Customer Login . Webmail Login . About Us . Contact Us
Go to: Articles List

Password Protecting Your Website, Part 2 (Part 1)
 [ See the Code | Run the Code ]

In Part One it was demonstrated for you how to build a simple password protection interface and functionality for your website. In part two we will explore how to add error messages, allow users to login again/re-login, and query a database for the user name and password entered.

The first thing we will do is add code to allow users to login in again or re-login. To do this we need to check to see if the user is already logged in and add a new subroutine to handle it. First we add the code to check to see if a user has already logged in.

The following code needs to be added at the top of the login page. This code will manage what happens when a user hits the login page.

 login = Request.Form("login")
If login = "login_again" Then
    Session("UserLoggedIn") = ""
    ShowLogin
Else
    If Session("UserLoggedIn") = "true" Then
        AlreadyLoggedIn
    Else
        If login = "true" Then
            CheckLogin
        Else
            ShowLogin
        End If
    End If
End If
This code (above) replaces this code (below) from Part one:

 If Request.Form("login") = "true" Then
    CheckLogin
Else
    ShowLogin
End If

Next we will add the subroutine AlreadyLoggedIn to tell the user they are logged in and ask if they want to logout/login again.

 <%
Sub AlreadyLoggedIn
%>
You are already logged in.
Do you want to logout or login as a different user?
<form name=form2 action=login2.asp method=post>
<input type=submit name=button1 value='Yes'>
<input type=hidden name=login value='login_again'>
</form>
<%
End Sub
%>
I included the opening and closing ASP script delimiters because in this section of code there is a mix of ASP and HTML.

Now to add error checking we need to declare a global error message variable, add code to format the error message and print out the message if needed.

Declare the variable to hold the error message near the top of the login page.

 Dim Error_Msg
And we add this little bit of code to the beginning of the login form. This will print out an error message if there is one.

 Response.Write(Error_Msg & "<br>")
Now all that is left to do add the code that checks the user name and password against a database. In order to do this we will rewrite the CheckLogin subroutine from Part One.

Sub CheckLogin
Dim Conn, cStr, sql, RS, username, userpwd
username = Request.Form("username")
userpwd = Request.Form("userpwd")
Set Conn = Server.CreateObject("ADODB.Connection")
cStr = "DRIVER={Microsoft Access Driver (*.mdb)};"
cStr = cStr & "DBQ=" & Server.MapPath("\articles\asp\advanced\passwordhowto.mdb") & ";"
Conn.Open(cStr)
sql = "select username from UserTable where username = '" & LCase(username) & "'"
sql = sql & " and userpwd = '" & LCase(userpwd) & "'"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
    Error_Msg = "Login Failed. Try Again."
    ShowLogin
Else
    Session("UserLoggedIn") = "true"
    Response.Redirect "protectedpage2.asp"
End If
End Sub
We also need to take out the line of code that sets the Session variable equal to "". What this did was logout our user anytime they pulled up the login page. The code is:

 Session("UserLoggedIn") = ""
We are done, you can cut and paste from the code below and then customize it for your site!


login2.asp [ Top ]



protectedpage2.asp