Creating a News management system (Part 2)

Our page 'login.asp' will only allow the news administrator access to the following pages ('add_news.asp', 'insert_news.asp', 'del_all.asp', 'delete_record.asp', 'edit_all.asp', 'edit_record.asp, 'update_record.asp') to administer the news.

'Login.asp'

<%
Response.Expires = -1000 'Make sure the browser doesn't cache this page
Response.Buffer = True'enables our response.redirect to work
%>
<html>
<head><title>News Management System - Login</title>
</head>
<body>
<%
If Request.Form("submit") ="Login" Then 'check if form has been submitted
CheckLoginForm
Else
ShowLoginForm
End If
%>

<%
Sub CheckLoginForm
'check if the value of the text field 'username' and 'password' are correct
If Request.Form("username") = "mic" AND Request.Form("password") = "pass" Then
Session("BlnLoggedIn") = True
Response.Redirect "add_news.asp"
Else
'if the values entered are incorrect then display the message below
Response.Write "<div align='center'>You are not logged in.</div><br>"
ShowLoginForm
End If
End Sub
%>

<% Sub ShowLoginForm %>
<div align='center'>
<!-- start the HTML login form -->
<form name="form" action="login.asp" method="post">
<table>
<tr><td>User Name :</td><td><input type="text" name="username"></td></tr>
<tr><td>Password : </td><td><input type="password" name="password"></td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Login"></td></tr>
</table>
</form>
<!-- end the HTML login form -->
</div>
<% End Sub %>

</body>
</html>

If request.form("submit")="Login" then the value Login has been passed and we know that the visitor has clicked and submitted the form. In this scenario the subroutine CheckLoginForm is called and its code executed.

CheckLoginForm will check to see if the username and password equal the values the visitor has entered. If they are correct then a Session variable 'BlnLoggedIn' will be created and set to True and the visitor will then be redirected to the 'add_news.asp'. If the visitor has not clicked the submit button then no value will be passed i.e. request.form("submit") will not equal Login and in that case the subroutine ShowLoginFrom will be called.

In this tutorial the username is 'mic' and the password is 'pass' though you can easily change the username and password for your login.

The subroutine 'ShowLoginForm' simply creates a form. The image below shows how the form will look on your screen. I have entered the login details in the screenshot below.

Members Login

Now that we have created our login page we will need to password protect our other pages in our 'admin' folder. To password protect these pages you can simply add the following code at the top of the pages. If someone tries to access any these pages they will be redirected back to the login page.

<%
'Our login protection code
If Session("BlnLoggedIn") <> True Then
Response.Redirect("login.asp")
End If
%>

Having created the database and now the login page save the 'login.asp' page in your 'admin' folder. Next we will build our admin navigation system.

<<Previous

Get the best asp hosting provider from web-hosting-top.com and save up to 30%

Advertisements



MembersPro

MembersPro PayPal - ASP Membership software

Plug and play ASP membership script that integrates with PayPal to let you charge recurring membership fees.

Global ASP.NET Hosting Leader - Click Here