Creating a members area with ASP - The register.asp code
(Page 3 of 6 )
<%
Option Explicit
Dim strError, strSQL
'see if the form has been submitted
If Request.Form("action")="register" Then
'the form has been submitted
'// validate the form
'check if a username has been entered
If Request.Form("username") = "" Then _
strError = strError & "- Please enter a username<br>" & vbNewLine
'check if a password has been entered
If Request.Form("password") = "" Then _
strError = strError & "- Please enter a password<br>" & vbNewLine
'check if the passwords are the same... but don't display it if the password field is blank.
If Request.Form("password") <> Request.Form("password_confirm") _
And Request.Form("password") <> "" Then _
strError = strError & "- Your passwords do not match<br>" & vbNewLine
'// check if an error has occured
If strError = "" Then
'continue
'include database connection code
%>
<!--#include file="inc-dbconnection.asp"-->
<%
On Error Resume Next
'// create the SQL
strSQL = "INSERT INTO members ([username],[password]) VALUES " & _
"('" & fixQuotes(Request.Form("username")) & "','" & _
fixQuotes(Request.Form("password")) & "')"
'// run the SQL
objConn.Execute strSQL
'// check for an error
'// ATTENTION: this should be changed depending on the database provider
If Err.Number = -2147467259 Then
strError = "- That username is already in use. Please choose another<br>" & vbNewLine
ElseIf Err.Number <> 0 Then
strError = "- An error occured. " & Err.Number & " : " & _
Err.Description & "<br>" & vbNewLine
Else
'record created... redirect
Response.Redirect "login.asp?msg=" & Server.URLEncode("Thank you for registering")
Response.End
End If
'restore standard error handling
On Error Goto 0
End If
If strError <> "" Then
'output the error message
'add extra HTML...
strError = "<p><font color=""#FF0000"">The following errors occured:" & _
"</font><br>" & vbNewLine & strError
End If
End If
Function fixQuotes(strData)
fixQuotes = Replace(strData,"'","''")
End Function
%>
<html>
<head>
<title>My Website's Registration Page</title>
</head>
<body>
<h1>Member Registration</h1>
<p>Please fill out the following form to register as a member, and
gain access to our members area.</p>
<%=strError%>
<form action="register.asp" method="POST">
<input type="hidden" name="action" value="register">
<table border="0">
<tr>
<td><b>Username</b></td>
<td><input type="text" maxlength=20 name="username"
value="<%=Server.HTMLEncode(Request.Form("username"))%>"></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input type="password" maxlength=20 name="password"
value="<%=Server.HTMLEncode(Request.Form("password"))%>"></td>
</tr>
<tr>
<td><b>Password Confirm</b></td>
<td><input type="password" maxlength=20 name="password_confirm"
value="<%=Server.HTMLEncode(Request.Form("password_confirm"))%>"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Complete Registration"></td>
</tr>
</table>
</form>
</body>
</html>
A large proportion of this code is almost identical to that of register.asp. The code first checks to see if the form has been submitted. If it has, it uses the same validation technique as before to see if a username and password has been specified. If it hasn't, an error message is displayed. If it has, then it checks the username/password combination by querying the database for that username.
If objRS.EOF Then the username hasn't been found; display error message. Otherwise, we check the password returned from the database, and compare it to the one the user has just entered. Once again, if they are incorrect, we tell the user that.
If the username/password combination is correct, we set the loggedin value of our session data to 1, and also save the user id. These session data variables are available outside login.asp, so our member’s pages can check if we are logged in or not. Therefore, once setting this data, we simply redirect to default.asp ; the members home page (we are assuming that you have a separate /members/ directory).
Next: The login.asp code >>
More ASP Articles
More By James Crowley
/ 10 
