<% Response.Buffer = True 'Buffers the content so Response.Redirect will work
Session("BlnAdministrator")=false 'Set our session object to false
'set the username and password
sUsername="codefixer"
sPassword="codefixer"
%>
<html>
<head>
<title>Cookie Login Script</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<%
'if form has not been filled in then display it otherwise check the details submitted
If Request.Form<>"" Then
If Request.form("checkbox") ="1" Then
Response.Cookies("UsernameCookie") = Request.Form("txtUsername")
Response.Cookies("PasswordCookie") = Request.Form("txtPassword")
Response.Cookies("RememberMeCookie") = "1"
Response.Cookies("UsernameCookie").expires = Now() + 60
Response.Cookies("PasswordCookie").expires = Now() + 60
Response.Cookies("RememberMeCookie").expires = Now() + 60
Else
Response.Cookies("RememberMeCookie") = ""
Response.Cookies("UsernameCookie") = ""
Response.Cookies("PasswordCookie") = ""
End If
'=== call checklogin subroutine
CheckLoginForm
Else
'=== call showlogin subroutine
ShowLoginForm
End If
'=== begin subroutine showlogin
Sub ShowLoginForm
%>
<div align="center"> <br>
<form name="form1" action="<%=Request.ServerVariables("SCRIPT_NAME")%>" method="post">
<table width="50%" border="1" align="center" cellpadding="4" cellspacing="0" bordercolor="#6185C1" bgcolor="EEF3FB">
<tr>
<td height="112" valign="top">
<table width='100%' border="0" cellpadding="3">
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td width="45%">Username : </td>
<td width="54%"> <input value="<%= Request.Cookies("UsernameCookie") %>" name="txtUsername" type="text">
</td>
</tr>
<tr>
<td width="45%">Password : </td>
<td width="54%"> <input value="<%= Request.Cookies("PasswordCookie") %>" name="txtPassword" type="password">
</td>
</tr>
<tr>
<td width="45%"> </td>
<td width="54%"> <input type="submit" value="Login" name="submit">
</td>
</tr>
<tr>
<td>Remember me</td>
<td><input value="1" type="checkbox" name="checkbox"
<% If Request.Cookies("RememberMeCookie") = "1" Then
Response.Write "CHECKED"
Else
Response.Write ""
End If %>>
</td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</div>
<%
'=== end showloginform subroutine
End Sub
'===begin subroutine checkloginform
Sub CheckLoginForm
txtUsername=Request.Form("txtUsername")
txtPassword=Request.Form("txtPassword")
'simple/basic protection against SQL injection use of the apostrophe
If InStr(1,txtUsername,"'",1) > 0 and InStr(1,txtPassword,"'",1) > 0 then
response.redirect "Login.asp"
Else
'check to see if the form details filled in match 'username' and 'password' above
If txtUsername = sUsername AND txtPassword = sPassword Then
'if the correct login details are filled in then set up a Session Object and redirect
'visitor to admin page
Session("BlnAdministrator") = True
Response.Redirect "admin.asp" 'set page you want to direct to on successful login
Else
'if the correct details aren't filled in then show the subroutine showloginform again
'and the statement below
ShowLoginForm
response.write "<div align='center'>Your login failed.</div>"
End If
End If
End Sub
'=== end subroutine checkloginform
%>
</body>
</html>
0 Comments:
Post a Comment