Techniques

This section makes it possible to gather a whole of techniques or scripts which have the originality to manage to solve a difficulty with the least effort or which are particularly effective...

•  How to protect a site by a password and a login

In the majority of the Web applications, there is today a reserved access protected by a password and a login. This authentification can allow for example the possibility to the user authenticated to download documents, or to have the possibility of poster of information on a forum.

There are several methods to arrive at this result. We will leave on simple bases, to be able to authenticate a user we will need a form where this one will inform are login and its password.

The page containing the form will be "login.asp" and it will be sent it even the data of the form.

After having to recover those we will use a Access base in order to check that the couple login/password is quite existing. If the user does not exist or if its password does not correspond it will not have the right of access and we will post an error message. If not we will be able to redirect it towards the part protected from the site or to post the information to him which we want hidden with the unknown ones.

In the example according to a data base named "login.mdb" is created. It has the table "users" of which here description:

1. id_user
2. name
3. login
4. password

<%
'Login.asp web page

'Declaration of variables
Dim Con
Dim rstLogin
Dim strSQL

Dim login
Dim password

'If the webpage receive vars from the form:
login = Replace(Request.Form("login"), "'", "''")
password = Replace(Request.Form("password"), "'", "''")

%>
<html>
<head><title>Login Page</title>
</head>
<body bgcolor="gray">
<%

'If this page don't receive var posted by the form
If Request.Form("validate") <> "GO" Then
 %>
  <form action="login.asp" method="post">
    <table border="0">
	<tr>
	  <td align="right">Login:</td>
	  <td><input type="text" name="login"></td>
	</tr>
	<tr>
	   <td align="right">Password:</td>
	   <td>
	     <input type="password" name="password">
	   </td>
	</tr>
	<tr>
	   <td align="right"></TD>
	   <td>
	     <input name='validate' type="submit" VALUE="GO">
	   </td>
	</tr>
    </table>
  </form>
 <%
Else
   sql = "SELECT * FROM users " _
    & "WHERE login = '" & login & "' " _
    & "AND password ='" & password & "';"

Set Con = Server.CreateObject("ADODB.Connection")
 Con.Open("DRIVER={Microsoft Access Driver (*.mdb)};" _
		& "DBQ=" & Server.MapPath("login.mdb"))

	Set rstLogin = Con.Execute(sql)

  If Not rstLogin.EOF Then
		
	'here we can redirect the authentified user
	Response.redirect "secure_page.asp"
		
  Else
	%>
	<p>
	<font size="4" face="arial,helvetica"><b>
	
	Logion error !
	</b></font>
	</p>
	<p>
	<a href="login.asp">Réessayer</a>
	</p>
	<%
		
	'we stop here the page
	Response.End
     End If

	' Clean Up
	rstLogin.Close
	Set rstLogin = Nothing
	cnnLogin.Close
	Set cnnLogin = Nothing
End If
%>
</body>
</html>