TechiWarehouse.Com


Top 3 Products & Services

1.
2.
3.


Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /home/santanaservices/public_html/techiwarehouse.com/cms/engine.php on line 37

Dated: Aug. 12, 2004

Related Categories

Active Server Pages

By Tim Malone
For affordable web design, web hosting, domain registration, and custom programming services, visit Focus Web Design.

This tutorial builds on what was discussed last week. This week you will be examining the code for an extended version of the member’s only section.

This extended version includes the following extra features:

  • Ability to log in and log out
  • More than one page can be used in the member’s area
  • More than one username and password pair can be accepted

We’ll create it first then talk about the code.

  1. Create four text files (in Notepad or another text editor), and give them the following names:

    a. index.asp
    b. main.asp
    c. main2.asp
    d. logout.asp

     

  2. Copy the following portions of code into the separate files:
  index.asp

<%
if request.cookies("extended_members_area”) = "qw339cmx” then response.redirect("main.asp”)

sub login()
response.cookies("extended_members_area”) = "qw339cmx”
response.redirect("main.asp”)
end sub

if request.form("username”) = "johndoe” and request.form("password”) = "letmein” then login()
if request.form("username”) = "tim” and request.form("password”) = "ilikeasp” then login()
if request.form("username”) = "adam” and request.form("password”) = "iliketw” then login()
%>

<html>
<head>
<title>Extended Member’s Area</title>
</head>
<body>
Please login to access this Member’s Area.
<% if request.form("submit”) = "Enter!” then %>
<font color=”red”><b>You entered an incorrect username/password combination. Please try again.</b></font><br>
<% end if %>
<form action=”index.asp” method=”post”>
Username: <input type=”text” name=”username”>
Password: <input type=”password” name=”password”>
<input type=”submit” name=”submit” value=”Enter!”>
</form>
</body>
</html>

  main.asp

<% if not request.cookies("extended_members_area”) = "qw339cmx” then response.redirect("index.asp”) %>
<html>
<head>
<title>Extended Member’s Area</title>
</head>
<body>
<b>Welcome to the Member’s Area.</b><br>
Special content for members only appears here.<br>
You can also view <a href=”main2.asp”>this page</a>.
To logout, please <a href=”logout.asp”>click here</a>.
</body>
</html>

  main2.asp

<% if not request.cookies("extended_members_area”) = "qw339cmx” then response.redirect("index.asp”) %>
<html>
<head>
<title>Extended Member’s Area</title>
</head>
<body>
This is another page in the Member’s area.<br>
To go back to the main page, <a href=”main.asp”>click here</a>.
</body>
</html>

  logout.asp

<%
response.cookies("extended_members_area”) = "”
response.redirect("main.asp”)
%>

Explaining The Code

If you look at this code in detail, you should be able to figure out what it's doing. We'll examine it bit by bit.

  index.asp

index.asp is the page that users will see first. It contains the form that users use to login to the member's area, and it also processes this data entered into the form - by checking that the username and password are correct, setting a cookie, and redirecting to main.asp.

<%

Don't forget - we always have to use the <% to start our ASP scripts.

if request.cookies("extended_members_area”) = "qw339cmx” then response.redirect("main.asp”)

This simple one-line statement is just saying "If the cookie 'extended_members_area' equals 'qw339cmx' then redirect the user to 'main.asp'". In ASP, and many other web programming languages - PHP and JavaScript to name a few, you can set cookies. Cookies are small text files that are stored on a user's computer that you can use to identify a particular user. More information about cookies can be found in our Article, Cookies and Cream.

Member's Only Area ExtendedToday you'll learn about using cookies - setting and retrieving them. In this statement, we are retrieving a cookie - hence the request statement. If we were setting a cookie, we'd use the response statement instead. The name of the cookie we are retrieving (or requesting) is "extended_members_area". You can call the cookie whatever you like, as long as you use the same name each time you reference it.

In the if statement above, we are checking to see if the "extended_members_area" cookie holds the value "qw339cmx". This may seem like a strange value, but personally I tend to use values like this for more security - to make it harder for hackers to guess the value of the cookie. You'll see a bit further on in the code where we actually set the variable with this value.

So, what are we doing with this cookie? Well, when the user logs in, if the username and password is correct, we set the special value ("qw339cmx"). Then, when each page loads (eg. main.asp), we check to see what the value of the cookie is. If it's "qw339cmx", then we show the user that page - because it means they're logged in. But if it isn't, then they obviously aren't logged in, so we return them to the login page. Also, if a user visits the login page when they are already logged in, we save them the trouble and take them straight to the main page.

sub login()
response.cookies("extended_members_area”) = "qw339cmx”
response.redirect("main.asp”)
end sub

This code does what we were just talking about then - it sets the cookie (notice response instead of request), and then redirects the user to main.asp. But what's the sub login and end sub for? If you've used any variation of the Basic language before, you'll recognize those. Any code inside those two statements will not run unless we ask it to. It's like a "sub section" of our code.

if request.form("username”) = "johndoe” and request.form("password”) = "letmein” then login()
if request.form("username”) = "tim” and request.form("password”) = "ilikeasp” then login()
if request.form("username”) = "adam” and request.form("password”) = "iliketw” then login()

If you don't like if statements, then you're not going to like that section of code! Here we've got three if statements - all to check usernames and passwords. You can copy these and put in as many users as you like. All we're doing with each of these statements is checking what username the user entered, and checking it against the password - and if they're both correct, we use login to run the sub-section of code we defined earlier on.

The rest of the code in the index.asp page is HTML, so you should be able to understand what it's all doing. There's just one more thing to draw your attention to:

<% if request.form("submit”) = "Enter!” then %>
<font color=”red”><b>You entered an incorrect username/password combination. Please try again.</b></font><br>
<% end if %>

Here we are simply checking to see if the user has submitted the form, and if they have we tell them that their username and password was incorrect. Why do we assume that? Because in the code before, if the username and password were correct, we would have already moved on to the main.asp page.

  main.asp AND main2.asp

main.asp is the first page that users see once they have successfully logged in. It checks the cookie we set to prevent users from viewing the page directly without logging in. main2.asp is another page that only members can see. This page is included to demonstrate to you the ability to include as many pages as you like.

<% if not request.cookies("extended_members_area”) = "qw339cmx” then response.redirect("index.asp”) %>

If you don’t already know what this code does – it simply checks to see that the cookie is set the value we want, and if not, it redirects back to index.asp for the user to log in. Note that our if statement here says if not – so the action is performed if the check we do is not true.

<%
response.cookies("extended_members_area”) = "”
response.redirect("main.asp”)
%>
 

  logout.asp

logout.asp is the page to link to if you want to log your users out. All it does is removes the cookie we set earlier and redirects back to the front page (the login form).

<%
response.cookies("extended_members_area") = ""
response.redirect("index.asp")
%>

This code simply sets the cookie we have back to nothing (i.e. it logs the user out), and then returns to the login page.

Conclusion

And that's all! Hopefully now you know the basics of creating a password protected "members area" in ASP.

Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!


Previous Article

Next Article


ramesh's Comment
very gud

Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /home/santanaservices/public_html/techiwarehouse.com/cms/comments.php on line 96
18 Fri Feb 2011
Admin's Reply:

Thanks Ramesh.






Facebook