Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Password protection and redirection using ASP

Posted on 2004-04-25
15
Medium Priority
?
304 Views
Last Modified: 2006-11-17
I wish to create a login page which will take in the user/pass combo, check them against a database and then redirect them to a start page that is stored in the database.  I want all the pages that each loged in user sees to be protected and to only be accessible with the correct user/pass.  I also need to create a form that will sign up new users and enter their data into a database.  I am a newbie to ASP so as much step through on step as could be provided would be appreciated.  I'm also in a time crunch on this.  I've tried to use some of the previous answers to a similar question, but I haven't quite gotten what I'm looking for.  Thanks.
0
Comment
Question by:themikecooke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
15 Comments
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912526
Step 1) Create a form with two fields: strUserName, strPassword

Once this is done, let me know.

FtB
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912566
The next step is to create a table in your database called tblUsers with the following fields:

strUserName
strPassWord


Fritz the Blank
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912593
Now you are ready to query the database:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("cUserName")
strPassWord = Request.Form("cPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(cUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("cPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("iID") = objRS("nID")
call ListErrors()
call ClearRecordSet()
call ClearConnection()
Response.Redirect "main.asp"
%>

</BODY>
</HTML>
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912609
Oops, a change or two:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("cUserName")
strPassWord = Request.Form("cPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(cUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("cPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("iID") = objRS("nID")
objRS.close
set objRS=Nothing
objConnection.close
set objConnection = Nothing
Response.Redirect "main.asp"
%>

</BODY>
</HTML>
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912619
The code above assumes that your login page is 'logon.htm' and that upon successful validation, you want your user to go to main.asp.

Also, you will need to update this line to match your environment:

strDataPath = Server.MapPath("family.mdb")

Finally, you will need to put this at the top of each page that you want protected (or better yet, put it in an include file):

if (not Session("bolAuthenticated")=True) then
      response.redirect("logout.asp")
end if

if  Session("iID") < 1 then
      response.redirect("logout.asp")
end if


0
 
LVL 46

Accepted Solution

by:
fritz_the_blank earned 2000 total points
ID: 10912637
Sorry, a few more changes (i am trying to do this quickly as you said that it is urgent).

Add one more field to your tblUsers: intID which should be an autocounter field.

The updated code is now:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("strUserName")
strPassWord = Request.Form("strPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(strUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("strPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("intID") = objRS("intID")
objRS.close
set objRS=Nothing
objConnection.close
set objConnection = Nothing
Response.Redirect "main.asp"
%>

</BODY>
</HTML>

Fritz the Blank
0
 

Author Comment

by:themikecooke
ID: 10914452
FtB,
   I appreciate your help.  I am trying to use your solution but I don't appear to be having much success.  I need to have this finished by tomorrow morning.  I am not sure if I am doing the login page correctly and I'm just not getting results.
0
 

Author Comment

by:themikecooke
ID: 10917717
I'm still not getting this to work.  I just want to get a logon process that takes the password and user and comparies them to the database, and then redirects the user to a start page that is stored in the database.  Again making sure that all these pages are protected is key.  Any help would be appreciated I've been extended a little more time.
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10921149
The code in the comment ID 10912637 should be pretty close. What is happening: you can't log on, are you getting errors, what is it exactly that is not working for you?

FtB
0
 

Author Comment

by:themikecooke
ID: 10921954
I'm not able to logon.
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10922021
So what happens? Do you get an error message from the code? Does the page not go anywhere?

I am sorry for all of the questions, but since I can't see what is happening, I need all available information.

Fritz the Blank
0
 

Author Comment

by:themikecooke
ID: 10922243
I appreciate all the questions.  I really want to make this work.  I get an error message. 500 Internal
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10922320
This can be from so many things.

A quick suggestion: if this is due very soon, and you don't have much experience, you might want to consider hiring someone on a freelance basis to help you with this.

FtB
0
 

Author Comment

by:themikecooke
ID: 10922573
FtB
     Step me through this one more time.  I've got a login in page that has a form.  The responses are posted to logon.asp.  Then logon.asp queries the database which in my case is homebuilders.mdb and checks the UserName/PassWord against the database.  
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10922774
Okay, but do we know for sure that you have a table called tblUsers? Also, you will have to change the connection string from:

strDataPath = SErver.MapPath("family.mdb")

to:

strDataPath = SErver.MapPath("homebuilders.mdb")

This assumes that the database is in the same directory that your page is (something that we can change later).

FtB
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question