Write to UsCreating a Login/Password Script
With ASP.NET, it is easy to create a script that will surf through a database of Logins and Passwords until it finds those entered by a particular user. The first thing we do is creating a database. In order to do this, we use Microsoft Access. Go to File and choose New. Then you'll see a list of options on the right side. Click on blank database, and another screen will pop up. It will allow you to save the database on your hard-drive. For this tutorial, I chose C:\, and I named my database Passwords.mdb. Create a table by choosing Create Table in Design View. In Field Name, type Login. In Date Type, choose Text. In the second field, type passw, and, once again, choose Text. Then close that window. Once you do, Microsoft Access will ask you to save the database. I chose the name Contrasenas.
Now you have a database with a table. You'll find the name of your table on the left screen, below “Create Table by Entering Data.” Click on the name, and the table will wink on. Now you can start by adding Logins and Passwords to the table. Don't forget to save the database when you are finished.
We need a page that will ask the user for a Login/Password. This step is simple. We create a page called password_entry.aspx, and this page will have the HTML of any other page. Inside the <body> tag, we insert the following form:
Login:
<input type="textbox" name="loginz" /><br />
Password:
<input type="password" name="passwordz" />
<input type="submit" value="Submit">
</form>
As you can see, once you submit the form, the user will be re-directed to a page called password_reader.aspx. This page will be heart of our ASP.NET script.
Inside password_reader.aspx include the namespaces we'll need:
<%@ Import Namespace="System.Data.OleDb" %>
<%@ Import Namespace="System.Web.SessionState" %>
<%@ Page Language="VB" Debug="true" %>
<html><head></head>
<script language="VB" Debug="true" runat="server">
System.Data.OleDb contains all the classes we need to handle database, and without System.Web.SessionState we can't work with Sessions. As you can see all this goes before the <html> tag.
Dim rdy As Single
Sub Page_Load(src As Object, e As EventArgs)
Application.Lock()
Application.Lock() prevents someone else accessing the page from altering values and damading data. This could cause a clash.
Session.Timeout = 1
rdy = 0
lngUserSessionId = Session.SessionID
If Not IsPostBack
bindListControl
End If
End Sub
The value of pate.ToString is ASP.passwords_reader_aspx, which is barely different to the name of the page itself. Session.TimeOut is set to 1, which means the Session will expire in one minute. LngUserSessionId gets the value of Session.SessionID, which is unique for everyone who gets access to the page. Finally, the application is unlocked. If the page hasn't beeen reloaded by the user, the script will call bindListControl.
Let's examine the subroutine called bindListControl():
Dim myConnString As String
Dim aa = 0
Dim Log, Pass As String
Log = Request.Form("loginz")
Pass = Request.Form("passwordz")
myConnString = "Provider=Microsoft.Jet.OLEDB.4.0;" _
+ "Data Source=c:\passwords.mdb; "
Dim mySelectQuery As String = "SELECT login, passw " _
Log and Pass get the values you entered in the Login/Password page. Here we see that myConnString equals the value that will be used to get access to the database. Notice that the Data Source is the database we created earlier.
Dim myCommand As New OleDbCommand(mySelectQuery, myConnection)
myConnection.Open()
Dim myReader As OleDbDataReader
myReader = myCommand.ExecuteReader()
Dim Loginx, Passwordx As String
Notice that OleDbConnection has myConnString between parentheses, and myConnString equals provides information about where the database is and how to open it. OleDbCommand contains the values of mySelectQuery and myConnection.
Loginx = myReader.GetString(0)
Passwordx = myReader.GetString(1)
If Loginx = Log and Passwordx = Pass Then
Session(lngUserSessionId) = 4
aa = 1
End If
End While
The While loop will continue until myReader.Read() reaches the last set of values in the login/password database. Notice that GetString has different values for Loginx and Passwordx. It is in this While Loop that the password and login you entered will be compared to all login/passwords in the database. If there's a match, aa will be set to 1.
Specifier.Text ="The Password is correct"
Else
Response.Redirect("password_entry.aspx")
End if
myReader.Close()
End Sub
</script>
Always close a connection when you are finished. You could be in trouble if you don't. Everything else is easy to understand. If aa is 1, you will get a message saying the password is corret. If it is not 1, you will be sent back to password_entry.aspx.
<body>
<form runat="server">
<asp:Label id="Specifier" runat="server" ForeColor="Red" Font-Size="12pt" Font-Weight="500" Font-Name="Arial Black,Arial"/>
</form>
Notice that asp:label has vaues that specify its color, font-size, etc. If you scroll up, you will see the line that says Specifier.Text ="The Password is correct" inside the bindListControl. This is how you get asp:Label to tell you that the password is correct.
<%
Dim loginzz As String
loginzz = Request.Form("loginz")
Response.Write("Your login is " + loginzz)
Response.Write("<br />")
Response.Write("The Session ID is <b>" + lngUserSessionId + "</b><br /><br />The value in Session(" + lngUserSessionId + ") is: ")
%>
<%= Session.Contents(lngUserSessionId) %>
</body></html>
The line before </body> is the only one that may seem incomprehensible at this point. You probably know that <%= translates, more or less, to <%Response.Write. If Session(lngUserSessionId) = 4, then Session.Contents(lngUserSessionId) will equal 4.
If everything goes well, you will get something like this on your browser screen:
The Password is correct
Your login is johnpo
The Session ID is g5ie0t4qweszvjztxert45
The value in Session(g5ie0t4qweszvjztxert45) is: 4