Submit Tutorials

Script Location

Let's consider how to code a script on the welcome.asp page to check the information transmitted from the logon.asp page. We'll assume for the present example that we only need to check that the submitted password is "xyzzy." If users do NOT enter this value, then they do not get to see this page. Rather, the script will direct that the logon.asp page be returned to the user so that the form can be redisplayed. If they submit the correct password, however, the welcome.asp page will be returned to the user.

The script needs to be at the top of the welcome.asp page so that it can evaluate the password and determine the course of action (return the logon.asp page or return the welcome.asp page) before a page is returned to the user. You always need to keep in mind that the location of a script depends in large measure on when it is to be run or where on the page where its processing is required.

In order to check the password, the VBScipt coding uses an If statement. If the password is incorrect, the user is immediately redirected back to the logon.asp page. If the password is correct, the user does not get redirected and the welcome.asp page is transmitted to the user. Here is the coding for the complete page:

Accessing the Request.Form Collection

Recall that data submitted from a form are placed into the Request.Form Collection, and that the values from the form fields can be accessed through the reference Request.Form("name"). Therefore, the script references Request.Form("Password") to check the password value that was entered on the form and transmitted to the server:

If, as evaluated here, the Password value is not "xyzzy", then the user is redirected to the logon.asp page with the statement Response.Redirect("logon.asp"). If, on the other hand, the value submitted is "xyzzy," then the redirection doesn't take place. The script ends and this welcome.asp page is sent to the user's browser.

The Response.Redirect() Method

Recall that the ASP Response Object contains properties and methods that generally deal with output from server processing. The Response.Write() method, for example, has been used to write server variables, text, and HTML directly to a Web page. This object also supplies a Redirect() method that is used to transfer script control directly and immediate to a different page. Its general format is shown below.

This redirection is exactly what we want to happen if the user types the incorrect password. So, the code

transfers script control directly to the logon.asp page if the user has submitted the incorrect password. Thus, the user does not get an opportunity to see the welcome.asp page. Before the server finishes processing the welcome.asp page and sending it to the user in response to the action="welcome.asp" URL request that was coded on the form, the script interrupts and directs the server to access the logon.asp page and send it to the user instead.

Viewing the Page Source

You might be wondering why we would code a password directly on a Web page. Wouldn't it be seen by someone who looks at the code listing through the browser's "View Source" menu? Remember that the server intercepts .asp pages and does not immediately send them back to the browser making the URL request. First, the server runs the page through its ASP processor. It looks for VBScript code and executes that code, all the while recreating a purely HTML version of the page to be sent back to the user. Users never receives and never get to see any code on the pages transmitted back to the browser. They only get to view the results of processing--not the processing instructions themselves. Therefore, it is perfectly safe to include passwords or other private information within a script. This is not to say that this is the best way to check passwords; but it's a sufficient start.

Testing the Application

You can test this application by clicking the following link. A secondary window is displayed to run the logon.asp and welcome.asp pages.

Run Logon Application