User Login - Part 1
The basics of developing the user login system using ASP
Let us now construct the script file for this control flow. The section below deals with logout. Remember that the user has to click on a link that points to the URL checklogin.asp?action=logout to sign out. We make use of the querystring value to see if the user wants to logout. If logout is desired, the "login" session ID is reset. Next, HTML markup to reset the "flower" cookie using Javascript is written. We rest the cookie by adding an expiry time to it; only, the expiry time is set to one day in the past according to the client computer's clock.
<%
if (request.QueryString("action") = "logout") then
Session("login") = ""
end if
%>
<html>
<head>
<script language=javascript>
mydate = new Date();
mydate.setTime(mydate.getTime()+(-1*24*60*60*1000));
document.cookie = document.cookie + ";expires=" +
mydate.toUTCString() + ";";
alert("Goodbye!")
</script>
</head>
<body onload="window.location.href='florist.html'">
</body>
</html>
The mydate Javascript variable contains a Javascript date object. The expiry date of a cookie should be formatted in a very specific way; the setTime() function sets the date that myDate contains - essentially, getTime gets the current time from the client computer in milliseconds and an offset of -1 days is added to this time (the multiplication converts days to milliseconds). The date is converted to a string that holds the date in UTC format. This string is placed after "expiry=" and appended to the existing cookie. The next page loaded will ignore the cookie as it has expired. An alert that displays "goodbye" is shown to the user. When this html loads, the 'window.location.href' property is set to florist.html - this effectively makes the URL of the current window 'florist.html'. The user never notices that he was in another page.
<%
else 'If the login form was submitted
set conn=Server.CreateObject("ADODB.Connection")
conn.open "florist","",""
set rs = Server.CreateObject("ADODB.recordset")
dim likesArray, favflower
rs.Open "SELECT * From users where login like '" & _
request.form("login") & "' and password like '" & _
request.form("password1") & "'", conn
if rs.eof then 'If no matching entry is found
response.redirect("login.htm?login=invalid")%>
The above code is executed if the user submitted the login form. A database connection is opened and the values submitted through the form are used to construct a SELECT query that retrieves a matching row from the database. If such a row does not exist and the end of file delimiter is found right at the start of the returned record set, the user is redirected back to the login page with a querystring variable called 'login' set to 'invalid'.
<%
else 'If login is valid
session("login") = rs("login")
likesArray = split(rs("likes"),",",-1,1)
favflower = likesArray(0)
set likesArray = nothing
session.Timeout = 30
%>
<html>
<head>
<script language=javascript>
document.cookie = "flower=" + "<%= favflower%>" + ";";
alert("Welcome back <%= session("login")%>")
</script>
</head>
<body onload="window.location.href='florist.html'">
</body>
</html>
<%rs.close
set rs = nothing
conn.close
set conn = nothing
end if
end if%>
