About   -   Contact   -   Purchase   -   Search   -   What's New

Login Authentication
Coding a simple login authentication routine for multiple users isn't too complex, but with a little forethought can also be user friendly in alerting users to the status of potential login errors. The code below is actually written for an Active Server Page (ASP) script, but as this uses VBScript, it can just as easily be used on a VB login form.

The code queries the Login table which is a lookup table containing valid pairs of username and passwords. Instead of including both username and password in the WHERE clause, interrogating just the username has the benefit of determining valid usernames with invalid passwords. Then instead of simply telling the user their login details are wrong, users are alerted as to whether their username or just their password is at fault.

   strSQL = "SELECT password FROM Login"
   strSQL = strSQL & " WHERE username = '" txtUserName & "'"
   Set rs = db.OpenRecordset(strSQL, dbReadOnly)
   If rs.EOF then
       'invalid username
       blnCheckUsername = True
       blnCheckPassword = False
       'valid username - check password...
       blnCheckUsername = False
       blnCheckPassword = True
       Do Until rs.EOF
           If txtPassWord = rs!password then
                'valid username & password
                blnCheckPassword = False
           End if
   End If

   If blnCheckUsername then
       'alert user to invalid username
   ElseIf blnCheckPassword then
       'alert user to valid username but invalid password
       'username & password authenticated & valid
   End If

If this code is used in ASP scripting, then a session variable can be set to True when both username and password are valid, and then the status of this variable can be queried before loading subsequent pages to prevent unauthenticated users from viewing your ASP's. In addition, unauthenticated users should then be redirected back to the login page. This stops users from attempting to bypass the login page by bookmarking and revisiting secure pages directly. One final point - always include a Logout facility to reset the session variable.


Top of Page

Legal Notice

Ken Howe 2011