I am creating a restricted site. I have a .asp set up with a database for user/password. I need to do a couple things with it.
1.) to protect the entire directory, not just entry page, so noone can add an internal page to favorites and get in w/o using password.
2.) Try to add a time/date function so they have to pay a yearly fee or be shut off
3.) upon entering a god name/pass, redirect them to an internal page instead of the paragraph with another link to inside.
Any help? the code I have for the login is below:
<%@ Language = "VBScript" %>
<%
Option Explicit
Dim cnnLogin
Dim rstLogin
Dim strUsername, strPassword
Dim strSQL
%>
<html>
<head><title>Login Page</title>
</head>
<body bgcolor="gray">
<%
If Request.Form("action") <> "validate_login" Then
%>
<form action="login_db.asp" method="post">
<input type="hidden" name="action" value="validate_login" />
<table border="0">
<tr>
<td align="right">Login:</td>
<td><input type="text" name="login" /></td>
</tr>
<tr>
<td align="right">Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td align="right"></TD>
<td><input type="submit" VALUE="Login" /></td>
</tr>
</table>
</form>
<%
Else
strSQL = "SELECT * FROM tblLoginInfo " _
& "WHERE username='" & Replace(Request.Form("login"), "'", "''") & "' " _
& "AND password='" & Replace(Request.Form("password"), "'", "''") & "';"
Set cnnLogin = Server.CreateObject("ADODB.Connection")
cnnLogin.Open("DRIVER={Microsoft Access Driver (*.mdb)};" _
& "DBQ=" & Server.MapPath("login.mdb"))
Set rstLogin = cnnLogin.Execute(strSQL)
If Not rstLogin.EOF Then
%>
<p align="center">
<strong><br><br><br>Thank you. Please <a href=http://www.webdeveloper.com/forum/archive/index.php/"main.htm">click here</a> to continue.</strong>
</p>
<%
Else
%>
<p>
<font size="4" face="arial,helvetica"><strong>
Login Failed - Please verify username and password.
</strong></font>
</p>
<p>
<a href=http://www.webdeveloper.com/forum/archive/index.php/"login_db.asp">Try Again</a>
</p>
<%
'Response.End
End If
' Clean Up
rstLogin.Close
Set rstLogin = Nothing
cnnLogin.Close
Set cnnLogin = Nothing
End If
%>
</body>
</html>Well this is really the asp.net forum. Not the asp forum.
<!-- m --><a class="postlink" href="http://www.webreference.com/programming/asp/quasi/">http://www.webreference.com/programming/asp/quasi/</a><!-- m --> <--- this is a big article I wrote on session based logins with asp.net. Basically I just check ont he top of every page if the user has a session vairable id. Then I use that to identify him. If he does not he has not logged in. You can do the same with a cookie. The other method is using some sort of authentication to protect the whole dir. I suggest forms because it seems to be the easiest (well with a db) and it gives you the most control. <!-- m --><a class="postlink" href="http://aspnet.4guysfromrolla.com/articles/082703-1.aspx">http://aspnet.4guysfromrolla.com/articles/082703-1.aspx</a><!-- m -->
Those are two ways to do what you seek with asp.net. The method I used will work fine. If you choose it there are two lines of code you must change to protect from sql injection, but other then that it is fairly secure. It would be better with sql server and a stored procedure of course.
edit: sry, we were talking about my login code in another thread you posted in.
1.) to protect the entire directory, not just entry page, so noone can add an internal page to favorites and get in w/o using password.
2.) Try to add a time/date function so they have to pay a yearly fee or be shut off
3.) upon entering a god name/pass, redirect them to an internal page instead of the paragraph with another link to inside.
Any help? the code I have for the login is below:
<%@ Language = "VBScript" %>
<%
Option Explicit
Dim cnnLogin
Dim rstLogin
Dim strUsername, strPassword
Dim strSQL
%>
<html>
<head><title>Login Page</title>
</head>
<body bgcolor="gray">
<%
If Request.Form("action") <> "validate_login" Then
%>
<form action="login_db.asp" method="post">
<input type="hidden" name="action" value="validate_login" />
<table border="0">
<tr>
<td align="right">Login:</td>
<td><input type="text" name="login" /></td>
</tr>
<tr>
<td align="right">Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td align="right"></TD>
<td><input type="submit" VALUE="Login" /></td>
</tr>
</table>
</form>
<%
Else
strSQL = "SELECT * FROM tblLoginInfo " _
& "WHERE username='" & Replace(Request.Form("login"), "'", "''") & "' " _
& "AND password='" & Replace(Request.Form("password"), "'", "''") & "';"
Set cnnLogin = Server.CreateObject("ADODB.Connection")
cnnLogin.Open("DRIVER={Microsoft Access Driver (*.mdb)};" _
& "DBQ=" & Server.MapPath("login.mdb"))
Set rstLogin = cnnLogin.Execute(strSQL)
If Not rstLogin.EOF Then
%>
<p align="center">
<strong><br><br><br>Thank you. Please <a href=http://www.webdeveloper.com/forum/archive/index.php/"main.htm">click here</a> to continue.</strong>
</p>
<%
Else
%>
<p>
<font size="4" face="arial,helvetica"><strong>
Login Failed - Please verify username and password.
</strong></font>
</p>
<p>
<a href=http://www.webdeveloper.com/forum/archive/index.php/"login_db.asp">Try Again</a>
</p>
<%
'Response.End
End If
' Clean Up
rstLogin.Close
Set rstLogin = Nothing
cnnLogin.Close
Set cnnLogin = Nothing
End If
%>
</body>
</html>Well this is really the asp.net forum. Not the asp forum.
<!-- m --><a class="postlink" href="http://www.webreference.com/programming/asp/quasi/">http://www.webreference.com/programming/asp/quasi/</a><!-- m --> <--- this is a big article I wrote on session based logins with asp.net. Basically I just check ont he top of every page if the user has a session vairable id. Then I use that to identify him. If he does not he has not logged in. You can do the same with a cookie. The other method is using some sort of authentication to protect the whole dir. I suggest forms because it seems to be the easiest (well with a db) and it gives you the most control. <!-- m --><a class="postlink" href="http://aspnet.4guysfromrolla.com/articles/082703-1.aspx">http://aspnet.4guysfromrolla.com/articles/082703-1.aspx</a><!-- m -->
Those are two ways to do what you seek with asp.net. The method I used will work fine. If you choose it there are two lines of code you must change to protect from sql injection, but other then that it is fairly secure. It would be better with sql server and a stored procedure of course.
edit: sry, we were talking about my login code in another thread you posted in.