ASP Tutorial ? Member?s Only Area Extended

Related Articles

Article Links

This tutorial builds on what was discussed in the previous tutorial. This time you will be examining the code for an extended version of the member’s only section.

This extended version includes the following extra features:

  • Ability to log in and log out
  • More than one page can be used in the member’s area
  • More than one username and password pair can be accepted

We’ll create it first then talk about the code.

  1. Create four text files (in Notepad or another text editor), and give them the following names:
    • index.asp
    • main.asp
    • main2.asp
    • logout.asp
  2. Copy the following portions of code into the separate files:

index.asp

<%

if request.cookies("extended_members_area") = "qw339cmx" then response.redirect("main.asp")

sub login()

response.cookies("extended_members_area") = "qw339cmx"

response.redirect("main.asp")

end sub

if request.form("username") = "johndoe" and request.form("password") = "letmein" then login()

if request.form("username") = "tim" and request.form("password") = "ilikeasp" then login()

if request.form("username") = "adam" and request.form("password") = "iliketw" then login()

%>

<html>

<head>

<title>Extended Member’s Area</title>

</head>

<body>

Please login to access this Member’s Area.

<% if request.form("submit") = "Enter!" then %>

<font color="red"><b>You entered an incorrect username/password combination. Please try again.</b></font><br>

<% end if %>

<form action="index.asp" method="post">

Username: <input type="text" name="username">

Password: <input type="password" name="password">

<input type="submit" name="submit" value="Enter!">

</form>

</body>

</html>

main.asp

<% if not request.cookies("extended_members_area") = "qw339cmx" then response.redirect("index.asp") %>

<html>

<head>

<title>Extended Member’s Area</title>

</head>

<body>

<b>Welcome to the Member’s Area.</b><br>
Special content for members only appears here.<br>

You can also view <a href="main2.asp">this page</a>.

To logout, please <a href="logout.asp">click here</a>.

</body>

</html>

main2.asp

<% if not request.cookies("extended_members_area") = "qw339cmx" then response.redirect("index.asp") %>

<html>

<head>

<title>Extended Member’s Area</title>

</head>

<body>

This is another page in the Member’s area.<br>

To go back to the main page, <a href="main.asp">click here</a>.

</body>

</html>

logout.asp

<%

response.cookies("extended_members_area") = ""

response.redirect("main.asp")

%>

Explaining The Code

If you look at this code in detail, you should be able to figure out what it’s doing. We’ll examine it bit by bit.

index.asp

index.asp is the page that users will see first. It contains the form that users use to login to the member’s area, and it also processes this data entered into the form – by checking that the username and password are correct, setting a cookie, and redirecting to main.asp.

<%

Don’t forget – we always have to use the <% to start our ASP scripts.

if request.cookies("extended_members_area") = "qw339cmx" then response.redirect("main.asp")

This simple one-line statement is just saying "If the cookie ‘extended_members_area’ equals ‘qw339cmx’ then redirect the user to ‘main.asp’". In ASP, and many other web programming languages – PHP and JavaScript to name a few, you can set cookies. Cookies are small text files that are stored on a user’s computer that you can use to identify a particular user. More information about cookies can be found in our Article, Cookies and Cream.

Today you’ll learn about using cookies – setting and retrieving them. In this statement, we are retrieving a cookie – hence the request statement. If we were setting a cookie, we’d use the response statement instead. The name of the cookie we are retrieving (or requesting) is "extended_members_area". You can call the cookie whatever you like, as long as you use the same name each time you reference it.

In the if statement above, we are checking to see if the "extended_members_area" cookie holds the value "qw339cmx". This may seem like a strange value, but personally I tend to use values like this for more security – to make it harder for hackers to guess the value of the cookie. You’ll see a bit further on in the code where we actually set the variable with this value.

So, what are we doing with this cookie? Well, when the user logs in, if the username and password is correct, we set the special value ("qw339cmx"). Then, when each page loads (eg. main.asp), we check to see what the value of the cookie is. If it’s "qw339cmx", then we show the user that page – because it means they’re logged in. But if it isn’t, then they obviously aren’t logged in, so we return them to the login page. Also, if a user visits the login page when they are already logged in, we save them the trouble and take them straight to the main page.

sub login()

response.cookies("extended_members_area") = "qw339cmx"

response.redirect("main.asp")

end sub

This code does what we were just talking about then – it sets the cookie (notice response instead of request), and then redirects the user to main.asp. But what’s the sub login() and end sub for? If you’ve used any variation of the Basic language before, you’ll recognize those. Any code inside those two statements will not run unless we ask it to. It’s like a "sub section" of our code.

if request.form("username") = "johndoe" and request.form("password") = "letmein" then login()

if request.form("username") = "tim" and request.form("password") = "ilikeasp" then login()

if request.form("username") = "adam" and request.form("password") = "iliketw" then login()

If you don’t like if statements, then you’re not going to like that section of code! Here we’ve got three if statements – all to check usernames and passwords. You can copy these and put in as many users as you like. All we’re doing with each of these statements is checking what username the user entered, and checking it against the password – and if they’re both correct, we use login() to run the sub-section of code we defined earlier on.

The rest of the code in the index.asp page is HTML, so you should be able to understand what it’s all doing. There’s just one more thing to draw your attention to:

<% if request.form("submit") = "Enter!" then %>

<font color="red"><b>You entered an incorrect username/password combination. Please try again.</b></font><br>

<% end if %>

Here we are simply checking to see if the user has submitted the form, and if they have we tell them that their username and password was incorrect. Why do we assume that? Because in the code before, if the username and password were correct, we would have already moved on to the main.asp page.

main.asp AND main2.asp

main.asp is the first page that users see once they have successfully logged in. It checks the cookie we set to prevent users from viewing the page directly without logging in. main2.asp is another page that only members can see. This page is included to demonstrate to you the ability to include as many pages as you like.

<% if not request.cookies("extended_members_area") = "qw339cmx" then response.redirect("index.asp") %>

If you don’t already know what this code does – it simply checks to see that the cookie is set the value we want, and if not, it redirects back to index.asp for the user to log in. Note that our if statement here says if not – so the action is performed if the check we do is not true.

<%

response.cookies("extended_members_area") = ""

response.redirect("main.asp")

%>

logout.asp

logout.asp is the page to link to if you want to log your users out. All it does is removes the cookie we set earlier and redirects back to the front page (the login form).

<%

response.cookies("extended_members_area") = ""

response.redirect("index.asp")

%>

This code simply sets the cookie we have back to nothing (i.e. it logs the user out), and then returns to the login page.

Conclusion

And that’s all! Hopefully now you know the basics of creating a password protected "members area" in ASP. If you have any questions or experience problems with this or any other task you are undergoing in ASP, feel free to ask the experts – there are fantastic forums available at Cre8asite.com.


Publication Date: Saturday 1st May, 2004
Author: Tim Malone View profile

Related Articles