You need to use the Request.Form collection to populate your variables with the user entered data. Then you perform a SQL query on the database, looking for that username/password combo. If the combo is found, allow them to proceed. If it's not found, then throw an error. Here's some very simple code:

user = Request.Form("username")
pass = Request.Form("password")

SQL = "SELECT username, password FROM yourtable WHERE username = '" & user & "' AND password = '" & pass & "'"
set rs = conn.execute(SQL)

if rs.eof then
'--- throw error
else
rs.close()
set rs = nothing

conn.close()
set conn = nothing
response.redirect("somewhere.asp")
end if

rs.close()
set rs = nothing

conn.close()
set conn = nothing

I highly suggest you check out the W3Schools link I provided to you earlier for some in depth description about how this all works.

I thank you for your help, I have checked out those tutorials as you have suggested. I have gone through the asp, ado and sql. Where I seem to be missing my information is tutorials that are specific to my needs. But if it was a perfect world I suppose.........

If you can't find examples that you are looking for online, you could always try your local bookstore.

I was designing a cart system for a site and found a book that taught ASP by building ... a cart system! It was perfect for me because I was able to learn the language by following an example of exactly what I wanted to build.

Take a look, you may find a book that teaches by putting together exactly what you are trying to do. Most instructional books go through the steps of creating and validating logins and how to handle events based on the login.

Good luck!

I think it's bad form to store an unencrypted password in your database. Consider the possible liabilities if someone gets into your database full of unencrypted passwords and wreaks havoc with the data -- especially consider that users tend to choose the same userid and password just about everywhere they sign up for something; once you have their userid and password from one source, you've potentially got the keys to access their accounts at a lot of different places.

Instead, perform an MD5 hash or some other one-way encryption on the password when they create their account and store the result in your database. When they come back, perform the same hash on the password they enter and compare it to the hash stored in your database. If they match, let them in.

This protects you from ever being able to know your customers' passwords and thus from liability. If the customer loses their password, generate a new temporary password and force them to change the next time they log in.

martyt-

While I agree 110% with your points, you have to take into account your target audience on this post. Babysteps my friend, babysteps...