When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips

Sections:
Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
XML Info
Information:
Feedback
Author an Article
ASP ASP.NET ASP FAQs Message Board Feedback
Print this page.
Published: Thursday, March 23, 2000

User Registration

By Corin Martens


The following is the registration part to the login script I wrote last month titled Creating a Database-Driven Login Page. If you have not read that article, I suggest you do so now. I made a few changes based on questions and recommendations by readers. First I am using an include file that contains the path to the database. Secondly rather than use sessions variable for the DatabasePath I am using a constant to save on server resources. Lastly I neglected to show the script that closes my connection. The last is important, as IIS doesn't do an adequate job of cleaning up recourses.

- continued -

I want to thank everyone for the e-mails, I tried to address everyone's concerns. If you have trouble with this or any script you can email me but for faster more thorough answers I recommend you post your questions at the ASP Messageboard. Onto the script...

I start with the include file. I use this because I move these files from my server to different web hosting companies. I comment out the file paths I'm not using and by placing <!-- #INCLUDE FILE="data.asp" --> in each page I make my database connection I only have to modify one comment tag when regardless of where I move my files.

To find out the complete path to your database at a web hosting company call/email tech support and ask for the path to your domain name, or create an ASP page with the code: <=Server.MapPath("/")%>. Here is the include file, data.asp:

<% 
'-- My server
Const DatabasePath = "c:/InetPub/wwwroot/mywebsite/fpdb/myAccessDatabase.mdb"

'-- My laptop
'-- Const DatabasePath = "c:/InetPub/wwwroot/mywebsite/fpdb/myAccessDatabase.mdb"			

'-- My Web hosting company
'-- Const DatabasePath = "d:/mydomainname/fpdb/myAccessDatabase.mdb"
%>

You can also set-up a system DSN which allows you the opportunity to make no changes in coding, but I feel more secure using the direct connection.

After that you are left with the registration coding. You'll see it begins with a call to the include file. Rather than write pieces of code and explain them the code is complete has plenty of comment tags.

<!-- #INCLUDE FILE="../data.asp" -->
<% Response.Buffer = true %>
<%
'-- Check if Submit button pushed, if not ignore the entire script
If Request.Form("btnAdd") = "Submit" Then

'-- Make sure all boxes have data entered into them
If Request.Form("name") <> "" OR Request.Form("password") <> "" OR _
        Request.Form("password2") <> "" OR _
        Request.Form("email") <> "" OR _
        Request.Form("userID") <> "" Then

	'-- Make sure the passwords match
	If Request.Form("password") = Request.Form("password2") Then

		'-- Declare your variables
		Dim DataConnection, cmdDC, RecordSet, SQL, strError
		Dim strUserName, strPassword, strEmail, strUserID

		'-- Get data from the form fields
		strUserName = Request.Form("name")
		strPassword = Request.Form("password")
		strEmail = Request.Form("email")
		strUserID = Request.Form("userID")

		'-- Create object and open database
		Set DataConnection = Server.CreateObject("ADODB.Connection")
		DataConnection.Open "DRIVER={Microsoft Access Driver (*.mdb)};" & _
		                    "DBQ=" & DatabasePath & ";"

		Set cmdDC = Server.CreateObject("ADODB.Command")
		cmdDC.ActiveConnection = DataConnection

		'-- default SQL
		SQL = "SELECT * FROM tblSecurity"

		If Request.Form("name") <> "" Then	
			SQL = "SELECT tblSecurity.* FROM tblSecurity WHERE " & _
			      "tblSecurity.userID='" & strUserID & "' AND " & _
			      "tblSecurity.password ='" & strPassword & _
			      "' OR tblSecurity.email ='" & strEmail & "'"
		End If

		cmdDC.CommandText = SQL
		Set RecordSet = Server.CreateObject("ADODB.Recordset")

		'-- Cursor Type, Lock Type

		'-- ForwardOnly 0 - ReadOnly 1
		'-- KeySet 1 - Pessimistic 2
		'-- Dynamic 2 - Optimistic 3
		'-- Static 3 - BatchOptimistic 4


		RecordSet.Open cmdDC, , 0, 2

		'-- check to see if the user and password or 
		'   e-mail address have registered before
		If Not RecordSet.EOF Then
			If RecordSet.fields("email")=strEmail Then
				strError = "<FONT FACE='ARIAL' SIZE='2'><B>" & _
				           "Sorry this email has already been " & _
				           "registred, please try again" & _
				           "</B></FONT>"
			Else			
				'Redo page and say that this User name 
				'and Password are already taken
				strError = "<FONT FACE='ARIAL' SIZE='2'><B>" & _
 	                       "Sorry this user name and password are " & _
 	                       "already taken, please try again" & _
 	                       "</B></FONT>"
			End If
			
		Else
			'-- Add new record to the database
			Dim Dconn, sSQL
		   Set Dconn = Server.CreateObject("ADODB.Connection")
		   Dconn.Open "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & _
		                  DatabasePath & ";"

			sSQL = "INSERT INTO tblSecurity(name, email, userID, " & _
			       "password, userLevel) VALUES ('" & strUserName & _
			       "','" & strEmail & "','" & strUserID & _
			       "','" & strPassword & "',1)"
			Dconn.Execute sSQL
			Dconn.Close
			Set Dconn = Nothing

			'Forward the user to page to notify of authentication
			Response.Redirect "youokman.asp"
		End If
	Else
		strError = "Your passwords don't match"
	End If

		'-- Close all connections
		RecordSet.Close
		Set RecordSet = Nothing

		DataConnection.Close
		Set DataConnection = Nothing

	Else
		'Tell them what they entered wrong
		strError = "Please fill in all the boxes"
	End If
End If

%>

<!-- HTML FORM -->
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>New Page 1</title>
</head>

<BODY bgcolor="#FFFFFF" MARGINHEIGHT="0" MARGINWIDTH="0" 
      LEFTMARGIN="0" TOPMARGIN="0" TEXT="#000000">

<%
		'-- Error message if there is any					
		Response.write (strError & "<BR>")							
%>

<form method="POST" action="default.asp">
    <div align="left">
      <table border="1" cellpadding="3" cellspacing="0" width="100%">
        <tr>
          <td width="50%"><font face="Arial" size="2">Full
            Name:</font></td>
          <td width="50%"><input type="text" name="name" size="20"></td>
        </tr>
        <tr>
          <td width="50%"><font face="Arial" size="2">Email:</font></td>
          <td width="50%"><input type="text" name="email" size="20"></td>
        </tr>
        <tr>
          <td width="50%"><font face="Arial" size="2">Choose
            a UserID:</font></td>
          <td width="50%"><input type="text" name="userID" size="20"></td>
        </tr>
        <tr>
          <td width="50%"><font face="Arial" size="2">Choose
            a Password:</font></td>
          <td width="50%"><input type="password" name="password" size="20"></td>
        </tr>
        <tr>
          <td width="50%"><font face="Arial" size="2">Confirm
            Password:</font></td>
          <td width="50%"><input type="password" name="password2" size="20"></td>
        </tr>
      </table>
    </div>
    <p><input type="submit" value="Submit" name="btnAdd">
    <input type="reset" value="Reset" name="B2"></p>
</form>
</body>
</html>

Other things you'll need are the database table to update and a place to send the user once they have registered. The Access database fields you'll need and there types at minimum are:

Column NameData Type
IDAutoNumber
NAMEText
USERIDText
PASSWORDText
USERLEVELNumber

You can add others as needed for your application(s). One thing to remember is a user cannot register with the same e-mail more than once. You can take this feature out if you like. Also this allows users to enter their own password. You may want to email them a generated password to validate their email address. (To learn how to send emails using ASP, be sure to read: Sending Emails in ASP Using CDONTS.

There you go! If you have questions or comments you can e-mail me at cmartens@liska.com. I'll lend advice where I can but recommend heading to ASP Messageboard as you have a whole community of asp programmers ready to help.

The next article I'll write will be a short easy script on how to handle users who have forgotten their userID and password. If I get the opportunity I'll add a randomize function and emailing piece to this script to generate passwords and e-mail them to newly registered users.

Happy Programming!


Attachments:

  • Download data.asp in text format
  • Download default.asp in text format


  • ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article