|
Coding a simple login authentication routine for multiple users isn't too
complex, but with a little forethought can also be user friendly in
alerting users to the status of potential login errors. The code below is
actually written for an Active Server Page (ASP) script, but as this uses
VBScript, it can just as easily be used on a VB login form.
The code queries the Login table which is a lookup table containing valid
pairs of username and passwords. Instead of including both username and
password in the WHERE clause, interrogating just the username has the
benefit of determining valid usernames with invalid passwords. Then
instead of simply telling the user their login details are wrong, users
are alerted as to whether their username or just their password is at
fault.
strSQL = "SELECT password FROM Login"
strSQL = strSQL & " WHERE username = '" txtUserName & "'"
Set rs = db.OpenRecordset(strSQL, dbReadOnly)
If rs.EOF then
'invalid username
blnCheckUsername = True
blnCheckPassword = False
Else
'valid username - check password...
blnCheckUsername = False
blnCheckPassword = True
Do Until rs.EOF
If txtPassWord = rs!password then
'valid username & password
blnCheckPassword = False
End if
rs.MoveNext
Loop
End If
If blnCheckUsername then
'alert user to invalid username
ElseIf blnCheckPassword then
'alert user to valid username but invalid password
Else
'username & password authenticated & valid
End If
If this code is used in ASP scripting, then a session variable can be
set to True when both username and password are valid, and then the status
of this variable can be queried before loading subsequent pages to prevent
unauthenticated users from viewing your ASP's. In addition,
unauthenticated users should then be redirected back to the login page.
This stops users from attempting to bypass the login page by bookmarking
and revisiting secure pages directly. One final point - always include a
Logout facility to reset the session variable.
|
