asp+|session| variable the existing ASP version of Eville prohibits access to portions of the site unless the user is logged in. Some features like viewing future special offers, enrolling in classes, and understanding your current admissions status are restricted areas. If you want to access this type of area without being logged in, you will only be rebooted back to the login page. Users enter their username and password in a form and then compare it to the database's student table, and if the login succeeds, a session variable named Blnloggedin is set to true. This method is valid for this site because it is mounted on a single server. Other methods will be used for Web applications on Web farms, such as asp+ session storage, or SQL session storage.
= = = Confirm user Input = = =
The biggest part of the code rewrite effort is the pages that get user input, which users enter to register as Eville members. There is a page called signup.asp to allow users to enter their important information, and existing members can also update the information. Before the conversion, the data for the form is submitted to a page called cookie.asp via an HTTP post. The page confirms the data in the table and, if there is an error, returns the user to signup.asp and adds an error number to the query string. Then a Select Case statement converts the output based on the error number. The errors we checked include:
* No user name entered
* No password entered
* Password and password confirmation does not match
* User name already exists in the database
You can easily handle the first two possible errors by converting all input fields (field) to a server control and then adding requiredfieldvalidators. RequiredFieldValidator simply confirms that there are input values in the server control after ControlToValidate domain authentication:
< tr>
< TD valign= "Top" >
< Asp:requiredfieldvalidator Runat=server
ControlToValidate = "txtUserName"
Display = "Static"
Errormessage= "< b>*</b>"
ForeColor = "#CC3300"/>
</td>
< TD Valign=top>user name:</TD>
< TD valign=top>
< Asp:textbox id= "txtUserName" size=25 runat=server/></td>
</tr>
The solution was so simple that we decided to add RequiredFieldValidator to all the form entry fields. In ASP, we typically use a VBScript function to validate input values, and now we just add requiredfieldvalidator to every control we want to confirm.
As for the comparison of password and password confirmation, we can use asp+ CompareValidator. The control allows us to set the Controltovalidate,controltocompare and the Operator property (in this case, an equal number, that is, ' Equal '). The specified two controls are compared to each other using the operator (that is, the operator) property. With the traditional if ... Then statement, this method is obviously simpler and quicker:
< Asp:comparevalidator Runat=server
ControlToValidate = "Txtconfirm"
ControlToCompare = "Txtpassword"
Type = "String"
Operator = "Equal"
Display = "Dynamic"
Errormessage= "< b>*</b>"
ForeColor = "#CC3300"/>
Depending on the browser, the Asp+ validator control performs the client's JavaScript validation (for the version above IE4.0) or performs server-side validation (for other scenarios). Regardless of how the validation is performed, server-side validation is essential (to prevent some naughty guys from playing tricks on client authentication).
Now it's your turn to get the last mistake. If the submitted username already exists, this requires a little bit of page change. So far, we've done all the asp+ validation with server controls that can execute server-side and client authentication code. As for the last error, we want to provide some custom server-side validation because we need to access the database to see if the requested username already exists. We can use the asp+ CustomValidator control to solve this problem.