twalter
09-22-2003, 01:27 AM
Here is yet another login script.
This one lets you have different types of users.
Example:
AuthID = admin, staff or user
Authstatus = active, inactive
First off on the login page. The username and password fields must be entered or the page doens't do anything when you hit submit.
Example Accounts:
Username Password AuthID AuthStatus
admin admin admin active
staff staff staff active
user user user active
baduser baduser user inactive
To protect a page use the following
Admin Protect pages.
<!--include file="admincheck.asp"-->
---- admincheck.asp -------
<% if Session("AuthID") <> "admin" or Session("userid") = "" then Response.Redirect "default.asp" %>
----- end of admincheck.asp----------
Staff and admin protected pages:
<!--#include file="staffcheck.asp"-->
-------staffcheck.asp-------
<% if Session("AuthID") = "user" or Session("userid") = "" then Response.Redirect "default.asp" %>
---------end of staffcheck.asp-----
Do not allow a user that hasn't logged in access to your pages.
<!--#include file="usercheck.asp"-->
-----------usercheck.asp-----------
<% if Session("AuthID") = "" or Session("userid") = "" then Response.Redirect "default.asp" %>
--------end of userhceck.asp-----------
Depending on the AuthID the user will be redirect to the one of the following:
Admin - adminwelcome.asp
Staff - staffwelcome.asp
user - userwelcome.asp
baduser - Your account has been suspended. Please contact administrator to resolve this issue.
Now that I explaine the structure. Here is the code itself.
-------------- default.asp-----------
<html>
<head><title>Process Home Page</title></head>
<body>
<h3>Process</h3>
<p>
your code here.......
<!--#include file="login.asp"-->
</body>
</html>
--------------- default.asp ------------
---------- login.asp ---------
<html>
<head>
<title>Login Administrator Page</title>
<SCRIPT ID=clientEventHandlersJS LANGUAGE=javascript>
<!--
function form1_onsubmit() {
if (form1.username.value == "" || form1.password.value == "")
return false;
}
//-->
</SCRIPT>
</head>
<body>
<form action="process.asp" method=post id=form1 name=form1 LANGUAGE=javascript onsubmit="return form1_onsubmit()">
Username: <input type="text" name="username" size="25" maxlength="25"><br>
Password: <input type="password" name="password" size="25" maxlength="25"><br>
<input type="submit" name="Login" value="Login"> <input type="reset" value="Reset">
</form>
</body>
</html>
---------end of login.asp -------------
connection to db
--------- inc_dbstring.asp---------
<%
Dim strConnect
strConnect = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.Mappath("login.mdb")
%>
----------- end of inc_dbstring.asp-------
process the login from user
------------- process.asp -------------
<!--#include file="inc_dbstring.asp"-->
<%
Dim conn,rs,strsql
set conn = server.CreateObject("ADODB.Connection")
set rs = server.CreateObject("ADODB.Recordset")
conn.Open strConnect
'use the replace statement to ensure that sql query can not be interjected in to your query string. example: Username x password: x' or 'x=x
strsql = "Select * From tblusers where username = '" & (replace(Request.Form("username"), "'", "''") & "' and Password = '" & (replace(Request.Form("password"), "'", "''") & "'"
set rs = conn.Execute (strsql)
if rs.eof or rs.bof then
Response.write "Username or Password incorrect."
else
if (rs("authstatus")) = "inactive" then
response.write "Your account has been suspended. <br> Please contact "
response.write "administrator to resolve this issue."
else
session("authid") = rs("authid")
session("authcode") = rs("authstatus")
session("userid") = rs("userid")
dim page
page = session("authid") + "welcome.asp"
response.redirect page
end if
end if
%>
----------- end of process.asp ---------------
---------- adminwelcome.asp -------------
<!--#include file="admincheck.asp"-->
<html>
<head><title>Administration Page</title></head>
<body>
Welcome to the <b><font color="blue">Administration</font></b> Page.
<p>
</body>
</html>
------------end fo adminwelcome.asp ------------
-----------staffwelcome.asp -----------
<!--#include file="staffcheck.asp"-->
<html>
<head><title>User Page</title></head>
<body>
Welcome to the <b><font color="blue">Staff</font></b> Page.
<p>
</body>
</html>
----------end of staffwelcome.asp ----------
----------usercheck.asp ----------
<!--#include file="usercheck.asp"-->
<html>
<head><title>User Page</title></head>
<body>
Welcome to the <b><font color="blue">User</font></b> Page.
<p>
</body>
</html>
-----------end of usercheck.asp-------------
I do have to give credit to Programmers Resource for this example code:
<% if Session("AuthID") <> "admin" or Session("userid") = "" then Response.Redirect "default.asp" %>
I believe I first found that code on this site a long time ago.
I have change it some from how I found it but the orginal code was from the Snippets or Articles section.
I hope you find this code useful.
See the demo (http://www.aspbasic.net/examples/login/default.asp)
Download from here (http://www.aspbasic.net/examples/login/login.zip)
This one lets you have different types of users.
Example:
AuthID = admin, staff or user
Authstatus = active, inactive
First off on the login page. The username and password fields must be entered or the page doens't do anything when you hit submit.
Example Accounts:
Username Password AuthID AuthStatus
admin admin admin active
staff staff staff active
user user user active
baduser baduser user inactive
To protect a page use the following
Admin Protect pages.
<!--include file="admincheck.asp"-->
---- admincheck.asp -------
<% if Session("AuthID") <> "admin" or Session("userid") = "" then Response.Redirect "default.asp" %>
----- end of admincheck.asp----------
Staff and admin protected pages:
<!--#include file="staffcheck.asp"-->
-------staffcheck.asp-------
<% if Session("AuthID") = "user" or Session("userid") = "" then Response.Redirect "default.asp" %>
---------end of staffcheck.asp-----
Do not allow a user that hasn't logged in access to your pages.
<!--#include file="usercheck.asp"-->
-----------usercheck.asp-----------
<% if Session("AuthID") = "" or Session("userid") = "" then Response.Redirect "default.asp" %>
--------end of userhceck.asp-----------
Depending on the AuthID the user will be redirect to the one of the following:
Admin - adminwelcome.asp
Staff - staffwelcome.asp
user - userwelcome.asp
baduser - Your account has been suspended. Please contact administrator to resolve this issue.
Now that I explaine the structure. Here is the code itself.
-------------- default.asp-----------
<html>
<head><title>Process Home Page</title></head>
<body>
<h3>Process</h3>
<p>
your code here.......
<!--#include file="login.asp"-->
</body>
</html>
--------------- default.asp ------------
---------- login.asp ---------
<html>
<head>
<title>Login Administrator Page</title>
<SCRIPT ID=clientEventHandlersJS LANGUAGE=javascript>
<!--
function form1_onsubmit() {
if (form1.username.value == "" || form1.password.value == "")
return false;
}
//-->
</SCRIPT>
</head>
<body>
<form action="process.asp" method=post id=form1 name=form1 LANGUAGE=javascript onsubmit="return form1_onsubmit()">
Username: <input type="text" name="username" size="25" maxlength="25"><br>
Password: <input type="password" name="password" size="25" maxlength="25"><br>
<input type="submit" name="Login" value="Login"> <input type="reset" value="Reset">
</form>
</body>
</html>
---------end of login.asp -------------
connection to db
--------- inc_dbstring.asp---------
<%
Dim strConnect
strConnect = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.Mappath("login.mdb")
%>
----------- end of inc_dbstring.asp-------
process the login from user
------------- process.asp -------------
<!--#include file="inc_dbstring.asp"-->
<%
Dim conn,rs,strsql
set conn = server.CreateObject("ADODB.Connection")
set rs = server.CreateObject("ADODB.Recordset")
conn.Open strConnect
'use the replace statement to ensure that sql query can not be interjected in to your query string. example: Username x password: x' or 'x=x
strsql = "Select * From tblusers where username = '" & (replace(Request.Form("username"), "'", "''") & "' and Password = '" & (replace(Request.Form("password"), "'", "''") & "'"
set rs = conn.Execute (strsql)
if rs.eof or rs.bof then
Response.write "Username or Password incorrect."
else
if (rs("authstatus")) = "inactive" then
response.write "Your account has been suspended. <br> Please contact "
response.write "administrator to resolve this issue."
else
session("authid") = rs("authid")
session("authcode") = rs("authstatus")
session("userid") = rs("userid")
dim page
page = session("authid") + "welcome.asp"
response.redirect page
end if
end if
%>
----------- end of process.asp ---------------
---------- adminwelcome.asp -------------
<!--#include file="admincheck.asp"-->
<html>
<head><title>Administration Page</title></head>
<body>
Welcome to the <b><font color="blue">Administration</font></b> Page.
<p>
</body>
</html>
------------end fo adminwelcome.asp ------------
-----------staffwelcome.asp -----------
<!--#include file="staffcheck.asp"-->
<html>
<head><title>User Page</title></head>
<body>
Welcome to the <b><font color="blue">Staff</font></b> Page.
<p>
</body>
</html>
----------end of staffwelcome.asp ----------
----------usercheck.asp ----------
<!--#include file="usercheck.asp"-->
<html>
<head><title>User Page</title></head>
<body>
Welcome to the <b><font color="blue">User</font></b> Page.
<p>
</body>
</html>
-----------end of usercheck.asp-------------
I do have to give credit to Programmers Resource for this example code:
<% if Session("AuthID") <> "admin" or Session("userid") = "" then Response.Redirect "default.asp" %>
I believe I first found that code on this site a long time ago.
I have change it some from how I found it but the orginal code was from the Snippets or Articles section.
I hope you find this code useful.
See the demo (http://www.aspbasic.net/examples/login/default.asp)
Download from here (http://www.aspbasic.net/examples/login/login.zip)