Creating a Database-Driven Login PageBy Corin Martens
This script lets a user login, then it tracks that user and controls the areas they can access. When the user runs across an area they don't have proper permission to access they are forwarded to a page to register. It works well if you want to embed a login into a page and track and identify a specific user throughout the site. This code covers the login and tracking portion for my visitor. You can also read up on how I implemented the registration section.
There are two parts to the login page, which does a recursive call. The asp code is ignored unless data is
entered into the
password text boxes and the login button is pushed.
This is so you can embed this login within your home page or any other page. Once a user logs in their entry
is compared to a database. If there is a match their user level is logged into a session variable and checked
on every page. If their isn't a match they are redirected to a page that allows them to register or upgrade
The first part sets your database path. You may want to put that is a separate
data.asp file and
then just include
data.asp at the beginning of your code (if you are unfamiliar with using include
files, be sure to read: The low-down on Includes). You can also use a
System DSN. Which every you choose will work. I like the include file so I can avoid relying on web hosting
companies to set-up the DSN and I'm able to refer to the Database Path to save the hassle of changing it on
multiple pages when I publish the site to another location.
Anyway, here's the dataconnection and variable declaration section
Next, you want to establish a default SQL statement and then modify it when your user has entered their
userName. Your trying to find a match in the database with the users entry. A record set is
created to store any matching records. If there is a match you want that the data you'll need stored in the
recordset. My record in this table has very few columns so I store the entire record.
Once your recordset is created and the SQL statement executed you test for a match by checking if their are
any records in the recordset. If there are you had a match and the
Session("userLevel") is set to
match the database record field
userLevel. If not the user is forwarded to a registration page.
This next part is your user interface. It checks if they have logged in. If they have it gives their login
name and access level. Neat way to let a user know your site cares about them as individuals or as part of a
group. It also contains the form for them to enter their
The last part covers the code placed at the beginning of each page that requires an access level. It checks
their level from the
Session("userLevel"), allows them to access the page unless they lack the
proper access level. If not they are forwarded to a registration page then redirected back to the page they
came from. If you have several access levels you'll want to pass the level required in the
Response.Redirect as well.
The registration section can be read here. Also I'd like to thank other authors of articles on this site as I rely on their direction for some of the coding I do.