Have a look at the code for 'login.asp' and then I'll talk you through
it. Points to note are that we will be using 2 subroutines, CheckLoginForm
and ShowloginForm, and that once the form details are submitted they
are sent to the same page to be checked and processed. You could send
the form details to another page to be checked and processed but why
use an extra page!
The code below is for a simple login that checks for a single username
and password. In the following code the username and password are 'mic'
and 'pass'.
The 'submit' form button called 'submit' will play an important part in in letting us track whether the form has been submitted. If the form has been submitted then we can use the Request.Form command to collect the values entered in the form textfields and importantly the value sent in the form button 'submit'.
Code for 'login.asp'
<%
Response.Expires = -1000 'Make sure the browser
doesn't cache this page
Response.Buffer = True 'enables our response.redirect
to work
%>
<html>
<head><title>Password Protect your ASP pages</title>
</head>
<body>
<%
If Request.Form("submit") ="Login" Then
CheckLoginForm
Else
ShowLoginForm
End If
%>
<%
Sub CheckLoginForm
'check if the value of the text field 'username'
and 'password' are correct
If Request.Form("username")
= "mic" AND Request.Form("password") = "pass"
Then
Session("BlnLoggedIn") = True
Response.Redirect "memberspage.asp"
Else
'if the values entered are incorrect then display
the message below
Response.Write "<div align='center'>You are not logged
in.</div><br>"
ShowLoginForm
End If
End Sub
%>
<% Sub ShowLoginForm %>
<div align='center'>
<!-- start the HTML login form -->
<form name="form" action="login.asp" method="post">
<table>
<tr><td>User Name :</td><td><input type="text"
name="username"></td></tr>
<tr><td>Password : </td><td><input type="password"
name="password"></td></tr>
<tr><td colspan="2"><input type="submit"
name="submit" value="Login"></td></tr>
</table>
</form>
<!-- end the HTML login form -->
</div>
<% End Sub %>
</body>
</html>
Now lets break down the code into a series of blocks.
<%
Response.Expires = -1000 'Make sure the browser
doesnt cache this page
Response.Buffer = True 'enables our response.redirect
to work
If Request.Form("submit") ="Login" Then '
check if the value Login has been sent
CheckLoginForm ' calls the subroutine checkloginform
if Submit is equal to Login
Else
ShowLoginForm ' call the subroutine showloginform
if Submit isn't equal to Login
End If
%>
This block of code at the top of the page checks to see if the submit
button has been clicked.
If request.form("submit")="Login" then the value
Login has been passed and we know that the visitor has clicked and submitted
the form. In this scenario the subroutine CheckLoginForm is called and
its code executed.
CheckLoginForm will check to see if the username and password equal
the values the visitor has entered. If they are correct then a Session
variable 'BlnLoggedIn' will be created and set to True and the visitor
will then be redirected to the 'memberspage.asp'
<%
Sub CheckLoginForm
'check if the value of the text field 'username'
and 'password' are correct
If Request.Form("username")
= "mic" AND Request.Form("password") = "pass"
Then
Session("BlnLoggedIn") = True
Response.Redirect "memberspage.asp"
Else
Response.Write "<div align='center'>You are not logged
in.</div><br>"
ShowLoginForm 'call the sub showloginform and
display the login form again
End If
End Sub
%>
If the visitor has not clicked the submit button then no value will be passed i.e. request.form("submit") will not equal Login and in that case the subroutine ShowLoginFrom will be called.
<% Sub ShowLoginForm %>
<div align='center'>
<!-- start the HTML login form -->
<form name="form" action="login.asp" method="post">
<table>
<tr><td>User Name :</td><td><input type="text"
name="username"></td></tr>
<tr><td>Password : </td><td><input type="password"
name="password"></td></tr>
<tr><td colspan="2"><input type="submit"
name="submit" value="Login"></td></tr>
</table>
</form>
<!-- end the HTML login form -->
</div>
<% End Sub %>
The subroutine code above simply creates a form. The image below shows how the form will look on your screen. I have entered the login details in the screenshot below.
PASSWORD PROTECT OTHER PAGES
If you want to password protect any other pages then you can simply
add the following code at the top of the pages. So for all the other
pages if the Session variable 'BlnLoggedIn' is not equal to True then
the visitor will be redirected to the login page. We could put this
code at the top of our new members page 'memberspage.asp' which can
only be accessed if the visitor has logged in correctly.
Code for 'memberspage.asp'
<%
If Session("BlnLoggedIn") <> True Then
Response.Redirect("login.asp")
End If
%>
<html>
<head><title>Members Secure Homepage</title>
</head>
<body>
Welcome to the secure member's page.
</body>
</html>
If you need multiple users with different usernames and passwords then you could use a database to store all the users and query that database when the visitor logs in to check if they supplied a matching username and password, if they did then you could simply create a session variable as above and protect the pages in the same way.
Read our tutorial on Subroutines and Functions
Get the best asp hosting provider from web-hosting-top.com and save up to 30%
Plug and play ASP membership script that integrates with PayPal to let you charge recurring membership fees.
