authenticate.asp<%Dim URLURL = Request.QueryString
\’ 获得URL. %> <html><body><FORM METHOD=POST ACTION=\”/validate.asp\”> <INPUT TYPE=HIDDEN NAME=\”URL\” VALUE=\”<%=URL%>\”>\’ 将URL保存到一个隐藏变量中. 用户名: <INPUT TYPE=TEXT NAME=\”txtName\”>口令: <INPUT TYPE=PASSWORD NAME=\”txtPassword\”> <INPUT TYPE=SUBMIT></FORM></body></html> 再用validate.asp文件获取传递给它的信息,从数据库中读取用户名和口令,以判断是否给用户授权。
validate.asp<%Dim strUserName, strPasswordstrUserName = Request.form(\”txtName\”)strPassword = Request.form(\”txtPassword\”)\’ 从表单中读取用户名和口令.
\’ 建立数据库连接…
Dim strSQLstrSQL = \”select * from ValidUsers WHERE UserName = \” & _ strUserName & \” AND Password = \” & _ strPassword
\’ 进行SQL查询.Dim rsSet rs = Conn.Execute(strSQL)If rs.EOF Then
\’ 如果recordset不为空, 则用户名有效.Session(\”bolAuthenticated\”) = True
\’ 将bolAuthenticated 设为True. Response.Redirect Request.form(\”URL\”)
\’ 将用户传递到来过的URL.Else Response.Redirect \”/notvalidated.asp
\’ 否则用户无权访问,将用户传递到一个错误提示页面.End If%>[1]