Second, initialization and user input legality check
When an ASP application is started, IIS looks for a global.asa file. If the file is stored
At the beginning of the execution of the Application_OnStart. Here you can initialize the application-level variables and constants. Under
Surface code Initializes an array in Application_OnStart to track all of the login systems at any time
User:
Sub Application_OnStart
Application ("Users") = Array ()
End Sub
After the Application_OnStart is executed, the ASP engine creates a Session object and initializes the
SessionID, and then triggers the Session_OnStart event. The session level can be initialized here (and specific
User-related variables and constants:
Sub Session_OnStart
Session.timeout=1
' Database DSN
Session ("ConnectionString") = "aspsecurity"
Session ("connectiontimeout") = 15
' Read/write Way
Session ("Mode") = 3
End Sub
Considering that the user's browser may not support cookies or turn off the cookies function, it must be in the first
An ASP page checks the cookies for support and saves the results in a session variable. Furthermore
When the user clicks the login button on the login page, you should also check the legality of the user input, as in the following generation
Code, where aspsecurity.inc provides some common functions (such as Signuseron for verifying the user's body
Part):
<%@ Language=vbscript%>
<% Option Explicit%>
<% Response.Buffer = True%>
<!--#INCLUDE file= "Aspsecurity.inc"-->
<%
Dim Asignon
Dim Apassword
Dim datavalidated
Datavalidated = False
' Check to see if the browser supports cookies
Session ("supportscookies") = (InStr (1, Request.ServerVariables
("Http_cookie"), "ASPSessionID", vbTextCompare) > 0)
If Request ("Action") = "Login" Then
Asignon = LCase (Trim (Request.Form ("Signon"))
Apassword = LCase (Trim (Request.Form ("Password"))
If Len (asignon) = 0 Then
Session ("MSG") = "Please enter the user name."
End If
If Len (apassword) = 0 Then
Session ("MSG") = "Please enter a password."
Else
Datavalidated=true
End If
If Datavalidated Then
If Signuseron (Asignon, Apassword) Then
' User identity confirmed, allow access to protected pages
Response.Redirect "Signedon.asp?id=" & Session ("ID")
End If
End If
ElseIf Request ("Action") = "Register" Then
Response.Redirect "Register.asp"
End If
%>
For the registration page, in addition to checking whether the user has completely entered all the content, should also check two times
Enter whether the password is the same, whether the user name is in conflict with a record in the database, and so on. Implementation code see this article
The attached zip file.
Because the SessionID are different each time the user starts the browser to connect to the server, you cannot directly
It is used to correlate the user with the information stored in the database, but SessionID can be used to temporarily identify the
The user information extracted by the database or file. For browsers that do not support cookies, you can use the other side
Falay creates a unique ID, as the following getid uses a random function:
function GetID () Dim numbers
Dim letters
Dim I
Dim ID
Randomize
Numbers= "0123456789"
Letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
For I = 1 to 10
If I mod 2 <> 0 Then
id = ID & Mid (Letters, INT ((Rnd) + 1), 1)
Else
id = ID & Mid (Numbers, Int ((Rnd) + 1), 1)
End If
Next
GetID = ID
End Function
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
