Next, I will introduce how to use ASP to create a simple but effective logon solution to ensure the security of web applications. As long as you follow the steps below, you will have a secure User Logon system.
Step 1: create a user table
First, we need to create a table that records the information of authorized users. In this example, I used Access97 to create a userinfo. mdb database, which contains information of authorized users. Users have two fields: User Name and user password. The user name is the primary keyword. (Access is used because it is widely known, easy to use, and applicable to most small and medium solutions .)
Step 2: Set the default verification status
Complete these settings in the global. Asa file to set a dialog variable for the default "not authenticated" status. After this is done, users can access protected pages only after checking their ID card. The default status ensures that everyone is authenticated before entering the webpage.
In the global. Asa file, enter the following code in the session_onstart event:
In the global. Asa file, enter the following code in the session_onstart event:
<Script language = VBScript runat = Server>
Sub session_onstart
......
......
'This is the default authentication status
Session ("authenticated") = 0
End sub
</SCRIPT>
Do not forget to set the authentication status. Our purpose is:
* Verify that the user is authorized and set the corresponding verification status based on the result.
* If the user is authorized, the verification status is set to 1.
* If the user is not authorized, the verification status is set to 0.
The Code on the verify. ASP page is displayed below. You can modify the code according to the actual situation.
<%
'Create a command object. This object serves to run our queries
Set CM = server. Createobject ("ADODB. Command ")
'Specify the system DSN path
Cm. activeconnection = "logindsn"
'Now it's time for the query. We need to check the user information
'Against the table tusers
Cm. commandtext = "select * From tusers where "&_
"Username = '" & request. form ("username") & "and "&_
"Userpassword = '" & request. form ("userpassword") & "'"
'Set the query type. 1 means it is a SQL statement
Cm. commandtype = 1
'Retrieve the results in A recordset object
Set rs = cm. Execute
'We now check if the user is valid. If user is valid, the recordset must
'Haverecord. Otherwise it is empty. If user exists, we set Authentication
'Status to 1 and send the user to appropriate page, say welcome. asp.
'Else send the user back to login. asp
If Rs. EOF then
Session ("authenticated") = 0
Response. Redirect ("login. asp ")
Else
Session ("authenticated") = 1
Response. Redirect ("Welcome. asp ")
End if
%>