Welcome to WebmasterWorld Guest from

Forum Moderators: ocean10000

Message Too Old, No Replies

username/passoword verification

5:48 pm on Feb 17, 2005 (gmt 0)

10+ Year Member

Hello again,
Was wondering if someone could point me in the right direction to write and asp page that will take the information that my visitor has entered on my form and verify that this username and password exists in my database. I already know how to connect to the database and how to do the form, I am just missing the VBScript to look for the information and what to do if it finds it or it doesn't.
Thanks for the help!
6:26 pm on Feb 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

You need to use the Request.Form collection to populate your variables with the user entered data. Then you perform a SQL query on the database, looking for that username/password combo. If the combo is found, allow them to proceed. If it's not found, then throw an error. Here's some very simple code:

user = Request.Form("username")
pass = Request.Form("password")

SQL = "SELECT username, password FROM yourtable WHERE username = '" & user & "' AND password = '" & pass & "'"
set rs = conn.execute(SQL)

if rs.eof then
'--- throw error
set rs = nothing

set conn = nothing
end if

set rs = nothing

set conn = nothing

I highly suggest you check out the W3Schools link I provided to you earlier for some in depth description about how this all works.

6:54 pm on Feb 17, 2005 (gmt 0)

10+ Year Member

I thank you for your help, I have checked out those tutorials as you have suggested. I have gone through the asp, ado and sql. Where I seem to be missing my information is tutorials that are specific to my needs. But if it was a perfect world I suppose.........
7:04 pm on Feb 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

If you can't find examples that you are looking for online, you could always try your local bookstore.

I was designing a cart system for a site and found a book that taught ASP by building ... a cart system! It was perfect for me because I was able to learn the language by following an example of exactly what I wanted to build.

Take a look, you may find a book that teaches by putting together exactly what you are trying to do. Most instructional books go through the steps of creating and validating logins and how to handle events based on the login.

Good luck!

7:11 pm on Feb 17, 2005 (gmt 0)

10+ Year Member

I think it's bad form to store an unencrypted password in your database. Consider the possible liabilities if someone gets into your database full of unencrypted passwords and wreaks havoc with the data -- especially consider that users tend to choose the same userid and password just about everywhere they sign up for something; once you have their userid and password from one source, you've potentially got the keys to access their accounts at a lot of different places.

Instead, perform an MD5 hash or some other one-way encryption on the password when they create their account and store the result in your database. When they come back, perform the same hash on the password they enter and compare it to the hash stored in your database. If they match, let them in.

This protects you from ever being able to know your customers' passwords and thus from liability. If the customer loses their password, generate a new temporary password and force them to change the next time they log in.

8:31 pm on Feb 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member


While I agree 110% with your points, you have to take into account your target audience on this post. Babysteps my friend, babysteps...


Featured Threads

Hot Threads This Week

Hot Threads This Month