To read the article online, visit http://www.4GuysFromRolla.com/webtech/080899-1.2.shtml

Password Protecting Your Site

By Rob Taylor


Logging On Password File Invalid File Monitoring the Visit

This method of password protection can monitor all your pages so a user is forced to log in. If a user obtains a URL for a page farther in, they will be denied permitting you have added the code in the right places. Its really not that hard.

The system outlined in the following articles uses a username/password scheme. The information for usernames and passwords are stored in a text file, as opposed to in a database. (For an article that discusses authentication using databases, be sure to read Simple Authentication.) You do not want to use a text file scheme for username and password if security is of utmost importance, since folks on the web could easily download the file if they guess the correct URL. However, you might need to use a text file scheme if your web host does not support database connectivity, or if you are just lazy.

This article uses the FileSystemObject (FSO) to open and scan through the password text file. If you are unfamiliar with FSO, I strongly suggest you read Reading/Writing Text Files Using ASP. It will give you a solid understanding of how to use FSO.

We start with the enter.asp file. Through this page, your users will "logon" to the system. This is just the form to collect their username/password.

Logging On - Enter.asp


Here is the enter.asp file

<%=session.abandon%>
<HTML>
	<HEAD>
		<TITLE>Welcome</TITLE>
.
.
.

This is to be the first line of the enter.asp page. This sets the session variable(s) to NULL. Put it above the <HTML> tag.

<SCRIPT TYPE="text/javascript">
<!--hide

function checkPass()
{
	if(document.login.pwd.value != document.login.verifypwd.value)
	{
		alert('Your Passwords do not match')
		return false;
	}
	else
	{
	return true;
	}
}

//end hide -->
</SCRIPT>

A user is required to input his password and verify it. If the passwords do not match, this javascript function catches it and resets the page.

<FORM METHOD="POST"  NAME="login"  ACTION="password.asp"  onSubmit="return checkPass()">
<INPUT TYPE="mail"  NAME="email">
<INPUT TYPE="password"  NAME="pwd">
<INPUT TYPE="password"  NAME="verifypwd">
<INPUT TYPE="submit"  VALUE="submit">
</FORM>

When submitted, checkPass will verify the passwords and refuse to let a user in if they are not correct. If they are correct, The Form is submitted to the password file.

Logging On Password File Invalid File Monitoring the Visit


Article Information
Article Title: Password Protecting Your Site
Article Author: Rob Taylor
Published Date: Sunday, August 08, 1999
Article URL: http://www.4GuysFromRolla.com/webtech/080899-1.2.shtml


Copyright 2017 QuinStreet Inc. All Rights Reserved.
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers