In Part One it was demonstrated for you how to build a simple password protection
interface and functionality for your website. In part two we will explore how to add
error messages, allow users to login again/re-login, and query a database for the user
name and password entered.
The first thing we will do is add code to allow users to login in again or re-login.
To do this we need to check to see if the user is already logged in and add a new subroutine
to handle it. First we add the code to check to see if a user has already logged in.
The following code needs to be added at the top of the login page. This code will
manage what happens when a user hits the login page.
login = Request.Form("login")
If login = "login_again" Then
Session("UserLoggedIn") = ""
ShowLogin
Else
If Session("UserLoggedIn") = "true" Then
AlreadyLoggedIn
Else
If login = "true" Then
CheckLogin
Else
ShowLogin
End If
End If
End If
This code (above) replaces this code (below) from Part one:
If Request.Form("login") = "true" Then
CheckLogin
Else
ShowLogin
End If
Next we will add the subroutine AlreadyLoggedIn to tell the user they are logged in
and ask if they want to logout/login again.
<%
Sub AlreadyLoggedIn
%>
You are already logged in.
Do you want to logout or login as a different user?
<form name=form2 action=login2.asp method=post>
<input type=submit name=button1 value='Yes'>
<input type=hidden name=login value='login_again'>
</form>
<%
End Sub
%>
I included the opening and closing ASP script delimiters because in this section of code there
is a mix of ASP and HTML.
Now to add error checking we need to declare a global error message variable, add code to
format the error message and print out the message if needed.
Declare the variable to hold the error message near the top of the login page.
Dim Error_Msg
And we add this little bit of code to the beginning of the login form. This will print out an
error message if there is one.
Response.Write(Error_Msg & "<br>")
Now all that is left to do add the code that checks the user name and password against a database.
In order to do this we will rewrite the CheckLogin subroutine from Part One.
Sub CheckLogin
Dim Conn, cStr, sql, RS, username, userpwd
username = Request.Form("username")
userpwd = Request.Form("userpwd")
Set Conn = Server.CreateObject("ADODB.Connection")
cStr = "DRIVER={Microsoft Access Driver (*.mdb)};"
cStr = cStr & "DBQ=" & Server.MapPath("\articles\asp\advanced\passwordhowto.mdb") & ";"
Conn.Open(cStr)
sql = "select username from UserTable where username = '" & LCase(username) & "'"
sql = sql & " and userpwd = '" & LCase(userpwd) & "'"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
Error_Msg = "Login Failed. Try Again."
ShowLogin
Else
Session("UserLoggedIn") = "true"
Response.Redirect "protectedpage2.asp"
End If
End Sub
We also need to take out the line of code that sets the Session variable equal to "". What this did
was logout our user anytime they pulled up the login page. The code is:
Session("UserLoggedIn") = ""
We are done, you can cut and paste from the code below and then customize it for your site!
