Solved

ASP login screen

Posted on 1998-09-28
2
228 Views
Last Modified: 2013-12-25
I am in need of an ASP login screen that will ask for a users username and password. It then needs to check its authenticity against a SQL table. Then if it is correct create a SQL query string to pass along to the following pages. Thanks for the help.
0
Comment
Question by:yolish
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Accepted Solution

by:
dpinkus earned 80 total points
ID: 1855310
On the page where you solicit the username and password do this:
<FORM ACTION="authentication.asp"  METHOD=POST>
<INPUT TYPE="text" NAME="Username" VALUE="" SIZE=12 MAXLENGTH=12>
<INPUT TYPE="Password" NAME="Password" VALUE="" SIZE=12 MAXLENGTH=12>
</FORM>

Then the authentication.asp code looks like this:
(Note, we also have an expiration date in the table)
(I also put in Access Log summary information)
<%
User = Request.Form("Username")
Pass = Request.Form("Password")
%>
<%
SET Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "YOUR_ODBC_DSN"
Qs="SELECT * FROM Security WHERE Username = '"+User+"' AND Password = '"+Pass+"' AND [Expiration Date]>#"+Cstr(Date())+"#"
SET ST = Conn.Execute (Qs)                                  
The_count = 0
WHILE NOT ST.EOF
  The_count = The_count + 1
  ST.MoveNext
WEND
if The_count <> 1 then
%>
<!--This is the section that is generated when a login is bad-->
<P ALIGN="CENTER"><FONT FACE="Arial,Helvetica">Login is invalid or has expired</FONT></TD>

<%
else
Conn.Execute("Insert into AccessLog ([Username],[In],[Out],[Remote Addr],[Remote Host]) values ('"+User+"',#"+Cstr(Date())+" "+Cstr(time())+"#,#"+Cstr(Date())+" "+Cstr(time())+"#,'"+Request.Servervariables("Remote_Addr")+"','"+Request.Servervariables("Remote_Host")+"')")
ST.MoveFirst
%>
<!-- This is for when the login is successful. -->

Just put anything you want here, access to another page, etc.  Usually we pass along the UserID to the following pages, and sometimes (for some systems) a time/date hash issued when we validated the userid/password.  Then on the subsequent pages, the first lines of code verify that the time/date hash is kosher, otherwise, we give them an "invalid" or something.
0
 

Author Comment

by:yolish
ID: 1855311
That doesn't look half bad, but this is the way I went, but getting this error. if you could help with this it would be great.

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Disallowed implicit conversion from datatype 'varchar' to datatype 'int' Table: 'DBC.dbo.Individual', Column: 'iIndividualId' Use the CONVERT function to run this query.

From this code:

Username = request.form("Username")
Password = request.form("Password")

sqltemp = "SELECT * FROM Individual WHERE iIndividualID='"
sqltemp=sqltemp & User & "'"
set rsDBC = DBC.execute(SQLTemp)

If rsDBC.eof then%>
We don't have a user named <% =User %> on file!<br>
Try again later.
<% response.end
End if

If rsDBC("vchUser3")=Password then
      session("User") = rsDBC("iIndividualID")
else%>
Password is incorrect
      <% response.end
end If
rsDBC.close
DBC.close
%>

And it is dyig on this line:

set rsDBC = DBC.execute(SQLTemp)

Thanks

Todd
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question