Home 5_2007-2008 Login Authentication with 2 Files!
Advertisement
5_2007-2008 Security #179079

Login Authentication with 2 Files!

Nik Martin
★★★★★
4.8 · Downloads: 2,341

This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.

AI

AI Summary: This codebase represents a historical implementation of the logic described in the metadata. Our preservation engine analyzes the structure to provide context for modern developers.

Source Code
original-source 
includelogin.asp:
<%
'include this on pages to protect
' (put it before the <html> tag):
'<!--#include file="includelogin.asp"-->
Response.Buffer = True
Function ValidateLogin(sId,sPwd) 
	dim FSObject
	dim LoginFile
	
	Set FSObject = Server.CreateObject("Scripting.FileSystemObject")
	Set LoginFile = FSObject.OpenTextFile(Server.MapPath("passwords.txt")) 	
	' change this to the path\name
	' of the file that holds your passwords
	'DATA FORMAT IN TEXT FILE: "username<SPACE>password"
	
	ValidateLogin = False
	
	WHILE NOT LoginFile.AtEndOfStream 'Scan the text file to determine if the user is legal
		IF LoginFile.ReadLine = sID & " " & sPwd THEN 	'If username AND password are found,
			ValidateLogin = True 			' You passed!
				
		End If
	WEND
	LoginFile.Close 'Close the text file
	Set LoginFile = Nothing 'free up objects
	Set FSObject = Nothing	
End Function
Dim sText
Dim fBack
fBack = False
If Request.Form("dologin") = "yes" Then 
	'Try to login
	If ValidateLogin( Request.Form("id"),Request.Form("pwd") ) = True Then
		'It is OK!!!
		'We are logged in so lets go back to the file that included us 
		fBack = True
		Session("logonid") = Request.Form("id")
	Else
		sText = "Wrong User ID or Password"
	End If
Else
	'We are not trying to login...
	If Session("logonid") <> "" Then 
		'
		fBack = True
		'We are logged in so lets go back to the file that included us 
	Else
		sText = "Please login"
	End If
End If
If fBack = False Then %>
	<html>
	
	<head>
		<meta http-equiv="Content-Language" content="en">
		<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
		
		<title>You need to login</title>
		
	</head>
	<body>
	<%=sText%>
	<%
	Dim sURL
	sURL = Request.ServerVariables("SCRIPT_NAME")
	If Request.ServerVariables("QUERY_STRING") <> "" Then
		sURL = sURL & "?" & Request.ServerVariables("QUERY_STRING") 
	End If
	%>
	<form method="POST" action="<%=sURL%>">
	<input type="hidden" name="dologin" value="yes">
 	<table border="0">
 		<tr>
 			<td>User ID:</td>
 			<td><input name="id" size="30"></td>
 		</tr>
 		<tr>
 			<td>Password:</td>
 			<td><input type="password" name="pwd" size="30"></td>
 		</tr>
 	</table>
 	
 	<p><input type="submit" value="Login" name="B1"></p>
	</form>
	</body>
	</html>
<%
Response.End
End If
%>
Original Comments (3)
Recovered from Wayback Machine