Forums
This topic is locked
User Log-In page Help
Posted 16 May 2002 20:11:55
1
has voted
16 May 2002 20:11:55 Peter Lent posted:
Hi All,I am trying to create a log-in system very similiar to what is used here on UD Zone. I want to display a login form on my index page, and when the form is submitted back to the index page, I want to check if the user is subscribe, if so, set a cookie and refresh the index page. If not, display an error also on the index page.
Hopefully I have described this good enough.
THANKS
-Peter
Replies
Replied 17 May 2002 02:52:15
17 May 2002 02:52:15 David Behan replied:
Ok,
Quick guide as follows but you should check out this tutorial - www.udzone.com/showDetail.asp?TypeId=2&NewsId=1163. Below is a working example that checks for the user in the database, checks password, and whether they are approved by us or not. Then either redirects them to login page with why they weren't approved or lets them into the restricted area, sets a few cookies and records their login in the database. Take from the code as you need. But you should follow the tutorial above for a better understanding of how this can be done.
Have your username and password form with login button. When users click it send them to logincheck.asp. This page should do the following:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="../Connections/connection.asp" -->
<%
FORM_USERNAME = Request.Form("USERNAME"
FORM_PASSWORD = Request.Form("PASSWORD"
Dim rsLogin
Dim rsLogin_numRows
Set rsLogin = Server.CreateObject("ADODB.Recordset"
rsLogin.ActiveConnection = MM_CONNECTION_STRING
rsLogin.Source = "SELECT * FROM TBL_USERS WHERE US_USERNAME = '" & FORM_USERNAME & "'"
rsLogin.CursorType = 0
rsLogin.CursorLocation = 2
rsLogin.LockType = 1
rsLogin.Open()
rsLogin_numRows = 0
IF rsLogin.EOF AND rsLogin.BOF THEN
rsLogin.Close()
Set rsLogin = Nothing
Response.Redirect("login.asp?status=nouser"
ELSE
ACTUAL_USERNAME = rsLogin.Fields.Item("AF_USERNAME".Value
ACTUAL_PASSWORD = rsLogin.Fields.Item("AF_PASSWORD".Value
ACTUAL_APPROVED = rsLogin.Fields.Item("AF_APPROVED".Value
IF FORM_USERNAME = ACTUAL_USERNAME AND FORM_PASSWORD = ACTUAL_PASSWORD THEN
IF FORM_USERNAME = ACTUAL_USERNAME AND FORM_PASSWORD = ACTUAL_PASSWORD AND ACTUAL_APPROVED = "Y" THEN
set UserLogins = Server.CreateObject("ADODB.Command"
UserLogins.ActiveConnection = MM_SITEMAN_DBASE_STRING
UserLogins.CommandText = "UPDATE TBL_USERS SET US_LOGINS = US_LOGINS + 1 WHERE US_USERNAME = '" & FORM_USERNAME & "'"
UserLogins.CommandType = 1
UserLogins.CommandTimeout = 0
UserLogins.Prepared = true
UserLogins.Execute()
Response.Cookies("SECURITY"("LOGIN" = FORM_USERNAME
Response.Cookies("SECURITY"("PASSWORD" = FORM_PASSWORD
Response.Cookies("SECURITY"("APPROVED" = "Y"
rsLogin.Close()
Set rsLogin = Nothing
Response.Redirect("restrictedarea.asp"
ELSE
rsLogin.Close()
Set rsLogin = Nothing
Response.Redirect("login.asp?status=notapproved"
END IF
ELSE
rsLogin.Close()
Set rsLogin = Nothing
Response.Redirect("login.asp?status=wrongpassword"
END IF
END IF
%>
On your login page have a bit of code like this to tell the user what went wrong:
<% IF Request.QueryString("status" = "nouser" THEN %>
<p class="TEXTBOLD">Username does not exists. Please try again.</p>
<% END IF %>
<% IF Request.QueryString("status" = "wrongpassword" THEN %>
<p class="TEXTBOLD">Incorrect password. Please try again.</p>
<% END IF %>
<% IF Request.QueryString("status" = "notapproved" THEN %>
<p class="TEXTBOLD">Sorry, your account has not been approved yet. Please try
again later.</p>
<% END IF %>
If status = nothing then none of the error messages above will show. Hope this helps you and if you need any more, just asks.
Regards,
_________________________
David Behan - www.site-manager.com/af.asp?a=11&l=1tds9p6x2
Edited by - beano on 17 May 2002 02:54:38
Quick guide as follows but you should check out this tutorial - www.udzone.com/showDetail.asp?TypeId=2&NewsId=1163. Below is a working example that checks for the user in the database, checks password, and whether they are approved by us or not. Then either redirects them to login page with why they weren't approved or lets them into the restricted area, sets a few cookies and records their login in the database. Take from the code as you need. But you should follow the tutorial above for a better understanding of how this can be done.
Have your username and password form with login button. When users click it send them to logincheck.asp. This page should do the following:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="../Connections/connection.asp" -->
<%
FORM_USERNAME = Request.Form("USERNAME"
FORM_PASSWORD = Request.Form("PASSWORD"
Dim rsLogin
Dim rsLogin_numRows
Set rsLogin = Server.CreateObject("ADODB.Recordset"
rsLogin.ActiveConnection = MM_CONNECTION_STRING
rsLogin.Source = "SELECT * FROM TBL_USERS WHERE US_USERNAME = '" & FORM_USERNAME & "'"
rsLogin.CursorType = 0
rsLogin.CursorLocation = 2
rsLogin.LockType = 1
rsLogin.Open()
rsLogin_numRows = 0
IF rsLogin.EOF AND rsLogin.BOF THEN
rsLogin.Close()
Set rsLogin = Nothing
Response.Redirect("login.asp?status=nouser"
ELSE
ACTUAL_USERNAME = rsLogin.Fields.Item("AF_USERNAME"
.ValueACTUAL_PASSWORD = rsLogin.Fields.Item("AF_PASSWORD"
.ValueACTUAL_APPROVED = rsLogin.Fields.Item("AF_APPROVED"
.ValueIF FORM_USERNAME = ACTUAL_USERNAME AND FORM_PASSWORD = ACTUAL_PASSWORD THEN
IF FORM_USERNAME = ACTUAL_USERNAME AND FORM_PASSWORD = ACTUAL_PASSWORD AND ACTUAL_APPROVED = "Y" THEN
set UserLogins = Server.CreateObject("ADODB.Command"
UserLogins.ActiveConnection = MM_SITEMAN_DBASE_STRING
UserLogins.CommandText = "UPDATE TBL_USERS SET US_LOGINS = US_LOGINS + 1 WHERE US_USERNAME = '" & FORM_USERNAME & "'"
UserLogins.CommandType = 1
UserLogins.CommandTimeout = 0
UserLogins.Prepared = true
UserLogins.Execute()
Response.Cookies("SECURITY"
("LOGIN" = FORM_USERNAMEResponse.Cookies("SECURITY"
("PASSWORD" = FORM_PASSWORDResponse.Cookies("SECURITY"
("APPROVED" = "Y"rsLogin.Close()
Set rsLogin = Nothing
Response.Redirect("restrictedarea.asp"
ELSE
rsLogin.Close()
Set rsLogin = Nothing
Response.Redirect("login.asp?status=notapproved"
END IF
ELSE
rsLogin.Close()
Set rsLogin = Nothing
Response.Redirect("login.asp?status=wrongpassword"
END IF
END IF
%>
On your login page have a bit of code like this to tell the user what went wrong:
<% IF Request.QueryString("status"
= "nouser" THEN %><p class="TEXTBOLD">Username does not exists. Please try again.</p>
<% END IF %>
<% IF Request.QueryString("status"
= "wrongpassword" THEN %><p class="TEXTBOLD">Incorrect password. Please try again.</p>
<% END IF %>
<% IF Request.QueryString("status"
= "notapproved" THEN %><p class="TEXTBOLD">Sorry, your account has not been approved yet. Please try
again later.</p>
<% END IF %>
If status = nothing then none of the error messages above will show. Hope this helps you and if you need any more, just asks.
Regards,
_________________________
David Behan - www.site-manager.com/af.asp?a=11&l=1tds9p6x2
Edited by - beano on 17 May 2002 02:54:38