I'm not sure if you are still trying to get this code or not.. but if anybody else is searching for Password stuff, it's all laid out blatently right here for you.
This first bit of code, out of three bits, is simple. Copy the ASP Code, and stick it in the top of WHATEVER asp page you want protected. The code wont work in html pages, since the code is written as asp. However, all HTML pages look exactly the same with the .asp extension instead, so all you need to do is change that. Make sure this code is pasted VERY First, and within it's own brackets.
<%
Dim ConnectTo
ConnectTo=Request.ServerVariables("SCRIPT_NAME")
If Session("blnIsUserGood") = False or IsNull(Session("blnIsUserGood")) = True then
Response.Redirect"default.asp" & "?ConnectTo=" & ConnectTo
End If
%>
The code basically checks to see if the user is already logged in, and if not, takes the "ConnectTo" Variable to memory so we remember what URL the user was trying to access.
Step 2...
And this is your Log On Page. It will take the "ConnectTo" variable (The URL of your protected page), and will pass it on. After the user see's this page, they will be redirected to the page they were trying to access. This is the default.asp page. It's basically just Copy Paste and it's yours. However, there is a small note in the code that says you can edit the HTML if you really want, for the layout.
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<%
Dim ConnectTo 'Holds the protected pages link info
'Fill the ConnectTo variable for later use in redirect
If Request.QueryString.Count = 0 Then
ConnectTo = CStr(Request("ConnectTo"))
Else
ConnectTo = Request.QueryString("ConnectTo")
End If
' Except for the ASP Code closing tag, you can edit the HTML below this, to change the layout to whatever you want. Just make sure you don't edit the values or names of the Form, since the other pages of code use those names as variables.
%>
<body>
<table width="518" border="0" align="center">
<tr>
<td align="center">
<h1>Login</h1>
</td>
</tr>
</table>
<br>
<br>
<br>
<br>
<form name="Login" method="post" action="check_user.asp">
<table width="273" border="0" align="center" cellspacing="0" cellpadding="0" bgcolor="#CCCCCC">
<tr>
<td align="right" height="47" valign="bottom" width="94">Screen name: </td>
<td height="47" valign="bottom" width="172">
<input type="text" name="txtUserName">
</td>
</tr>
<tr>
<td align="right" width="94">Your Password: </td>
<td width="172">
<input type="password" name="txtUserPass">
</td>
</tr>
<tr>
<td align="right" height="44" width="94"> </td>
<td height="44" width="172">
<input type="hidden" name="ConnectTo" value="<% =ConnectTo %>">
<input type="submit" name="Submit" value="Enter">
<input type="reset" name="Submit2" value="Reset">
</td>
</tr>
</table>
</form>
<br>
<center>
If you aren't yet a member, <a href="SignUp.asp">SignUp!</a><br>
Session Cookies must be enabled<br>
<br>
</center>
</body>
</html>
And Finally, This is the check_user.asp page. This page will never be seen. Your form will access this page, check the user, and then redirect them to the protected page that they were trying to get to. Just read over it and change a few things. There are five small changes to make in order to make the code yours. They are found where it says "CHANGE THIS!!!" And a small description of how to change it.
<%
Dim adoCon
Dim strCon
Dim rsCheckUser
Dim strAccessDB
Dim strSQL
Dim strUserName
Dim ConnectTo
ConnectTo = CStr(Request("ConnectTo"))
strUserName = Request.Form("txtUserName")
Session("strUserName") = Request.Form("txtUserName")
' CHANGE THIS!!! Change to wherever on your server your database is located. No ".mdb" is needed.
strAccessDB = "/DBFolder/PageDB"
Set adoCon = Server.CreateObject("ADODB.Connection")
' CHANGE THIS!!! IF! If your Database ITSELF is password protected..
' Not User Passwords. Just if when you open the database, you must enter a password.
' In which case, change the uid;pwd=letmein; to whatever you need. Else, leave it alone.
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein; DBQ=" & Server.MapPath(strAccessDB)
adoCon.Open strCon
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")
' CHANGE THIS!!! Change Members.Password to "YourTableName.PasswordColumn"
' CHANGE THIS!!! Change Members.ScreenName to "YourTableName.UserIDColumn"
strSQL = "SELECT Members.Password FROM Members WHERE Members.ScreenName ='" & strUserName & "'"
rsCheckUser.Open strSQL, strCon
If NOT rsCheckUser.EOF Then
If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then
Session("blnIsUserGood") = True
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
Response.Redirect ConnectTo
End If
End If
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
Session("blnIsUserGood") = False
' CHANGE THIS!!! Change the URL to whatever your Unauthorized page URL is.
Response.Redirect"unauthorised_user_page.htm"
%>
Topic Locked
Posted - 06 February 2005 : 03:10:17
