When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips

Sections:
Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
XML Info
Information:
Feedback
Author an Article
Technology Jobs
ASP ASP.NET ASP FAQs Message Board Feedback ASP Jobs
Print this page.
Published: Sunday, August 08, 1999

Password Protecting Your Site

By Rob Taylor


Logging On Password File Invalid File Monitoring the Visit

- continued -

'

This method of password protection can monitor all your pages so a user is forced to log in. If a user obtains a URL for a page farther in, they will be denied permitting you have added the code in the right places. Its really not that hard.

The system outlined in the following articles uses a username/password scheme. The information for usernames and passwords are stored in a text file, as opposed to in a database. (For an article that discusses authentication using databases, be sure to read Simple Authentication.) You do not want to use a text file scheme for username and password if security is of utmost importance, since folks on the web could easily download the file if they guess the correct URL. However, you might need to use a text file scheme if your web host does not support database connectivity, or if you are just lazy.

This article uses the FileSystemObject (FSO) to open and scan through the password text file. If you are unfamiliar with FSO, I strongly suggest you read Reading/Writing Text Files Using ASP. It will give you a solid understanding of how to use FSO.

We start with the enter.asp file. Through this page, your users will "logon" to the system. This is just the form to collect their username/password.

Logging On - Enter.asp


Here is the enter.asp file

<%=session.abandon%>
<HTML>
	<HEAD>
		<TITLE>Welcome</TITLE>
.
.
.

This is to be the first line of the enter.asp page. This sets the session variable(s) to NULL. Put it above the <HTML> tag.

<SCRIPT TYPE="text/javascript">
<!--hide

function checkPass()
{
	if(document.login.pwd.value != document.login.verifypwd.value)
	{
		alert('Your Passwords do not match')
		return false;
	}
	else
	{
	return true;
	}
}

//end hide -->
</SCRIPT>

A user is required to input his password and verify it. If the passwords do not match, this javascript function catches it and resets the page.

<FORM METHOD="POST"  NAME="login"  ACTION="password.asp"  onSubmit="return checkPass()">
<INPUT TYPE="mail"  NAME="email">
<INPUT TYPE="password"  NAME="pwd">
<INPUT TYPE="password"  NAME="verifypwd">
<INPUT TYPE="submit"  VALUE="submit">
</FORM>

When submitted, checkPass will verify the passwords and refuse to let a user in if they are not correct. If they are correct, The Form is submitted to the password file.

Logging On Password File Invalid File Monitoring the Visit



ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article