Published: Thursday, March 23, 2000
User Registration
By Corin Martens
The following is the registration part to the login script I wrote last month titled
Creating a Database-Driven Login Page. If you have not read that article,
I suggest you do so now. I made a few changes based on questions and recommendations by readers. First I am
using an include file that contains the path to the database. Secondly rather than use sessions
variable for the DatabasePath I am using a constant to save on server resources. Lastly I
neglected to show the script that closes my connection. The last is important, as IIS doesn't do an adequate
job of cleaning up recourses.
I want to thank everyone for the e-mails, I tried to address everyone's concerns. If you have trouble with
this or any script you can email me but for faster more thorough answers
I recommend you post your questions at the ASP Messageboard.
Onto the script...
I start with the include file. I use this because I move these files from my server to different
web hosting companies. I comment out the file paths I'm not using and by placing
<!-- #INCLUDE FILE="data.asp" --> in each page I make my database connection I only have to
modify one comment tag when regardless of where I move my files.
To find out the complete path to your database at a web hosting company call/email tech support and ask for
the path to your domain name, or create an ASP page with the code: <=Server.MapPath("/")%>.
Here is the include file, data.asp:
<%
'-- My server
Const DatabasePath = "c:/InetPub/wwwroot/mywebsite/fpdb/myAccessDatabase.mdb"
'-- My laptop
'-- Const DatabasePath = "c:/InetPub/wwwroot/mywebsite/fpdb/myAccessDatabase.mdb"
'-- My Web hosting company
'-- Const DatabasePath = "d:/mydomainname/fpdb/myAccessDatabase.mdb"
%>
|
You can also set-up a system DSN which allows you the opportunity to make no changes in coding, but I feel
more secure using the direct connection.
After that you are left with the registration coding. You'll see it begins with a call to the include file.
Rather than write pieces of code and explain them the code is complete has plenty of comment tags.
<!-- #INCLUDE FILE="../data.asp" -->
<% Response.Buffer = true %>
<%
'-- Check if Submit button pushed, if not ignore the entire script
If Request.Form("btnAdd") = "Submit" Then
'-- Make sure all boxes have data entered into them
If Request.Form("name") <> "" OR Request.Form("password") <> "" OR _
Request.Form("password2") <> "" OR _
Request.Form("email") <> "" OR _
Request.Form("userID") <> "" Then
'-- Make sure the passwords match
If Request.Form("password") = Request.Form("password2") Then
'-- Declare your variables
Dim DataConnection, cmdDC, RecordSet, SQL, strError
Dim strUserName, strPassword, strEmail, strUserID
'-- Get data from the form fields
strUserName = Request.Form("name")
strPassword = Request.Form("password")
strEmail = Request.Form("email")
strUserID = Request.Form("userID")
'-- Create object and open database
Set DataConnection = Server.CreateObject("ADODB.Connection")
DataConnection.Open "DRIVER={Microsoft Access Driver (*.mdb)};" & _
"DBQ=" & DatabasePath & ";"
Set cmdDC = Server.CreateObject("ADODB.Command")
cmdDC.ActiveConnection = DataConnection
'-- default SQL
SQL = "SELECT * FROM tblSecurity"
If Request.Form("name") <> "" Then
SQL = "SELECT tblSecurity.* FROM tblSecurity WHERE " & _
"tblSecurity.userID='" & strUserID & "' AND " & _
"tblSecurity.password ='" & strPassword & _
"' OR tblSecurity.email ='" & strEmail & "'"
End If
cmdDC.CommandText = SQL
Set RecordSet = Server.CreateObject("ADODB.Recordset")
'-- Cursor Type, Lock Type
'-- ForwardOnly 0 - ReadOnly 1
'-- KeySet 1 - Pessimistic 2
'-- Dynamic 2 - Optimistic 3
'-- Static 3 - BatchOptimistic 4
RecordSet.Open cmdDC, , 0, 2
'-- check to see if the user and password or
' e-mail address have registered before
If Not RecordSet.EOF Then
If RecordSet.fields("email")=strEmail Then
strError = "<FONT FACE='ARIAL' SIZE='2'><B>" & _
"Sorry this email has already been " & _
"registred, please try again" & _
"</B></FONT>"
Else
'Redo page and say that this User name
'and Password are already taken
strError = "<FONT FACE='ARIAL' SIZE='2'><B>" & _
"Sorry this user name and password are " & _
"already taken, please try again" & _
"</B></FONT>"
End If
Else
'-- Add new record to the database
Dim Dconn, sSQL
Set Dconn = Server.CreateObject("ADODB.Connection")
Dconn.Open "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & _
DatabasePath & ";"
sSQL = "INSERT INTO tblSecurity(name, email, userID, " & _
"password, userLevel) VALUES ('" & strUserName & _
"','" & strEmail & "','" & strUserID & _
"','" & strPassword & "',1)"
Dconn.Execute sSQL
Dconn.Close
Set Dconn = Nothing
'Forward the user to page to notify of authentication
Response.Redirect "youokman.asp"
End If
Else
strError = "Your passwords don't match"
End If
'-- Close all connections
RecordSet.Close
Set RecordSet = Nothing
DataConnection.Close
Set DataConnection = Nothing
Else
'Tell them what they entered wrong
strError = "Please fill in all the boxes"
End If
End If
%>
<!-- HTML FORM -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>New Page 1</title>
</head>
<BODY bgcolor="#FFFFFF" MARGINHEIGHT="0" MARGINWIDTH="0"
LEFTMARGIN="0" TOPMARGIN="0" TEXT="#000000">
<%
'-- Error message if there is any
Response.write (strError & "<BR>")
%>
<form method="POST" action="default.asp">
<div align="left">
<table border="1" cellpadding="3" cellspacing="0" width="100%">
<tr>
<td width="50%"><font face="Arial" size="2">Full
Name:</font></td>
<td width="50%"><input type="text" name="name" size="20"></td>
</tr>
<tr>
<td width="50%"><font face="Arial" size="2">Email:</font></td>
<td width="50%"><input type="text" name="email" size="20"></td>
</tr>
<tr>
<td width="50%"><font face="Arial" size="2">Choose
a UserID:</font></td>
<td width="50%"><input type="text" name="userID" size="20"></td>
</tr>
<tr>
<td width="50%"><font face="Arial" size="2">Choose
a Password:</font></td>
<td width="50%"><input type="password" name="password" size="20"></td>
</tr>
<tr>
<td width="50%"><font face="Arial" size="2">Confirm
Password:</font></td>
<td width="50%"><input type="password" name="password2" size="20"></td>
</tr>
</table>
</div>
<p><input type="submit" value="Submit" name="btnAdd">
<input type="reset" value="Reset" name="B2"></p>
</form>
</body>
</html>
|
Other things you'll need are the database table to update and a place to send the user once they have registered.
The Access database fields you'll need and there types at minimum are:
| Column Name | Data Type |
|---|
|
ID | AutoNumber |
| NAME | Text |
| USERID | Text |
| PASSWORD | Text |
| USERLEVEL | Number |
You can add others as needed for your application(s). One thing to remember is a user cannot register with
the same e-mail more than once. You can take this feature out if you like. Also this allows users to enter
their own password. You may want to email them a generated password to validate their email address. (To
learn how to send emails using ASP, be sure to read: Sending Emails in ASP Using CDONTS.
There you go! If you have questions or comments you can e-mail me at cmartens@liska.com.
I'll lend advice where I can but recommend heading to ASP Messageboard
as you have a whole community of asp programmers ready to help.
The next article I'll write will be a short easy script on how to handle users who have forgotten their
userID and password. If I get the opportunity I'll add a randomize function and emailing piece to this script
to generate passwords and e-mail them to newly registered users.
Happy Programming!
Attachments:
Download data.asp in text format
Download default.asp in text format
