Active Server Pages

In this tutorial we will show how to use Microsoft's ASP to present to login form and validate the login credentials against a database. If the user is authenticated they will be redirected to the site's main page. If the information is incorrect the user will be asked to reenter the data.
You can program ASP pages in a variety of languages. We will use VBScript for this example.
Create a file called "login.asp" in the wwwroot folder with your favorite text editor.
Start the code by declaring that we will use VBScript (language=VBScript) and that we want to be warned of undeclared variable (option explicit).

<%@ Language=VBScript %>
<%Option Explicit
Dim strConn
Dim strSQL
Dim rstTable

The <% and %> symbols mark the beginning and ending of code to be run on the server. This code will perform some server side actions (like reading the database) and produce dynamic HTML output.
We will use our .asp script to perform two actions.
1) Show the login form.
2) Validate the user credentials.
When you type in a URL in your browser like www.bigwuptido.com?Seek=NewsOfTheDay the ending part '?Seek=NewsOfTheDay' is called a Query String. We can get that piece of the URL through the Request object. The Request object is one of the built in server objects. It handles information coming from the browser. The Response object handles information going to the browser. Here are some commonly used properties and methods:
Request.QueryString("Seek") - This would return the string "NewsOfTheDay" in the example above.
Request.Form("UserID") - This would return the text entered into an input box named "UserID".
Response.Write "<b>This is not your father's coding paradigm.</b>" - Sends html to browser.
Response.Redirect ("http://www.bellyup.com") - Redirects browser to new URL.
Response.End - Tells the browser the page has ended. (Same as </html>)
Session("VariableName")=145.23 - This creates a session variable (a variable that can be accessed on any page the browser visits on your web site until they close their browser) called "VariableName". All variables in ASP are variants (variables that can change type).
So we'll will set up a select-case and show the login form if no query string has been passed and check the login creds if the query string 'Element=Logged'.

Select Request.QueryString("Element")
Case "" 'Show the login from.
 %><html><head><title>Failed login</title></head><body>
 <h1>Login Form</h1>
 <form name='frmlogin' method='post' action='login.asp?Element=Logged'>
 User ID:<input type='text' name='UserID'><br>
 Password:<input type='password' name='Password'><br>
 </form></body></html><%

The form's action is to 'post' back to this ASP page ('login.asp') with the query string 'Element=Logged'. Now the next time thru the code we will enter the following case:

Case "Logged" ' Test the login information.
 Session("Logged") = False
 Set rstTable = Server.CreateObject("ADODB.Recordset")
 strConn = "Provider=SQLOLEDB.1;User ID=myUserID;Password=myPassword;" & _
  "Initial Catalog=myDatabase;Data Source=myServer"
 strSQL = "Select UserID From UserTable Where " & _
  "UserID = '" & Request.Form("UserID") & _
  "' And Password = '" & Request.Form("Password") & "'"
 rstTable.Open strSQL, strConn
 If Not rstTable.EOF Then
  If Len(rstTable("UserID")) > 0 Then Session("Logged") = True
 End If
 rstTable.Close
 Set rstTable = Nothing

Here we create an ADO Recordset on the web server and connect to the database server "myServer". We have created a table called "UserTable" in the database "myDatabase" that holds UserIds and Passwords. We check the UserID and Passwords from the Request.Form method against the database table. If there is a match we set the Session variable "Logged" = True.
Next we will redirect the browser if the UserId and Password were found or we will ask the user to try again.

 If Session("Logged") Then
  Response.Redirect("main.htm")
 Else
  %><html><head><title>Failed login</title></head><body>
  Your login information was incorrect.  Use the back button to try again. 
  </body></html><%
 End If
End Select
Response.End %>

ASP can be very confusing at first since we are jump in and out of client side HTML and server side VBScript. It gets more complicated when you start adding client side scripts. It is not uncommon to write server side VBScript that writes client side javascript that writes HTML to the browser. But all this early confusion melts away and you are left with one text file that can tell the web server, database server and client browser what you want them to do. Pretty cool I think!