Library Zone Articles
External Articles
Byte Size

Discovery Zone Catalogue
Diary
Links
Bookstore
Interactive Zone Ask the Gurus
Discussion Groups
Newsletters
Feedback
Etc Cartoons
Humour
COMpetition
Advertising
ASP Web Ring ASP Web Ring
Power your site with idr newswire
The Developer's Resource & Community Site
COM XML ASP Java & Misc. NEW: VS.NET
International This Week Forums Author Central Find a Job

Login page to your website using ASP

Download print article and code

Introduction

This article shows how to build a simple login page for your site using ASP. Visitors have to enter their username and password to gain access to the site. If they do not have one, they can register themselves to obtain the login details. At any point of time, the visitor can change his/her password. All of the login details are stored in a Access database with just one table named Login.

Login Table:

Firstname - Text
Lastname - Text
Username - Text
Password - Text

Login Page

First let us see the login page (Login.htm) which has 2 textboxes - one for username and other for password and 2 buttons. The following is the code for the Login.htm page.


<HTML><HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<SCRIPT ID=clientEventHandlersJS LANGUAGE=javascript>
<!--

function form1_onsubmit() {
if (form1.txtusername.value == "" || form1.txtpassword.value == "")
return false;
}

//-->
</SCRIPT>
</HEAD>
<BODY>
<FORM action="ProcessLogin.asp" method=post id=form1 name=form1 
LANGUAGE=javascript onsubmit="return form1_onsubmit()">

Username:
<INPUT id=text1 name=txtusername >

Password:</b>
<INPUT type="password" name=txtpassword>


<INPUT type="submit" value="Login" name="login">
<input type="button" name="newuser" value="New User" 
Onclick=window.location.href="register.htm">

</FORM></BODY></HTML>

In the above code, I use the POST method to submit the information through the URL to the nextpage which is ProcessLogin.asp. I use a submit button to submit the login details and a regular button to navigate the user to the page register.htm to register themselves. I also use a Javascript function to check to see if the visitor has entered something in the 2 textboxes.

Next we will see what happens when the user hits the login button after entering the details. All the processing is done in ProcessLogin.asp page.The code is as follows:


<%@ Language=VBScript %>
<%Response.Buffer=true%>
<HTML><HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY>

<%
Dim conn,rs,strsql
set conn = server.CreateObject("ADODB.Connection")
set rs = server.CreateObject("ADODB.Recordset")

'DSN less connection
conn.Provider = "Microsoft.Jet.OLEDB.4.0"
conn.ConnectionString = "Data Source=" & Server.MapPath("login.mdb")
conn.open

strsql = "Select Username, Password From Login where Username = '" & _ 
Request.Form("txtusername") & "' and Password = '" & _
Request.Form("txtpassword") & "'"
set rs = conn.Execute (strsql)

If (not rs.BOF) and (not rs.EOF) then
   Response.Cookies("Username") = rs.Fields("Username")
   Response.Redirect "https://www.yourwebsite.com/yourentrypage.html"
else
   Response.Redirect "https://www.yourwebsite.com/access-denied-page.html"
end if


'close the recordset
rs.close
set rs = nothing

'close the connection
conn.close
set conn = nothing

</script>

</BODY></HTML>

This page checks to see if the login details are present in the database. The first line <%@ Language=VBScript %> tells that the default scripting language for this page is VBScript. I used <%Response.Buffer=true%> not to cache the page. Next the connection and recordset objects are initiated. I have used DSN less connection to access the login.mdb database. Ofcourse, you can have a DSN connection by setting up a System DSN in the ODBC Services found in the control panel.

Next using a SQL Select statement, I pick up the login details from the login page using the Request method. If the recordset is found, I place the username in a cookie (I explain later why I have used cookies) and redirect the visitor to enter the website, else show an error. That's it. Now the user has entered the site or shown an error message.

New User Registration

On the loginpage, we had a button called Newuser, which when clicked takes the visitor to Register.htm to register themselves to obtain login details. We will see the code for this page, which is a simple HTML form.


<HTML><head>
<TITLE>New User Registration</TITLE>


<FORM action = "Register.asp" method="post" id=form1 name=form1 
LANGUAGE=javascript onsubmit="return form1_onsubmit()">

First Name
<INPUT type=text NAME=firstname VALUE="" SIZE=25>

Last Name
<INPUT type=text NAME=lastname VALUE="" SIZE=25>

User Name
<INPUT type=text NAME=userid VALUE="" SIZE=15>

Password
<INPUT TYPE=PASSWORD NAME=password  VALUE="" SIZE=15>

<INPUT type="submit" value="Submit" id=submit1 name=submit1>

</FORM></BODY></HTML>

In this page, the new visitor enters his firstname,lastname, a username and a password and hits Submit to get login details. If a visitor has already has login details and wants to change the password, they simply enter again all the details in this page and enter the new password and hit submit. Once submitted, the process is carried out in Register.asp which inserts his/her details in the database. The following is the code for the register.asp page


<%@ Language=VBScript %>
<HTML><HEAD>
<META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
</HEAD>
<BODY>

<%

Dim sSQL,conn,rs
Set conn = Server.CreateObject("ADODB.Connection")
set rs = server.CreateObject("ADODB.Recordset")

'DSN less connection
conn.Provider = "Microsoft.Jet.OLEDB.4.0"
conn.ConnectionString = "Data Source=" & Server.MapPath("login.mdb")
conn.open


strsql = "Select firstname,lastname from login"
set rs = conn.Execute (strsql)

if (rs.BOF)and (rs.EOF) then

sSQL = "Insert into admin (Firstname,lastname,username,password) Values" & _
"('"& Ucase(Request("firstname")) & "', '"& Request("lastname") & "', '"& 
Request("userid") & "', '" & Request("password") & "')"
conn.Execute sSQL,adCmdText

else

SQL = "Delete * from login where username= '" & Request.Form("userid") & "'"
conn.execute(SQL)
end if

sSQL = "Insert into login (Firstname,lastname,username,password) Values" & _
"('"& Ucase(Request("firstname")) & "', '"& Request("lastname") & "', '"& 
Request("userid") & "', '" & Request("password") & "')"
conn.Execute sSQL,adCmdText

'close the recordset
rs.close
set rs = nothing

'close the connection
conn.close
set conn = nothing

%>

<h2>Your login details have been saved to the database<h2>
<A href="login.asp">[Click here to go to login page]</A>
</BODY>
</HTML>

This page Register.asp performs two things:

Firstly, I select visitor's first and last name. If the recordset is empty, I insert all the details into the database assuming that the visitor is new.

Second, If a recordset is found (implicitly meaning that the visitor has come to this page to change his/her password) I delete all the entries for this particular visitor using his username and then re-enter his details again. Now during this second INSERT, all details about this visitor remains the same except he has given himself a new password.

After this, the visitor is taken to the login page to login or can be sent directly to the web site.

Why Cookies

Remember, previously I had placed the username inside a cookie, the reason is,any visitor can bypass the login page and type in the URL of the page where he wants to go. By using cookies, I have forced the user to login and then only view the contents of the web site.

This is done as follows:


<%if Request.Cookies("Username") <> "" then
     Response.Redirect ("send them to view the web site")
     session("submitted")="false"
  else
     'send them back to login page
     Response.Redirect "Login.htm"
     Response.End
end if%>

You can save the above code in a page something like Check.asp and have this as a server side include on the top of all the pages of your website which you wish to protect. It will be something like this:


<!--#include file="Check.asp"-->

Summary

Now you have seen that how you can protect your web site, using a login page. Using this, anyone can access your site. If you do not want everyone to access this site, then you may remove totally the New User registration feature. And then you can take control of issuing login details to selected visitors by manually entering the details into the database.

You can also perform validations like checking to see if there are spaces in the username and password fields using Javascript. You can also specify that the password should be more than 6 characters long. So by using a access database and 2 or 3 asp pages, you can create a login page for your site.


Mail a question to the author!!

As part of the IDevResource commitment to Open Publishing, all of our authors are available to answer all of your trickiest questions at Author Central. For information about the authors, or to mail a question, visit them at Author Central.


Click here

Contribute to IDR:

To contribute an article to IDR, a click here.

To contact us at IDevResource.com, use our feedback form, or email us.

To comment on the site contact our webmaster.

Promoted by CyberSavvy UK - website promotion experts

All content © Copyright 2000 IDevResource.com, Disclaimer notice



Join the Developers Webring

WTL Architecture by Richard Grimes

Visit the IDR Forums

Learn C#