Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

members section

Options
  • 01-07-2003 10:03am
    #1
    Figment
    Registered Users Posts: 1,747 ✭✭✭


    I am going to need to start building a members section to a website thats built using asp.
    I havnt done anything like this before.
    Whats the ideal method that i should look into using so that a member can log in and browse the section but everyone else cant. There will be files that members can download as well but i dont want them to be able to pass on the links to non members to download.

    This is not for a commercial site and doesnt have to be uber secure. No personal details will be kept on the site.


Comments

  • Options
    #2
    tomED
    Registered Users Posts: 1,452 ✭✭✭tomED


    It depends on your preferences.

    You can use the windows login and protect a directory. But the most common would be a database driven user management system.

    They use cookies or session cookies, depending on your preference.

    Go to www.aspin.com to get some user management scripts.

    Tom


  • Options
    #3
    The Corinthian
    Closed Accounts Posts: 19,777 ✭✭✭✭The Corinthian


    There are two parts to this question really.

    The first is logging in your member, which is actually the more complicated bit. In this case allowing them to log in using a Web form and then checking that the username/password combination exists (typically from a database) would seem to be the way to go.

    As a side note, if using concatenated SQL statements in your ASP code, you should parse them to remove any possible exploits (typically apostrophe characters).

    If authenticated successfully you can set a session variable in ASP (that should work with any cookie enabled browser) to the ID of the member or simply to True. This would be logging them in.

    Hence, the second part of the question, to enforce that only your member can browse a particular section could be done by simply checking if this session variable has been set before you write anything to the buffer (i.e. output your HTML): 
    If CInt(Session("MemberID")) = 0 Then Response.Redirect("login.asp")
    And if not, you this will redirect the user to the login page.

    If you prefer not to develop this yourself and cut and paste it instead, you might go to the site suggested by tomED.

    Hope this helps.


  • Options
    #4
    AdMMM
    Registered Users Posts: 9,472 ✭✭✭AdMMM


    I also need to do a similar thing... this time in PHP.

    I basically want a members section which allows the use of different themes.

    Do you know any FREE/CHEAP scripts that will allow it?


  • Options
    #5
    Figment
    Registered Users Posts: 1,747 ✭✭✭Figment


    I have a great one up and running now with asp but thats not much use to you :(

    Thanks guys for your help.


  • Options
    #6
    Boberto
    Registered Users Posts: 353 ✭✭Boberto


    Or for a simple login box you could use htaccess to restrict access to a certain folder unless the password is entered. The password is stored above the www directory so it cannot be accessed. Assuming you have SSH root access to your website. :)

    You can also get a handy php script that will let you easily add or remove users to it. Let me know and i'll go dig up the info.


  • Advertisement
  • Options
    #7
    Webmonkey
    Registered Users Posts: 9,579 ✭✭✭Webmonkey


    Originally posted by [JcCM]Murderer
    I also need to do a similar thing... this time in PHP.

    I basically want a members section which allows the use of different themes.

    Do you know any FREE/CHEAP scripts that will allow it?

    Made this for my kerrypages.com site.

    This is what i done querying a sql database for the username and password. its a start :p

    [PHP]<?php

    setcookie ("username", "$username");

    setcookie ("password", "$password");

    ?>

    <?php



    mysql_connect("localhost","USER","PASS")

    or die("Unable To Connect<BR><BR>");

    print ("");

    mysql_select_db("donal118_prop") or die ("Unable To Load Database<BR><BR>");

    print ("");



    //CHECK LOGIN



    if ($username) {

    $query="SELECT * FROM profiles WHERE `user` = '$username'";



    if ($query==NULL) {

    echo 'No Such Username';

    exit;

    }



    $result = mysql_query ($query);

    while ($row=mysql_fetch_array($result)) {



    $sqluser = $row["user"];

    $sqlpass = $row["pass"];

    }

    if ($password==$sqlpass) {

    $today = date("F j, Y, g:i a");



    $insertlog = "UPDATE profiles SET `lastlog`='$today' WHERE `user`='$sqluser'";

    mysql_query($insertlog);

    echo '<div align="center"><font face="Arial, Helvetica, sans-serif">Logged In As:'; echo " $username <br> Time: $today <HR size=\"1\" noshade></div>";





    }

    else {

    echo 'Login Failed!';

    exit;

    }





    } //userclosing



    ?>



    <?

    //CHECK LOGIN



    if ($log[one]) {

    $query="SELECT * FROM profiles WHERE `user` = '$log[one]'";



    if ($query==NULL) {

    echo 'No Such Username';

    exit;

    }



    $result = mysql_query ($query);

    while ($row=mysql_fetch_array($result)) {



    $sqluser = $row["user"];

    $sqlpass = $row["pass"];

    }

    if ($log[two]==$sqlpass) {

    echo 'Checking Login... Success - Continue<br>Logged In As: $username';



    }

    else {

    echo 'Login Failed!';

    }





    } //userclosing



    ?>


    <?php

    if ($username==NULL) {





    echo ('<table width="621" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#FFFFFF">

    <tr>

    <td width="617" valign="top" bgcolor="#0099CC"> <table width="100%" border="0" cellspacing="0" cellpadding="0">

    <tr>

    <td height="50" valign="bottom" bgcolor="#006699"> <div align="center">

    <p><img src="../images/lm.jpg" width="250" height="40" border="0"><br>

    <strong><font color="#CCCCCC" face="Arial, Helvetica, sans-serif">Login

    Please.... </font></strong></p>

    </div></td>

    </tr>

    <tr>

    <td valign="top" bgcolor="#0099CC"> <HR size="1" noshade>

    <br> <div align="center">

    <form name="form2" method="post" action="'); echo $PHP_SELF; echo('">

    <p><font color="#FFFFFF" face="Tahoma">User:

    <input type="text" name="username">

    <br>

    Pass:

    <input type="password" name="password">

    </font><font color="#FFFFFF"> <br>

    <br>

    <input type="submit" name="loginbutton" value="submit">

    </font></p>

    </form>

    <br>

    </div></td>

    </tr>

    </table></td>

    </tr>

    </table>');

    exit;

    }



    ?>[/PHP]


    The table name on sql is `profiles` with Username as password columes.

    It sets a cookie to remember their login. just ad this code on top of all your pages you want to protect.

    The script is made by me so don't expect it to work 2 well tho but its a start i guess.. by the way anyone is welcome to alter this script :p

    ./Webmonkey


  • Options
    #8
    Webmonkey
    Registered Users Posts: 9,579 ✭✭✭Webmonkey


    And if you want different themes you can have an extra column called `themes` and first when they login it fetches the theme they selected and then sets it in the cookie.

    maybe then:

    [PHP]print ("<LINK
    href=\"stylesheets/$theme.css\" type=text/css rel=stylesheet>\");
    [/PHP]

    So basically it gets the variable $theme from the database/cookie and then sets that as the file name and you have the stylesheet for that theme setting the font/background colors pictures etc.


  • Options
    #9
    AdMMM
    Registered Users Posts: 9,472 ✭✭✭AdMMM


    Thank you... I'll test it out when I get home...


Advertisement