Inside Technique : Online Registration and Validation with VB : Implementation Overview

When InStockBot first loads, we look for the user identifier in the system registry. For our identifier we chose to use the user's e-mail address. If a value exists in the registry, we pass this value to our server to validate the user. To communicate with the server, we use Microsoft's Internet Transfer Control. This basically allows you to programmatically communicate with a web-site. During the loading of our splash screen, we do the following call:

Dim result As Variant
'  Check for a stored registration
uname = VBA.GetSetting("MyApplication", "User", "Email", "")
 
' Validation Registration
If uname <> "" Then
  result = Inet1.OpenURL("http://yoursite/registration/checkReg.asp?e=" _
    & uname)
  ' We return a numeric success code
  ' If less than 0 than validation failed (attempted spoof) 
  '   and delete registration value
  If IsNumeric(result) And result < 0 Then
    VBA.DeleteSetting "MyApplication", "User", "Email"
    uname = ""
  End If
End If

To protect against our server not being available, if the return value is not a simple integer, we assume that any stored registration is valid. While with some effort it is possible to take advantage of approach, the cost to implement differently do not outweigh the risk that this will happen frequently.

The first time you run the application, no user is stored and the validation code is not executed. When this happens, a registration screen is displayed. Here the user can either register or choose to run the program in demonstration mode. Running in demonstration mode is maintained by a simple boolean, Demo, which when set alters the behavior of the application (disables or limits features). This approach ensures we only have one single set of code and users will not have to redownload the full application when they purchase and register.

The registration screen works very similar to the splash screen. The only difference is the user-name is taken from a text field rather than the registry. Once the user is validated, the user's identification is stored in the registry:

uname = Text1.Text
result = Inet1.OpenURL("http://yoursite/registration/checkReg.asp?r=1&e=" _
  & uname)
If result < 0 Then
  MsgBox "The e-mail address you entered was not used to purchase InStockBot."
Else
  VBA.SaveSetting "MyApplication", "User", "Email", uname
  Unload Me
End If

This should look very familiar. If the test succeeds, we save the user-name in the registry. Remember, every time the user starts the application, we will re-validate this user name. Therefore, a user cannot simply invent a random value and add it to the registry.

The last step is to explain our server script. Our server script, checkReg.asp, is extremely simple. It queries the database for a valid registration:

<% 
option explicit 


response.expires=0
response.cachecontrol="private"

Dim oConn,oCmd, oRS,sEmail

sEmail = trim(left(request.queryString("e"),150))

function GetConnection() 
	' Update this function to return your database connection
	
end function

if sEmail="" then
	Response.Write(-1)
	Response.End
else
	set oConn = GetConnection()

	Set oCmd = Server.createobject("ADODB.Command")
	Set oCmd.ActiveConnection = GetConnection()
	oCmd.CommandType = adCmdStoredProc
	if request.querystring("reg")="1" then ' New Registration
		oCmd.CommandText = "p_isbUserReg"
	else ' Validate Registration
		oCmd.CommandText = "p_isbUserLogin"
	end if
	oCmd.Parameters.append oCmd.CreateParameter("e_mail", _
          advarchar, adParamInput,150,sEmail)
	set oRS = oCmd.execute()
	Response.Write(oRS.fields("success"))
end if
%>

This asp page is fairly specific to our backend. We use a SQL Server database and encapsulate all our queries in stored procedures. This script needs to be tailored to how and where you are storing the data. The final result of this function is to return a success code. This code is then interpreted by the client.

This concludes our overview on how to add on-line user registration and validation to your Visual Basic application.

© 1997-2000 InsideDHTML.com, LLC. All rights reserved.