Creating A Login Script With Asp

In a similar vein to Jesteruk's login with PHP articles, this article will show you how to do the same thing but with ASP.

So, how do you start?

The first thing you need to do is create a simple login page, which can look something like this:

Creating the login.asp page

<% Sub ShowLogin %>
<form name=form1 action=login.asp method=post>
User Name : <input type=text name=username>
Password : <input type=password name=userpwd>
<input type=hidden name=login value=true>
<input type=submit value="Login">
</form>
<% End Sub %>

The second input box has a type=password, what this does is cause the text typed in to be hidden (like *******). Also to note is that you want the action of the form to be the same page. This way we do not need a second page just to handle the checking of the password. I will talk about the hidden form element next. You will also see why we placed the form inside a subroutine later.

Before we add the code to check to see if the user name and password are correct we need to add some code to the top of login.asp to check to see if the form has been submitted.

Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
Session("UserLoggedIn") = ""
If Request.Form("login") = "true" Then 
    CheckLogin 
Else
    ShowLogin 
End If 

This code will go at the top of login.asp to see if the form was submitted. If it was, then we will check the login, if not then we will show the login form.

Checking for correct login details

Next we will add the code for the CheckLogin subroutine to check to see if the username and password entered are correct. At this time there is no database connectivity, as there is only one user.

Sub CheckLogin
If LCase(Request.Form("username")) = "guest" And LCase(Request.Form("userpwd")) = "guest" Then 
    Session("UserLoggedIn") = "true"
    Response.Redirect "protectedpage.asp"
Else
    Response.Write("Login Failed.<br><br>")
    ShowLogin
End If
End Sub

The above code will check to make sure they have entered the login correctly. By setting the Session variable "UserLoggedIn" equal to "" we are basically logging the user out.

The protected pages

The only thing left to do is write the code to put at the top of the protected page to check to see if the user is logged in. This will redirect the user to the login page if UserLogginIn is not set.

Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
If Session("UserLoggedIn") <> "true" Then 
    Response.Redirect("login.asp") 
End If 

The Scripts in full

login.asp

<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
Session("UserLoggedIn") = ""
If Request.Form("login") = "true" Then
    CheckLogin
Else
    ShowLogin
End If
Sub ShowLogin
%>
<form name=form1 action=login.asp method=post>
User Name : <input type=text name=username><br>
Password : <input type=password name=userpwd><br>
<input type=hidden name=login value=true>
<input type=submit value="Login">
</form>
>%
End Sub
Sub CheckLogin
If LCase(Request.Form("username")) = "guest" And LCase(Request.Form("userpwd")) = "guest" Then
    Session("UserLoggedIn") = "true"
    Response.Redirect "protectedpage.asp"
Else
    Response.Write("Login Failed.<br><br>")
    ShowLogin
End If
End Sub
%>

protectedpage.asp

<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work
If Session("UserLoggedIn") <> "true" Then
    Response.Redirect("login.asp")
End If
%>
This page is full of password protected content.  If you are reading this you entered <br>
the correct name and password.