Geek asks and answers

Classic asp sql password check

If I had a login page that entered user data for a username and password, how would I post this information on another page that will be used to store subtitles and procedures, so that other pages will include this page so that I can to minimize the number I type the connection string.

So, I have login.asp, which I want to send login credentials for include.asp that will never be opened, if the login credentials are correct, then they will be sent to table.asp. If this is not the case, an error message should appear on the login.asp page.

I have provided code for the include.asp file that the user below will never see

Dim objCon, SQL, objRS

'Connect to Database
sub connect()

    Set objCon = CreateObject("ADODB.Connection")
    Set objRS = CreateObject("ADODB.Recordset")
    objCon.Open "Provider=SQLOLEDB.1;Password=xxxx;Persist Security Info=True;User ID=xxxx;Initial Catalog=Customer;Data Source=xxxx"   
    SQL = "SELECT * FROM Customer"  
    objRS.open SQL, objCon

end sub


sub connectionClose()

    objRS.close
    objCon.close   

end sub
+3
2

, .

u login.asp, validateLogin.asp, table.asp( include.asp)

Login.asp validatelogin.asp

validatelogin.asp

dim username : username = request.form("username")
dim password: password = request.form("password")
'here for security purpose u will want to replace all the single quote in username and password with 2x single quote (you do that to avoid SQL injection form bots / hackers
username = replace(username ,"'","''")
password = replace(password,"'","''")
sqlValidateUser = "SELECT top 1 * FROM Customer where username='"&&"' and password = ''"
set rsValidateUser = objCon.execute(sqlValidateUser)
if not rsValidateUser.eof then
   session("authentified") = "1"
   response.redirect("table.asp")
   response.end()
else
   response.redirect("YOUR_ERROR_PAGE.asp")
   response.end()
end if
rsValidateUser.close

include.asp u - :

'Validating if your NOT on login.asp or loginvalidate.asp ... if not Check if your logged in ... if not redirect to error page or login form
    if not instr(lcase(request.servervariable("url")),"login.asp") > 0 and not instr(lcase(request.servervariable("url")),"validatelogin.asp") > 0 then
       if session("authentified") = "1" then
          response.redirect("your_Error_page.asp")
       end if
    end if

100% include.asp, , .

+1

\includes. \ "functions.asp" . NO HTML - script.

#include, include: example:

<!-- #include file = "../includes/functions.asp" -->

auth , functions.asp.

0

More articles:


All Articles