Securing pages with login scripts All you need to do is to include a single file from the file you want secured.

These functions can be used on certain pages you want password protected.

First create a file called includelogin.asp with this content:

        <%
        Response.Buffer = True


        Function ValidateLogin( sId, sPwd )
        ' For you to validate ID and PASSWORD
        ' Maybe against a database
        ' Here we have hardcoded some OK id:s and passwords
        '
        ValidateLogin = False

        If sId = "test" AND sPwd="secret" Then
        ValidateLogin = True
        End If
        If sId = "user2" AND sPwd="pwd2" Then
        ValidateLogin = True
        End If
        End Function


        Dim sText, fBack

        fBack = False
        If Request.Form("dologin") = "yes" Then
        'Try to login
        If ValidateLogin( Request.Form("id"),Request.Form("pwd") ) = True Then
        'It is OK!!!
        'We are logged in so lets go back to the file that included us
        fBack = True
        Session("logonid") = Request.Form("id")
        Else
        sText = "Wrong password or user id"
        End If
        Else
        'We are not trying to login...
        If Session("logonid") <> "" Then
        '
        fBack = True
        'We are logged in so lets go back to the file that included us
        Else
        sText = "Please login"
        End If
        End If

        If fBack = False Then %>

                 <html>

                 <head>
                 <meta http-equiv="Content-Language" content="en">

                 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

                 <meta name="GENERATOR" content="Microsoft FrontPage 4.0">

                 <meta name="ProgId" content="FrontPage.Editor.Document">

                 <title>You need to login</title>
                 </head>

                 <body>

                 <%=sText%>
                 <%
                 Dim sURL
                 sURL = Request.ServerVariables("SCRIPT_NAME")
                 If Request.ServerVariables("QUERY_STRING") <> "" Then
                 '
                 sURL = sURL & "?" & Request.ServerVariables("QUERY_STRING")
                 End If
                 %>
                 <form method="POST" action="<%=sURL%>">
                 <input type="hidden" name="dologin" value="yes">

                 <table border="0" width="100%">
                 <tr>
                 <td>Loginname:</td>
                 <td>
             <input name="id" size="20"></td>
                 </tr>
                 <tr>
                 <td>Password:</td>
                 <td>
             <input type="password" name="pwd" size="20"></td>
                 </tr>
                 </table>
                 <input type="submit" value="Login" name="B1">
                 </form>

                 </body>

                 <html>
                 <%
                 Response.End
                 End If
                 %>

Then, in the file you want secured just include the file the first thing you do: You could of course modify the includelogin.asp file so it looks a little nicer but that's up to you! The secret here ( what makes it so easy to use ) is the use of Request.QueryString("SCRIPT_NAME") and Request.QueryString("QUERY_STRING"). This makes it work on any ASP code, even if you are calling it with parameters ( like test.asp?id=123 ). When the right password is entered all those parameters will be transferred to the script as it should.

Code snippets

Information and tips

Performance