ASPLogin Samples

Overview

This function allows you to install an ASPLogin sample that provides user authentication and management for Active Server Page (ASP) based Web sites and applications.

Installation

The samples are installed on /ASPLogin directory, not the Web root.

Configurations

You may edit asplogin.asp, aspldeny.asp, headers and footers to match your site.

sign-up.asp page has a few variables that need to be setup.  These variables are in the first 4 lines of the sign-up.asp. They are:

Const ADMIN_EMAIL="any@email.com"
Const EMAIL_SUBJECT="Website Membership"
Const SIGNUPGROUP="groupa"
Const LOGIN_PAGE="http://www.anydomain.com"

The ADMIN_EMAIL is the address that receives the e-mail each time a user registers. It is also the from address the users receive after they sign up from your site.  
EMAIL_SUBJECT is the subject of the e-mail message. 
SIGNUPGROUP is the group in your database for which the users are registering.  Change this to reflect a group in your database. 
LOGIN_PAGE is the URL of the page your users receive in the e-mail to log on your site.  Do not make this page asplogin.asp. You must specify the actual name of the page you want the user to log on to.  As long as you have ASPLogin installed and configured for that page, your users will be prompted to log on.

The same goes for the lost_your_password.asp script.  Here are the variables that need to be set in this script as well.

Const ADMIN_EMAIL="any@email.com"
Const LOGIN_PAGE="http://www.anysite.com"
Const EMAIL_SUBJECT="Lost Your Password"

ASPLogin will display an "invalid login" message on the login page if a user enters a user name/password combination that is not in the database. You may customize the "invalid login" message by setting Session ("asplLoginError") in global.asa (more on global.asa below). This is particularly useful for sites that are not written in English.

Enabling protection for your documents

Each ASP file that will be protected by ASPLogin must have a small piece of ASP code at the start of the file, before any other HTML or server-side scripting. Microsoft ASP uses VBScript by default, however, an example is also provided in JScript. The following code should reside at the very top of your page:

<%@ LANGUAGE=VBScript %>
<%
Set asplObj=Server.CreateObject("ASPL.Login")
asplObj.Protect
Set asplObj=Nothing
%>

Or, in JScript:

<%@LANGUAGE=JScript%>
<%
asplObj=Server.CreateObject("ASPL.Login");
asplObj.Protect();
asplObj="";
%>

By placing this code on your ASP files, users will automatically be sent to the login page (asplogin.asp) the first time they access one of the ASP files. After logging on, visitors will be able to go to any protected page on your site without having to log on again during their site session. If they come back at a later date, they will be presented with the login page once again, regardless of which page they access first.

After the ASPLogin samples are installed on your site, you can access the protected testing page at /asplogin/test.asp.

Administration

After the ASPLogin samples are installed on your site, you can log on to the administration page /asplogin/aspladmn.asp using the default user 'Admin', with the password 'Admin' in the ASPLogin pre-made database.

You should change this user's password immediately when you first run the Web administration page. Note that ASPLogin passwords are case sensitive

Documentation

After the ASPLogin samples are installed on the site, you can view the documentation on /asplogin/ASPLogin2000docs.htm.