SiteExperts.com Logo Home | Community | Developer's Paradise | Jobs
User Groups | Site Tools | Site Information | Search

Inside Technique : Adding Site Registration : Logging into a Site

Once a user joins, they need to be able to log back in and change their password. Logging users in is accomplished with the logon.asp page, and password management is handled by changepassword.asp. First we will look at logon.asp.

logon.asp

The logon.asp page serves two purposes. To allow existing users to log into the system and to allow users to manually log themselves off. Since the session object eventually times out automatically logging the user off, the log out functionality is provided mostly as a convenience to the user.

Since this page supports two distinct actions, we use the form management technique presented on the previous page. Below we walk you through the complete logon.asp script: 

<% @Language=VBScript %>
<% Option Explicit %>
<HTML>
<HEAD>
<!-- #include virtual="/inc/utility.asp" -->

<TITLE>Logon <%=SITENAME%></TITLE>
</HEAD>
<BODY>
<%=OutputHeader()%>
<%
' The text for the submit button and to differentiate 
' form actions
const LOGON_ACTION = "Logon..."
const LOGOFF_ACTION = "Logoff..."

Dim sError, bLogon

' Does the user have to log in 
bLogon = Session("u_name")=""

if Request.Form("action")=LOGOFF_ACTION then
  ' User chose to log-off.
  ' Just abandon the session object
  Session.Abandon()
  bLogon = true
elseif Request.Form("action")=LOGON_ACTION then
  ' Logon
  Dim sPassword, sName
  sName = Trim(Request.Form("u_name"))
  sPassword = Trim(Request.Form("u_password"))
  if sName="" or sPassword="" then
    sError = "<BR>You did not enter a name and/ or password."
  else
    ' Try to log the user in
    Dim oCmd, oConn, oRS
    set oConn = GetConnection()
    Set oCmd = GetStoredProcedure(oConn,"sp_logonuser")
    oCmd.Parameters.append oCmd.CreateParameter("u_name", adVarChar, adParamInput,50,sName)
    oCmd.Parameters.append oCmd.CreateParameter("u_password", adVarChar, adParamInput,12,spassword)
    set oRS = oCmd.execute()
    ' If no record returned - login failed
    if oRS.eof then
      sError = "<BR>Invalid User Name or Password."
    else
      ' Store user information in session object
      session("u_id") = oRS.fields("u_id")
      session("u_name") = oRS.fields("u_name")
      session("u_lastdate") = oRS.fields("u_lastdate")
      session("u_logcount") = oRS.fields("u_logcount")
      bLogon = false
	end if
  end if
end if

if bLogon then
  Response.Write("<P>Logon " & SITENAME & " or <A HREF=""join.asp"">Join Now</A>.")
  if sError<>"" then
    ' Report any errors
    Response.Write("<P><B>You were not logged in because:</B><FONT COLOR=darkred>" & sError & "</FONT>")
  end if
  Response.Write(BuildForm("username","post"))
  Response.Write("<TABLE>")
  Response.Write("<TR><TD>User Name</TD>")
  Response.Write("<TD>" & BuildInput("text","u_name",sName,20,50) & "</TD></TR>")
  Response.Write("<TR><TD>Password</TD>")
  Response.Write("<TD>" & BuildInput("password","u_password","",12,12) & "</TD></TR>")
  Response.Write("<TR><TD COLSPAN=2>" & BuildInput("submit","action",LOGON_ACTION,"","") & "</TD></TR>")
  Response.Write("</TABLE>")
  Response.Write("</FORM>")
else
  ' User logged in - output welcome back message
  Response.Write("<H2>Welcome Back " & session("u_name") & "</H2>")
  Response.Write(BuildForm("","post"))
  Response.Write(BuildInput("submit","action",LOGOFF_ACTION,"",""))
  Response.Write("</FORM>")
end if
%>
</FORM>
</BODY>
</HTML>

changepassword.asp

All membership related sites should allow the user to update their password. Creating the change password page is very simple. First, you make sure the user is logged in, then you ask the user for their old password and a new one. Below is the complete script for the changepassword.asp page: 

<%@ Language=VBScript %>
<% option explicit %>
<% 
' Make sure user is logged in 
if session("u_name")="" then Response.Redirect("logon.asp") 
%>
<HTML>
<HEAD>
<!-- #include virtual="/inc/utility.asp" -->
</HEAD>
<BODY>
<% 
Dim sError
const ACTION="Change Password"

sError = ""

if Request.Form("action") = ACTION then
  ' Try and update password
  if len(Request.Form("newpassword"))<4 or len(Request.Form("newpassword"))>12 then
    ' Make sure password is appropriate length
    sError = "<BR>Your password must be between 4 and 12 characters."
  elseif Request.Form("newpassword")=Request.Form("newpassword2") then
    ' Make sure new password and confirmation are the same.
    ' If so, try and change password
    Dim oCmd, oReturn, oConn
    set oConn = GetConnection()
    Set oCmd = GetStoredProcedure(oConn,"sp_ChangePassword")
    oCmd.Parameters.append oCmd.CreateParameter("u_id", adInteger, adParamInput,10,session("u_id"))
    oCmd.Parameters.append oCmd.CreateParameter("old_password", adVarChar, adParamInput,12,Request.Form("oldpassword"))
    oCmd.Parameters.append oCmd.CreateParameter("new_password", adVarChar, adParamInput,50,Request.Form("newpassword"))
    set oReturn = oCmd.CreateParameter("success", adInteger, adParamOutput)
    oCmd.Parameters.append oReturn
    oCmd.execute()
    if oReturn.value=-1 then
      ' Failure - report error
      sError = "<BR>Password <B>not</B> changed. Did you enter your current password correctly?"
    end if
  else
    ' New password and New Password confirmation do not match.
    sError = "<BR>New passwords do not match."
  end if
end if

Response.write(outputHeader())

if Request.Form("action")="" or sError<>"" then
  if sError<>"" then
    ' Report any errors.
    Response.Write("<P>The following errors occurred when changing your password:" & sError)
  end if
  Response.Write("<P>Change your password:")
  Response.Write(BuildForm("password","post"))
  Response.Write("<TABLE><TR><TD>Current Password</TD>")
  Response.Write("<TD>" & BuildInput("password","oldpassword","",12,12) & "</TD></TR>")
  Response.Write("<TR><TD>New Password</TD>")
  Response.Write("<TD>" & BuildInput("password","newpassword","",12,12) & "</TD></TR>")
  Response.Write("<TR><TD>Confirm New Password</TD>")
  Response.Write("<TD>" & BuildInput("password","newpassword2","",12,12) & "</TD></TR>")
  Response.Write("<TR><TD ALIGN=CENTER COLSPAN=2>")
  Response.Write(BuildInput("submit","action",ACTION,"","") & "</TD></TR>")
  Response.Write("</FORM>")
else
  Response.Write("Password Changed")
end if
%>
</BODY>
</HTML>

This completes all the end-user related pages. You now have everything necessary to add a site membership table. However, as a site administrator, you need access to edit and update the user's information. Next we show you how we created a simple management page.

© 1997-2000 InsideDHTML.com, LLC. All rights reserved.