397 users using DBSP now!
Home  I  Company  I  Services  I  Documentation  I  Downloads  I  E-Support
home -> documentation -> language reference -> LOGIN tag


Description

The LOGIN tag is used to grant user access to a private site. Moreover, this element is a fundamental piece in the control mechanism of access privileges. When you include a LOGIN element in your code, the tag is replaced with a link that contains the necesary information to authenticate the user. This information is encrypted with the site key defined in the DBSP Configuration application for the corresponding site.


Syntax

<#LOGIN ALIAS="AliasName" QUERYID="QueryNumber" [DOC="DocName"] [QUERYIDLOG="QueryNoLog"]/>

ALIAS This property defines in wich database the sentence will be executed. The database is referenced by the alias name. This alias name must be previously configured with the DBSP Configurator application.
QUERYID This is the reference to a SQL sentence that is used to validate the user credentials. When the query is executed and returns at least one record, the access is granted. Otherwise (no records), the access is denied.
DOC Define in DOC the page that you want to display allways after a successful login.
QUERYIDLOG Specify in QUERYIDLOG the id of a SQL sentence to execute after a successful login. This feature is commonly used for building access logs.



Note: After the LOGIN has been successful (the query retuns at least one record) all the information retreived by the query is stored on the SESSION object. This information could be later used while the session remains active.


When login fails

After the LOGIN fails, a reason code is stored in the variable LOGINFAILED inside the SESSION object. Here are the SESSION.LOGINFAILED possible codes:

11001 Invalid username/password combination. The SQL Statement specified in the LOGIN tag did not return any row. In this case, you must notify the user that the authentication data provided is invalid.
11002 Session expired. In this case, the user was previously authenticated but the server has not received activity from the user in more time than the specified in the site TIMEOUT setting. So the DBSP engine has killed the session for security reasons and the user must provide his authentication information again. You can change the time out setting using the DBSP Configuration tool.
11003 Could not login into the system. This error occurs if the site is not configured properly. Make sure that: 1) Your site is pointing out to the right directory and the site configuration settings are correct. 2) Your web server have been restarted after the changes has been made.


Note: Particularly in Microsoft IIS, virtual paths are incompatible with the DBSP security model. We recommend creating a new site instead using virtual paths.


References

LOGOUT
USERLIST
SESSION object


Applications

The LOGIN tag is used for private sites where access control is a requirement. This tag performs the authentication of the user and logs him into the system. If you want to know more about private sites, please go to the Enviroment Guide in the section: Building private sites.


Examples

Example 1. A snippet from the DBSPTech site.

Here you have the login snippet extracted from DBSPTech site default page. However, it has been modified for the example purposes.

Source code


File: examples/login.dbsp

   <#IF EXPRESSION="(SESSION.LOGINFAILED!=UNDEF)">
     <#CASE> 
      <#OPTION EXPRESSION="SESSION.LOGINFAILED=11001">
        Invalid session or account inactive!
      <#/OPTION>                 
      <#OPTION EXPRESSION="SESSION.LOGINFAILED=11002">
        Your session has expired! Please log in again.
      <#/OPTION>                 
    <#/CASE>             
   <#/IF>             
             
  

e-mail
  

  
password
  
  



SQL Sentence: ID=1
SELECT USERID, USERFULLNAME FROM DBSPUSERS WHERE USREMAIL= <#TXTEMAIL/> AND USRPASSWORD = <#txtPASSWORD/>

Test the example using your DBSPTech account!