Password protection and redirection using ASP

I wish to create a login page which will take in the user/pass combo, check them against a database and then redirect them to a start page that is stored in the database.  I want all the pages that each loged in user sees to be protected and to only be accessible with the correct user/pass.  I also need to create a form that will sign up new users and enter their data into a database.  I am a newbie to ASP so as much step through on step as could be provided would be appreciated.  I'm also in a time crunch on this.  I've tried to use some of the previous answers to a similar question, but I haven't quite gotten what I'm looking for.  Thanks.
themikecookeAsked:
Who is Participating?
 
fritz_the_blankConnect With a Mentor Commented:
Sorry, a few more changes (i am trying to do this quickly as you said that it is urgent).

Add one more field to your tblUsers: intID which should be an autocounter field.

The updated code is now:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("strUserName")
strPassWord = Request.Form("strPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(strUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("strPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("intID") = objRS("intID")
objRS.close
set objRS=Nothing
objConnection.close
set objConnection = Nothing
Response.Redirect "main.asp"
%>

</BODY>
</HTML>

Fritz the Blank
0
 
fritz_the_blankCommented:
Step 1) Create a form with two fields: strUserName, strPassword

Once this is done, let me know.

FtB
0
 
fritz_the_blankCommented:
The next step is to create a table in your database called tblUsers with the following fields:

strUserName
strPassWord


Fritz the Blank
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
fritz_the_blankCommented:
Now you are ready to query the database:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("cUserName")
strPassWord = Request.Form("cPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(cUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("cPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("iID") = objRS("nID")
call ListErrors()
call ClearRecordSet()
call ClearConnection()
Response.Redirect "main.asp"
%>

</BODY>
</HTML>
0
 
fritz_the_blankCommented:
Oops, a change or two:

<%@ Language = VBScript %>
<%Option Explicit%>
<%Response.Buffer = True%>
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<TITLE></TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<%

dim strDataPath, objConnection
strDataPath = SErver.MapPath("family.mdb")
set objConnection=Server.CreateObject("ADODB.Connection")
strConnectString = "Provider=Microsoft.Jet.OLEDB.4.0;"_
       + " Data Source= " & strDataPath & ";"_
       + " Mode=Share Deny None;User Id=admin;PASSWORD=;"

objConnection.ConnectionTimeout = 15
objConnection.CommandTimeout =  10
objConnection.Mode = 3 'adModeReadWrite
if objConnection.state = 0 then
  objConnection.Open strConnectString
end if

dim strUserName, strPassWord, strSQL, bolAuthenticated

strUserName = Request.Form("cUserName")
strPassWord = Request.Form("cPassWord")


strSQL = "SELECT * FROM tblUsers Where Trim(UCase(cUserName)) = '" & Trim(UCase(strUserName)) & "'"
set objRS=Server.CreateObject("ADODB.RecordSet")
objRS.Open strSQL,objConnection,3,3

if objRS.RecordCount > 1 then
      Response.Write("There is a problem with your user name; if this problem persists, please call (###) ###-####")
      Response.Write("Please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if objRS.RecordCount < 1 then
      Response.Write("You have entered an incorrect user name; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

if StrComp(strPassWord, objRS("cPassWord"),1) <> 0 then
      Response.Write("You have entered an incorrect pass word; please try to  <a href='logon.htm'> logon</a> again.<p>")
      objRS.close
      set objRS=Nothing
      objConnection.close
      set objConnection = Nothing
      Response.End
end if

Session("bolAuthenticated")= True
Session("iID") = objRS("nID")
objRS.close
set objRS=Nothing
objConnection.close
set objConnection = Nothing
Response.Redirect "main.asp"
%>

</BODY>
</HTML>
0
 
fritz_the_blankCommented:
The code above assumes that your login page is 'logon.htm' and that upon successful validation, you want your user to go to main.asp.

Also, you will need to update this line to match your environment:

strDataPath = Server.MapPath("family.mdb")

Finally, you will need to put this at the top of each page that you want protected (or better yet, put it in an include file):

if (not Session("bolAuthenticated")=True) then
      response.redirect("logout.asp")
end if

if  Session("iID") < 1 then
      response.redirect("logout.asp")
end if


0
 
themikecookeAuthor Commented:
FtB,
   I appreciate your help.  I am trying to use your solution but I don't appear to be having much success.  I need to have this finished by tomorrow morning.  I am not sure if I am doing the login page correctly and I'm just not getting results.
0
 
themikecookeAuthor Commented:
I'm still not getting this to work.  I just want to get a logon process that takes the password and user and comparies them to the database, and then redirects the user to a start page that is stored in the database.  Again making sure that all these pages are protected is key.  Any help would be appreciated I've been extended a little more time.
0
 
fritz_the_blankCommented:
The code in the comment ID 10912637 should be pretty close. What is happening: you can't log on, are you getting errors, what is it exactly that is not working for you?

FtB
0
 
themikecookeAuthor Commented:
I'm not able to logon.
0
 
fritz_the_blankCommented:
So what happens? Do you get an error message from the code? Does the page not go anywhere?

I am sorry for all of the questions, but since I can't see what is happening, I need all available information.

Fritz the Blank
0
 
themikecookeAuthor Commented:
I appreciate all the questions.  I really want to make this work.  I get an error message. 500 Internal
0
 
fritz_the_blankCommented:
This can be from so many things.

A quick suggestion: if this is due very soon, and you don't have much experience, you might want to consider hiring someone on a freelance basis to help you with this.

FtB
0
 
themikecookeAuthor Commented:
FtB
     Step me through this one more time.  I've got a login in page that has a form.  The responses are posted to logon.asp.  Then logon.asp queries the database which in my case is homebuilders.mdb and checks the UserName/PassWord against the database.  
0
 
fritz_the_blankCommented:
Okay, but do we know for sure that you have a table called tblUsers? Also, you will have to change the connection string from:

strDataPath = SErver.MapPath("family.mdb")

to:

strDataPath = SErver.MapPath("homebuilders.mdb")

This assumes that the database is in the same directory that your page is (something that we can change later).

FtB
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.