Print Page | Close Window

How Can I Add A Database Connection To This Script

Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Classic ASP Discussion
Forum Description: Discussion on Active Server Pages (Classic ASP).
URL: https://forums.webwiz.net/forum_posts.asp?TID=27412
Printed Date: 29 March 2026 at 7:08am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com


Topic: How Can I Add A Database Connection To This Script
Posted By: kennywhite
Subject: How Can I Add A Database Connection To This Script
Date Posted: 28 May 2009 at 5:03pm
Hello,
 
 I have been looking for a simple login script. I found this one and it works, but instead of connecting to a database, it has the user name and password in part of the script.
 
Here is a link where I found the source code:
http://evolt.org/node/28652" rel="nofollow - http://evolt.org/node/28652
 
I tried to figure this out on my own, but it didn't work out so well.
 
The code on the link above has a couple of flaws, so here is my code.
 
login.asp


< mailto:%@LANGUAGE=VBSCRIPT" rel="nofollow - %@LANGUAGE="VBSCRIPT " CODEPAGE="1252"%>



<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
Session("UserLoggedIn") = ""


If Request.Form("login") = "true" Then 
    CheckLogin 
Else
    ShowLogin 
End If 



%>


 


<% Sub ShowLogin %>
<form name=form1 action=login.asp method=post>
User Name : <input type=text name=username>
Password : <input type=password name=userpwd>
<input type=hidden name=login value=true>
<input type=submit value="Login">
</form>
<% End Sub %>


 


<%



Sub CheckLogin
If LCase(Request.Form("username")) = "guest" And LCase(Request.Form("userpwd")) = "guest" Then 
    Session("UserLoggedIn") = "true"
    Response.Redirect "protectedpage.asp"
Else
    Response.Write("Login Failed.<br><br>")
    ShowLogin
End If
End Sub


 


%>
 
protectedpage.asp


<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work


If Session("UserLoggedIn")  <> "true" Then
    Response.Redirect("login.asp")
End If
%>


This page is full of password protected content.  If you are reading this you entered <br>
the correct name and password.


<a href="protectedpage.asp">k</a>
 
 
Thanks for reading!
 
 
 
 
 


Replies:
Posted By: 123Simples
Date Posted: 28 May 2009 at 7:39pm
I have been working on a project for login and logout using access database - (I haven't forgotten you Wink)

Test Site protected
Example - http://www.justcheck.co.uk/site112/protected_page.asp" rel="nofollow - try navigating to this page - in theory you should get kicked off to unauthorised users page and should need to register
Well that's the theory LOL


-------------
http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design

Posted By: cmv
Date Posted: 29 May 2009 at 12:08pm
ahead: you should really use proper HTML ... eg. <input type="text" name="username" />

Sub CheckLogin ... i would replace the LCase() by Trim() to filter trailing spaces and keep case sensivity
strUserName = Trim(Request.Form("username")) : strPass = Trim(Request.Form("userpass"))
 
for a basic security add some Replace() on both: strUserName and strPass
str = Replace(str, "'", "''") : str = Replace(str, "%", "") : str = Replace(str, "*", "")
 
Set objCon = Server.CreateObject("ADODB.Connection")
Set objRst = Server.CreateObject("ADODB.RecordSet")
objCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & server.mappath("/database.mdb")
 
strSQL = "SELECT ID FROM tblUser WHERE UserName = '" & strUserName & "' AND Pass = '" & strPass & "'"
objRst = objCon.Execute(strSQL, lngRec, adCmdText)
IF NOT(objRst.EOF AND objRst.BOF) Then blnLogin = TRUE ELSE blnLogin = FALSE
 
objRst.Close : SET objRst = NOTHING
objCon.Close : SET objCon = NOTHING
IF blnLogin THEN
 Session("UserLoggedIn") = TRUE
 Response.Redirect("/protectedpage.asp")
ELSE
 'prepare some error message eg. strMsg = "sorry, ...."
END IF
 
adCmdText is an ADO parameter and can be replaced by 1
lngRec is just a return value (see execute method for details)
 
intermediate using of blnLogin, what appears more complicated, allows to close and destroy objects either of you redirect or not (your server will appreciate this)
the - also more complicated looking - IF NOT() construct makes sure you're catching all unexpected positives
 
i'd recommend use Option Explicit after the language directive and declare variants to avoid basic mistakes
 
hth, christian


-------------
and remember: a CRAY is the only computer that runs an endless loop in just four hours ...

Posted By: kennywhite
Date Posted: 29 May 2009 at 3:21pm
I did something wrong (   as always :)   ). Here is my code.
 


< mailto:%@LANGUAGE=VBSCRIPT" rel="nofollow - %@LANGUAGE="VBSCRIPT " CODEPAGE="1252"%>



<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
Session("UserLoggedIn") = ""


If Request.Form("login") = "true" Then 
    CheckLogin 
Else
    ShowLogin 
End If 



%>


 


 


 


<% Sub ShowLogin %>
<form name=form1 action=login.asp method=post>
User Name : <input type="text" name="username">
Password : <input type="password" name="userpwd">
<input type="hidden" name="login" value="true">
<input type="submit" value="Login">
</form>
<% End Sub %>


 


<%


Sub CheckLogin
If Trim(Request.Form("username")) = "" & strUserName & "" And Trim(Request.Form("userpwd")) = "" & strPass & "" Then 
    Session("UserLoggedIn") = "true"


str = Replace(str, "'", "''") : str = Replace(str, "%", "") : str = Replace(str, "*", "")



Set objCon = Server.CreateObject("ADODB.Connection")
Set objRst = Server.CreateObject("ADODB.RecordSet")
objCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & server.mappath("db.mdb")
 
strSQL = "SELECT login.UserName, login.Password FROM login WHERE UserName = '" & strUserName & "' AND Password = '" & 


strPass & "'"
objRst = objCon.Execute(strSQL, lngRec, adCmdText)
IF NOT(objRst.EOF AND objRst.BOF) Then blnLogin = TRUE ELSE blnLogin = FALSE



objRst.Close : SET objRst = NOTHING
objCon.Close : SET objCon = NOTHING
IF blnLogin THEN
 Session("UserLoggedIn") = TRUE
 Response.Redirect("/protectedpage.asp")
ELSE
 'prepare some error message eg. strMsg = "sorry, ...."
END IF



%>
 
Can you please point out my mistake(s)?
 
Thanks for the help.
 
 
 
 
 
 

Posted By: cmv
Date Posted: 29 May 2009 at 5:05pm
kenny - this was not meant to be a finished script ;-)
- you can remove the codepage directive - it only says windows ...
below the language directive start with:
<% Option Explicit
 Dim strUserName, strPass, .... (define all variants here you will use in your script)
 
then request username and pasword in a seperate step, do all the replacing then, one after the other.
you still have the old line in Sub CheckLogin, change it to requesting both form variables seperately first, otherwise your variables will never reach the SQL statement ...
 
str = Replace(str, x, y) -> of course you need to apply this function to the username and pass variant (str is just a placeholder here to show you the syntax)
 
btw: clearly your database needs to have the fields UserName and Password in the table login, otherwise you will receive an ADO error
 
hth, christian


-------------
and remember: a CRAY is the only computer that runs an endless loop in just four hours ...


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com
Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net