User Logins

[ags131]

I have created a user login system in asp i would like to share. Many people have been trying to do this and i hope this helps.
I have all the files in the zip.

The default.asp page is the page containing the form and the required hidden fields. make sure to change the value of the toPage hidden field to the url of the page you want to open after the user is logged in.

You will have to add users manually to the database. im not sure if the db.asp code will add a record correctly. As i fix the problems i will post the updated file.

One important step: put all the files in the SAME folder. Otherwise you will need to fix the links. Also make sure the server supports ADO and databases.

The code sets a session variable, "user", to the username if it is valid.
Hope it helps.

[ags131]

I have updated the files. It now supports adding users to the database and changing username and/or password from a asp page. I have all the required files in the zip. the account that is in the database is:
Username: admin
Password: Admin
I would recommend using the update area of the page you are redirected to after login to change it. You will have to make sure you have read/write permissions for the setup to work correctly. Here is the link to the file: UserLoginWithDatabase.zip

If you get a 404 error or the file doesnt download please wait approx. 5 minutes and try again. the server is on my home computer and is not very fast. If you want to see an example please go here. This is the directory where i am storing all the files required.

[ags131]

Here is a quick tutorial on how to use my asp pages:
first lets take a look at the form code:

PHP Code:

<form name="frm" method="post" action="login.asp">
<input type="hidden" name="action" value="get" />
<input type="hidden" name="table" value="users" />
<input type="hidden" name="toPage" value="home.asp" />
Username: <input type="text" name="user" />
<br />
Password: <input type="password" name="password" />
<br />
<input type="submit" value="Login" />
</form> 


all the hidden fields are required.
The action field defines what to do to the database.
get - checks the username and password and logs the user in if valid
add - adds a user
update* - changes a users profile
delete** - removes a user

The table field defines what table in the user.mdb file to open
users - main user table (required to work) (only table in database)

The toPage field should contain the URL of the page to load when done. The URL must be relative to the asp pages.

And everyone can guess what the user & password fields are.
Any fields can be changed to hidden or text. if you need i am here to help please post comments and let me know what you think.

*two extra field required: user2 for new username & password2 for new password

**not sure if it works.

[Gohraw]

All of this looks amazing, but could you put the updated.zip file on like filefront or something so everyone will be able to download it easier?

-edit:
Wait, I have a question... I can see where you put in the URL and all that, but what do you do to make multiple pages blocked?

[Gohraw]

i've tried multiple times trying to download it.. do you think you could host it on a website or email it to me or something?

[ags131]

Here is the file hosted on filefront.

@gothraw fo each page that needs protected insert this asp code:

Code:

<%
if session("user")="" then response.redirect("default.asp")
%>

Change response.redirect("default.asp") to point to the login page that you fix.

[Gohraw]

hey, sorry I took so long to respond, but I'm having trouble getting this thing working

[ags131]

Which part are you having problems with?

[Gohraw]

well, it just doesn't seem to want to work. i'm probably just putting the URL into the wrong spot

[ags131]

UPDATE: The live version is available here.
The zip file is hosted here:




@Gohraw
If it is just showing the source code then your server isnt set up for asp. If it is giving a databse read/write error then follow these instructions to fix the problem:

Goto IIS control panel: right click the folder the database is in: click properties.
IIS1.bmp
make sure scripting and read/write permissions are set.
IIS2.bmp
do the same for the database.
IIS3.bmp
IIS4.bmp

if you have the page with the form at the root of your server and the db processing page in a folder named data then have your form code point to it. to return to the same page after the login has been verified make sure you include .. in the toPage area.

Ex.
login from login.html in root (site.com/login.html)
sends data to login.asp (site.com/data/login.asp)
login.asp sends you to a successful.asp page in root (site.com/successful.asp)
(The toPage value would have to be set to ../successful.asp)

If this doesn't help you can give me your site URL or IP and ill look at the page source codes.

[Gohraw]

Unless I'm misunderstanding you, I need to create a new .asp file for each part of my website that I would like to hide from those who are not registered.


However, if I'm wrong and you're tired of trying to explain how to do this to me, then here is the deal: My website home page is http://www.chchcheckit.com. A page that I may or may not want to hide from those who are not registered to my website is something like "...com/extras.htm". Now, what exactly would I have to add/change amongst the asp files in order to accomplish this? This one example will most likely end all of my problems and hence I will no longer bug you

[ags131]

Instead of linking directly to the extras.htm page simply have it goto a asp page that checks the login info and continues if it is good.

You can copy this code into an empty asp page and use it to redirect. simply add a case X statement for each page. where X is the ID you want for that page.

Ex.

PHP Code:

<%
dim loginErr
dim loginSuc

loginErr="loginError.htm"

select case request.querystring("PID")

case 1
  loginSuc="extras.htm"

end select

sub invalid()
  response.redirect(loginErr)
end sub

if session("user")="" then invalid()
response.redirect(loginSuc)
%> 


all you would need to do is pass the value PID to the asp page. in this setup it would be linked as: loginCheck.asp?PID=1 if the file was named loginCheck.asp

if for example, you wanted the users to use the page i built, and it is stored in the user directory then loginErr would need to contain the value "user/default.asp"

You can modify the pages to suit your needs. to create a login form you can copy the code from default.asp and modify the hidden values. unless you change the database the table and database values must always be the same.

[fuericfu]

Okay I am a complete noob at this so here's what I got.
I've downloaded the files. And I am completely lost. Okay first do I upload the folder containing all the files. and then What do I name it? Also I have no idea how to change the hidden values and also the toPage stuff.

I would really appreciate it if you could maybe help me do it

Thanks.

[P.S.] Also I would like to hide the ENTIRE website to those un-registered. Is that possible? If not, I can live with it.

[ags131]

First of all does your server support asp? are you using asp on the pages you want to protect? If your not sure what web server (Host, such as freewebs.com) do you use and what package?

The examples i'm using in this message have the downloaded files all in the login folder. but the folder also needs to have write access and the database needs write access.

Heres the code to insert into the top of your pages that you want the user to be a member of: (NOTE: Page must have .asp at the end of the filename.)

Code:

<%
if session("user")="" then response.redirect("login/default.asp")
%>

Or you can create a page that will check each page before it loads.

for example. If you wanted to link to a page named extras.htm you would add a Case statement in this code and link to loginCheck.asp?PID=extras to load the page. if it cant find a case statement in the code it will attempt to open the page specified by PID

(Ex if the link points to loginCheck.asp?PID=Links and it does not find a case statement for links then it will try to open links.htm)

PHP Code:

<%
dim loginErr
dim loginSuc
loginErr="loginError.htm"

select case request.querystring("PID")

'case format:
'
'case someNumberOrText
'  loginSuc="somepage.htm"

case 1
  loginSuc="home.htm"

case "home"
  loginSuc="home.htm"

end select

sub invalid()
    response.redirect(loginErr)
end sub

if session("user")="" then invalid()
if loginSuc="" then logonSuc=request.querystring("PID") & ".htm"
response.redirect(loginSuc)
%>  
  </body>
</html> 


if you use frontpage to manage/edit the website i might be able to help you some more. If you need more help you can ask here or email me at atj_boys@tombigbee.com or instant message me by my yahoo ID card_man93.

Hope i helped.