Login into protected pages - by www.lasp.net

<% '---------------------------------------------------------------------------------------- '- ASP Security Login - Version 2.0 - 01 June 2005 '- Copyright © 2005 - Livio Siri (http://www.livio.net) - All Rights Reserved. '---------------------------------------------------------------------------------------- Option Explicit '--- If bLogin = true then edit your username and password here-------------- UserName = "admin" Password = "pass" '--------------------------------------------------------------------------------------- '--- Prevent caching Response.Buffer = True Response.ExpiresAbsolute = Now() - 1 Response.AddHeader "cache-control", "must-revalidate" Response.AddHeader "cache-control", "private" Response.AddHeader "pragma", "no-cache" Session.Timeout = 20 '--- Define variables Dim sReferer, sGoBackTo, sUserName, sPassword, bLoginSuccessful, Error Dim UserName, Password if request.querystring("comebackto") <> "" then sReferer = request.querystring("comebackto") sGoBackTo = "?" & request.querystring end if '--- If Login Form has been submitted if request.form("Status") = "FormSubmitted" then sUserName = replace(request.form("txtUserName"),"'","") sPassword = replace(request.form("txtPassword"),"'","") '--- Check for username and password match If (sUserName = UserName) AND (sPassword = Password) then bLoginSuccessful = True Else bLoginSuccessful = False Error = "Wrong User name or Password" '--- Send user to the default page after 3 unsuccessful try Session("count") = Session("count") + 1 if Session("count") > 3 then Session.abandon response.redirect sGoBackTo End if End if Session("bLoginSuccessful") = bLoginSuccessful End if '--- After a successful login, let's send the user back to see the protected page '--- The variable sReferer holds the page to go back, '--- if it is empty, the user is redirected to the default page if bLoginSuccessful Then if sReferer = "" then response.redirect "../" else response.redirect sReferer end if else '--- If no login performed then display the Login Form %> Login into protected pages - by www.lasp.net

<% '--- Show error when credentials are incorrect if Error <> "" then response.write "" End if %>

" & Error response.write "

User name:
Password:

<% End if %>