Displaying Source Code(s)
|
|
Simple Login Security
--------------------------------------------------------------------------------
Description : Use this page to verify your login page and to set
a cookie. Then for secure pages simply add a script to check for
cookie. This even sets different levels of acces in the cookie.
To make it more secure, encrypt the cookie. If someone doesn't
have a cookie send them to the intrusion page that will log
their info and check for repeated attempts. (not included)
<%@ LANGUAGE="VBSCRIPT" %>
<!--#include file="dataconn.asp"-->
<%
'-----------------------------------------------
'Here we check to see if input is greater than
'nothing, look for a username that matches and
'compares the password. If none match we send
'user back to login page. If there is a match
'we send the user to main1-4 depending on userlevel.
'-----------------------------------------------
Dim login_input
Dim password_input
login_input = Request.QueryString("box1")
password_input = Request.QueryString("box2")
If login_input = "" Then
Response.Redirect ("intrusion.asp")
End If
Set rs_main = Server.CreateObject("ADODB.Recordset")
theQuery = "SELECT * FROM Login where UserName='" &
Request.QueryString("box1") &"'"
cmdTemp.CommandText = theQuery
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = DataConn
rs_main.Open cmdTemp, , 1, 3
If login_input <> (rs_main("UserName")) Then
Response.Redirect ("intrusion.asp")
Else
Set level = (rs_main("UserLevel"))
Set thepass = (rs_main("UserPassword"))
If password_input = thepass Then
Response.Cookies("PutYouOnLockdown")("clearance") = "yes"
Response.Cookies("PutYouOnLockdown")("theuserlevel") = ("Main" &
(level) & ".asp?ID=" & (login_input))
Response.Cookies("PutYouOnLockdown").expires = Now() + 1
Response.Redirect ("Main" & (level) & ".asp?ID=" & (login_input))
Else
Response.Redirect ("intrusion.asp")
End If
End If
%>
<%
rs_main.Close
DataConn.Close
Set DataConn = Nothing
%>
|
|
|