Password Protect
Have a look at the code for 'login.asp' and then i'll talk you
through it.
Points to note are that we will be using 2 subroutines, CheckLoginForm
and ShowloginForm, and that once the form details are submitted
they are sent to the same page to be checked and processed. You
could send the form details to another page to be checked and
processed but why use an extra page!
Also a hidden form value we use is very important in letting us
track whether the form has been submitted.
<%
Response.Expires = -1000 'Make sure
the browser doesnt cache this page
Response.Buffer = True 'enables our
response.redirect to work
If Request.Form("valuepassed")
="true" Then
CheckLoginForm
Else
ShowLoginForm
End If
Sub CheckLoginForm
'check if the value of the text field
'username' and 'password' are correct
If Request.Form("username")
= "mic" AND Request.Form("password")
= "pass" Then
Session("BlnLoggedIn") =
True
Response.Redirect "memberspage.asp"
Else
Response.Write("<div align='center'>You are not
logged in.</div><br>")
ShowLoginForm
End If
End Sub
%>
<% Sub ShowLoginForm %>
<div align='center'>
<!-- start the html login form -->
<form name="form" action="login.asp"
method="post">
User Name : <input type="text" name="username">
Password : <input type="text" name="password">
<input type="hidden"
name="valuepassed" value="true">
<input type=submit value="Login">
</form>
<!-- end the html login
form -->
</div>
<% End Sub %>
|
Now lets break down the code into a series of blocks.
<%
Response.Expires = -1000 'Make
sure the browser doesnt cache this page
Response.Buffer = True 'enables
our response.redirect to work
If Request.Form("valuepassed")
="true" Then ' check if
the value true has been sent
CheckLoginForm ' calls the subroutine
checkloginform if value of login is true
Else
ShowLoginForm ' call the subroutine
showloginform if the value of login isn't true
End If
%>
|
This block of code at the top of login.asp page checks to see
if the hidden textbox <input type="hidden"
name="valuepassed" value="true">
has passed the value true.
If request.form("valuepassed")="true" then
the value True has been passed and we know that the visitor has
clicked and submitted the form. In this scenario the subroutine
CheckLoginForm is called and its code executed.
CheckLoginForm will check to see if the username and password
equal the values the visitor has entered. If they are correct
then a Session variable 'BlnLoggedIn' will be set to True and
the visitor will then be redirected to the 'memberspage.asp'
<%
Sub CheckLoginForm
'check if the value of the text field
'username' and 'password' are correct
If Request.Form("username")
= "mic" AND Request.Form("password") =
"pass" Then
Session("BlnLoggedIn") = True
Response.Redirect "memberspage.asp"
Else
Response.Write("<div align='center'>You are not
logged in.</div><br>")
ShowLoginForm 'call the subroutine showloginform
and display the login form again
End If
End Sub
%> |
If the visitor has not clicked the submit button then no value
will be passed i.e. request.form("valuepassed") will
not equal True and in that case the subroutine ShowLoginFrom will
be called.
<% Sub ShowLogin %>
<div align='center'>
<!-- start the html login form -->
<form name="form" action="login.asp"
method="post">
User Name : <input type="text" name="username">
<br>
Password : <input type="text" name="password">
<input type="hidden"
name="valuepassed" value="true">
<input type=submit value="Login">
</form>
<!-- end the html login
form -->
</div>
<% End Sub %>
|
The subroutine code above simply creates a form. Note that we
want the action of the form to be the same page.This just means
that we'll use the same page to process and check the username
and password rather than sending the details to another page.
PASSWORD PROTECT OTHER PAGES
If you want to password protect any other pages then you can simply
add the following code at the top of the pages. So for all the
other pages if the Session variable 'BlnLoggedIn' is not equal
to True then they will be redirected to the login page.
<%
If Session("BlnLoggedIn") <> True Then
Response.Redirect("login.asp")
End If
%>
|