ASPLogin v5.5
	ASPLogin v3.0
	ASPLogin

ASPLogin Documentation version 5.5

ASPLogin Documentation

ASPLogin version 5.5 comes in two types: the per site and the server versions.  The per siteversion is for use on one website only, while the server version can be used by multiple websites on one server.  Those respective websites must all be owned by the purchaser.

You can buy an ASPLogin Version 5.5 or Server license online at http://www.asplogin.com/

Contents

Introduction
Features and Important Info
Installation
Preparing your web project
Enabling protection for your documents
Additional ASPL.Login object methods
Setting up the user database and login forms in global.asa
Web-based administration
Using ASPLogin with virtual servers
Who's logged in?
User Logging (Pro)
User activation and expiration (Pro)
Getting Help
Summary of all ASPLogin settings, forms, variables and methods

Introduction

ASPLogin provides user authentication and management for Active Server Page (ASP) based web sites and applications.

ASPLogin uses an ActiveX server component to automatically send users to a login page, and then checks their authentication information and document permissions from a database. You may use either the ready-made user database provided with ASPLogin, or use any other ODBC datasource. ASPLogin also comes with a web-based administrator which can be used to setup users and groups in your ASPLogin database via a web browser. Both ASPLogin and the ASPLogin administrator are flexible enough to adapt to virtually any database schema you currently use or choose to implement.

ASPLogin works with ASP - your web site must reside on a server that can process ASP scripts, such as Microsoft Internet Information Server (IIS). ASPLogin is officially supported on Microsoft IIS4 or greater and Personal Web Server (PWS) 4 or greater, however it may work with other ASP-compatible web servers as well.

Version 5.5 Features and Important Info

Basic installation information is available in the readme file that is included with the software.

The best way to appreciate the various features of ASPLogin 5.5 is by logging into the admin or aspladmn.asp page.  The first time you login, the username/password is Admin/Admin.  Please change your password ASAP. 

When you login you will see the default user screen.  You will also be required to register the product before you can actually use ASPLogin Version 5.5.  Please see readme.txt for help on registrations.

USERS - To add a user, simply click on the red link that says "Add New User."  On the Users page, all tables can be sorted by clicking on the fields.  If you click on the specific user, you can view and modify his or her information.  You can also check whether they receive a newsletter or not.  Also on this page, you can view the user limits, as well as individual stats.

GROUPS - Adding a group is similar to adding user.  One new feature in ASPLogin Version 5.5 is the group redirection.  You can redirect a group to any webpage you'd like.

EMAIL - Another great feature Version 5.5 offers is a built in blast email system.  You can email your entire database, certain groups, certain users, or even users that names begin with the letter "a."   You also have the option of sending html or just plain text emails.  Version 5.5 works with CDONTS or ASPEMAIL, but can be customized to work with almost any component.

CONTROLS - Instead of actually going into a database, be it SQL or Access, an admin can choose their own fields, as well as what type of field they need.  You can also add your own custom fields.  An admin can specify whether these fields are shown in the Admin form, in User Listings, or in the signup page.  Fields can be set as either text, checkbox, number, date-time, or email.

DIAGNOSTICS - Important information is displayed in this section including your registration and connection to your database.

STATISTICS - This is where you can view statistics on any user in your database.  On the default page, you will see the last 10 logins and the last 10 pages visited.  The information displayed is the exact times, durations of each visit, and even the IP address of the remote user.
You can also view the most popular pages, unique visitors, as well as page hits.

USER LIMITS - This is under the Users tab.  You can set simultaneous logins to be either one, or multiple logins.  You can also set time limitations on a user.   This means you can set aside certain blocks of the day when a user can or cannot login. 
An admin can also limit access by IP address for the user.

DATABASE CLEANUP - Remove data based on week, months, or year.  Also, clean up tracking info and email stats.  This is found in the controls tab.

SITE SETTINGS - This is where you can set your session timeouts in minutes, as well as limit the login attempts.  This is found in the controls tab.

SIGNUP - The signup.asp page is where you want to link your users to sign up as members.  This is all easily customizable, meaning the look, as well as the fields show.

PROTECTING PAGES - An example is show further down this document, but you can view the protected_example.asp that comes with your software.

FORGOT MY PASSWORD - This was an important feature with the old software, and is equally important with Version 5.5.  Please link to the forgot page you receive with the software.

CONFIG FILE - This is where you can edit your information, including choosing your admin, email component, as well as the SMTP server.  Do not delete this file!

Installation

Also see readme file
ASPLogin Version 5.5  can be installed by simply registering the asplogin5.dll file in your Windows System32 folder.  You will then upload the administrative web scripts provided to you to your website.  On your first visit to these web pages in your browser, you will be required to register your purchase with the ASPLogin.com servers.  For a more in depth documentation on installation, please view the installation files contained in your ASPLogin purchase.

Portions of ASPLogin require the Microsoft Visual Basic 6 runtime files and Data Access Components version 2. If you do not have these files installed, you can obtain them for free from Microsoft at http://support.microsoft.com/download/support/mslfiles/Vbrun60.exe and http://www.microsoft.com/data/mdac2.htm (ASPLogin requires only the minimal installation).

You may uninstall ASPLogin by un-registering the asplogin5.dll file on your machine.

Preparing your web project

Make sure that every HTML document you wish to protect with ASPLogin has the extension .asp, not .htm or .html. If you use a site management package, such as Microsoft FrontPage, you should be able to rename your files without breaking any links.

Your web server must be configured so that all the documents that you with to protect reside under one server root which has both read and execute or read and script permission.

Copy and paste the files from the "asplogin" folder located within your zip file download onto the root of your website.

You may edit asplogin.asp and aspldeny.asp to match your site. Be sure, however, not to modify any of the ASP code in asplogin.asp before <HTML> or between <!--ASPLogin form begins--> and <!--ASPLogin form ends-->.

ASPLogin will display an "invalid login" message on the login page if a user inputs a user name/password combination that is not in the database. You may customize the "invalid login" message by setting Session("asplLoginError") in global.asa (more on global.asa below). This is particularly useful for sites are not written in English.

If you are using ASPLogin, you may also want to have specific documents for users whose accounts have expired or are inactive. To use these features, create HTML or ASP files for your expired and or inactive user pages and place them under your web server root. You will have to set session variables with the path to these files (see global.asa, below). If you do not set these extra files up, ASPLogin will just send expired or inactive users to aspldeny.asp by default.

Enabling protection for your documents

Each Asp file that will be protected by ASPLogin must have a small piece of ASP code at the start of the file - before any other HTML or server-side scripting. Microsoft ASP uses VBScript by default, however an example is also provided in JScript. The very top of your Asp files should read:

<%@ LANGUAGE=VBScript %>
<%
Set asplObj=Server.CreateObject("ASPL.Login5")
asplObj.Protect
Set asplObj=Nothing
%>

Or, in JScript:

<%@LANGUAGE=JScript%>
<%
asplObj=Server.CreateObject("ASPL.Login5");
asplObj.Protect();
asplObj="";
%>

By placing this code on your Asp files, users will automatically be sent to the login page (asplogin.asp) the first time they access one of the Asp files. After logging in, they will be able to go to any protected page without having to log in again during their site session. If they come back at a later date, they will be presented with the login page once again, regardless of which page they access first.

To manually log a user out of your site, they need to access a page containing the ASP script:

<% Session.Abandon %>

User, group and date expiration settings can be added in each document with the following directives, placed between the Server.CreateObject and Protect lines:

asplObj.Group("GroupName")

asplObj.User("UserName")

asplObj.LastDate("1/1/2001")

For example, to make a document available to all users in a group called 'management', members of a group called 'administrators' and a user called 'fred' (who may or may not be in either of the groups), you would add the following code to the top of the document or view the protected_example.asp page that comes with the software.

<%@ LANGUAGE=VBScript %>
<%
Set asplObj=Server.CreateObject("ASPL.Login5")
asplObj.Group("management")
asplObj.Group("administrators")
asplObj.User("Fred")
asplObj.Protect
Set asplObj=Nothing
%>

Additional ASPL.Login object methods

An ASPL.Login object can also call the method

asplObj.ResetPermission

which clears all user, group and lastDate directives already set on the current page. This is useful only when you are running conditional permission code. Most ASPLogin installations will never use asplObj.ResetPermission.

Finally, ASPL.Login objects have a DebugInfo method which returns the version number and debugging information.

Setting up the user database and login forms in global.asa

ASPLogin  comes with a pre-made MS Access format user database.

If you installed to another location, or plan to use a different data source such as MS SQL Server, you must set ASP session variables to tell ASPLogin where to find the database, and what the table and column schema is (if different from the default).

The best place to set this information is in the file 'global.asa' in the root level of your site. An example global.asa is shown below.

<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub Session_OnStart
Session("asplConnStr")="DBQ=c:\users.mdb;Driver={Microsoft Access Driver (*.mdb)};"
End Sub
</SCRIPT>

This example file sets the Session("asplConnStr") variable to point to an access database installed at C:\users.mdb

Other ASPLogin session variables are available for changing the table and field names that ASPLogin uses to authenticate users and check group permissions. You only need to set these if you do not use the pre-made database, and you only need to set them once per session, as above. There are also session variables for the locations of documents to direct users to if their account is expired, if an error occurred with the login, etc. The complete set of ASPLogin settings session variables is in the following table:

Session Variable	What it sets
asplUserTbl	name of the table with user info
asplGroupTbl	name of the table with group names
asplMemberTbl	name of table that maps users to groups
asplUserTbluserid	autonumber or identity field for users
asplUserTblusername	field with user name
asplUserTblpassword	field with password
asplUserTblactive	boolean (yes/no) for whether the user is active
asplUserTblexpires	last date that the user can log in
asplGroupTblgroupid	autonumber or identity field for groups
asplGroupTblgroupname	field with group name
asplMemberTbluserid	field in member table for userid
asplMemberTblgroupid	field in member table for groupid
Session("asplFormPath")	Path to asplogin.asp if not in the web server root
Session("asplDenyPath")	Path to aspldeny.asp if not in the web server root
Session("asplInactivePath")	Path to page for inactive users (default is aspldeny.asp)
Session("asplExpiredPath")	Path to page for expired users (default is aspldeny.asp)
Session("asplLogPath")	Windows path to user log file
Session("asplLoginError")	Error message to display when incorrect password or unknown user name is entered in asplogin.asp
Session("asplErrorPath")	Path to page for database errors during login (default prints a text message to the browser)

Web-based administration

The the web-based administration utility is installed by default as /aspladmn.asp under your web root. The administration utility is protected by ASPLogin like any other page in your site. Access to the administrator is initially restricted to the default user 'Admin', with the password 'Admin' in the ASPLogin pre-made database. You should change this user's password immediately when you first run the web administrator. Note that ASPLogin passwords are case sensitive

The web based administrator will let you add, edit and delete users and groups in your ASPLogin database.

Using ASPLogin with virtual servers

Follow the following steps to enable ASPLogin with more than one virtual server:

1. Make a copy of the default database for each virtual server (not necessary if you are using a different ODBC database for user names and passwords). You can name the database anything you like, e.g. site1.mdb, site2.mdb, etc. for different servers.
2. Add a line in each virtual server root's global.asa setting Session("asplConnStr") to point to the appropriate database for that server.
3. Make copies of asplogin.asp, aspldeny.asp and aspladmn.asp under the virtual server root.

Any other ASPLogin settings or features can now be used in the virtual server. Remember that you must purchase and enter registration information into the administrator for each domain you wish to use the Pro features in. An ASPLogin multiple domain license is available to activate Version 5.5 features for all virtual servers on one machine.

Who's logged in?

ASPLogin sets the session variables Session("asplUserName") and Session("asplUserID") with the name and id number of the current logged in user. You can use these variables in your own ASP scripts to customize your site content for different users.

User activation and expiration

The active field of the ASPLogin database (or any boolean or yes/no field in your own database) can be used to indicate whether users are permitted to log in to the site. If the active field is set to TRUE or YES then a user's login will be accepted. If the field is FALSE or NO, the user will be sent to aspldeny.asp. Alternatively, you can set the session variable Session("asplInactivePath") to an alternate file for inactive users.

The active field is useful for situations where users sign up, but then must wait until their credit card has been charged or other information has been received to access your protected pages.

Similarly, you may want certain users to only be able to access the site for a certain period of time. The expiration field allows you to set a date limit on any given account, after which they will not be able to log in. Just like the active field, if a user name has expired, the user will be sent to aspldeny.asp unless the session variable Session("asplExpiredPath") has been set to an alternate destination for expired users (such as a page to renew their membership).

User Logging

ASPLogin version 5.5 has new logging features that are accessible via the administrative control panel (aspladmn.asp)

Getting Help

Product and documentation updates are available at http://www.asplogin.com/. There is also a FAQ. Please check there first if you experience any difficulties.

E-mail technical support is available to registered users of ASPLogin Pro - there is no support for the freeware version. Registered users can send support questions to v5support@asplogin.com. Please be sure to include your serial number in the subject line of the message.

Summary of all ASPLogin settings, forms, variables and methods