Ad:

ASP Discussion Thread
Marked Solved
Views: 3068

Page 1
2
Next

You are currently viewing page 1 of this multi-page discussion thread

Feb 18th, 2008

Login through database

Expand Post »

hiii,,i m a new member of daniweb and new to programming also..
well i have a simple login page in my website,,
currently i am using standard username and password,,,but i would like to have the username and password checked from a table in the database,,
i am using asp.net 2.0 and sql server 2000....
can any1 help me out how to do it exactly????
thnks in advance....
common guys n gals out thr,,,i really need ur help..help me out

Last edited by johnny.g; Feb 18th, 2008 at 5:48 am.

Similar Threads

Website Login in ASP.NET
Need help with Login/Database in ASP
Database and Website in Database Design
Simple ASP.Net Login Page (Using VB.Net) in ASP.NET
login in HTML and CSS

johnny.g

Reputation Points: 10

Solved Threads: 3

Junior Poster in Training

Offline

91 posts
since Feb 2008

Permalink

Feb 18th, 2008

Re: Login through database

Create a table to store login and encrypted salt in database, when someone enters a password, use standard encryption algo and see whether the string matches with what is there in database. It is pretty straight forward.

ithelp

Reputation Points: 769

Solved Threads: 128

Banned

Offline

1,910 posts
since May 2006

Permalink

Feb 18th, 2008

Re: Login through database

hi johnny.g,
There are several article's were available , make Googled and you can definately got some solution on it.
I found out two article based on it. Just visit the link.

http://www.daniweb.com/forums/thread6028.html

http://support.microsoft.com/default...;EN-US;q301240

Hope this will help you.
Thanks & Regards
Dilipv

dilipv

Reputation Points: 10

Solved Threads: 4

Light Poster

Offline

30 posts
since Feb 2008

Permalink

Feb 18th, 2008

Re: Login through database

Click to Expand / Collapse Quote originally posted by ithelp ...

Create a table to store login and encrypted salt in database, when someone enters a password, use standard encryption algo and see whether the string matches with what is there in database. It is pretty straight forward.

___________
well my dear,,thnks for ur help,,
i m lookin for a solution,,i have created a table for username and password,
i have also created the sql connection for the same,,
what i want is the code to check the username and password from the table...
hope u understand what i need,,,thnks in advance

johnny.g

Reputation Points: 10

Solved Threads: 3

Junior Poster in Training

Offline

91 posts
since Feb 2008

Permalink

Feb 18th, 2008

Re: Login through database

Click to Expand / Collapse Quote originally posted by dilipv ...

hi johnny.g,
There are several article's were available , make Googled and you can definately got some solution on it.
I found out two article based on it. Just visit the link.

http://www.daniweb.com/forums/thread6028.html

http://support.microsoft.com/default...;EN-US;q301240

Hope this will help you.
Thanks & Regards
Dilipv

_____________________
hey dude,,thnks for the link,,i wil check the link and let u kno,,,thnks 1ce again
c ya

johnny.g

Reputation Points: 10

Solved Threads: 3

Junior Poster in Training

Offline

91 posts
since Feb 2008

Permalink

Feb 18th, 2008

Re: Login through database

Here's one simple example where you can receive, check and redirect user logins.
Change the DB table fields and so on to match your own data base.

ASP Syntax (Toggle Plain Text)
<%
PW = Request.Form("pass") ' password from the loginform
UN = Request.Form("user") ' username from the loginform
 
SQL = "SELECT * FROM <user_table> WHERE username = '"& UN &"' AND passwd ='"& PW &"'"
Set RS = Conn.Execute(SQL)
 
 
If Not RS.EOF Then ' If the username and password exists in the database
 
Session("valid") = True '  Keep the valid value in session for later use
Session("uid") = RS("<userid>") ' Keep the member userid in session for later use
 
Response.Redirect"some_valid_members_page.asp?uid=" & Session("uid")
 
Else  'If the username and password NOT exists in the database, send them back to your loginpage
 
Response.Redirect"some_page_where_you_have_the_login_form.asp 
 
RS.Close
Conn.Close
Set RS = Nothing
Set Conn = Nothing
End If
%>
 
<%
PW = Request.Form("pass") ' password from the loginform
UN = Request.Form("user") ' username from the loginform

SQL = "SELECT * FROM <user_table> WHERE username = '"& UN &"' AND passwd ='"& PW &"'"
Set RS = Conn.Execute(SQL)


If Not RS.EOF Then ' If the username and password exists in the database

Session("valid") = True '  Keep the valid value in session for later use
Session("uid") = RS("<userid>") ' Keep the member userid in session for later use

Response.Redirect"some_valid_members_page.asp?uid=" & Session("uid")

Else  'If the username and password NOT exists in the database, send them back to your loginpage

Response.Redirect"some_page_where_you_have_the_login_form.asp 

RS.Close
Conn.Close
Set RS = Nothing
Set Conn = Nothing
End If
%>

Last edited by TobbeK; Feb 18th, 2008 at 10:30 am.

TobbeK

Reputation Points: 10

Solved Threads: 3

Junior Poster

Offline

190 posts
since Feb 2008

Permalink

Feb 18th, 2008

Re: Login through database

That's pretty much it. The only thing you have to worry about is case sensitivity. This depends on your server settings on which it is set to case-sensitive or case-insensitive. You should pull the password from the database and then check it thoroughly. You don't want someone to use "PassWoRd" and allow them to login with "password", you know what I mean?

Just create a connection and recordset. Then create an SQL query to retrieve the password. Check to see if there are any results (EOF = end of file), then compare the two if there are. If there are not any results, post an error to the user. An example of this was above, and is below:

(Toggle Plain Text)

Dim rs, conn, sql, passwd, uname

passwd = Trim(Request.Form("password"))
uname = Trim(Request.Form("username"))

Set conn = Server.CreateObject("ADODB.Connection")
conn.Provider = "this is your connection string. Look one up at http://connectionstrings.com"

Set rs = Server.CreateObject("ADODB.Recordset")

'Select the password from the database where the supplied username exists.
sql = "SELECT userpassword FROM users WHERE username='" & uname & "'"

'Open the connection called "conn"
conn.Open()

'Open a recordset that retrieves the query with connection "conn"
rs.Open sql, conn

if Not rs.EOF then
  'If you haven't reached the end of the recordset, there must be a record!
  if StrComp(rs("userpassword"), passwd, 0) = 0 then
    'The 0 stands for case-sensitive. 1 is case-insensitive.
    'If this command equals zero, then it passed validation.
    'Give them a session to store that they logged in. This way you can check
    'at a later time if they logged in.
    Session("logged") = "True"
    'Send the user to the good pages!
    response.redirect("loggedin.asp")
  else
    'Failed to login, incorrect password.
    'Try not to let them know if they have the right username.
    'Just tell them it all failed.
    response.write("incorrect username or password.")
  end if
else
  'No records, meaning there are no users with that username.
  response.write("incorrect username or password.")
end if

rs.Close()
set rs = nothing

conn.Close()
set conn = nothing
'If you do not close the connection, they will continuously rack up, which will slow down, if not halt your program/website. Always close. Disposing of the variable (setting it to nothing) frees up space for the next user. Not required, but definitely good techniques.

SheSaidImaPregy

Reputation Points: 43

Solved Threads: 68

Veteran Poster

Offline

1,080 posts
since Sep 2007

Permalink

Feb 18th, 2008

Re: Login through database

.... when user finally is logged in to the good page, you can put a code like this at top of that page.

When session dies, which it does after a while if the user is inactiv or by closing down the browser. The session lifetime can also be set. However if the user "session" is no longer valid then user cannot view the page. That is why you keep this session value in the first place.

If Session("valid") <> True Then
Response.Redirect"some_page_where_you_have_the_login_form.asp"
End If

Just for fun - check your session settings

<html>
<body>

<p>
The timeout for this session is
<%
Response.Write(Session.Timeout)
%>
minutes.
</p>

</body>
</html>

Last edited by TobbeK; Feb 18th, 2008 at 2:33 pm.

TobbeK

Reputation Points: 10

Solved Threads: 3

Junior Poster

Offline

190 posts
since Feb 2008

Permalink

Feb 19th, 2008

Re: Login through database

Click to Expand / Collapse Quote originally posted by TobbeK ...

.... when user finally is logged in to the good page, you can put a code like this at top of that page.

When session dies, which it does after a while if the user is inactiv or by closing down the browser. The session lifetime can also be set. However if the user "session" is no longer valid then user cannot view the page. That is why you keep this session value in the first place.

If Session("valid") <> True Then
Response.Redirect"some_page_where_you_have_the_login_form.asp"
End If

Just for fun - check your session settings

<html>
<body>

<p>
The timeout for this session is
<%
Response.Write(Session.Timeout)
%>
minutes.
</p>

</body>
</html>

_____________________________
thnks,, i m going thr the code given by u,,will let u kno soon
for the session part,,,i hav given time out in the web.config file using authentication and authorization,,is tht ok??,,thnks

johnny.g

Reputation Points: 10

Solved Threads: 3

Junior Poster in Training

Offline

91 posts
since Feb 2008

Permalink

Feb 19th, 2008

Re: Login through database

That's not asp, isn't that asp.net? different language, completely.

SheSaidImaPregy

Reputation Points: 43

Solved Threads: 68

Veteran Poster

Offline

1,080 posts
since Sep 2007

Page 1
2
Next

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in ASP Forum Timeline: <%=dataDoc.transformNode(screenDoc)%>

Next Thread in ASP Forum Timeline: Urgent Help 2 comboboxes 1 hidden 1 shown

DaniWeb Message

Cancel Changes

User Name
Password