educational and CCBill

Tony Trapp
I think there is a huge misconception about Windows and what it provides to the adult industry. I am not putting down any code engine such as ASP, PHP, ColdFusion, JSP or even Perl: I say if it works for you then use it; but I also believe it must work very well.

For example, I am the co-owner of a solo-site, I was originally contacted by the owner because her site was in desperate need of a complete makeover: She was losing members; videos loaded slowly; the photo names and many other file names even had spaces in them. In short, there was a lot of work to do, and in making a deal as a partner, I decided to give her all of my resources.

As her site is selling memberships, we have two credit card processors; one of them being CCBill, which will help to protect a directory or use a database. Since her site is built on 3.5, we are now switching over to a full database login system.

The problem was that CCBill only has an ASP script for this type of system, no scripts or any documentation. Geez, what shall I do now: am I to switch the site over to ASP, Perl or PHP? That would be a task and-a-half, so instead I wrote a script that works with CCBill using and the SQL Membership Provider.

Now why would I use this? Isn't Windows costly? What about — isn't that complicated to work with? Don't forget if you want to create an website, you will need a database system and it's probably best to get Visual Studio 2008, as well. Wow that's going to be costly and complicated; I guess I better go a different route…

Nothing could be farther from the truth. First 3.5 is a free, visual web developer which comes with SQL Server 2005 Express, which is also free and can be used for your development server and production server as well.

Visual Web Developer

SQL Server and SQL Server Management Studio

So all this stuff is free, but it's still going to be complicated; after all its Microsoft right?

Granted the ASP file that CCBill gave me was complicated in some parts such as the algorithm for MD5 encryption strings to compare against the same encrypted string that CCBill will send to the ASP script they provide.

For one thing, ASP does not have any encryption capabilities built into the engine like PHP's crypt function, so I guess I better stop now and scrap the whole idea I had...

Wrong again: what took about 400 lines of encryption is ASP and about 10 lines in PHP only took one line in using MD5.

Ok, but that database stuff is going to get real tricky and that's where a lot of code is going to take place when doing your login system.

Wrong once again: setting up your database using SQL Server 2005 would take about 20 minutes max, and the tables needed for using what's called login controls takes about 30 seconds.


The login control uses input validation to verify several things, including blank entries into fields as well as wrong information and "user does exist" messages.

Ok, so doesn't that take a lot of code? Not at all! Here is sample code for the login control:

<form id="form1" runat="server">

<asp:Login ID="Login1" runat="server" DestinationPageUrl="~/Default3.aspx">

That's it to do all of the functions that I just discussed.

The other few things needed for your login system to work are located in your web.config file, which is the core file for your web application. For Apache users this could be considered a file that you would use like httpd.conf, .htaccess or .htpasswd.

In this sample code for web.config, we first have our database connection string:

<add name="myConnectionString" connectionString="Data Source=TONYWINXP\SQLEXPRESS;Initial Catalog=hooker;Integrated Security=True" providerName="System.Data.SqlClient"/>

Then we want to let .NET know what type of protection we will be using by specifing this with the following entry in our web.config file:

<authentication mode="Forms">

Next we have our namespaces or classes that are built into the .NET framework:

<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Generic"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Linq"/>
<add namespace="System.Xml.Linq"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>

<add namespace="System.Web.UI.HtmlControls"/> </namespaces>

Ok so this looks easy; but what about protecting pages outside of the member's directory?

It's as easy as pie. Now that we have our login control we also have other controls called a login view, with two templates: One that will show content to users that are logged in, and another one that will show alternative content to the ones that are not logged in.

Ok that's sounds pretty simple, but what if I go to your site and hit a page that is not the login page; how will your system know what page to send me back to after logging in?

This is already built into the system: As long as that page has the login view control on it the .NET framework takes care of the rest of the work for you.

Here's some sample code for the loginview control along with loginstatus control and loginname control:

<form id="form1" runat="server">

Login Status:<br /><asp:LoginStatus ID="LoginStatus1" runat="server" />
<br />
<br />
Login Name:<br /><asp:LoginName ID="LoginName1" runat="server" />
<br />
<br />
<br />
Login view:<br />
<asp:LoginView ID="LoginView1" runat="server">
Hi there thanks for logging in congrats !!!
You have not logged in please do so.
<br />
<br />

What are these other controls you ask?

The loginstatus control does two things; if the user is logged in it will show a logout link; if the user is not logged in, it will show a login link.

The loginname control will show the member's username when logged in, so you could greet them by saying "Hi username, welcome to my site."

So where is the code to do this from the database? What you see is it!

Some of you might worry about security, but even though the web.config file is an XML file, it won't load remotely no matter what you do.

I think you're finally getting why I used by now and if not well that's ok not everyone likes changing things, but the power of mixed in with IIS 6.0 and SQL Server 2005 is unmatched. has over 35,000 classes built into it, that allow users to do everything from creating RSS feeds to manipulating images, making your site bi-lingual, security as shown in this article, Ajax implementation, even controls for tree menus, pop-up menus and something that really makes data retrieval powerful called the data cache.

IIS 6.0 also has something I really like called HTTP compression. SQL Server is very easy to manage and has powerful items built right into it and yes it will work with PHP, JSP, ColdFusion and ASP — the latest and oldest versions of the code engines alike.

But for now you know why I use