Search Tools Links Login

Login Authentication with 2 Files!


This simple file (2 files including the text file
of usernames/passwords) allows password
protection of web pages. It was created with 2
thoughts in mind: 1. User does not need access to
the web server the script resides on (NT
authentication is impossible unless you own the
Web Server) 2. Needs no database access.

Original Author: Nik Martin

Assumptions

If you want to protect a page called secured.asp (must be .asp because the code in the include is asp code), then place this include in the FIRST line of the HTML, before the tag: "" The path is relative to wherever secured.asp exists. Also assumed is a file that holds your usernames / passwords (by default passwords.txt). PLEASE rename this file to something I would never guess!!!

Returns

If sucessfull, user is passed through to the original web page requested (along with any query strings applicable to the original page). So, if your original request looked like: http:\www.somesite.comsendmail.asp?id=1zx Then once being validated, you will still be passed to the same address, with the "id=1zx" query_string intact. If unsuccessfull, the user stares at a login page forever.

Side Affects

Hairy palms, sweaty feet, & a craving for bologna.

API Declarations

This is a compilation of all the
login schemes I found on the
'net that for some reason were
missing some functionality I needed.

Code

includelogin.asp:
<%
'include this on pages to protect
' (put it before the tag):
'
Response.Buffer = True
Function ValidateLogin(sId,sPwd)
dim FSObject
dim LoginFile

Set FSObject = Server.CreateObject("Scripting.FileSystemObject")
Set LoginFile = FSObject.OpenTextFile(Server.MapPath("passwords.txt"))
' change this to the path ame
' of the file that holds your passwords
'DATA FORMAT IN TEXT FILE: "usernamepassword"

ValidateLogin = False

WHILE NOT LoginFile.AtEndOfStream 'Scan the text file to determine if the user is legal
IF LoginFile.ReadLine = sID & " " & sPwd THEN 'If username AND password are found,
ValidateLogin = True ' You passed!

End If
WEND
LoginFile.Close 'Close the text file
Set LoginFile = Nothing 'free up objects
Set FSObject = Nothing
End Function
Dim sText
Dim fBack
fBack = False
If Request.Form("dologin") = "yes" Then
'Try to login
If ValidateLogin( Request.Form("id"),Request.Form("pwd") ) = True Then
'It is OK!!!
'We are logged in so lets go back to the file that included us
fBack = True
Session("logonid") = Request.Form("id")
Else
sText = "Wrong User ID or Password"
End If
Else
'We are not trying to login...
If Session("logonid") <> "" Then
'
fBack = True
'We are logged in so lets go back to the file that included us
Else
sText = "Please login"
End If
End If
If fBack = False Then %>






You need to login



<%=sText%>
<%
Dim sURL
sURL = Request.ServerVariables("SCRIPT_NAME")
If Request.ServerVariables("QUERY_STRING") <> "" Then
sURL = sURL & "?" & Request.ServerVariables("QUERY_STRING")
End If
%>












User ID:
Password:






<%
Response.End
End If
%>

About this post

Posted: 2002-06-01
By: ArchiveBot
Viewed: 105 times

Categories

ASP/ HTML

Attachments

No attachments for this post


Loading Comments ...

Comments

No comments have been added for this post.

You must be logged in to make a comment.