Home arrow ASP arrow Page 4 - Creating a members area with ASP
ASP

Creating a members area with ASP


A frequent task for ASP developers is to create a members area style section of a website. This would normally involve registration, a login page, and then access to a section of the site that is only available to registered users. In this article James shows us how to do exactly that by using ASP and SQL Server. By the end of this article you'll have a fairly good idea of how you can implement your own members area on your site.

Author Info:
By: James Crowley
Rating: 5 stars5 stars5 stars5 stars5 stars / 50
April 25, 2002
TABLE OF CONTENTS:
  1. · Creating a members area with ASP
  2. · Creating the database
  3. · The register.asp code
  4. · The login.asp code
  5. · The members area
  6. · Conclusion

print this article
SEARCH DEVARTICLES

Creating a members area with ASP - The login.asp code
(Page 4 of 6 )

Copy the code below into login.asp, and then we'll take a closer look:

 
<SPAN class=bodyCode><% Option Explicit Dim strErrorstrSQLobjRS '
see if the form has been submitted 
If Request.Form("action")="login" 
Then '
the form has been submitted '
// validate the form 
'
check if a username has been entered 
If Request
.Form("username") = "" 
Then _ strError 
strError 
"- Please enter a username<br>" 
vbNewLine 
'check if a password has been entered 
If Request.Form("password") = "" 
Then _ strError = strError & "- Please enter a password<br>" 
& vbNewLine '

// check if an error has occured 
If strError = "" Then 'continue 'include database connection code %>
<!--#include file="inc-dbconnection.asp"--> 
<% '// create the SQL strSQL = "SELECT id,password FROM members
WHERE username='" & _ fixQuotes(Request.Form("username")) & "'" '
// run the SQL 
Set objRS = objConn.Execute (strSQL) '
// see if there are any records returned If objRS.EOF 
Then 'no username found strError = "- Invalid username or password<br>" & vbNewLine 
Else 'check password 
If objRS("password")=Request.Form("password") 
Then 'username/password valid 'save session data Session("loggedin") = True Session("userid") = objRS("id") '
redirect to members area Response.Redirect ("default.asp") Response.End 
Else 
'invalid password strError = "- Invalid username or password<br>" 
& vbNewLine End If End If End If If strError <> "" 
Then 'output the error message 'add extra HTML... 
strError = "<p><font color=""#FF0000"">
The following errors occured:" & _ "</font><br>" 
& vbNewLine & strError End If 'display message in URL.. (ie thank you for registering) 
If Request.QueryString("msg") <> "" 
And strError = "" Then strError = "<p>" 
& Request.QueryString("msg") & "</p>" 
End If End If Function fixQuotes(strData) 
fixQuotes = Replace(strData,"'","''") 
End Function
're-set session data (ie log out)
Session("loggedin")="" Session("userid")="" %> 
<html> 
<head> 
<title>Members Area Login</title> 
</head> 
<body> 
<h1>Members Area Login</h1> 
<p>Please enter your username and password to access the Members Area.</p> 
<%=strError%> 
<form action="login.asp" method="POST"> 
<input type="hidden" name="action" value="login"> 
<table border="0"> 
<tr> <td><b>Username</b></td>
<td><input type="text" maxlength=20 name="username" value="<%=Server.HTMLEncode(Request.Form("username"))%>">
</td> </tr>
<tr> <td><b>Password</b></td> 
<td><input type="password" maxlength=20 name="password" value="<%=Server.HTMLEncode(Request.Form("password"))%>">
</td> </tr> <tr>
<td> </td> <td><input type="submit" value="Login"></td> </tr>
</table> 
</form> 
</body> 
</html>

A large proportion of this code is almost identical to that of register.asp. The code first checks to see if the form has been submitted.

If it has, it uses the same validation technique as before to see if a username and password has been specified. If it hasn't, an error message is displayed. If it has, then it checks the username/password combination by querying the database for that username.

If objRS.EOF Then the username hasn't been found; display error message. Otherwise, we check the password returned from the database, and compare it to the one the user has just entered. Once again, if they are incorrect, we tell the user that. If the username/password combination is correct, we set the loggedin value of our session data to 1, and also save the user id.

These session data variables are available outside login.asp, so our memberís pages can check if we are logged in or not. Therefore, once setting this data, we simply redirect to default.asp ; the members home page (we are assuming that you have a separate /members/ directory).


blog comments powered by Disqus
ASP ARTICLES

- Central Scoreboard with Flash and ASP
- Calorie Counter Using WAP and ASP
- Creating PGP-Encrypted E-Mails Using ASP
- Be My Guest in ASP
- Session Replacement in ASP
- Securing ASP Data Access Credentials Using t...
- The Not So Ordinary Address Book
- Adding and Displaying Data Easily via ASP an...
- Sending Email From a Form in ASP
- Adding Member Services in ASP
- Removing Unconfirmed Members
- Trapping HTTP 500.100 - Internal Server Error
- So Many Rows, So Little Time! - Case Study
- XDO: An XML Engine Class for Classic ASP
- Credit Card Fraud Prevention Using ASP and C...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials