Search w3schools.com:

SHARE THIS PAGE

ASP Classic - Adding Login

Learn ASP Classic by building a web site from scratch.

Part IV: Adding Membership registration, and Login.

What We Will Do

In this chapter we will:

  • Create a WebSecurity database
  • Add a membership registration page
  • Add a member login page

Creating a Web Security Database

A common way to add security to a web site, is to use an authentication database.

In its simplest form, an authentication database contains a list of registered users with passwords.

Create a new database. Give the database a proper name, like "Users.mdb".

If you don't know how to create a database for your web, please go to the chapter Web Database.

In the Users database, create a new table named Users with the following design:

Field Name Data Type Primary Key Default Value Allows Null
UserId BigInt Yes Null No
Email nvarchar(50) No Null No
Password nvarchar(50) No Null No
Role nvarchar(50) No Null No

Add some users to the Users database:

UserId Email Password Role
1 admin@somewhere.com admin admin
2 anna@somewhere.com anna user
3 guest@somewhere.com guest guest

lamp You don't have to create a new database. You can create a new table named Users in your existing database (Northwind.mdb).

Edit The Style Sheet

Edit your style sheet (Site.css):

Add the following CSS code to the end of the CSS file:

Site.css

/* Forms */
fieldset label
{
display:block;
padding:4px;
}

input[type="text"],input[type="password"]
{
width:300px;
}

input[type="submit"]
{
padding:4px;
}

Add a Registration Page

In your web folder (DemoASP), create a new file named "Register.asp".

Put the following code inside the file:

Register.asp

<!DOCTYPE html>
<html>
<head>
<title>ASP Register</title>
<link href="Site.css" rel="stylesheet">
</head>
<body>
<div id="main">

<%
email = ""
password = ""
confirmPassword = ""
ErrorMessage = ""

if request.form <> "" then
  email = Request.Form("email")
  password = Request.Form("password")
  confirmPassword = Request.Form("confirmPassword")

  if email="" or password="" then
    ErrorMessage = "You must specify both email and password."
  end if
  if password <> confirmPassword then
    ErrorMessage = "Password and confirmation do not match."
  end if

  if ErrorMessage = "" then
    set conn = Server.CreateObject("ADODB.Connection")
    conn.Provider = "Microsoft.Jet.OLEDB.4.0"
    conn.Open("C:\WebData\Users.mdb")
    set rs = Server.CreateObject("ADODB.recordset")
    rs.Open "Select * FROM Users WHERE Email = '" & email & "'", conn
    if rs.EOF = true then
      sql="INSERT INTO Users (Email,Password,Role)
      VALUES ('" & email & "','" & password & "','guest')"
      conn.Execute(sql)
      Response.Redirect("Default.asp")
    else
      ErrorMessage = "Email address is already in use."
    end if
  end if
end if

if ErrorMessage <> "" then
  response.write("<p>" & ErrorMessage & "</p>")
  response.write("<p>Please correct the errors and try again.</p>")
end if
%>

<h1>Register</h1>
<form method="post" action="">
<fieldset>
<legend>Sign-up Form</legend>
<ol>
<li>
<label>Email:</label>
<input type="text" id="email" name="email" />
</li>
<li>
<label>Password:</label>
<input type="password" id="password" name="password" />
</li>
<li>
<label>Confirm Password:</label>
<input type="password" id="confirmPassword" name="confirmPassword" />
</li>
<li>
<p><input type="submit" value="Register" /></p>
</li>
</ol>
</fieldset>
</form>

<!-- #include file="Footer.inc" -->
</div>
</body>
</html>

Add a Login Page

In your web folder (DemoWebPages), create a new file named "Login.asp".

Put the following code inside the file:

Login.asp

<!DOCTYPE html>
<html>
<head>
<title>ASP Login</title>
<link href="Site.css" rel="stylesheet">
</head>
<body>
<div id="main">

<%
username = ""
password = ""
ErrorMessage = ""

if request.form <> "" then
  username = Request.Form("username")
  password = Request.Form("password")
  if username = "" or password = "" then
    ErrorMessage = "You must specify a username and password."
  else
    set conn = Server.CreateObject("ADODB.Connection")
    conn.Provider = "Microsoft.Jet.OLEDB.4.0"
    conn.Open("C:\WebData\Users.mdb")
    set rs = Server.CreateObject("ADODB.recordset")
    rs.Open "Select * FROM Users WHERE Email = '" & username & "'", conn
    if rs.EOF = false then
      if rs.fields("Password") = password then
        Response.Redirect("Default.asp")
      end if
    end if
  ErrorMessage = "Login failed"
  end if
end if

if ErrorMessage <> "" then
  response.write("<p>" & ErrorMessage & "</p>")
  response.write("<p>Please correct the errors and try again.</p>")
end if
%>

<h1>Login</h1>
<form method="post" action="">
<fieldset>
<legend>Log In to Your Account</legend>
<ol>
<li>
<label>Username:</label>
<input type="text" id="username" name="username" />
</li>
<li>
<label>Password:</label>
<input type="password" id="password" name="password" />
</li>
<li>
<p><input type="submit" value="Login" /></p>
</li>
</ol>
</fieldset>
</form>

<!-- #include file="Footer.inc" -->
</div>
</body>
</html>

Congratulations

You have added membership registration and login information to your website.


Your suggestion:

Close [X]

Thank You For Helping Us!

Your message has been sent to W3Schools.

Close [X]