Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 232
  • Last Modified:

ASP login screen

I am in need of an ASP login screen that will ask for a users username and password. It then needs to check its authenticity against a SQL table. Then if it is correct create a SQL query string to pass along to the following pages. Thanks for the help.
0
yolish
Asked:
yolish
1 Solution
 
dpinkusCommented:
On the page where you solicit the username and password do this:
<FORM ACTION="authentication.asp"  METHOD=POST>
<INPUT TYPE="text" NAME="Username" VALUE="" SIZE=12 MAXLENGTH=12>
<INPUT TYPE="Password" NAME="Password" VALUE="" SIZE=12 MAXLENGTH=12>
</FORM>

Then the authentication.asp code looks like this:
(Note, we also have an expiration date in the table)
(I also put in Access Log summary information)
<%
User = Request.Form("Username")
Pass = Request.Form("Password")
%>
<%
SET Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "YOUR_ODBC_DSN"
Qs="SELECT * FROM Security WHERE Username = '"+User+"' AND Password = '"+Pass+"' AND [Expiration Date]>#"+Cstr(Date())+"#"
SET ST = Conn.Execute (Qs)                                  
The_count = 0
WHILE NOT ST.EOF
  The_count = The_count + 1
  ST.MoveNext
WEND
if The_count <> 1 then
%>
<!--This is the section that is generated when a login is bad-->
<P ALIGN="CENTER"><FONT FACE="Arial,Helvetica">Login is invalid or has expired</FONT></TD>

<%
else
Conn.Execute("Insert into AccessLog ([Username],[In],[Out],[Remote Addr],[Remote Host]) values ('"+User+"',#"+Cstr(Date())+" "+Cstr(time())+"#,#"+Cstr(Date())+" "+Cstr(time())+"#,'"+Request.Servervariables("Remote_Addr")+"','"+Request.Servervariables("Remote_Host")+"')")
ST.MoveFirst
%>
<!-- This is for when the login is successful. -->

Just put anything you want here, access to another page, etc.  Usually we pass along the UserID to the following pages, and sometimes (for some systems) a time/date hash issued when we validated the userid/password.  Then on the subsequent pages, the first lines of code verify that the time/date hash is kosher, otherwise, we give them an "invalid" or something.
0
 
yolishAuthor Commented:
That doesn't look half bad, but this is the way I went, but getting this error. if you could help with this it would be great.

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Disallowed implicit conversion from datatype 'varchar' to datatype 'int' Table: 'DBC.dbo.Individual', Column: 'iIndividualId' Use the CONVERT function to run this query.

From this code:

Username = request.form("Username")
Password = request.form("Password")

sqltemp = "SELECT * FROM Individual WHERE iIndividualID='"
sqltemp=sqltemp & User & "'"
set rsDBC = DBC.execute(SQLTemp)

If rsDBC.eof then%>
We don't have a user named <% =User %> on file!<br>
Try again later.
<% response.end
End if

If rsDBC("vchUser3")=Password then
      session("User") = rsDBC("iIndividualID")
else%>
Password is incorrect
      <% response.end
end If
rsDBC.close
DBC.close
%>

And it is dyig on this line:

set rsDBC = DBC.execute(SQLTemp)

Thanks

Todd
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now