<%@ Language = "VBScript" %> <% Option Explicit Response.Buffer = True '********************************************************** ' To make this script work you simply need to create a ' table named tblLoginInfo in your database with three ' columns: username, password, and destination. Put ' the values you want for username and password into a ' record in the table and in destination put the url you ' want to send that user to. ' ' NOTE: BE SURE TO EITHER MOVE THE INCLUDED SAMPLE ' DATABASE TO A SECURE AREA OUTSIDE THE WEB SITE OR ' USE A DIFFERENT SECURE DATABASE. OTHERWISE ANYONE ' CAN SIMPLY DOWNLOAD THE WHOLE DB AND RETREIVE YOUR ' USERNAME AND PASSWORD FROM IT. '********************************************************** %> Login Page <% If Request.Form("action") <> "validate_login" Then %>
Login:
Password:
<% Else Dim cnnLogin Dim rstLogin Dim strSQL Dim strUsername, strPassword, strURL strUsername = Request.Form("login") strPassword = Request.Form("password") If Len(strUsername) > 25 Or Len(strPassword) > 25 Then strUsername = "" strPassword = "" Else strUsername = Replace(strUsername, "'", "''") strPassword = Replace(strPassword, "'", "''") End If strSQL = "SELECT * FROM tblLoginInfo " _ & "WHERE username='" & strUsername & "' " _ & "AND password='" & strPassword & "';" Set cnnLogin = Server.CreateObject("ADODB.Connection") cnnLogin.Open("DRIVER={Microsoft Access Driver (*.mdb)};" _ & "DBQ=" & Server.MapPath("login.mdb")) Set rstLogin = cnnLogin.Execute(strSQL) If rstLogin.EOF Then Session("username") = "" strURL = "" %>

Login Failed - Please verify username and password.

Try Again

<% 'Response.End Else Session("username") = rstLogin.Fields("username").Value strURL = rstLogin.Fields("destination").Value Response.Redirect("destinations/" & strURL) End If ' Clean Up rstLogin.Close Set rstLogin = Nothing cnnLogin.Close Set cnnLogin = Nothing End If %>