Solved

ASP login screen

Posted on 1998-09-28
2
222 Views
Last Modified: 2013-12-25
I am in need of an ASP login screen that will ask for a users username and password. It then needs to check its authenticity against a SQL table. Then if it is correct create a SQL query string to pass along to the following pages. Thanks for the help.
0
Comment
Question by:yolish
2 Comments
 

Accepted Solution

by:
dpinkus earned 80 total points
ID: 1855310
On the page where you solicit the username and password do this:
<FORM ACTION="authentication.asp"  METHOD=POST>
<INPUT TYPE="text" NAME="Username" VALUE="" SIZE=12 MAXLENGTH=12>
<INPUT TYPE="Password" NAME="Password" VALUE="" SIZE=12 MAXLENGTH=12>
</FORM>

Then the authentication.asp code looks like this:
(Note, we also have an expiration date in the table)
(I also put in Access Log summary information)
<%
User = Request.Form("Username")
Pass = Request.Form("Password")
%>
<%
SET Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "YOUR_ODBC_DSN"
Qs="SELECT * FROM Security WHERE Username = '"+User+"' AND Password = '"+Pass+"' AND [Expiration Date]>#"+Cstr(Date())+"#"
SET ST = Conn.Execute (Qs)                                  
The_count = 0
WHILE NOT ST.EOF
  The_count = The_count + 1
  ST.MoveNext
WEND
if The_count <> 1 then
%>
<!--This is the section that is generated when a login is bad-->
<P ALIGN="CENTER"><FONT FACE="Arial,Helvetica">Login is invalid or has expired</FONT></TD>

<%
else
Conn.Execute("Insert into AccessLog ([Username],[In],[Out],[Remote Addr],[Remote Host]) values ('"+User+"',#"+Cstr(Date())+" "+Cstr(time())+"#,#"+Cstr(Date())+" "+Cstr(time())+"#,'"+Request.Servervariables("Remote_Addr")+"','"+Request.Servervariables("Remote_Host")+"')")
ST.MoveFirst
%>
<!-- This is for when the login is successful. -->

Just put anything you want here, access to another page, etc.  Usually we pass along the UserID to the following pages, and sometimes (for some systems) a time/date hash issued when we validated the userid/password.  Then on the subsequent pages, the first lines of code verify that the time/date hash is kosher, otherwise, we give them an "invalid" or something.
0
 

Author Comment

by:yolish
ID: 1855311
That doesn't look half bad, but this is the way I went, but getting this error. if you could help with this it would be great.

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Disallowed implicit conversion from datatype 'varchar' to datatype 'int' Table: 'DBC.dbo.Individual', Column: 'iIndividualId' Use the CONVERT function to run this query.

From this code:

Username = request.form("Username")
Password = request.form("Password")

sqltemp = "SELECT * FROM Individual WHERE iIndividualID='"
sqltemp=sqltemp & User & "'"
set rsDBC = DBC.execute(SQLTemp)

If rsDBC.eof then%>
We don't have a user named <% =User %> on file!<br>
Try again later.
<% response.end
End if

If rsDBC("vchUser3")=Password then
      session("User") = rsDBC("iIndividualID")
else%>
Password is incorrect
      <% response.end
end If
rsDBC.close
DBC.close
%>

And it is dyig on this line:

set rsDBC = DBC.execute(SQLTemp)

Thanks

Todd
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now