & username &"', '" & password1 & "' )" )
    Response.Write "<SCRIPT>location.href = '/'</SCRIPT>"
Else
    Response.Write "<SCRIPT>location.href = 'error.asp'</SCRIPT>"
End If
 dbCreate.Close
%>


This article was originally written by psike

This is an article from http://www.osix.net - view the original at: http://www.osix.net/modules/article/?id=154