Posts Tagged ‘yasir.in’

17 comments

Simple ASP Authentication System


2010
02.16

Tags: , , , , , , , , ,
Posted in technology | 17 Comments »


This article describes how you can secure ASP applications using simple, but quite effective authentication schemes. This article uses a very simple way to achieve this. Just follow the steps and you have a secure login system.

Step 1: Create a table of users

Just create a simple table of user logins and passwords. I have included a database userinfo.mdb with this example, which contains a sample table tUsers. tUsers has two fields – Username and UserPassword. Username is the primary key.

Download and copy this database on your hard disk.
Step 2: Set the default authentication status

This you do in the gobal.asa file. All you have to do is, set a session variable to a default “not authenticated” status.

Why? Because, when a users first come into the application, they are not valid until you have checked their “credentials.” The default status makes sure that everyone has to go through the front door.

In global.asa file, within the Session_OnStart event, write this code

<SCRIPT LANGUAGE=VBScript RUNAT=Server>
SUB Session_OnStart
‘ This is the default authentication status
Session(“Authenticated”) = 0
END SUB
</SCRIPT>

The authentication status is the most important thing to keep in mind, so don’t forget this.

Step 3: Create a login page

This is an ASP page, with just HTML in it. Call it say login.asp. For your convenience, here is the sample code:

<HTML>
<BODY BGCOLOR=FFFFFF>
<FORM ACTION=”verify.asp” METHOD=POST>
Name:
<INPUT SIZE=20>

Password:
<INPUT SIZE=20>
<INPUT VALUE=”Login Now”>
</BODY>
</HTML>

It contains a form with 2 INPUT elements. These elements are used to collect the user name and password of the user. This information we POST to verify.asp where we verify if the user is valid or not.

Step 4: Create the system DSN for the database

In order to access the userinfo.mdb, we need to create a system DSN in ODBC. If you are familiar with ASP, you can choose your own DSN scheme. To create a system DSN, do the following:

  • Open the Control panel of your machine (in Start ..Settings menu in Windows 95/NT)
  • Click on “ODBC”
  • Click on “System DSN” tab
  • Click “Add”. Choose the “Microsoft Access Database Driver”, and click “Finish”
  • Give the DSN a name, say “LoginDSN” In “Database” settings, click “Select” and point to the userinfo.mdb on your hard disk.
  • Click OK

This sets up a system DSN named “LoginDSN” on your machine. This will point to the userinfo.mdb on the hard disk.

Step 5: Create an authentication page

This is the verify.asp page we saw in step 3. In this page, we check for valid users. We get the user information from the login.asp (remember the form elements?)

Our intent is

    • Check for valid users and set the authentication status accordingly
    • If the user is valid, the authentication status is 1
    • If the user is invalid, the authentication status is 0

The code for verify.asp is as shown below. You can modify it accordingly.

<%
‘ Create a command object. This object serves to run our queries
Set Cm = Server.CreateObject(“ADODB.Command”)

‘ Specify the system DSN path
Cm.ActiveConnection = “LoginDSN”

‘ Now it’s time for the query. We need to check the user information
‘ against the table tUsers
Cm.CommandText = “SELECT * FROM tUsers WHERE ” & _
“UserName=’” & Request.Form(“UserName”) & “‘ AND ” & _
“UserPassword=’” & Request.Form(“UserPassword”) & “‘ ”

‘ Set the query type. 1 means it is a SQL statement
Cm.CommandType = 1

‘ Retrieve the results in a recordset object
Set Rs = Cm.Execute

‘ We now check if the user is valid. If user is valid, the recordset MUST
‘ haverecord. Otherwise it is empty. If user exists, we set authentication
‘ status to 1 and send the user to appropriate page, say welcome.asp.
‘ Else send the user back to login.asp
If Rs.EOF Then
Session(“Authenticated”) = 0
Response.Redirect (“login.asp”)
Else
Session(“Authenticated”) = 1
Response.Redirect (“welcome.asp”)
End If
%>

Step 6: Check the authentication status

This is the important piece of our system. We must check the authentication status on EACH ASP PAGE that we want to be secured. This is simple to do. Just check if the authentication status is 1, if not send the user back to login.asp. The sample code is

<%
If Session(“Authenticated”) = 0 Then
Response.Redirect (“Login.asp”)
End If
%>

Alternatively, you can copy this code into a file, say check.inc, and include the following code on top of your files instead.

<!– #include file=”check.inc” –>

As I mentioned before, this code needs to go on TOP of each page that you want to protect.

The above 6 steps help you to create a simple authentication system. Remember that this system protects ONE virtual directory and not the whole web site. You need to create one for each virtual path you want to secure.

Also, the above system is targeted towards new users. The database and the code is kept simple so you can learn from it. The entire system can be downloaded from this site. The zipped file contains the database and all the files.

About the Author

Syed Yasir Hashmi http://www.yasir.in is an I.T guru working in the industry for the last 12 years

Popularity: 13% [?]

  • Share/Bookmark
1 Comment

Using ASP for Form Handling


2010
02.16

Tags: , , , , , , , , , , , ,
Posted in technology | 1 Comment »

In this article, we will discuss how to use Microsoft ASP technology to handle user-submitted form data and then send that data to someone via email with Microsoft’s Collaboration Data Object for NT Server (CDONTS).

Introduction

Microsoft’s Active Server Page technology is a powerful server-side scripting method of web development that allows any web developer with a web server powered by NT’s Internet Information Services (IIS) and a basic understanding of HTML and VBScript to create powerful dynamic web pages.

This article assumes that you have the basic HTML and VBScript understanding mentioned above. However, I will explain anything that is crucial to your understanding.

If you have ever created or thought about creating an HTML form for user input on your web site, then you must have also dealt with the issue of handling the data once it is submitted (ie. where does the data go and how does it get there). As you may already know, if you want the information submitted to be emailed to you, you can simply put your email address in the action field of the FORM tag like this:



<form action="mailto:corinth@enfused.com" method="get" enctype="text/plain">








TIP: If you do not have time or the resources to program an ASP page or Perl script to   handle your form’s submitted data, you can use a little-known HTML trick to   make the submitted form data reach your inbox in a legible fashion. By adding   enctype="text/plain" to your form tag, the output will come across as   standard plain text rather than that garbled mess that normally comes across   when you set the action equal to mailto:some_email@address.com.






However, you probably also know that when you use the mailto action, your users will get an obnoxious and frightening security warning, and we do not want to scare your users away!


To avoid the security alert, you have a couple of options. First, if you are developing in a UNIX environment, using Perl and CGI would probably be your best bet. .


On the other hand, if you are developing in an NT environment, while you may still use Perl and CGI if Perl is installed on your server, it is recommended that you use ASP because it is easier to code and a bit more intuitive, for novices and experts alike.


In the remainder of this article, I will show you how to use ASP to handle the form data and then send it to an email address using the Collaborative Data Object for NTS (CDONTS), a special Windows NT COM object designed to send mail through the SMTP service on your web server.


Learn how to create and handle Web-based forms using ASP.


Forms collect data from the user and post it back to the server for processing. They feature in guest books, feedback pages, shopping carts, search engines, and almost all interactive websites. In this tutorial, we’ll show you how you can use ASP to get at the data that’s sent to the web server from a form.


Form Basics


All HTML forms are created using the form element:


 


<form method="xxxx" action="xxxx">


 


(form fields in here)


 


</form>


The method attribute controls how the information that the user enters in the form is sent to the server. The two options are:


GET 


Sends the form data as part of the URL (e.g. "script.pl?& email=joe@joe.com"). This is the default option. It’s useful and efficient for small amounts of data (e.g. a search engine query) and it’s easy for the user to refresh the results of the form by just pressing the browser’s refresh button. However it cannot be used for large amounts of data (more than a few hundred bytes).


POST 


Sends the form data encoded in the HTTP data stream. This is recommended for most types of forms (e.g. feedback forms and form mailers). The user will not see the form data in the URL. Large amounts of data can be sent this way. Unlike the GET method, the user cannot easily refresh the form results page – they usually see a dialog asking if they want to resend the form data – but this is often a good thing!


The action attribute specifies where the form data submitted by the user will be sent. Usually this is the URL of a script on the server – for example, http://www.yoursite.com/feedback.asp or http://www.yoursite.com/poll.asp.


If you’re thinking you recognise this part of the tutorial, that’s because it’s part of the ELATED HTML Forms tutorial. If you need any help on creating form fields, you might like to check out that tutorial.


Request.Querystring


We use the Request.Querystring collection to retrieve data posted from forms that use the GET method. The collection contains an entry for each form field posted to the server. Assume we have an HTML form as follows:


 


<form method="get" action="querystring.asp">


  Title: <select>


    <option value="Mr">Mr.</option>


    <option value="Miss">Miss</option>


    <option value="Ms">Ms.</option>


    <option value="Mrs">Mrs.</option>


  </select><br>


  First name: <input><br>


  City: <input><br>


  <input value="Send">


</form>


We could use


 


Request.Querystring("title")


Request.Querystring("firstname")


Request.Querystring("city")


to retrieve the values entered by the user. There would be a named entry for each named form field, so the “submit” button would also result in a value being stored in Request.Querystring("submit").


Request.Form


ASP provides the Request.Form collection to retrieve data sent from forms using the POST method. As with the QueryString collection, the Form collection also contains an entry for each form field posted to the server. So, taking our example form above and changing the GET method to be a POST, we could use:


 


Request.Form("title")


Request.Form("firstname")


Request.Form("city")


Request.Form("submit")


to retrieve the values entered by the user. Sometimes you’ll see ASP code where Request.QueryString("field_name") or Request.Form("field_name") has been written as Request("field_name"). This is a valid short-hand notation, however it is usually a good idea to explicitly reference the collection you want to use – it’s faster to execute and it avoids ambiguity where an item in a different collection might have the same name.


Multiple values


Sometimes we might have a form that contains a set of checkboxes. If we make these a group by giving them the same name, all the checked box values will be sent to the server using the same field name:


 


<form method="post" action="checkbox.asp">


  Please check the boxes to indicate your interests:<br>


  <input value="film"> Film<br>


  <input value="music"> Music<br>


  <input value="theatre"> Theatre<br>


  <input value="sports"> Sports<br>


  <input value="Send">


</form>


Assume we checked all four boxes, we can access the values like this:


 


Request.Form("interests")(1)


Request.Form("interests")(2)


Request.Form("interests")(3)


Request.Form("interests")(4)


We can also use the Count property to find out how many values were submitted. (In the above example, Request.Form("interests").Count equals 4.) This allows us to loop through the values using a For ... Next loop:


 


For counter = 1 To Request.Form("interests").Count


  Response.Write "You selected " & Request.Form("interests")(counter) & "<br>"


Next


(If you’re not familiar with loops, you might want to read our loops tutorial.) However, usually we’d want to use code like this to retrieve the data:


 


For Each item In Request.Form("interests")


  Response.Write "You selected " & item & "<br>"


Next


This loops through each of the values submitted one at a time and outputs each one. Unlike the previous For counter = 1 To Request.Form("interests").Count ... Next loop, the example above will work even when no checkboxes were selected.


In this tutorial, we’ve learnt how to access form data using ASP. This is a key skill that you’ll use time and again when creating websites. To make the most of forms, you’ll probably want to either store the data, or email the data to someone. We’ll show you how to do these in future ELATED tutorials


About the Author   


Syed Yasir Hashmi http://www.yasir.in is an I.T guru working in the industry for the last 12 years


Popularity: 2% [?]
  • Share/Bookmark





				
				




			


				



2 comments


				
Which database is best?





					2010 

					01.08


Tags: , , , , , , , , , , , , , , 
 Posted in database |   2 Comments »

				
				

					
It’s the question many of persons normally ask to me. “Which database is the best?”  And my answer is always the same; databases are like clothes you wear according to your size and status. So don’t see toward other’s experience just analyze your volume and size and then decide what database actually suits you. Let’s have a look on different databases and their qualities. We will move from medium to maximum.


1- My SQL 


Introduction:


MySQL is exceptional database as for as budget vs. performance is concerned. My SQL has almost 11 million installations worldwide and free to use.


 


Web Presence:


Now a day’s every 2nd dynamic website is using MySQL is its ultimate database for its robust and easy to use interface. Many web application also uses MYSQL is their database.


 


Pricing & Availability: 


If you are looking for a free database, having client server architecture with awesome reliability then you don’t need to look around. Go and download your free version of My SQL.


Future:


Sun Micro system purchased MySQL and Oracle Corporation is trying to buy Sun Micro system creating a threat for its free GNU license. But still it’s a batter product to use.


2- SQL SERVER


 


Introduction:


Evolved from Sybase SQL server, Microsoft worked hard to enter Database arena. And through SQL Server, Microsoft earned huge bucks. Easy to use/install Interface made it popular among students and mid range enterprises.


 


Web Presence:


With ASP/ASP.net support Microsoft made a good presence on web but SQL Server is only available on windows based hosting.


 


Pricing & Availability: 


Pricing varies on deployment scenarios. Please consult the Microsoft website for pricing


Future:


SQL Server has a bright feature because of strong Microsoft’s financial and technical backbone.


3- ORACLE Database


Introduction:


Oracle database is the leader in database industry due to its reliable architecture and robust features.  Having larger share in database market Oracle is having tough competition with its rival giants IBM and Microsoft.


Web Presence:


Although Oracle tried to make its web presence more visible by launching HTML DB (Oracle Xpress), but still they need to work a lot in this field as web masters still hesitate to get Oracle with their web apps due to Heavy structure and high pricing.


Pricing & Availability: 


Oracle offers pricing for its different database editions on the basis of region and no. of users. So prices may vary from country to country.


Future:


I must say that Oracle has the brightest feature amongst all the other database rivals, after buying soft ware people soft, JD Edward oracle grabbed a large pile of shares of database market


4- DB2


 


Introduction:


Once Industry leader, DB2 sounds a chuckle of past. But still IBM trying to retain its database market share, against its rivals Oracle and Microsoft.


 


Web Presence:


Having little web presence IBM seems not interested to grab this area.


Pricing & Availability: 


Not Available


 


Future:


I think DB2 is just waste of money as per small and mid size companies so investing in such database who’s market share is shrinking is a risk.

















About the Author 


Syed Yasir Hashmi http://www.yasir.in is an I.T guru working in the industry for the last 12 years.













Popularity: 4% [?]
  • Share/Bookmark





				
				




			


				



1 Comment


				
8 Tips on How to Start SEO Campaign





					2009 

					12.30


Tags: , , , , , , , , , , , , , , , , , , 
 Posted in technology |   1 Comment »

				
				

					
8 Tips on how to start SEO Campaign by Syed Yasir Hashmi


Several small & mid size businesses contact us daily for SEO consultation and helping their websites rank well on search engines. One common question we always hear is:


“Where and how do I start my SEO Campaign from?”


A couple of points to note before we start -


We are assuming that you already have the domain name because finding a good domain namewould be a separate topic.


Here are some of the most important steps that you can yourself take care of before going to any SEO company to manage your search engine marketing campaign.


1. Find your targeted keywords


The first and most important step is to determine what are the most important keywords for which you want your website to appear on search engines? You know your business more than anyone else. You know your target audience. So find out 10 phrases which you think that your prospective customers will search for.


2. Set the title of your website pages right


After you have decided on your keywords, the next step is to set them up properly. The title of your web page is the very first thing that any search engine crawler will read and take as a factor to rank your website. Your homepage title should contain your targeted keyword. All the other pages of your website should have title related to the content of that respective page. For e.g., the title of the registration page should be “Registration”. Keep in mind that you are not promoting your “registration” page. The idea is to “set things right”.


3. Set up meta keywords and description


Though Google has said they do not read meta tags content we still advise to put your targeted keywords in meta name=”keywords”/ field and one line description of your website in meta name=”description”/ field in your header tags. Many other search engines will still read them and Google won’t give you negative marks for that.


4. Unique content for the home page


Your website’s homepage should have a unique content describing your business. This introductory text should have the phrases that are in the title of the page. Experts say that you should use your targeted keyword 2-3 times in every 200 words so as to not get caught up for keyword stuffing. If possible, put your local business address and phone number on home page & contact us page to get noticed on “local business results” on Google.


5. Business Blog


Google loves a blog and so do the other search engines. Having a business blog pays – and this is something you should always remember. Whatever business you have, you must write 1-2 posts every week about your business. The articles can be about an industry news, a website update, a new recruit in your company – anything that relates in some way or the other to your business.


We recommend using wordpress because they are easy to set up and the come up with various SEO Plugins that help in optimizing your blog for search engine rankings.


6. Install Web Analytics


Once your website is up, you would definitely want to monitor your traffic. Any analytics software will show you how many visitors come to your website daily, where are they coming from and which keywords do they use on search engines to get on to your website. These are the most important metrics.


We suggest using Google Analytics!


7. Monitor your website rankings


Of course you are just starting your campaign. You might not be in top 100 on Google but sooner or later if you do the right things at the right time, you will find yourself in top 10 for that elite group of your targeted keywords.


We, at 2tech, offer this service for free. You can register your website with your targeted keywords and we will monitor your rankings on daily basis. You can be rest assure to get notified by email as soon as your rank has changed for Google, Yahoo or Bing. This will even help you track the work done by whichever SEO company you have chosen for your campaign.


8. Setup business profiles on social media websites


Twitter, Facebook, Digg, Delicious are some of the buzz words today in social media industry. Setting up your business profile on these & similar websites are must for a starter. Maintaining & optimizing them is again a different topic of discussion about which we will soon post here.


We hope that you found this list a good starting point to help you set up your SEO Campaign. We also advise our clients to educate themselves by spending 30 minutes daily in reading latest news in the SEO world. You may not be professionals but you sure don’t want to appear dumb when you talk to a SEO Company. Official blogs of Google, Bing, & Yahoo are good starting point but there are hundreds of freelance bloggers that can provide really valuable information as well a few ones that we love


http://blog.2tech.net (Highly Recommended)


http://www.dailyseoblog.com


http://www.seo-theory.com


Well, we have finished our part. Time for you now to add more points which you think would be useful for a beginner in the SEO world.

















About the Author


Syed Yasir Hashmi http://www.yasir.in is an I.T guru working in the industry for the last 12 years.













Popularity: 1% [?]
  • Share/Bookmark





				
				




			


		
		

			

			

		

	
	












  

    
      
      
      
      
      
      
      
        
        
        
        
        
		

         Get Adobe Flash playerPlugin by wpburn.com wordpress themes

       
    
  













		
        
My Highlights
         powered by 
        RoohIt
        (for WordPress)