Codefixer - Password Protect your Pages using ASP

Have a look at the code for 'login.asp' and then I'll talk you through it. Points to note are that we will be using 2 subroutines, CheckLoginForm and ShowloginForm, and that once the form details are submitted they are sent to the same page to be checked and processed. You could send the form details to another page to be checked and processed but why use an extra page!
The code below is for a simple login that checks for a single username and password. In the following code the username and password are 'mic' and 'pass'.

The 'submit' form button called 'submit' will play an important part in in letting us track whether the form has been submitted. If the form has been submitted then we can use the Request.Form command to collect the values entered in the form textfields and importantly the value sent in the form button 'submit'.

<%
Response.Expires = -1000 'Make sure the browser doesn't cache this page
Response.Buffer = True 'enables our response.redirect to work
%>

<html>
<head><title>Password Protect your ASP pages</title>
</head>
<body>

<%
If Request.Form("submit") ="Login" Then
CheckLoginForm
Else
ShowLoginForm
End If
%>

<%
Sub CheckLoginForm
'check if the value of the text field 'username' and 'password' are correct
If Request.Form("username") = "mic" AND Request.Form("password") = "pass" Then
Session("BlnLoggedIn") = True
Response.Redirect "memberspage.asp"
Else
'if the values entered are incorrect then display the message below
Response.Write "<div align='center'>You are not logged in.</div><br>"
ShowLoginForm
End If
End Sub
%>

<% Sub ShowLoginForm %>
<div align='center'>

<form name="form" action="login.asp" method="post">
<table>
<tr><td>User Name :</td><td><input type="text" name="username"></td></tr>
<tr><td>Password : </td><td><input type="password" name="password"></td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Login"></td></tr>
</table>
</form>

</div>
<% End Sub %>

</body>
</html>

<%
Response.Expires = -1000 'Make sure the browser doesnt cache this page
Response.Buffer = True 'enables our response.redirect to work

If Request.Form("submit") ="Login" Then ' check if the value Login has been sent
CheckLoginForm ' calls the subroutine checkloginform if Submit is equal to Login
Else
ShowLoginForm ' call the subroutine showloginform if Submit isn't equal to Login
End If
%>

This block of code at the top of the page checks to see if the submit button has been clicked.
If request.form("submit")="Login" then the value Login has been passed and we know that the visitor has clicked and submitted the form. In this scenario the subroutine CheckLoginForm is called and its code executed.
CheckLoginForm will check to see if the username and password equal the values the visitor has entered. If they are correct then a Session variable 'BlnLoggedIn' will be created and set to True and the visitor will then be redirected to the 'memberspage.asp'

<%
Sub CheckLoginForm
'check if the value of the text field 'username' and 'password' are correct
If Request.Form("username") = "mic" AND Request.Form("password") = "pass" Then
Session("BlnLoggedIn") = True
Response.Redirect "memberspage.asp"
Else
Response.Write "<div align='center'>You are not logged in.</div><br>"
ShowLoginForm 'call the sub showloginform and display the login form again
End If
End Sub
%>

If the visitor has not clicked the submit button then no value will be passed i.e. request.form("submit") will not equal Login and in that case the subroutine ShowLoginFrom will be called.

<% Sub ShowLoginForm %>
<div align='center'>

<form name="form" action="login.asp" method="post">
<table>
<tr><td>User Name :</td><td><input type="text" name="username"></td></tr>
<tr><td>Password : </td><td><input type="password" name="password"></td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Login"></td></tr>
</table>
</form>

</div>
<% End Sub %>

The subroutine code above simply creates a form. The image below shows how the form will look on your screen. I have entered the login details in the screenshot below.

PASSWORD PROTECT OTHER PAGES

If you want to password protect any other pages then you can simply add the following code at the top of the pages. So for all the other pages if the Session variable 'BlnLoggedIn' is not equal to True then the visitor will be redirected to the login page. We could put this code at the top of our new members page 'memberspage.asp' which can only be accessed if the visitor has logged in correctly.

<%
If Session("BlnLoggedIn") <> True Then
Response.Redirect("login.asp")
End If
%>
<html>
<head><title>Members Secure Homepage</title>
</head>
<body>
Welcome to the secure member's page.
</body>
</html>

If you need multiple users with different usernames and passwords then you could use a database to store all the users and query that database when the visitor logs in to check if they supplied a matching username and password, if they did then you could simply create a session variable as above and protect the pages in the same way.

MembersPro PayPal - ASP Membership software

Membership Software Integrates with PayPal

Plug and play Membership script.
Recurring subscriptions or one time payment.
Up to 3 levels of membership subscription.
Easy set up and admin with free installation.
Works with PayPal.
Receive updates and add-ons for 2 years.
1st class support and customization available.
Can be customized to support more levels.
Saves you hours and hours of development time and money.
PURCHASE YOUR COPY TODAY

Password Protect your pages using ASP

Membership Software Integrates with PayPal