1. create.asp
2. default.asp
3. login.asp
4. logout.asp
5. verify.asp
Saya membuat aplikasi dengan referensi yang saya peroleh dari http://www.planet-source-code.com/.
Berikut ini adalah source code dari masing-masing file asp:
1. file create.asp:
<%
Username = Request.Form("txtUsername")
Password = Request.Form("txtPassword")
Fullname = Request.Form("txtFullname")
if Username = "" then Response.redirect("login.asp?login=createnamefailed")
if Password = "" then Response.Redirect("login.asp?login=createpassfailed")
set conn = server.CreateObject ("ADODB.Connection")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.MapPath ("users.mdb")
set rs = server.CreateObject ("ADODB.Recordset")
rs.Open "SELECT * FROM userlist", conn, 3, 3
do while not rs.EOF
if rs("username")=Username then
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=createnamefailed")
end if
rs.MoveNext
loop
rs.AddNew
rs("username")=Username
rs("password")=Password
rs("fullname")=Fullname
rs.Update
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=creatednew")
%>
2. file default.asp:
<%
if Session("name") = "" then
Response.Redirect("login.asp")
else
Response.Write("<title>ASP Page</title>")
Response.write("<center>Selamat Datang " & Session("name") & "<br><a href=logout.asp>Logout</a></center>")
end if
%>
3. file login.asp:
<%
BackgroundColor="#C9DDB3"
BorderColor="#006600"
Content = ""
QStr = Request.QueryString("login")
if ucase(left(QStr,6))="CREATE" then
Title = "Register"
else
Title = "Login"
end if
if QStr="passfailed" then
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><P>Salah password</P><A href=Javascript:history.go(-1)>Back</A></td></tr>"
elseif
QStr="createpassfailed" then
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><P>Salah password</P><A href=Javascript:history.go(-1)>Back</A><BR><BR><A HREF=login.asp>Batalkan registrasi</A></td></tr>"
elseif
QStr="namefailed" then
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><P>Invalid Username</P><A HREF=login.asp?login=createnew>Klik di Sini Untuk Membuat Account</A><BR><BR><A HREF=Javascript:history.go(-1)>Back</A></td></tr>"
elseif
QStr="createnamefailed" then
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><P>Invalid Username</P><A HREF=Javascript:history.go(-1)>Back</A><BR><BR><A HREF=login.asp>Batalkan registrasi</A></td></tr>"
elseif
QStr="creatednew" then
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><P>Account Anda Telah Selesai Dibuat</P><A HREF=login.asp>Login</A></td></tr>"
elseif
QStr="createnew" then
Content = Content & "<form name=frmCreate method=POST action=create.asp>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><br>Username: <input type=text name=txtUsername></td></tr>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center>Password: <input type=password name=txtPassword></td></tr>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><br>Fullname: <input type=text name=txtFullname></td></tr>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><input type=submit name=cmdSubmit value=Register></td></tr>"
Content = Content & "</form>"
else
Content = Content & "<form name=frmMain method=POST action=verify.asp>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><br>Username: <input type=text name=txtUsername></td></tr>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center>Password: <input type=password name=txtPassword></td></tr>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><input type=submit name=cmdSubmit value=Login></td></tr>"
Content = Content & "</form>"
Content = Content & "<tr><td valign=top bordercolor="& BackgroundColor &" align=center><A HREF=login.asp?login=createnew>Klik di Sini Untuk Membuat Account</A></td></tr>"
end if
%>
<head>
<title>ASP Login</title>
</head>
<body link="<% Response.Write(BorderColor) %>" vlink="<% Response.Write(BorderColor) %>" alink="<% Response.Write(BorderColor) %>" text="<% Response.Write(BorderColor) %>"><
br>
<div align="center"> <
table border="2" cellspacing="5" bgcolor="<% Response.Write(BackgroundColor) %>" bordercolor="<% Response.Write(BorderColor) %>"width="250px">
<%
Response.Write("<tr><td valign=top align=center><b>" & Title & "</b></td></tr>")
Response.Write(Content) %>
</table>
</div>
</body>
4. file logout.asp:
<%
Session("name")=""
Response.Redirect("login.asp")
%>
5. file verify.asp:
<%
Username = Request.Form("txtUsername")
Password = Request.Form("txtPassword")
set conn = server.CreateObject ("ADODB.Connection")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.MapPath ("users.mdb")
set rs = server.CreateObject ("ADODB.Recordset")
rs.Open "SELECT * FROM userlist where username='"& Username &"'", conn, 1
If rs.recordcount = 0 then
rs.close
conn.close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=namefailed")
end if
if rs("password") = Password then
Session("name") = rs("fullname")
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("default.asp")
else
rs.Close
conn.Close
set rs=nothing
set conn=nothing
Response.Redirect("login.asp?login=passfailed")
end if
%>
Sedangkan untuk table-nya (userlist) menggunakan database Microsoft Access dengan format tabel sebagai berikut:
Field Data Type
username Text
password Text
fullname Text
Aplikasi tersebut akan error apabila kita melakukan sql injection pada menu login. Sebagai contoh: kita mengetikkan ‘or 1=1-- atau 'having 1=1-- pada form isian username dan password lalu meng-klik login maka aplikasi tersebut akan memunculkan halaman error.
Tampilan awal saat pengetikan username dan password pada menu login:
Tampilan berikutnya saat menu login dieksekusi dengan meng-klik icon login:
Tidak ada komentar:
Posting Komentar