Aspscript Form Access

ASP Scripts

access.mdb

This is the database where the username and passwords are kept. It should be stored in a directory, where it can't be accessed directly by a user, but only accessed by scripts which are stored on the server.

If you want to set up the database yourself:
I have called the database access.mdb If you change this name, then ensure that you also change the references to it in addinguserproc.asp and loginproc.asp

I have called the table users. If you change this name, then ensure that you also change the references to it in addinguserproc.asp and loginproc.asp

The table has 3 fields:
userID which is an autonumber
Username which is a text field
Password which is also a text field
EmailAddress which is also a text field

I have kept it simple for these purposes, but in a real life situation you may want to make it slightly more complicated.

addinguser.asp

This is simply a form for a new user to add their information. More fields can be added if required by just adding more lines. For example:

<%Response.Write("Address <input type = ""Text"" name =""Address"">")%>

addinguserproc.asp

This script checks that the user has entered a password and username and email address. It then adds these values to the database as a new user and logs in that user in a similar way to loginproc.asp . It then redirects that user to success.asp to tell them that they are logged in

authenticate.asp

This should be included at the top of each file that you want to password protect. The asp file should have

<%Response.Write("<%@ Language=VBScript %>" & vbcrlf)Response.Write("
" & vbcrlf)Response.Write("<%Option explicit %>")%>

at the top and this should be included immediately after these two lines by putting:

<% Response.Write("<!-- #INCLUDE FILE = "authenticate.asp" -->") %>

delete.asp

This script is activated from viewusers.asp in order to delete users from the database.emailcheck.asp

This is a simple script to check that the person adding their email address is entering a valid email address. It checks that there is only one @ sign and also there there is a dot there

failure.asp

This tells the user, that they are not logged in if it is true or their username if they are logged in.

login.asp

This is a simple form for a user to log in. It requires a Username and password, however other fields can be added as with addinguser.asp .

loginproc.asp

This checks that a Username and Password were entered. It then checks them against the database to make sure that the Username exists and that the password entered is valid.If they are, then it writes a session variable of their username and redirects them to the success page

logout.asp

This page simply sets the session variable equal to "" . It then redirects the user to failure.asp to tell them that they are not logged in.

success.asp

This could say anything, but to show that the script is working, I have written the session variable produced by loginproc.asp to show the user name.

viewusers.asp

This shows all valid users in a table. For security, don't put this in a place which can be easily found by visitors. Alternatively, password protect this page by changing authenticate.asp to only allow access if there is a particular username that has been logged in. You are also able to delete users from this page, but once deleted, they are deleted permanently.

Any more questions please email scripts@grabthebasics.com

Microsoft identifies tools to address SQL injection attacks - Search Security

Microsoft identifies tools to address SQL injection attacks Search Security, Australia - Jun 25, 2008 Ultimately the attack triggers an error on the server hosting the Web application, allowing the attacker to insert his own code and gain access to the ...

Ipswitch's MOVEit Adds to Its Rich Array of Federal Certifications ... - Earthtimes (press release)

Ipswitch's MOVEit Adds to Its Rich Array of Federal Certifications ... Earthtimes (press release), UK - Jun 18, 2008 ... have previously received, and the Department of Defense Common Access Card (CAC) single sign-on (SSO) authentication support that MOVEit DMZ provides. ...

Web Developer - Seattle Times

Web Developer Seattle Times, United States - Jul 2, 2008 JavaScript/AJAX, Microsoft Access, Microsoft SQL Server, ASP, VBScript and ADO. For more information and an Online Application Form, ...