Signing in and outThe sign in process starts with a call to ShowLoginStatus( ) in utils/Header.asp. The ShowLoginStatus function contains the following code:if ( IsLoggedIn ( ) )
Out ( '<a href="MemberLogout.asp">Sign out</a> ' + sMemberName );
else
Out ( 'Join in the fun! <a href="MemberLogin.asp">Sign in</a>' );
|
This will be the first call to IsLoggedIn( ), which first checks if the function has already been called on this page (if bLoggedIn is undefined), then checks if the Session has been signed in. Every visitor gets assigned a unique session - Session variables like this are available to every page on your web site, and allow you to store data that is unique to each visitor. If signed in then some other global variables are assigned from the current Session - this just makes it less expensive to access this data later in the page. if ( bLoggedIn == undefined )
{
bLoggedIn = Session ( 'Authenticated' );
if ( bLoggedIn )
{
sMemberName = Session ( 'MemberName' );
sMemberEmail = Session ( 'MemberEmail' );
nMemberID = Session ( 'MemberID' );
nMemberLevel = Session ( 'MemberLevel' );
}
}
return bLoggedIn;
|
Back in ShowLoginStatus( ), the user is either shown an option to sign in, or sign out. Signing in is done with a simple form asking for the member email and password. The ValidateLogin( ) function is then called when the form is submitted. Let's look at the ValidateLogin( ) function: // connect to database
DBInitConnection ( );
// search for matching email/password
DBGetRecords ( 'SELECT MemberID,Name,MemberLevel FROM Members WHERE Confirmed=True AND Email=\'' + sEmail + '\' AND MemberPassword=\'' + sPassword + '\'' );
if ( !oRecordSet.EOF )
{
Session ( 'MemberEmail' ) = sEmail;
Session ( 'MemberID' ) = oRecordSet ( 0 ) - 0;
Session ( 'MemberName' ) = '' + oRecordSet ( 1 );
Session ( 'MemberLevel' ) = oRecordSet ( 2 ) - 0;
Session ( 'Authenticated' ) = 1;
}
// release database
DBReleaseConnection ( );
|
So the database is searched for a matching email/password. If found the Session variables are initialized to the correct values, and the visitor is "signed in"! Signing a member out is a little easier! A call to Logout( ) in utils/Login.asp contains this code: // clear the authenticated status
Session ( 'Authenticated' ) = 0;
|
Big Important Note: Before I leave the subject of signing in, you should be aware that my implementation is NOT SECURE. Password information over a normal HTTP connection can be seen by anyone. On my site this isn't important, but remember to send important information via HTTPS in real life. Part 4: Signing in automatically with a cookie... | 
