当前位置: 文江博客话题详情

经典的asp密码验证sql

发布于 2024-11-14 15:04:33 字数 740 浏览 2 评论 0原文

如果我有一个登录页面,该页面获取用户输入的用户名和密码,我如何将该信息发布到另一个页面,该页面将用于存储子程序和程序,以便其他页面将包含该页面,这样我就可以最大程度地减少我输入用户名和密码的次数。输入连接字符串。

所以我有login.asp,我想将登录凭据发布到include.asp,如果用户登录详细信息正确,它将永远不会打开,然后它将被定向到table.asp。如果不正确,则应在 login.asp 页面中显示错误消息。

我已经提供了 include.asp 文件的代码,下面的用户永远不会看到该文件

Dim objCon, SQL, objRS

'Connect to Database
sub connect()

    Set objCon = CreateObject("ADODB.Connection")
    Set objRS = CreateObject("ADODB.Recordset")
    objCon.Open "Provider=SQLOLEDB.1;Password=xxxx;Persist Security Info=True;User ID=xxxx;Initial Catalog=Customer;Data Source=xxxx"   
    SQL = "SELECT * FROM Customer"  
    objRS.open SQL, objCon

end sub


sub connectionClose()

    objRS.close
    objCon.close   

end sub
原文

If i had a login page that got user input for username and password, how would i post that information to another page that is gonna be used to store subs and procedures so other pages will include that page so I can minimise the amount of times i type up a connection string.

So I have login.asp which i want to post login credentials to include.asp which will never be opened by if users login details are correct it would then be directed to table.asp. If incorrect it should show an error message in the login.asp page.

I've provided the code for include.asp file which will never be seen by a user below

Dim objCon, SQL, objRS

'Connect to Database
sub connect()

    Set objCon = CreateObject("ADODB.Connection")
    Set objRS = CreateObject("ADODB.Recordset")
    objCon.Open "Provider=SQLOLEDB.1;Password=xxxx;Persist Security Info=True;User ID=xxxx;Initial Catalog=Customer;Data Source=xxxx"   
    SQL = "SELECT * FROM Customer"  
    objRS.open SQL, objCon

end sub


sub connectionClose()

    objRS.close
    objCon.close   

end sub

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

别低头,皇冠会掉 2024-11-21 15:04:33

让我用代码标签发布,这样会有帮助。

所以你得到了login.asp,validateLogin.asp,table.asp(它们都得到了include.asp)

Login.asp在validatelogin.asp中将凭据发布到validatelogin.asp

一次

dim username : username = request.form("username")
dim password: password = request.form("password")
'here for security purpose u will want to replace all the single quote in username and password with 2x single quote (you do that to avoid SQL injection form bots / hackers
username = replace(username ,"'","''")
password = replace(password,"'","''")
sqlValidateUser = "SELECT top 1 * FROM Customer where username='"&&"' and password = ''"
set rsValidateUser = objCon.execute(sqlValidateUser)
if not rsValidateUser.eof then
   session("authentified") = "1"
   response.redirect("table.asp")
   response.end()
else
   response.redirect("YOUR_ERROR_PAGE.asp")
   response.end()
end if
rsValidateUser.close

,然后在你的include.asp中你会想要类似的东西:

'Validating if your NOT on login.asp or loginvalidate.asp ... if not Check if your logged in ... if not redirect to error page or login form
    if not instr(lcase(request.servervariable("url")),"login.asp") > 0 and not instr(lcase(request.servervariable("url")),"validatelogin.asp") > 0 then
       if session("authentified") = "1" then
          response.redirect("your_Error_page.asp")
       end if
    end if

不是100% 确定 include.asp 代码,我没有验证其中任何内容,但它应该看起来像这样

let me post with code tag so it helps.

so u got login.asp,validateLogin.asp, table.asp ( they all got include.asp)

Login.asp post the credentials to validatelogin.asp

once in validatelogin.asp

dim username : username = request.form("username")
dim password: password = request.form("password")
'here for security purpose u will want to replace all the single quote in username and password with 2x single quote (you do that to avoid SQL injection form bots / hackers
username = replace(username ,"'","''")
password = replace(password,"'","''")
sqlValidateUser = "SELECT top 1 * FROM Customer where username='"&&"' and password = ''"
set rsValidateUser = objCon.execute(sqlValidateUser)
if not rsValidateUser.eof then
   session("authentified") = "1"
   response.redirect("table.asp")
   response.end()
else
   response.redirect("YOUR_ERROR_PAGE.asp")
   response.end()
end if
rsValidateUser.close

then in your include.asp u will want something like :

'Validating if your NOT on login.asp or loginvalidate.asp ... if not Check if your logged in ... if not redirect to error page or login form
    if not instr(lcase(request.servervariable("url")),"login.asp") > 0 and not instr(lcase(request.servervariable("url")),"validatelogin.asp") > 0 then
       if session("authentified") = "1" then
          response.redirect("your_Error_page.asp")
       end if
    end if

not 100% sure about the include.asp code i did not validate any of it but it should look like that

回复 原文
千秋岁 2024-11-21 15:04:33

在根文件夹下创建一个 \includes 文件夹。
在 \includes 中添加一个“functions.asp”页面,并将常用数据访问函数放在该页面中。不包含 HTML - 仅包含服务器端脚本。

在您的身份验证页面中,添加指向您的包含文件夹的#include 指令: 示例:

<!-- #include file = "../includes/functions.asp" -->

然后从您的身份验证页面调用functions.asp 中定义的任何函数。

Under your root folder create an \includes folder.
Within \includes add a "functions.asp" page and put your common data access functions in that page. Include NO HTML - just server side script.

In your authentication page, add #include directives that point to your includes folder: example:

<!-- #include file = "../includes/functions.asp" -->

Then from your auth page you call any functions defined in functions.asp.

回复 原文
~没有更多了~

关于作者

岁月静好

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

尘世孤行

文章 0 评论 0

烟─花易冷

文章 0 评论 0

你是年少的欢喜

文章 0 评论 0

倒带

文章 0 评论 0

忱杏

文章 0 评论 0

送君千里

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文