August 17th, 2000, 10:12 AM
|
|
Contributing User
|
|
Join Date: Dec 2002
Posts: 14,578
Time spent in forums: < 1 sec
Reputation Power: 22
|
|
|
Protecting ASP with a password.
<i><b>Originally posted by : Padmaja Tallavajhala (coolpersona@hotmail.com)</b></i><br />Hi everyone there,<br /><br />I am preparing 2 asp pages that would ask for the login and password from the user and then only after<br />valid validation, the user is allowed to go past the login page. I have looked into the code which given in the<br />Demos of this web site. But I am not able to see what is the mistake that is occuring in this page. Could you give me hints as to<br />how I could go about doing this ?<br /><br />if you would like to use the database which has the tables, it is in the zipped file as pasted below.<br /><br />http://www.aspfree.com/asp/startpage.asp?id=1<br /><br />I have attached the code of the two pages below. Any help is appreciated.<br />Padmaja.<br />--------------------------------------------------------------------------------------------------------------------------------------------------<br />logintest.asp<br /><br /><br /><%@ Language=VBScript %><br /><%<br />response.buffer = true<br />On Error Resume Next<br />dim strconn<br /><br />'set up connection to the database:<br />stDataPath = server.MapPath("accessdatautilityphoneutilityphone.mdb")<br />'strconn = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & Server.MapPath("/asp/password.mdb") <br /><br />'query to retreive data.<br />sSQL = "SELECT tblMemberInfo.ZoneName, tblPassword.Password " & _<br /> "FROM tblMemberInfo INNER JOIN tblPassword ON tblMemberInfo.MemberID = tblPassword.MemberID " & _<br /> "WHERE (((tblMemberInfo.ZoneName)='" & Session("ZoneName") & "'))"<br /><br />'create a connection to establish connection and a recordset.<br />set conn = server.createobject("ADODB.Connection")<br />set rs = server.createobject("ADODB.Recordset")<br /><br />'open the recordset using 2 formats.<br />rs.Open sSQL, conn, 2, 2<br /><br />'you'll need to change the path to meet your setup<br />'strconn = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & Server.MapPath("/asp/password.mdb") <br />'set conn = server.createobject("ADODB.Connection")<br />'set rs = server.createobject("ADODB.Recordset")<br />'conn.open strconn<br />'rs.open "SELECT tblMemberInfo.MemberID, tblMemberInfo.ZoneName, tblPassword.Password " & _<br />' "FROM tblMemberInfo INNER JOIN tblPassword ON tblMemberInfo.MemberID = tblPassword.MemberID " & _<br />' "WHERE (((tblMemberInfo.ZoneName)='" & request("ZoneName") & "'))", conn, 2, 2<br /><br />if not rs.eof then rs.movefirst<br />if not rs.eof then<br /> if request("password") = rs("Password") then<br /> session("ZoneName") = request("ZoneName")<br /> session("Password") = request("Password")<br /> session("MemberID") = rs("MemberID")<br /> response.redirect request("page") <br /> end if<br />end if<br />rs.close<br />conn.close<br />set rs = nothing<br />set conn = nothing<br />%><br /><html><br /><br /><head><br /><title>Login Page</title><br /></head><br /><body><br /><p><b>LoginID:</b><i>Mynick</i></p><br /><p><b>Password:</b><i>password (Case Sensative)</i></p><br /><form ACTION="logintest.asp?page=<%= request("page") %>" METHOD="post"><br /><table border="0"><br /> <tr><br /> <td ALIGN="right">Login Name:</td><br /> <td><input TYPE="text" NAME="ZoneName" size="20"></td><br /> </tr><br /> <tr><br /> <td ALIGN="right">Password</td><br /> <td><input TYPE="password" NAME="password" size="20"></td><br /> </tr><br /> <tr><br /> <td ALIGN="right"></td><br /> <td><input TYPE="submit" VALUE="Login"> <input TYPE="reset" VALUE="Reset"> </td><br /> </tr><br /></table><br /></form><br /></body><br /></html><br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br />password.asp<br /><br /><%@ Language = "VBScript"%><br /><%<br />response.buffer = true<br />'On Error Resume Next<br /><br />'give a variable for password page.<br />strPage = "password.asp"<br /><br />'set up connection to the database:<br />stDataPath = server.MapPath("accessdatautilityphoneutilityphone.mdb")<br />'strconn = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & Server.MapPath("/asp/password.mdb") <br /><br />'query to retreive data.<br />sSQL = "SELECT tblMemberInfo.ZoneName, tblPassword.Password " & _<br /> "FROM tblMemberInfo INNER JOIN tblPassword ON tblMemberInfo.MemberID = tblPassword.MemberID " & _<br /> "WHERE (((tblMemberInfo.ZoneName)='" & Session("ZoneName") & "'))"<br /><br />'create a connection to establish connection and a recordset.<br />set conn = server.createobject("ADODB.Connection")<br />set rs = server.createobject("ADODB.Recordset")<br /><br />'open the recordset using 2 formats.<br />rs.Open sSQL, conn, 2, 2<br /><br />'strPage = "password.asp"<br />'set conn = server.createobject("ADODB.Connection")<br />'set rs = server.createobject("ADODB.Recordset")<br />'conn.open strconn<br />'rs.open "SELECT tblMemberInfo.ZoneName, tblPassword.Password " & _<br />' "FROM tblMemberInfo INNER JOIN tblPassword ON tblMemberInfo.MemberID = tblPassword.MemberID " & _<br />' "WHERE (((tblMemberInfo.ZoneName)='" & Session("ZoneName") & "'))", conn, 2, 2<br /><br />if not rs.eof then rs.movefirst<br />if rs.eof then<br /> response.redirect "logintest.asp?page=" & strPage<br />else<br /> if session("password") <> rs("password") then<br /> response.redirect "login.asp?page=" & strPage<br /> end if<br />end if<br />rs.close<br />conn.close<br />set rs = nothing<br />set conn = nothing<br />%><br /><br /><html><br /><br /><head><br /><title>Template Page</title><br /></head><br /><body><br /><p>You've logged in successful</p><br /></body><br /></html><br /><br />If you know of any other example that is better to understand, then I would appreciate it if you could<br />provide me the link to that site.<br /><br />Thanks<br /><br />
|
ASP Free Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
