Introduction
This article provides a fully functional code for protecting websites from unwanted visitors. The code is developed in ASP (Active Server Pages) and VBScript (Visual Basic Scripting). The aim of developing code in ASP and VBScript is because both languages are cross-browser compliant and give a more secured way to protect website content. The code runs on both session cookies (hidden cookies) and textual cookies (not the JavaScript ones). The session cookie gives more security to web content and remain active till the browser window is open. The moment one closes the IE/NS window, these cookies expire. The textual cookies (written in ASP) are used in this code to welcome visitors and show the desired information. With the execution of this code, the following can be achieved - a new visitor can register his/her login information, can select the desired username and password, can view his/her account information, and can change it later. Plus, the site admin can view the account information of his/her registered users online. All actions performed are done with the help of database connectivity using MySQL. The code is written in a easy-to-understand-and-modify way. Even a beginner can use it without even learning ASP or VBScript. All you have to do is to upload files on the server or local intranet to view the results.
Using the code
About New User Registration & Login
Now, let me tell you how it works. Firstly, when the user wants to visit the protected are of your site, he/she has to register his/her name before logging in - for this, they can use registration.asp.
After completing the registration process, a new user can login using login.asp. The user enters the username and password here - if the username and password are correct, then the protected page will be opened - protected.asp. If the username or password are incorrect - an error message will be displayed and the user will be redirected to login page again.
To logout from the protected area, use - logout.asp. After logout, if the the user/member has to login again, then he/she has to repeat the above process.
About the Authentication File
Please note that this file is very important if you have links in the protected area of your website and you want them not to be open without proper login.
Example:
Login Page --> After entering correct username and password opens --> Protected Page
Protected Page
Link1 - Link2 - Link3 - Link4 - Link5
Suppose the user visits the protected area of the website on day1 and finds that there are some links available in the protected page (i.e. protected.asp, in this case) and the user visits one of the given links. If the user notes the URL of that particular page then the user can easily visit that page without login. To prevent this, an authentication file is used. Therefore, the user has to login each time the user visits the site.
There are two methods to perform this:
- By including an authentication file on the top of every page linked to the protected area, before the
<html> tag. <!---->
- By writing the content of the logincheck.asp on top of every page in the protected area, before the
<html> tag.
About User-Account Information
Registered users can view and change their account details online.
About Password Retrieving
If user forgets his/her password then he/she can use this feature. On submitting the details filled at the time of registration, one can easily retrieve his/her password, view it, and change it if required.
About Site-Admin
This is an added feature where the site administrator can view or delete the account Information of his/her registered user. This can be done online. This is a very useful feature for an e-commerce site.
Points of Interest
The code helps in the following ways:
Security Measures
- Protects web content from unauthorized visitors.
- Deletes web cookies immediately after the user closes the browser window.
- Immediate expiration of the web content (web pages) thus helping in not saving it on the user's temp folder.
- Prompts user to login again once the session expires. Even if the user presses the Back button of the browser he/she will have to login again.
- User can't save the protected pages (Internet Explorer only) from the File menu of the browser window to his/her hard drive.
- ASP session and textual Cookies are used to run this code. It gives an added security to complete a web-site.
Other Benefits
- Registered users can view their account details online and can change the password from time to time.
- The Global.asa file is included which helps in showing the number of active users on a site.
- Web-site hit-counter is included to view the number of visits on a specific site.
- Site admin can view the complete account details of registered users.
