| Global.asax Login Session_End Code |
|---|
Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
Application.Lock()
Dim UserSession As ArrayList = Application("UserSession")
Dim NamePassword As ArrayList = Application("NamePassword")
Dim who As Integer = UserSession.IndexOf(Session.SessionID)
UserSession.RemoveAt(who)
NamePassword.RemoveAt(who)
Application("UserSession") = UserSession
Application("NamePassword") = NamePassword
Application.UnLock()
End Sub
Note - For multiple files operations, you must repeat the dbLogin property in all the aspx files that needs to be covered by the same login/logout.
| Login Template |
|---|
User can define their own Login Template using dbLoginTemplate. If this property is blank then the internal template will be used. Otherwise, if this property starts with 'file=filename' then the file will be retrieved in the template directory (dbtemplatedir). If file=\your dir\file_path then user path will be used. The ID and Password <INPUT NAME> must be ASPdbLoginID and ASPdbLoginPassword. There must also be a tag [[LoginButtons]] for the buttons and [[LoginTitle]] for the title. The following is the system internal template -
<table class=ts cellspacing='0' cellpadding=3><tr><td colspan=2 class=gh>[[LoginTitle]]</td></tr> <tr><td class=cf align=right>ID</td><td class=r1><input type=text name='ASPdbLoginID' size=28></td></tr> <tr><td class=cf align=right>Password</td><td class=r1><input type=password name='ASPdbLoginPassword' size=28> </td></tr><tr><td class= cf colspan=2 align=center>[[LoginButtons]]</td></tr>"
| Forget Password |
|---|
In order to send password in respond to the "forgot Password" request,
the dbMail property will be used. You can either furnish 3 macro tages and
dbLogin will setup the dbMail with defaults and send the password for you.
You can also setup the dbMail property to have complete control. Either way
the 3 macros must be there -
1. [[address]] - email address of the sender (From).
2. [[LoginID]] - Login ID of the requestor
3. [[Password]] - Password of the requestor
These tags will be filled in for the active user and the password will be
send to the user. This email address of either type will be validated
against the internal email Regular expression before send.
| PoorMan Style Login |
|---|
First we'll create a user password file - c:\inetpub\wwwroot\bin\pass.txt
Comments - OK as long as not inside <blocks> <application1> frank,kwong,fk@fkw.us bill,clinton,hello@fkw.us asp,db,world@fkw.us hello,world,frank@aspdb.com </application1>
Application with a PoorMan style Login
<script language="vb" runat="server">
Sub Page_Load(Source as Object, E as EventArgs)
Dim GD as New TOrnado.GetData()
Dim LOG1 As New Tornado.Z()
With LOG1
.dbSkin = "type=gold"
.dbLogin = "type=PoorMan|passfile=/bin/pass.txt,application1|titletxt=Tornado Login|FromAddr=frank@aspdb.com|EmailSubject=Your Password|EmailBody=Your password for [[LoginID]] is [[password]]| SMTPServer=mail.topher.net"
.dbUnit = "50"
.dbMode = "type=Grid| sysindex=true"
.dbExportFlds = "0,1"
.dbDSN = "Nwind"
.dbSQL = "Select * From Orders"
.dbTextHolder = "BD=onLoad='self.focus()'|Title=Tornado - Single Access Super Login"
.ASPdbNET()
End With
Response.Write("Login Name=" & GD.Get_LoginName & "<BR>")
Dim s() As String = GD.get_Login_users
If Not IsNothing(s) Then
Response.Write("<HR>Login users<br>")
Dim i As Integer
For i = 0 To UBound(s)
Response.Write(s(i) & "<BR>")
Next
End If
End Sub
</script>
| StandAlone Login |
|---|
In case of a standalone login which is a login w/o having to keep track of every page and session idle time etc., a different set of Login methods is available - ASPdbLogin and ASPdbClearLogin. Look at the following example -
Step #1 - Create a safe default file. Use the aspx extension and mak esure you include .aspx extension in the default document of the Web Site Properties. This sample deafult.aspx file will present a login box with a poorman style user/id list embedded in the dbLogin property. The Forget,Changepassword and help buttons are hidden from display. If the userid/password is invalid, it'll prompt again. If it is valid then user will be redirected to another application. In order to be safe, use a querystribg (pass=Password) to prohibit invalid access to th eapplication.
File = Default.aspx
<script language="vb" runat="server">
Sub Page_Load(Source as Object, E as EventArgs)
Dim Lg As New Tornado.z
Lg.dbUnit = 1
Lg.dbLogin = "type=PoorMan|passlist=MyID,MyPass| titletxt=Standalone Login" & _
"_Login|For=f|Cha=f|log=f|hel=f"
If Lg.ASPdbLogin() Then
Lg.ASPdbClearLogin()
Response.Redirect("/Anotherdir/AnotherApp.aspx?pass=AnotherPassword")
End If
End Sub
</script>
Step # 2 - Check the password querystring and make sure it is valid. If invalid then terminate the application w/o displaying the HTML code. IF valid then the HTML page will display and you r web site is in action. Anytime you have application links, you should pass on the same querystring to make sure the entire application is safe.
File = AnotherApp.aspx
<script language="vb" runat="server">
Sub Page_Load(Src As Object, E As EventArgs)
try
If not (Request.QueryString("pass")="AnotherPassword")
Response.Write("Invalid Access")
Response.End()
End if
catch
Response.End()
end try
End Sub
</script>
<html>
<body>
.....
..... Your web page here
.....
</body>
</html>