Solved

Password protection and redirection using ASP

Posted on 2004-04-25
15
290 Views
Last Modified: 2006-11-17
I wish to create a login page which will take in the user/pass combo, check them against a database and then redirect them to a start page that is stored in the database.  I want all the pages that each loged in user sees to be protected and to only be accessible with the correct user/pass.  I also need to create a form that will sign up new users and enter their data into a database.  I am a newbie to ASP so as much step through on step as could be provided would be appreciated.  I'm also in a time crunch on this.  I've tried to use some of the previous answers to a similar question, but I haven't quite gotten what I'm looking for.  Thanks.
0
Comment
Question by:themikecooke
  • 10
  • 5
15 Comments
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912526
Step 1) Create a form with two fields: strUserName, strPassword

Once this is done, let me know.

FtB
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912566
The next step is to create a table in your database called tblUsers with the following fields:

strUserName
strPassWord


Fritz the Blank
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912593
Now you are ready to query the database:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("cUserName")
strPassWord = Request.Form("cPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(cUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("cPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("iID") = objRS("nID")
call ListErrors()
call ClearRecordSet()
call ClearConnection()
Response.Redirect "main.asp"
%>

</BODY>
</HTML>
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912609
Oops, a change or two:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("cUserName")
strPassWord = Request.Form("cPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(cUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("cPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("iID") = objRS("nID")
objRS.close
set objRS=Nothing
objConnection.close
set objConnection = Nothing
Response.Redirect "main.asp"
%>

</BODY>
</HTML>
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10912619
The code above assumes that your login page is 'logon.htm' and that upon successful validation, you want your user to go to main.asp.

Also, you will need to update this line to match your environment:

strDataPath = Server.MapPath("family.mdb")

Finally, you will need to put this at the top of each page that you want protected (or better yet, put it in an include file):

if (not Session("bolAuthenticated")=True) then
      response.redirect("logout.asp")
end if

if  Session("iID") < 1 then
      response.redirect("logout.asp")
end if


0
 
LVL 46

Accepted Solution

by:
fritz_the_blank earned 500 total points
ID: 10912637
Sorry, a few more changes (i am trying to do this quickly as you said that it is urgent).

Add one more field to your tblUsers: intID which should be an autocounter field.

The updated code is now:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("strUserName")
strPassWord = Request.Form("strPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(strUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("strPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("intID") = objRS("intID")
objRS.close
set objRS=Nothing
objConnection.close
set objConnection = Nothing
Response.Redirect "main.asp"
%>

</BODY>
</HTML>

Fritz the Blank
0
 

Author Comment

by:themikecooke
ID: 10914452
FtB,
   I appreciate your help.  I am trying to use your solution but I don't appear to be having much success.  I need to have this finished by tomorrow morning.  I am not sure if I am doing the login page correctly and I'm just not getting results.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:themikecooke
ID: 10917717
I'm still not getting this to work.  I just want to get a logon process that takes the password and user and comparies them to the database, and then redirects the user to a start page that is stored in the database.  Again making sure that all these pages are protected is key.  Any help would be appreciated I've been extended a little more time.
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10921149
The code in the comment ID 10912637 should be pretty close. What is happening: you can't log on, are you getting errors, what is it exactly that is not working for you?

FtB
0
 

Author Comment

by:themikecooke
ID: 10921954
I'm not able to logon.
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10922021
So what happens? Do you get an error message from the code? Does the page not go anywhere?

I am sorry for all of the questions, but since I can't see what is happening, I need all available information.

Fritz the Blank
0
 

Author Comment

by:themikecooke
ID: 10922243
I appreciate all the questions.  I really want to make this work.  I get an error message. 500 Internal
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10922320
This can be from so many things.

A quick suggestion: if this is due very soon, and you don't have much experience, you might want to consider hiring someone on a freelance basis to help you with this.

FtB
0
 

Author Comment

by:themikecooke
ID: 10922573
FtB
     Step me through this one more time.  I've got a login in page that has a form.  The responses are posted to logon.asp.  Then logon.asp queries the database which in my case is homebuilders.mdb and checks the UserName/PassWord against the database.  
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 10922774
Okay, but do we know for sure that you have a table called tblUsers? Also, you will have to change the connection string from:

strDataPath = SErver.MapPath("family.mdb")

to:

strDataPath = SErver.MapPath("homebuilders.mdb")

This assumes that the database is in the same directory that your page is (something that we can change later).

FtB
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now