|
lasatalayas
Junior Member
109 Posts |
 Posted - 04 April 2006 : 11:37:34
|
I create a small form like this for them to login at:
<form name="form1" method="post" action="check_member.asp">
<table border="1" align="center" cellpadding="3" cellspacing="0" bordercolor="#618fc1" bgcolor="EEF3FB">
<tr>
<td width="379">
<table width="100%" border="0" align="center" cellspacing="0" cellpadding="0" >
<tr>
<td height="47" colspan="2" align="right"> <div align="center"><strong> Secure Login</strong></div></td>
</tr>
<tr>
<td align="right" height="47" width="186"> <div align="center">Username:
</div></td>
<td height="47" width="289"> <input name="txtUserName" type="text" class="input">
</td>
</tr>
<tr>
<td align="right" width="186"> <div align="center">Password: </div></td>
<td width="289"> <input name="txtPwd" type="password" class="input">
</td>
</tr>
<tr>
<td align="right" height="44" colspan="2"> <div align="center">
<input type="submit" name="Submit" value="Enter" class="submit">
<input type="reset" name="reset" value="Reset" class="submit">
</div></td>
</tr>
<tr>
<td align="right" height="46" colspan="2"> <div align="center">
<p><br>
<a href="http://www.mysite.com/forum/password.asp">Have
you <font color="#FF0000">Forgot</font> your password?</a></p>
</div>
<div align="center">
<p><a href="../../forum/register.asp">If you have not previously
registered and used this facility,<br>
you must first register your details in the Forum.<br>
</a></p>
</div></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
This then calls this check_member.asp
<!--#include file="includes/config.asp"-->
<!--#include file="includes/sConnString.asp"-->
<!--#include file="includes/sha256.asp"-->
<%
'Declare variables
Dim oConnection, oRecordset, sSQL
Dim sUserName, sPassword
'Receive the form values and assign to sUserName and sPassword variables
sUsername = Request.Form("txtUsername")
sPassword = Request.Form("txtPwd")
sPassword = sha256(sPassword)
If sUsername=sAdminUsername AND sPassword=sAdminpassword Then
Session("blnValidMember") = True
Session("Admin")=True
response.redirect "admin/approve.asp"
Else
'Create a connection odject and a recordset object
Set oConnection = Server.CreateObject("ADODB.Connection")
Set oRecordset = Server.CreateObject("ADODB.Recordset")
'Set an active connection to the Connection object
oConnection.Open sConnString
'Create a variable called sSQL which holds an SQL statement to query against the database
sSQL = "SELECT M_NAME, M_PASSWORD FROM FORUM_MEMBERS WHERE M_NAME ='" & sUserName & "'" & _
" AND M_PASSWORD = '" & sPassword & "'"
'Query the database and return a recordset
oRecordset.Open sSQL, oConnection
'If the recordset finds a table row corresponding to the username and password entered - then valid login
If NOT oRecordset.EOF Then
'If its a valid login then set the session variable to True
Session("blnValidMember") = True
'redirect the user to the members.asp as they have logged in properly
Response.Redirect "members3.asp"
Else
'if not valid username and password then set the session to false
Session("blnValidMember") = False
'Redirect to the no_access.asp - not a valid username and password
Response.Redirect "no_access.asp"
End If
'Close Objects and free up memory
oRecordset.Close
Set oRecordset = Nothing
oConnection.Close
Set oConnection=Nothing
End If
%> |
 |
|
Topic Locked
