Link to home
Start Free TrialLog in
Avatar of d01970g
d01970g

asked on

login & password code

i'm creating a simple webpage in IIS.... and i'm trying to add a login and password to only allow users to get into a folder...  externally.    

i created a login.asp and a default.asp but they are not currently working... is there anyone out there that could provide me some code to help me get this done.. thanks.
Avatar of Mark Gilbert
Mark Gilbert
Flag of United States of America image
Hi there,

Macromedia Dreamweaver MX has an excellant set of pre-built scripts for your requirements.  In the server behaviours rollout you have scripts to make sure the user is logged in, to log in, log out and to create user logins.  It is also group based should you wish to give various privillages such as admin, user, and guest.  

The check credentials page looks like this:

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<%
// *** Restrict Access To Page: Grant or deny access to this page
var MM_authorizedUsers="1,2,3";
var MM_authFailedURL="login.asp";
var MM_grantAccess=false;
if (String(Session("MM_Username")) != "undefined") {
  if (false || (String(Session("MM_UserAuthorization"))=="") || (MM_authorizedUsers.indexOf(String(Session("MM_UserAuthorization"))) >=0)) {
    MM_grantAccess = true;
  }
}
if (!MM_grantAccess) {
  var MM_qsChar = "?";
  if (MM_authFailedURL.indexOf("?") >= 0) MM_qsChar = "&";
  var MM_referrer = Request.ServerVariables("URL");
  if (String(Request.QueryString()).length > 0) MM_referrer = MM_referrer + "?" + String(Request.QueryString());
  MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied=" + Server.URLEncode(MM_referrer);
  Response.Redirect(MM_authFailedURL);
}
%>

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<!--#include file="/Connections/database.asp" -->
// *** The file in the include statement above is the database connector file.  Dreamweaver creates this automatically for you when you set up your database.
<%
// *** Validate request to log in to this site.
var MM_LoginAction = Request.ServerVariables("URL");
if (Request.QueryString!="") MM_LoginAction += "?" + Server.HTMLEncode(Request.QueryString);
var MM_valUsername=String(Request.Form("uname"));
if (MM_valUsername != "undefined") {
  var MM_fldUserAuthorization="group_id";
  var MM_redirectLoginSuccess="checkout.asp";
  var MM_redirectLoginFailed="login.asp";
  var MM_flag="ADODB.Recordset";
  var MM_rsUser = Server.CreateObject(MM_flag);
  MM_rsUser.ActiveConnection = MM_database_STRING;
  MM_rsUser.Source = "SELECT user_login, user_password";
  if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization;
  MM_rsUser.Source += " FROM redstone.users WHERE user_login='" + MM_valUsername.replace(/'/g, "''") + "' AND user_password='" + String(Request.Form("pword")).replace(/'/g, "''") + "'";
  MM_rsUser.CursorType = 0;
  MM_rsUser.CursorLocation = 2;
  MM_rsUser.LockType = 3;
  MM_rsUser.Open();
  if (!MM_rsUser.EOF || !MM_rsUser.BOF) {
    // username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername;
    if (MM_fldUserAuthorization != "") {
      Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);
    } else {
      Session("MM_UserAuthorization") = "";
    }
    if (String(Request.QueryString("accessdenied")) != "undefined" && true) {
      MM_redirectLoginSuccess = Request.QueryString("accessdenied");
    }
    MM_rsUser.Close();
    Response.Redirect(MM_redirectLoginSuccess);
  }
  MM_rsUser.Close();
  Response.Redirect(MM_redirectLoginFailed);
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
  <p>Username:
    <input name="uname" type="text" id="uname">
</p>
  <p>Password:
    <input name="pword" type="text" id="pword">
    <input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>


When you create your database, make sure you have a username, password and group ID fields.  You may even consider an encryption alogrithm for the passwords like md5.  

Hope this helps.

It is worth noting that Macromedia Dreamweaver MX has a 30 day trial whereby you can use the features to fully create your authentication system.  And the scripts are not trial based either.

Hope that this helps.

Mark
Avatar of d01970g
d01970g

ASKER

i want to do it in HTML.... how can i have multiple logins?  i was able to create one login and password....
ASKER CERTIFIED SOLUTION
Avatar of masoncooper
masoncooper
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of daluu
daluu
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial