What to add member services to your site? James will explain how this is done using ASP so that your members can obtain different privileges.

Implementing a membership system for CoverYourASP was simple in concept, but ended up touching a lot of pages, and created 10 new ones!

Here's what I wanted, and got, from my system - I'll go through each one in the following pages:

• Members can register themselves via a form.
• Validation of membership changes via email.
• Sign in/out using users email address and password.
• Option to sign in automatically using a cookie (low security).
• Ability to send password to members who forget.
• Multiple levels of membership with more functionality.
• Free Bronze membership has database storage of site personalization.
• Easy upgrade to higher membership level using PayPal.
• Members-only area available only to Silver members.
• Registering new members
• Registering a new user requires a straightforward form that adds a new record to the database.

You can view the real source code here, but before you do, I should tell you that the same form is also used to edit existing member information too.

A simple call to IsLoggedIn ( ) - a function defined in the utils/Login.asp file - allows me to tell which task I'm undertaking with the form. It also controls what action I'm taking in the database, as the excerpt below shows:

// connect to the database
DBInitConnection ( );
if ( IsLoggedIn ( ) )
{
   // update the member information
   oConnection.Execute ( 'UPDATE Members SET Name=\'' + sName + '\',Email=\'' + sEmail + '\',MemberPassword=\'' + sPassword1 + '\' WHERE MemberID=' + nMemberID );
}
else
{
   // create the new member record
   oConnection.Execute ( 'INSERT INTO Members (Name,Email,MemberPassword) VALUES ("' + sName + '","' + sEmail + '","' + sPassword1 + '");' );
}
// release the database
DBReleaseConnection ( );

Having added the new member to the database, there is one more step the user must take before he can sign in...

Email Validation of Membership Changes

I wanted to validate the creation and deletion of members via email, and I wanted it to be automatic. A simple email to me wasn't good enough, but I didn't want to develop an application that listened to email coming in either.

I compromised by sending the member an email that contained a link to a new confirm page, named C.asp. The user has to click on the link (if their email client supports that), or cut/paste the link into their browser.

The email I send to confirm a new user was created with this code:

// send Email with our generic function
var sBody = 'Dear ' + sName + '\n\n';
sBody += 'To complete the registration of your CoverYourASP membership account please click on the link below, or copy and paste the entire URL into your browser.\n\n';
sBody += 'http://CoverYourASP.com/C.asp?a=a&e=' + sEmail + '&i=' + nID + '\n\n';
sBody += 'Regards,\n';
sBody += 'MemberServices@CoverYourASP.com\n';
sBody += 'http://CoverYourASP.com/';
SendEmail ( 'MemberServices@' + sHostDomain, sEmail, '', 'New membership', sBody );

This generates an email that contains this line:

http://CoverYourASP.com/C.asp?a=a&e=test@coveryourasp.com&i=7

(Note: Many email clients will suffer from a "wrap" problem, meaning the hyperlink they show will only include the part of the URL on the first line. In this case the user must use the cut/paste method to use the entire URL)

C.asp in turn has the following code to decode that URL and perform the task of setting the Confirmed flag in the member record.

var sAction = '' + Request.QueryString ( 'a' );
var sEmail = '' + Request.QueryString ( 'e' );
var nID = Request.QueryString ( 'i' ) - 0;
switch ( sAction )
{
case 'a':
   DBInitConnection ( );
   // set the confirmed status on the membership
   oConnection.Execute ( 'UPDATE Members SET Confirmed=1 WHERE MemberID=' + nID + ' AND Email="' + sEmail + '"' );
   DBReleaseConnection ( );

One last note - C.asp doesn't bother reporting if the parameters given were invalid. If the Email doesn't match the given ID then the database won't be modified thanks to the SQL statement used.

Signing In and Out

The sign in process starts with a call to ShowLoginStatus( ) in utils/Header.asp. The ShowLoginStatus function contains the following code:

if ( IsLoggedIn ( ) )
   Out ( '<a href="MemberLogout.asp">Sign out</a> ' + sMemberName );
else
   Out ( 'Join in the fun! <a href="MemberLogin.asp">Sign in</a>' );

This will be the first call to IsLoggedIn( ), which first checks if the function has already been called on this page (if bLoggedIn is undefined), then checks if the Session has been signed in.

Every visitor gets assigned a unique session - Session variables like this are available to every page on your web site, and allow you to store data that is unique to each visitor.

If signed in then some other global variables are assigned from the current Session - this just makes it less expensive to access this data later in the page.

if ( bLoggedIn == undefined )
{
    bLoggedIn = Session ( 'Authenticated' );
   if ( bLoggedIn )
   {
      sMemberName = Session ( 'MemberName' );
      sMemberEmail = Session ( 'MemberEmail' );
      nMemberID = Session ( 'MemberID' );
      nMemberLevel = Session ( 'MemberLevel' );
   }
}
return bLoggedIn;

Back in ShowLoginStatus( ), the user is either shown an option to sign in, or sign out. Signing in is done with a simple form asking for the member email and password. The ValidateLogin( ) function is then called when the form is submitted. Let's look at the ValidateLogin( ) function:

// connect to database
DBInitConnection ( );
// search for matching email/password
DBGetRecords ( 'SELECT MemberID,Name,MemberLevel FROM Members WHERE Confirmed=True AND Email=\''+sEmail+ '\' AND MemberPassword=\'' +sPassword+ '\'' );
if ( !oRecordSet.EOF )
{
   Session ( 'MemberEmail' ) = sEmail;
   Session ( 'MemberID' ) = oRecordSet ( 0 ) - 0;
   Session ( 'MemberName' ) = '' + oRecordSet ( 1 );
   Session ( 'MemberLevel' ) = oRecordSet ( 2 ) - 0;
   Session ( 'Authenticated' ) = 1;
}
// release database
DBReleaseConnection ( );

So the database is searched for a matching email/password. If found the Session variables are initialized to the correct values, and the visitor is "signed in"!

Signing a member out is a little easier! A call to Logout( ) in utils/Login.asp contains this code:

// clear the authenticated status
Session ( 'Authenticated' ) = 0;

Big Important Note: Before I leave the subject of signing in, you should be aware that my implementation is NOT SECURE. Password information over a normal HTTP connection can be seen by anyone. On my site this isn't important, but remember to send important information via HTTPS in real life.

Forgotten Passwords

Sending passwords via email was very simple, although, yet again, a little unsecure. A form asks for the members email address, looks that up in the database and emails the password.
Here's the "essence" of the code that does all that:

DBInitConnection ( );
DBGetRecords ( 'SELECT Name,MemberPassword FROM Members WHERE Email=\'' + sEmail + '\'' );
if ( !oRecordSet.EOF )
{
   // get data from recordset
   sName = '' + oRecordSet ( 0 );
   sPassword = '' + oRecordSet ( 1 );
   var sBody = 'Dear ' + sName + '\n\n';
   sBody += 'Your password is: ' + sPassword+ '\n\n';
   sBody += 'Regards,\n';
   sBody += 'MemberServices@CoverYourASP.com\n';
   // send Email with our generic function
   SendEmail ( 'MemberServices@' + sHostDomain, sEmail, '', 'Lost Password', sBody );
}
// release the database connection ASAP
DBReleaseConnection ( );
 
Creating levels of membership was trivial - I just added a new field to my table called... no, I should make you guess!
Another Session variable and global variable and I can now write code to test against membership level:

// are they a high enough level?
if ( nMemberLevel < nLevel )
{
   // no, let them know
   Out ( 'You need to upgrade your membership to ' + sLevels [ nLevel - 1] + ' - you are a ' + sLevels [ nMemberLevel - 1 ] + ' member.' );
}
else
{
   // valuable content goes here!
}

Free Site Personalization

Through a simple form you can change settings that control how the front page is displayed.

The only fun part of this was that I had to calculate how many books and banners to display down the side of a page - you can basically turn everything off! Here's the code I used:

// I have to calculate how many banners now
var nBanners = 1;
if ( bIntro )
   nBanners++;
if ( bSuggestions )
   nBanners++;
if ( bDiary )
   nBanners++;
if ( nNew || nPopular )
   nBanners +=  Math.floor ( (nNew + nPopular) / 2.5 );
if ( bCategories )
   nBanners += 3;
if ( bNews )
   nBanners++;
// show rotating banners
ShowBanners ( nBanners?nBanners:1 );

Currently you can hide/show the introductory text at the top, the categories and ASPWire news. You can also specify the number of articles in the New and Most Popular sections. Set to zero, and those sections disappear too!

Further plans? You tell me what you want, but I suspect that using my Yahoo-style category layout may be an option. It seems like I nearly have enough content to justify it!

Upgrade Membership

Ugrading membership, and how I used PayPal to accept payment are the subject of a separate article, to be published soon.

Members-only Area

Providing a members-only area required very little code. First I created a function in Login.asp:

// ============================================
// make sure the user is signed in, and has sufficient access rights
// if not then redirect to passed in page
// ============================================
function NeedAccessLevel ( nLevel, sRedirect )
{
   if ( !IsLoggedIn ( ) )
      Redirect ( 'MemberLogin.asp' );
   if ( nMemberLevel < nLevel )
      Redirect ( sRedirect );
}

The function takes two parameters - the level required and a page to redirect to if the members level is lower than necessary.

Here's how I use it in the exclusive member-only pages - add this code to the top of the page, before the call to Init(), in case the function redirects the user:

// need signed in members of level 2 and above
NeedAccessLevel ( 2, 'MemberUpgrade.asp' );

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More ASP Articles
More By James Shaw

 

developerWorks - FREE Tools!

Build Forge Express demo: Enabling software delivery excellence for small and midsized businesses This demonstration gives you an overview of IBM® Rational® Build Forge Express Edition, a global offering that provides a framework to automate and execute software processes. Rational Build Forge provides a software assembly line that can support all of your tools, technologies, and platforms so you can achieve a repeatable, reliable, and traceable build and release process. FREE! Go There Now!

NEW! Calling all CC Power Users – and those that would like to be! Join this Rational Talks to You teleconference, featuring Paul Boustany and Mark Krasovich, to speak to the experts about becoming a Rational ClearCase power user. Get a chance to ask your questions and learn tips and tricks for using Rational ClearCase in Agile development FREE! Go There Now!

NEW! Develop Systems Software Assets with IBM Rational Asset Manager Join us for this on demand webcast to learn about developing complex systems more quickly and efficiently. We'll cover market drivers for developing, governing and reusing systems software assets and how you can develop system software assets with Rational Asset Manager. FREE! Go There Now!

NEW! Discovering the value of WebSphere Process Server WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies. FREE! Go There Now!

NEW! Evaluate IBM Rational Software Analyzer V7.0 Download a free trial version of IBM Rational Software Analyzer Developer Edition V7.0 to identify bug defects earlier in the software development cycle. Rational Software Analyzer is an extensible software development solution that reduces the expense of bug-fixes by enabling static analysis code reviews and bug identification very early in the development cycle. FREE! Go There Now!

NEW! Evaluate WebSphere Extended Deployment Compute Grid V6.1 Visit IBM developerWorks to download a free trial version of WebSphere Extended Deployment Compute Grid, which lets you schedule, execute, and monitor batch jobs. Because online transaction processing and batch jobs execute simultaneously on the same server resources, you can avoid costly duplication of resources. Compute Grid supports job types of Java transactional batch, compute-intensive and a new type called "native execution", which enables non-Java workloads to run on distributed end points. FREE! Go There Now!

NEW! Project and Portfolio Management Executive Resource Kit Portfolio Management is about effectively managing portfolio value by aligning portfolio investments with business goals. This complimentary e-kit provides a collection of materials that can help you understand how IBM Rational enables and automates best practices for improved governance and clear visibility into portfolio and project performance across the entire IT project lifecycle. FREE! Go There Now!

NEW! Rational Build Forge Express eKit Rational Build Forge Express Edition is an automation framework that packages the latest enterprise-grade technologies into a reliable, flexible and robust configuration designed and priced specifically for small to midsize businesses. The new Rational Build Forge Express eKit provides you with valuable resources – including a case study, podcast, demo, and articles – to help you increase staff productivity, compress development cycles and deliver better software, fast. FREE! Go There Now!

NEW! Using Rational Business Developer to enhance your developer productivity Join this Rational Talks to You teleconference, to hear how Enterprise Generation Language (EGL) eliminates the need for tedious and error-prone low level coding, so developers can focus on business requirements. EGL extends the Rational software development platform with a simplified programming language that enables developers who have little or no experience with Java, Web technologies or Service Oriented Architecture, to create enterprise-class applications and services quickly and easily. It also allows developers who may have little or no mainframe programming experience to quickly create traditional mainframe components. FREE! Go There Now!

NEW! Webcast: Quickly provide customized, integrated user interfaces with Lotus Notes 8 IBM Lotus Notes 8 provides a wide range of developers the ability to provide customized, integrated user interfaces via composite applications and via custom sidebar and toolbar plug-ins. This webcast provides you with tips and techniques to use with out-of-the-box capabilities of Lotus Notes 8, and survey how you can share useful components within your own company and within a larger community. FREE! Go There Now!

All FREE IBM® developerWorks Tools!