classic asp password validation sql

If i had a login page that got user input for username and password, how would i post that information to another page that is gonna be used to store subs and procedures so other pages will include that page so I can minimise the amount of times i type up a connection string.

So I have login.asp which i wan开发者_开发问答t to post login credentials to include.asp which will never be opened by if users login details are correct it would then be directed to table.asp. If incorrect it should show an error message in the login.asp page.

I've provided the code for include.asp file which will never be seen by a user below

Dim objCon, SQL, objRS

'Connect to Database
sub connect()

    Set objCon = CreateObject("ADODB.Connection")
    Set objRS = CreateObject("ADODB.Recordset")
    objCon.Open "Provider=SQLOLEDB.1;Password=xxxx;Persist Security Info=True;User ID=xxxx;Initial Catalog=Customer;Data Source=xxxx"   
    SQL = "SELECT * FROM Customer"  
    objRS.open SQL, objCon

end sub


sub connectionClose()

    objRS.close
    objCon.close   

end sub

let me post with code tag so it helps.

so u got login.asp,validateLogin.asp, table.asp ( they all got include.asp)

Login.asp post the credentials to validatelogin.asp

once in validatelogin.asp

dim username : username = request.form("username")
dim password: password = request.form("password")
'here for security purpose u will want to replace all the single quote in username and password with 2x single quote (you do that to avoid SQL injection form bots / hackers
username = replace(username ,"'","''")
password = replace(password,"'","''")
sqlValidateUser = "SELECT top 1 * FROM Customer where username='"&&"' and password = ''"
set rsValidateUser = objCon.execute(sqlValidateUser)
if not rsValidateUser.eof then
   session("authentified") = "1"
   response.redirect("table.asp")
   response.end()
else
   response.redirect("YOUR_ERROR_PAGE.asp")
   response.end()
end if
rsValidateUser.close

then in your include.asp u will want something like :

'Validating if your NOT on login.asp or loginvalidate.asp ... if not Check if your logged in ... if not redirect to error page or login form
    if not instr(lcase(request.servervariable("url")),"login.asp") > 0 and not instr(lcase(request.servervariable("url")),"validatelogin.asp") > 0 then
       if session("authentified") = "1" then
          response.redirect("your_Error_page.asp")
       end if
    end if

not 100% sure about the include.asp code i did not validate any of it but it should look like that

Under your root folder create an \includes folder. Within \includes add a "functions.asp" page and put your common data access functions in that page. Include NO HTML - just server side script.

In your authentication page, add #include directives that point to your includes folder: example:

<!-- #include file = "../includes/functions.asp" -->

Then from your auth page you call any functions defined in functions.asp.