6_2008-2009 Security #201597

Login Authentication with 2 Files!

Name: Login Authentication with 2 Files!
Brand: Planet Source Code
SKU: PSC-201597
Availability: InStock
Rating: 4.7 (647 reviews)
Author: Nik Martin

Nik Martin

★★★★★

4.8 · Downloads: 2,341

This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.

KI-Zusammenfassung: This codebase represents a historical implementation of the logic described in the metadata. Our preservation engine analyzes the structure to provide context for modern developers.

Quellcode

includelogin.asp:
<%
'include this on pages to protect
' (put it before the <html> tag):
'<!--#include file="includelogin.asp"-->
Response.Buffer = True
Function ValidateLogin(sId,sPwd) 
	dim FSObject
	dim LoginFile
	
	Set FSObject = Server.CreateObject("Scripting.FileSystemObject")
	Set LoginFile = FSObject.OpenTextFile(Server.MapPath("passwords.txt")) 	
	' change this to the path\name
	' of the file that holds your passwords
	'DATA FORMAT IN TEXT FILE: "username<SPACE>password"
	
	ValidateLogin = False
	
	WHILE NOT LoginFile.AtEndOfStream 'Scan the text file to determine if the user is legal
		IF LoginFile.ReadLine = sID & " " & sPwd THEN 	'If username AND password are found,
			ValidateLogin = True 			' You passed!
				
		End If
	WEND
	LoginFile.Close 'Close the text file
	Set LoginFile = Nothing 'free up objects
	Set FSObject = Nothing	
End Function
Dim sText
Dim fBack
fBack = False
If Request.Form("dologin") = "yes" Then 
	'Try to login
	If ValidateLogin( Request.Form("id"),Request.Form("pwd") ) = True Then
		'It is OK!!!
		'We are logged in so lets go back to the file that included us 
		fBack = True
		Session("logonid") = Request.Form("id")
	Else
		sText = "Wrong User ID or Password"
	End If
Else
	'We are not trying to login...
	If Session("logonid") <> "" Then 
		'
		fBack = True
		'We are logged in so lets go back to the file that included us 
	Else
		sText = "Please login"
	End If
End If
If fBack = False Then %>
	<html>
	
	<head>
		<meta http-equiv="Content-Language" content="en">
		<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
		
		<title>You need to login</title>
		
	</head>
	<body>
	<%=sText%>
	<%
	Dim sURL
	sURL = Request.ServerVariables("SCRIPT_NAME")
	If Request.ServerVariables("QUERY_STRING") <> "" Then
		sURL = sURL & "?" & Request.ServerVariables("QUERY_STRING") 
	End If
	%>
	<form method="POST" action="<%=sURL%>">
	<input type="hidden" name="dologin" value="yes">
 	<table border="0">
 		<tr>
 			<td>User ID:</td>
 			<td><input name="id" size="30"></td>
 		</tr>
 		<tr>
 			<td>Password:</td>
 			<td><input type="password" name="pwd" size="30"></td>
 		</tr>
 	</table>
 	
 	<p><input type="submit" value="Login" name="B1"></p>
	</form>
	</body>
	</html>
<%
Response.End
End If
%>

Originalkommentare (3)

Wiederhergestellt von der Wayback Machine