Creating Login form and validation using ASP MSSQL
Try to develop a login page using ASP. Actually we will be displaying one html login form to the visitor to enter their userid and password and from ASP side code is not there but using ASP we will check the session values to find out whether the member is already logged in or this is a fresh login.
Read the detail on how to check session login status and display login form.
The login page has very simple code and through this page we will collect userid and password and then send the data by form post method to another page where we will do the matching from our MSSQL table. Here is the code for login page.
if (IsEmpty(Session("userid"))) then %>
<form method=post action=loginck.asp>
<table border="0" cellspacing="0" cellpadding="0" align=center>
<tr><td>User Id </td><td><input type=text name=userid></tr>
<tr><td>Password</td><td><input type=password name=password></tr>
<tr><td colspan=2 align=center><input type=submit value=Login></td></tr>
<%
else
Response.Write " You are logged in as " & Session("userid") & " <a href=logout.asp>Click here to log out </a>"
End if
Once the userid and password is entered by the member in login form and submitted the value is collected at action page.
Dim userid,password
userid=Request("userid")
password=Request("password")
Now the userid and password are stored in the variables. We have to take care of this data as other than characters and numbers are not allowed in these two fields. We have to validate these data before matching them with our database table. This is also a security requirement to prevent injection attack. We will use regular expression to check our user entered data. We will use one if condition for validation and once the validation is ok then only the code inside the if block will be executed. Here is the code.
dim RExp : set RExp = new RegExp
with RExp
.Pattern = "^[a-zA-Z0-9]{3,8}$"
.IgnoreCase = True
.Global = True
end with
If (RExp.test(userid) and RExp.test(password) ) then
The code after ( within ) the if then condition will be executed once the regular expression validation is passed. In the else block of the code we will keep the message to be displayed if the validation fails. That part is not shown in the above code. You can see that message in full code given at the end. Now let us work on how to match the record in MSSQL table with the user entered data. We have not displayed the MSSQL connection etc and here is the code for matching record.
rs.open "select userid from member where userid=''" & userid & "'' and password=''"& password &"''", conn
if rs.EOF Then
Response.Write "Sorry Incorrect Logint<br>"
Else
Response.Write "<br>Welcome " & rs("userid")
Session("userid")=rs("userid")
Response.Write "<br>Welcome " & Session("userid")
Response.Write "<br>Click here to go to <a href=mem/index.asp>member area</a>"
End if
The above code will match the data with table and display the error message if matching fails. Otherwise if login details are correct then a new session with userid is created. Next we will read how to create member pages and other parts of login script. Here is the complete code.
<%
Dim conn,rs,rs1,SQL,RecsAffected
Set conn=Server.CreateObject("ADODB.Connection")
conn.Mode=adModeRead
conn.ConnectionString = aConnectionString
conn.Open
Set rs =Server.CreateObject("ADODB.Recordset")
Dim userid,password
userid=Request("userid")
password=Request("password")
dim RExp : set RExp = new RegExp
with RExp
.Pattern = "^[a-zA-Z0-9]{3,8}$"
.IgnoreCase = True
.Global = True
end with
If (RExp.test(userid) and RExp.test(password) ) then
rs.open "select userid from member where userid='" & userid & "' and password= '"& password &"' ", conn
if rs.EOF Then
Response.Write "Sorry Incorrect Logint<br>"
Else
Response.Write "<br>Welcome " & rs("userid")
Session("userid")=rs("userid")
Response.Write "<br>Welcome " & Session("userid")
Response.Write "<br>Click here to go to <a href=mem/index.asp>member area</a>"
End if
Else ' Regular Expression checking
Response.Write " Invalid Data "
End if ' Regular Expression checking
Set rs = Nothing
conn.Close
Set conn = Nothing
%>
This article is written by plus2net.com team.
Be the first to post comment on this article :
plus2net.com
|