March 28th, 2017
This is the database where the username and passwords are kept. It should be stored in a directory, where it can't be accessed directly by a user, but only accessed by scripts which are stored on the server.
If you want to set up the database yourself:
I have called the database access.mdb If you change this name, then ensure that you also change the references to it in addinguserproc.asp and loginproc.asp
I have called the table users. If you change this name, then ensure that you also change the references to it in addinguserproc.asp and loginproc.asp
The table has 3 fields:
userID which is an autonumber
Username which is a text field
Password which is also a text field
EmailAddress which is also a text field
I have kept it simple for these purposes, but in a real life situation you may want to make it slightly more complicated.
This is simply a form for a new user to add their information. More fields can be added if required by just adding more lines. For example:
<%Response.Write("Address <input type = ""Text"" name =""Address"">")%>
This script checks that the user has entered a password and username and email address. It then adds these values to the database as a new user and logs in that user in a similar way to loginproc.asp . It then redirects that user to success.asp to tell them that they are logged in
This should be included at the top of each file that you want to password protect. The asp file should have
<%Response.Write("<%@ Language=VBScript %>" & vbcrlf)Response.Write("
" & vbcrlf)Response.Write("<%Option explicit %>")%>
at the top and this should be included immediately after these two lines by putting:
<% Response.Write("<!-- #INCLUDE FILE = "authenticate.asp" -->") %>
This script is activated from viewusers.asp in order to delete users from the database.emailcheck.asp
This is a simple script to check that the person adding their email address is entering a valid email address. It checks that there is only one @ sign and also there there is a dot there
This tells the user, that they are not logged in if it is true or their username if they are logged in.
This is a simple form for a user to log in. It requires a Username and password, however other fields can be added as with addinguser.asp .
This checks that a Username and Password were entered. It then checks them against the database to make sure that the Username exists and that the password entered is valid.If they are, then it writes a session variable of their username and redirects them to the success page
This page simply sets the session variable equal to "" . It then redirects the user to failure.asp to tell them that they are not logged in.
This could say anything, but to show that the script is working, I have written the session variable produced by loginproc.asp to show the user name.
This shows all valid users in a table. For security, don't put this in a place which can be easily found by visitors. Alternatively, password protect this page by changing authenticate.asp to only allow access if there is a particular username that has been logged in. You are also able to delete users from this page, but once deleted, they are deleted permanently.
Any more questions please email firstname.lastname@example.org