casper03
Here is a simple app to "protect" a website. In my example I used ASP and Access to store and retrieve passwords but you could embed them into the page just as easy. The advantage of using Access is that you can store multiple names and passwords.
To make this work you need a database with one table and two fields. I named the database YourDatabase.mdb, the table tblUsers and the two fields uname and pword.
Now you need three asp pages. The first would be the form for user name and password and it should look like this (login.asp):
<p><html>
<head>
<title>Password Form</title>
</head>
<body>
<div align="center">
<form method="post" action="login.asp">
<table border="0" cellspacing="1" width="600">
<tr>
<td colspan="2" width="592">
<p align="left"><font face="Verdana"><b>Log into my page</b></font></td>
</tr>
<tr>
<td width="81">
<p align="right"><font face="Verdana" size="2">User Name:</font></td>
<center>
<td width="505"><input type="text" name="uname" size="20"></td>
</tr>
</center>
<tr>
<td width="81">
<p align="right"><font face="Verdana" size="2">Password:</font></td><br>
<center>
<td width="505"><input type="text" name="pword" size="20"></td>
</tr>
<tr>
<td width="81">
</td>
<td width="505"><input type="submit" value="Submit" name="B1"></td>
</tr>
</table>
</form>
</center>
</div>
<%
Const adLockOptimistic = 3
Const adCmdTable = &H0002
Dim objRs, bolFound, objConn, strUsername, strPassWord
Set objconn = Server.CreateObject("ADODB.Connection")
objconn.ConnectionString = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & _
Server.MapPath("/fpdb/YourDatabase.mdb")
objconn.Open
strUserName = Request.Form("uname")
strPassWord = Request.Form("pword")
If ((Request.Form("uname") = "") Or (Request.Form("pword") = "")) Then
objConn.Close
Set objConn = Nothing
Else
Set objRs = Server.CreateObject("ADODB.Recordset")
objRs.Open "tblUsers", objConn, , adLockOptimistic, adCmdTable
bolFound = False
Do Until objRs.EOF Or bolFound
If (strComp(objRs("uname"), strUserName, vbTextCompare) = 0) _
And (strComp(objRs("pword"), strPassWord, vbTextCompare) = 0) Then
bolFound = True
Else
objRs.MoveNext
End If
Loop
If Not bolFound Then
objRs.Close
Set objRs = Nothing
ObjConn.Close
Set objConn = Nothing
Response.End
End If
session("loggedin") = true
Response.Redirect ("mainpage.asp")
objRs.Close
Set objRs = Nothing
objConn.Close
Set objConn = Nothing
End If
%>
</body>
</html>
Then you need the page to check to see wether the user has created a session. (pwd.asp):
<%
Response.Buffer = true
Session.Timeout = 03
if session("loggedin") = false then
session("calling_page") = Request.ServerVariables ("URL")
Response.Clear
Response.Redirect ("login.asp")
end if
%>
Now you can put this in any page that you want to protect. <!-- #include file = "pwd.asp"--> like this (mainpage.asp):
<!-- #include file = "pwd.asp" -->
<html>
<head>
<title>My protected page</title>
</head>
<body>
<p>You made it to the page</p>
</body>
</html>
Post back if you have more questions about this.