Logging In Using ASP - Access2000

After receiving a few queries about how to store passwords using
ACCESS and ASP, and then use them as "logins", I thought, well,
why not write in a separate article, instead of attaching
multiple ASP files that are full of confusing comments and
variables only to be decipherable by my brain?

I'm assuming you've installed, and are running PWS (Personal Web
Server) on your machine, if you are not already working on a
server that supports ASP.

First of all, create a database, for instance, customers.Define a
table with all the fields you require (include email and
password).

After the database has been created, you need to create a DNS in
order to access this database through your ASP pages.

If you have never created it, this is how you do it:

Go to the Control Panel (My Computer -> Control Panel), and click
on the icon that should be saying "ODBC Data Sources (32bit)". In
the resulting window, select the "System DSN" tab. Then click on
the "Add..." button. From the given list of Database drivers,
select "Microsoft Access Driver (*.mdb)" and click the "Finish"
button. You reach a place where you have to enter the "Data
Source Name". Enter it, anything, for instance, "customers". Then
click the "Select..." button. This lets you select the Access
database you created. Press Ok, press Ok, and press Ok. Your DSN
is created.

In the first part, I'll write about storing the passwords.

Before this, let's make an include file to create and initialize
the session variables that we are going to need (we can use
cookies, but some clever folks disable cookies on their
browsers).

File name: sessions.inc

<%

if session("email")="" then
session("email")="notlogged"
session("pass")=""
end if

%>

This file you can include in every page as



so that you can use them whenever you need them.

Now accepting login and password.

For this you require a normal HTML form.

You can have "n" number
of fields in a form, but here, our primary concern is, getting
the email as login, and the accompanying password.

Here's the form:Please enter your details:

onsubmit="return validate(this);">
Enter Email:

Enter Password:

We validate the form before it proceeds to the "action" file so
that there is very little server-side processing. A simple
validation:

Note: Put the following Javascript above the tag.



So now when the user clicks on "Submit", he/she goes to
"storelog.asp" In between, you can have a file to confirm the
form fields and give the user an option to modify them before
finally saving.

A few things. In order to use a database through ASP, you need to
have a DNS created for that database on the server.

STORELOG.ASP should somewhat look like this:

<%
dim sEmail, sPass, noError
noError="y"
sEmail=request.form("email")
sPass=request.form("pass")

' The following lines setup a connection to the DNS we created
above

Dim toDatabase 'To connect to the DNS
Dim toRecordset 'To connect to the individual tables

Set toDatabase = Server.CreateObject("ADODB.Connection")
toDatabase.Open "customers"

Set toRecordset = Server.CreateObject("ADODB.Recordset")
toRecordset.Open "logins", toDatabase, 2

' 2 = Opens the recordset in "Write Mode"

' Let us say "logins" is some table you created in the database.

toRecordset.AddNew
toRecordset("email")=sEmail
toRecordset("password")=sPass
on error resume next
toRecordset.Update
if err.number<>0 then
' do something if some error occurs.
' one error could be that the email already exists in the
database.
noError="n"
end if

toRecordset.Close

Set toRecordset = Nothing

toDatabase.Close

Set toDatabase = Nothing

if noError="y" then
' If the info was saved smoothly.

session("email")=sEmail
session("pass")=sPass
end if

' Here you can display some message that the record has been
saved.
%>

This saves the login information of a new customer. Now, how do
we use it in the future? First, the login form, that could be on
any page.

Remember you can use somewhat same validation Javascript here
too, so I'm not repeating it, but just mentioning it.Please login by entering your email and password.

onsubmit="return validate(this);">
Enter Email:

Enter Password:

LOGIN.ASP

At the top of the page, along with other ASP commands, include
this too:

<% response.buffer=true %>

This is required if you want to send the user to some page after
he/she has successfully logged in.

<%

dim sEmail, sPass, noError
noError="y"
sEmail=request.form("email")
sPass=request.form("pass")

' The following lines setup a connection to the DNS we created
above

Dim toDatabase 'To connect to the DNS
Dim toRecordset 'To connect to the individual tables

Set toDatabase = Server.CreateObject("ADODB.Connection")
toDatabase.Open "customers"

fndSQL="select * from logins where email='" & sEmail & "' and
password='" & sPass & "'"

Set toRecordset=toDatabase.execute(fndSQL)

if toRecordset.eof then

response.write "Your details are not in the database, please
try again, or register yourself."

else

session("email")=toRecordset("email")
session("pass")=toRecordset("password")

end if

toRecordset.Close

Set toRecordset = Nothing

toDatabase.Close

Set toDatabase = Nothing

response.redirect "To some URL"

%>

>From now onwards, whenever you want to perform some action that
should only be performed if the user is logged in, just check the
value is session("email"), like:

<%

if session("email")<>"notlogged" then

' do things for the logged in customer

else

' tell the customer that he she is not logged in.

end if

%>

Hope this helps. If you need further queries, or in future you
need some other ASP work, you are welcome to write to me at
amrit@bytesworth.com.