Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10

Thread: Login script

  1. #1
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post

    Login script

    Just learning ASP, could someone check over this code to see if it looks okay. I can't test it yet due to issues with IIS, just waiting for responses in my threads for that issue.

    PHP Code:
    <%
    'Include encryption script'
    <!--#include file="sha256.asp"-->

    'We will need the TRUE date, so not 9/5/2013, we need 09/05/1013'
    function trueDate()
       
    Dim datee
       datee 
    date()
       
    Dim filename
       filename 
    ""

       
    if Month(datee) < 10 Then filename "0"
       
    filename filename Month(datee)

       if 
    Day(datee) < 10 Then filename filename "0"
       
    filename filename Day(datee) & Year(datee)

       
    Response.Cookies("workDate")("date") = filename
       Response
    .Cookies("workDate")("session") = Session.SessionID
    End 
    function

    'Retreive the POST variables'
    Set username Request.Form("username")
    Set password sha256(Request.Form("password"))
    Set remme Request.Form("remme")

    'Check the data has been entered into the fields'
    if username == null then
        response
    .write("Please enter a username")
        
    response.End
        
    else if password == null then
            response
    .write("Please enter a password")
            
    response.End
        end 
    if
        
    'Create connection and load users database'
    Set conn Server.CreateObject("ADODB.Connection")
    conn.Provider="Microsoft.Jet.OLEDB.4.0"
    conn.open "data\databases\users.mdb"

    Set rs Server.CreateObject("ADODB.recordset")
    Set sql "SELECT * FROM users WHERE username LIKE " username
    rs
    .Open sql,conn

    if Strcomp(password,rs.Fields('password'),1)=0 then
        
    'Get the permissions'
        
    set perms rs.Fields('perms')
        
        
    'Write message and create cookies for session'
        
    response.write("Login Successful!");
        
    response.Cookies("logged")("perms") = perms
        response
    .Cookies("logged")("username") = username
        
        
    'Now logged in, set the date cookie for use with folder names, and record setting'
        
    trueDate()
    end if
    %> 

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,650
    Thanks
    80
    Thanked 4,638 Times in 4,600 Posts
    Well "truedate" can be a lot simpler:
    Code:
        truedate = Replace( FormatDateTime( Date(), vbShortDate ), "/", "" )
    Wrong:
    Code:
    Set username = Request.Form("username")
    Right:
    Code:
    username = Request.Form("username")
    You can *ONLY* use the SET keyword in VBS with objects. Request.Form("...") produces a string, which is not an object in VBS.

    *****

    WRONG:
    Code:
    if username == null then
    The value from Request.Form() or Request.String() is never null unless the named field did not even exist in the posted data. In other words, unless you posted from the wrong page.

    My preferred coding:
    Code:
    username = Trim(Request.Form("username"))
    If username = "" Then
       ...
    ***********

    Way wrong:
    Code:
    if username == null then
        response.write("Please enter a username")
        response.End
        else if password == null then
            response.write("Please enter a password")
            response.End
        end if
    First of all, VBS doesn't have an == operator. You must use just =

    In VBS, when used as above, ELSEIF must be all one word, no space.

    But Response.End *IMMEDIATELY* terminates any response. So there is no need for the elseif.

    Just code:
    Code:
    if username = ""l then
        response.write "Please enter a username"
        response.End
    End If
    If password = ""l then
        response.write "Please enter a password"
        response.End
    End If
    Note that I omitted the parentheses in Response.Write. Although they will work, they are technically an error. Response.Write is a SUB, not a FUNCTION. And you don't use parens when calling a SUB in VBS. They work because ("...") is seen as a single expression. If this were a SUB that took two arguments, though, you'd get an error.

    In short... You pretty much have hash there.

    Get ASP working and start debugging.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    martynball (05-11-2013)

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,650
    Thanks
    80
    Thanked 4,638 Times in 4,600 Posts
    Oh, and there's a 99% chance this won't work:
    Code:
    conn.open "data\databases\users.mdb"
    *PROBABLY* you need to use
    Code:
    conn.open Server.MapPath("data\databases\users.mdb")
    Without Server.MapPath, that filename will be relative to the directory where IIS was started from.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    martynball (05-11-2013)

  • #4
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    Okay thanks for all of that

    One question "If password = ""1 then" what does the "1" do?

  • #5
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,650
    Thanks
    80
    Thanked 4,638 Times in 4,600 Posts
    I don't know where those 1's came from.

    I'd swear I didn't type them. I could see making one typo like that, but two?

    Should be just If password = "" Then

    Anyway, apologies for the confusion.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    martynball (05-12-2013)

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,650
    Thanks
    80
    Thanked 4,638 Times in 4,600 Posts
    Figured it out! Those aren't 1's (numeral one). Those are lower case L's.

    And it must have come from my editing your "== null" and leaving behind one of the "l"s.

    So it is all my typo. Sorry!!
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    martynball (05-12-2013)

  • #7
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    .dunna matter
    Last edited by martynball; 05-12-2013 at 08:15 PM.

  • #8
    Regular Coder
    Join Date
    May 2012
    Location
    USA
    Posts
    101
    Thanks
    0
    Thanked 7 Times in 7 Posts
    I checked the code and it looks fine to me, I think it's the error of IIS.

  • #9
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,650
    Thanks
    80
    Thanked 4,638 Times in 4,600 Posts
    Quote Originally Posted by annaharris View Post
    I checked the code and it looks fine to me, I think it's the error of IIS.
    You *ARE* kidding, right???

    How can code such as if username == null then be correct in VBScript coding?

    Are you making fun of this thread? Laughing at it because it's not about PHP? Or what? That may be the silliest comment about really bad code I've seen in a long long time.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #10
    Regular Coder
    Join Date
    May 2012
    Location
    USA
    Posts
    101
    Thanks
    0
    Thanked 7 Times in 7 Posts
    I too had issues related to IIS. Is it really important to enable IIS to implement your Asp code?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •