Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - How Can I Add A Database Connection To This Script
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

How Can I Add A Database Connection To This Script
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
kennywhite View Drop Down
Groupie
Groupie


Joined: 26 February 2009
Location: Indy
Status: Offline
Points: 106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kennywhite Quote  Post ReplyReply Direct Link To This Post Topic: How Can I Add A Database Connection To This Script
    Posted: 28 May 2009 at 5:03pm
Hello,
 
 I have been looking for a simple login script. I found this one and it works, but instead of connecting to a database, it has the user name and password in part of the script.
 
Here is a link where I found the source code:
 
I tried to figure this out on my own, but it didn't work out so well.
 
The code on the link above has a couple of flaws, so here is my code.
 
login.asp


<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>



<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
Session("UserLoggedIn") = ""


If Request.Form("login") = "true" Then 
    CheckLogin 
Else
    ShowLogin 
End If 



%>


 


<% Sub ShowLogin %>
<form name=form1 action=login.asp method=post>
User Name : <input type=text name=username>
Password : <input type=password name=userpwd>
<input type=hidden name=login value=true>
<input type=submit value="Login">
</form>
<% End Sub %>


 


<%



Sub CheckLogin
If LCase(Request.Form("username")) = "guest" And LCase(Request.Form("userpwd")) = "guest" Then 
    Session("UserLoggedIn") = "true"
    Response.Redirect "protectedpage.asp"
Else
    Response.Write("Login Failed.<br><br>")
    ShowLogin
End If
End Sub


 


%>
 
protectedpage.asp


<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work


If Session("UserLoggedIn")  <> "true" Then
    Response.Redirect("login.asp")
End If
%>


This page is full of password protected content.  If you are reading this you entered <br>
the correct name and password.


<a href="protectedpage.asp">k</a>
 
 
Thanks for reading!
 
 
 
 
 
Back to Top
123Simples View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 July 2007
Location: United Kingdom
Status: Offline
Points: 1192 		Post Options Post Options   Thanks (0) Thanks(0)   Quote 123Simples Quote  Post ReplyReply Direct Link To This Post Posted: 28 May 2009 at 7:39pm
I have been working on a project for login and logout using access database - (I haven't forgotten you Wink)

Test Site protected
Example - try navigating to this page - in theory you should get kicked off to unauthorised users page and should need to register
Well that's the theory LOL
Visit 123 Simples Web Design
Back to Top
cmv View Drop Down
Newbie
Newbie


Joined: 22 May 2009
Location: vienna
Status: Offline
Points: 36 		Post Options Post Options   Thanks (0) Thanks(0)   Quote cmv Quote  Post ReplyReply Direct Link To This Post Posted: 29 May 2009 at 12:08pm
ahead: you should really use proper HTML ... eg. <input type="text" name="username" />

Sub CheckLogin ... i would replace the LCase() by Trim() to filter trailing spaces and keep case sensivity
strUserName = Trim(Request.Form("username")) : strPass = Trim(Request.Form("userpass"))
 
for a basic security add some Replace() on both: strUserName and strPass
str = Replace(str, "'", "''") : str = Replace(str, "%", "") : str = Replace(str, "*", "")
 
Set objCon = Server.CreateObject("ADODB.Connection")
Set objRst = Server.CreateObject("ADODB.RecordSet")
objCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & server.mappath("/database.mdb")
 
strSQL = "SELECT ID FROM tblUser WHERE UserName = '" & strUserName & "' AND Pass = '" & strPass & "'"
objRst = objCon.Execute(strSQL, lngRec, adCmdText)
IF NOT(objRst.EOF AND objRst.BOF) Then blnLogin = TRUE ELSE blnLogin = FALSE
 
objRst.Close : SET objRst = NOTHING
objCon.Close : SET objCon = NOTHING
IF blnLogin THEN
 Session("UserLoggedIn") = TRUE
 Response.Redirect("/protectedpage.asp")
ELSE
 'prepare some error message eg. strMsg = "sorry, ...."
END IF
 
adCmdText is an ADO parameter and can be replaced by 1
lngRec is just a return value (see execute method for details)
 
intermediate using of blnLogin, what appears more complicated, allows to close and destroy objects either of you redirect or not (your server will appreciate this)
the - also more complicated looking - IF NOT() construct makes sure you're catching all unexpected positives
 
i'd recommend use Option Explicit after the language directive and declare variants to avoid basic mistakes
 
hth, christian
Back to Top
kennywhite View Drop Down
Groupie
Groupie


Joined: 26 February 2009
Location: Indy
Status: Offline
Points: 106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kennywhite Quote  Post ReplyReply Direct Link To This Post Posted: 29 May 2009 at 3:21pm
I did something wrong (   as always :)   ). Here is my code.
 


<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>



<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
Session("UserLoggedIn") = ""


If Request.Form("login") = "true" Then 
    CheckLogin 
Else
    ShowLogin 
End If 



%>


 


 


 


<% Sub ShowLogin %>
<form name=form1 action=login.asp method=post>
User Name : <input type="text" name="username">
Password : <input type="password" name="userpwd">
<input type="hidden" name="login" value="true">
<input type="submit" value="Login">
</form>
<% End Sub %>


 


<%


Sub CheckLogin
If Trim(Request.Form("username")) = "" & strUserName & "" And Trim(Request.Form("userpwd")) = "" & strPass & "" Then 
    Session("UserLoggedIn") = "true"


str = Replace(str, "'", "''") : str = Replace(str, "%", "") : str = Replace(str, "*", "")



Set objCon = Server.CreateObject("ADODB.Connection")
Set objRst = Server.CreateObject("ADODB.RecordSet")
objCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & server.mappath("db.mdb")
 
strSQL = "SELECT login.UserName, login.Password FROM login WHERE UserName = '" & strUserName & "' AND Password = '" & 


strPass & "'"
objRst = objCon.Execute(strSQL, lngRec, adCmdText)
IF NOT(objRst.EOF AND objRst.BOF) Then blnLogin = TRUE ELSE blnLogin = FALSE



objRst.Close : SET objRst = NOTHING
objCon.Close : SET objCon = NOTHING
IF blnLogin THEN
 Session("UserLoggedIn") = TRUE
 Response.Redirect("/protectedpage.asp")
ELSE
 'prepare some error message eg. strMsg = "sorry, ...."
END IF



%>
 
Can you please point out my mistake(s)?
 
Thanks for the help.
 
 
 
 
 
 
Back to Top
cmv View Drop Down
Newbie
Newbie


Joined: 22 May 2009
Location: vienna
Status: Offline
Points: 36 		Post Options Post Options   Thanks (0) Thanks(0)   Quote cmv Quote  Post ReplyReply Direct Link To This Post Posted: 29 May 2009 at 5:05pm
kenny - this was not meant to be a finished script ;-)
- you can remove the codepage directive - it only says windows ...
below the language directive start with:
<% Option Explicit
 Dim strUserName, strPass, .... (define all variants here you will use in your script)
 
then request username and pasword in a seperate step, do all the replacing then, one after the other.
you still have the old line in Sub CheckLogin, change it to requesting both form variables seperately first, otherwise your variables will never reach the SQL statement ...
 
str = Replace(str, x, y) -> of course you need to apply this function to the username and pass variant (str is just a placeholder here to show you the syntax)
 
btw: clearly your database needs to have the fields UserName and Password in the table login, otherwise you will receive an ADO error
 
hth, christian
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.