DevDiamond <> How to Integrate Login with a Master/Details Application

Continually Improving.... let us know how support@devdiamond.net	Sign in \| Sign up

home

articles

news

blog

forum

Classic ASP (53)

ASP.Net (7)

HTML (28)

SQL (9)

Databases (4)

VoiceXML (10)

Javascript (2)

Home > Article > How to Integrate Login with a Master/Details Application

How to Integrate Login with a Master/Details Application

Abstract : In this article I will explain how you can integrate/link your login application with a Master/Details application with ASP.	Views : 11540 Published : Sunday, March 21, 2004 By HyperLink
Avarage Rating :	Page Page 1 of 1

There are very good articles out there about how to make a login application , as well as huge of articles about Master/Details applications, but no good one on how to integrate the two so that they form one application at the end.

The Story
5 months ago, I got an email form a good visitor called Howard Kung, he was asking about how to integrate the login application read at minwar.com with a master/details application, so I googled for him and had no success to find a good article of that subject to point him to, so I decided to write him a sample code to demonesrate the issue, so i did and sent him the code with some description.

After two weeks I thought lots of newbie's out there will find this code helpful too, so writing an article about it would be a good idea, so I emailed Howard, to see if he minds putting his story here, and here comes his answer " I think writing an article about the Login code you sent me is a great idea. I feel lots of newbie's will benefit from learning the code which you provided to me. It's pretty straight forward, after I saw the code. You did a great job. "

So i started packing up the information, to make this code available to all of you, it's a kick start, there is long way to learn after this, so let jump to the good stuff.

The Good Stuff
We will have 3 pages and one database at the end of this article, so let's get started

The application proposal is to let Members view there favorite links, and see there balance details

This would brake down to 4 codes,

Login verify that username & password is valid
Populate Favorite links of this Member
Populate Balance List of this Member
Populate Balance Details of this member

The Database db.mdb
tblBalances

Field Name	Data Type	Description
ID	AutoNumber	Used as a reference to the record
UserID	Text	Used to specify who does this record belongs to
Title	Text	Title of this balance to be displayed on the Balance list of it's member
Details	Text	Details about his balance

tblLinks

Field Name	Data Type	Description
ID	AutoNumber	Used as a reference to the record
UserID	Text	Used to specify who does this record belongs to
SiteLink	Text	A URL to be displayed on the favorite links of it Member

tblMembers

Field Name	Data Type	Description
ID	AutoNumber	Used as a reference to the record
Username	Text	Username of this Member
Password	Text	Password of this Member

As you can see the database is made as simple as possible to make things easier to understand, for example a standard Members Table would include ( FirstName, LastName, Email, Phone, City, Country…etc)

And you can also add, any additional fields for example (birthday, website, email, interests… etc) or any that you might be interested in adding.

The Login Page

Dim Error_Msg

If Request.form.count < 0 then

Dim strSQL, userid, userpwd
userid = Request.Form("userid")
userpwd = Request.Form("userpwd")
Dim cnString
Dim ConRS, ConString
cnString = "DRIVER={Microsoft Access Driver (*.mdb)}; "
cnString = cnString & "DBQ=" & Server.MapPath("db.mdb") Application("Howard") = cnString
Set ConString = Server.CreateObject("ADODB.Connection") ConString.Open Application("Howard")
Set ConRS = Server.CreateObject("ADODB.Recordset")

strSQL = "select userid from tblMembers where userid = '" & LCase(userid) & "'"
strSQL = strSQL & " and password = '" & LCase(userpwd) & "'"
ConRS.open strSQL, ConString, 3,3

If ConRS.EOF Then

Error_Msg = "Login Failed. Try Again."

Else

Session("UserLoggedIn") = "true"
Session("UserID") = ConRS("UserID")
Set ConString = Nothing
Set ConRS = Nothing
Response.redirect("ProtectedPage.asp")

End If

End if

Response.write(Error_Msg)
%>
<form name=form1 action="" method=post>
<p> </p>
<p>User Name : <input type=text name=userid size="20"><br>
Password :   <input type=password name=userpwd size="20"><br>
<input type=submit value="Login"> </p>
</form>

This login principle is easy the line If Request.form.count < 0 then indicates if the form have been submitted or not, if the form is submitted then it will execute a code to verify, the login information given, if not then it will return the login form again with an Error Message, and if the form have not been submitted this it will bring the login form.

Not many developers know about the Request.form.count < 0 while it is very useful, you will need it in almost all the your applications where you have a form and you want to keep the ASP and HTML code on the same page, this is similar to the Code-Behind technology of the ASP.Net.

The Members Protected Page

ProtectedPage.asp

' Check to see if this user is logged in, if not then redirect him to the login page
If Session("UserLoggedIn") <> "true" then

Response.redirect("Login.asp")

End if

Dim cnString
Dim ConRS, ConString,strSQL
cnString = "DRIVER={Microsoft Access Driver (*.mdb)}; "
cnString = cnString & "DBQ=" & Server.MapPath("db.mdb")
Application("Howard") = cnString
Set ConString = Server.CreateObject("ADODB.Connection")
ConString.Open Application("Howard")
Set ConRS = Server.CreateObject("ADODB.Recordset")
strSQL = "Select * From tblLinks Where UserID='" & lcase(Session("UserID")) & "'"
ConRS.open strSQL, ConString, 3,3
Response.write "<b>My Favoraite Links</b><hr>"
If ConRS.EOF then

Response.write "This user does not have any links"

Else

While Not ConRS.EOF

Response.write ConRS("SiteLink") & "<br>"
ConRS.MoveNext

Wend

End if
ConRS.Close

' this is the master with the detail resides on the details.asp
strSQL = "Select * From tblBalances Where UserID='" & lcase(Session("UserID")) & "'"
ConRS.open strSQL, ConString, 3,3
Response.write "<br><b>My Balance</b><hr>"

If ConRS.EOF then

Response.write "This user have no balance"

Else

While Not ConRS.EOF
Response.write "Click on the title to see the details<br>"
Response.write "<a href='details.asp?id=" & ConRS("ID") & "'>" & ConRS("Title") & "</a>"
ConRS.MoveNext
Wend

End if

Set ConString = Nothing
Set ConRS = Nothing

The first part of this code checks to see if this user is logged in, if not then it redirect him to the login page, if he is logged in then it will display his favorite links and balance list

Note the line strSQL = "Select * From tblLinks Where UserID='" & lcase(Session("UserID")) & "'" , this line selects all records on the tblLinks which belongs to this user identified by his UserID

Also the line Response.write "<a href='details.asp?id=" & ConRS("ID") & "'>" & ConRS("Title") & "</a>", which represent the main principle of a Master/Details application, Where we print out all the Balance Titles belongs to this member and then we make a link form those titles to the details.asp page, but note the ConRS("ID") this is to identify which record will be displayed on the detail.asp page

The Balance Details Page

Details.asp

<%
' Check to see if this user is logged in, if not then redirect him to the login page
If Session("UserLoggedIn") <> "true" then

Response.redirect("Login.asp")

End if

Dim cnString
Dim ConRS, ConString
cnString = "DRIVER={Microsoft Access Driver (*.mdb)}; "
cnString = cnString & "DBQ=" & Server.MapPath("DB.mdb")
Application("Howard") = cnString
Set ConString = Server.CreateObject("ADODB.Connection")
ConString.Open Application("Howard")
Set ConRS = Server.CreateObject("ADODB.Recordset")
strSQL = "Select * From tblBalances Where ID=" & Request.QueryString("ID")
ConRS.open strSQL, ConString, 3,3
Response.write "<b>My Balance Details</b><hr>"
If ConRS.EOF then

Response.write "There is no balance with this ID"

Else

While Not ConRS.EOF

Response.write ConRS("Title") & "<hr height=1>"
Response.write ConRS("Details") & "<br>"
ConRS.MoveNext

Wend

End if

Set ConString = Nothing
Set ConRS = Nothing

Here on this page "detail.asp" it just takes the record ID passed on the QueryString and displays the record with this ID.

Read how you can feather enhance this code, before you go else where

Where to go form here

See the Live Demo, and Download the Code
See CoverYourASP.com download the site and learn the code, of the great James Shaw
Read some books, I personally recommend the ASP Bible, ISBN 0-7645-4599-X
Subscribe to the ASPAdvice.com lists, for

Those are some hints but of course there are other better ways, that match you

What enhancements can I make to this code?

There are certain enhancements that can be done, but not limited to the following

Encapsulate the Codes (e.g. connection code )
Filter User Input to protect yourself against SQL Injection Attacks

Hope you will find this code useful, if you have any questions/inquires please don't hesitate to email me at yasir@minwar.com , I also like to hear your comments and/or suggestions, and if you want to see something at minwar.com.

About Author
	Yasir Send Feedback Yasir is a .NET expert, with over 5 years experience in Microsoft Technologies, 8 years overall programming experience, he is the owner, founder & primary contributor of Minwar.com, and he also works as IT Director in the hospitality industry.