Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Jan 2004
    Posts
    67
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Problems with login script

    Hi all, i am having problems with the login script: this is the validate script:
    <%
    'Save the entered username and password
    Username = Request.Form("Username")
    Password = Request.Form("Password")

    'Build connection with database
    set conn = server.CreateObject ("ADODB.Connection")
    conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.MapPath ("netteh.mdb")
    set rs = server.CreateObject ("ADODB.Recordset")
    'Open record with entered username
    rs.Open "SELECT * FROM Students where Username='"& Username &"'", conn, 1

    'If there is no record with the entered username, close connection
    'and go back to login with QueryString
    If rs.recordcount = 0 then
    rs.close
    conn.close
    set rs=nothing
    set conn=nothing
    Response.Redirect("login.asp?login=namefailed")
    end if

    'If entered password is right, close connection and open mainpage
    if rs("password") = Password then
    Session("name") = rs("Firstname")
    rs.Close
    conn.Close
    set rs=nothing
    set conn=nothing
    Response.Redirect("default.asp")
    'If entered password is wrong, close connection
    'and return to login with QueryString
    else
    rs.Close
    conn.Close
    set rs=nothing
    set conn=nothing
    Response.Redirect("login.asp?login=passfailed")
    end if

    %>

    I have another question: how do you display sessions like for example the username and how do you display tables on the screen? I know in coldfusion there is usually an application file that usually contains sessions built in. Any help with the login script or a new one and the other question would be great.

    Thanx

  • #2
    Senior Coder Morgoth's Avatar
    Join Date
    Jun 2002
    Location
    Ontario, Canada Remaining Brain Cells: 6
    Posts
    1,402
    Thanks
    2
    Thanked 1 Time in 1 Post
    Next time, please use tags.

    It would also help if you gave us the error that you get.

    I tested the code and created a simple access db and it worked fine.
    1) I redirected to "default.asp" with a correct username and password.
    2) I redirected to "login.asp?login=namefailed" with an incorrect username.
    3) I redirected to "login.asp?login=passfailed" with an incorrect password.

    You need to tell us exactly what your error is.

    Edit:
    Sessions: http://www.w3schools.com/asp/asp_sessions.asp
    Code:
    <%
    Response.Write Session("name")
    %>

  • #3
    New Coder
    Join Date
    Jan 2004
    Posts
    67
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks it worked it was an error on my part

  • #4
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    are we allowed to say that your script is insecure and inefficient or doesn't that intrest you/will that offend you?
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #5
    Senior Coder Morgoth's Avatar
    Join Date
    Jun 2002
    Location
    Ontario, Canada Remaining Brain Cells: 6
    Posts
    1,402
    Thanks
    2
    Thanked 1 Time in 1 Post
    Raf is right, having your script run the way it is can allow someone to crack into the admin account. Not a very secure way of finding out if the username is in the database.

  • #6
    New Coder
    Join Date
    Jan 2004
    Location
    Minnesota
    Posts
    86
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Code check pls

    Hey Raf, Morgoth
    Would you guys take a look at code I'm using pls does this also suffer from being insecure and inefficient, any suggestions appreciated.

    Thanks
    J.C

    Code:
    <%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
    <%
    Option Explicit
    
    Dim cnnLogin
    Dim rstLogin
    Dim strUsername, strPassword
    Dim strSQL
    Dim strName
    strName = "valid"
    
    %>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
       <title>Block Sales Leads (LGIN)</title>
       <link rel="stylesheet" type="text/css" href="Block_Style.css">
    </head>
    
    <body>
    <SCRIPT LANGUAGE=vbscript>
    	<!--
    	Sub window_onload
    		logform.login.focus
    	End sub
    	-->
    </Script>
       <div id="container">
          <div id="header">
             <h1>Ridley Block Operations<br/>
             Sales Leads</h1>
             <h3>Login Page</h3>
          </div>
          <div id="content">
             <div id="menu">
             </div>
            <div id="content2">
                This site is for RFI Block  OFFICAL use only.
                <h2> </h2>
    <%
    If Request.Form("action") <> "validate_login" Then
    	%>
    	<form name="logform" id="logform" method="post" action="index.asp">
    	<input type="hidden" name="action" value="validate_login" />
    	<table border="0">
    		<tr>
    			<td align="right">User-ID:</td>
    			<td><input type="text" name="login" name="login" /></td>
    		</tr>
    		<tr>
    			<td align="right">Password:</td>
    			<td><input type="password" name="password" /></td>
    		</tr>
    		<tr>
    			<td align="right"></TD>
    			<td><input type="submit" VALUE="Login" /></td>
    		</tr>
    	</table>
    	</form>
    	<%
    Else
    	strSQL = "SELECT * FROM tblLoginInfo " _
    		& "WHERE username='" & Replace(Request.Form("login"), "'", "''") & "' " _
    		& "AND password='" & Replace(Request.Form("password"), "'", "''") & "';"
    
    	Set cnnLogin = Server.CreateObject("ADODB.Connection")
    	cnnLogin.Open("DRIVER={Microsoft Access Driver (*.mdb)};" _
    		& "DBQ=" & Server.MapPath("Data\login.mdb"))
    
    	Set rstLogin = cnnLogin.Execute(strSQL)
    
    	If Not rstLogin.EOF Then
            Session("LoggedIn") = True
            Response.redirect "SalesLeads_Menu.asp"
            %>
            <%
    	Else
    		%>
    		<div align="center">
    		<p align="center"><font size="4" face="arial,helvetica"><strong>
    		Login Failed - Please verify username and password.
    		</strong></font></p>
    		<p align="center">
    		<a href="index.asp">Return to Login Screen</a>
    		</p>
            </div>
    	    <%
    		'Response.End
    	End If
    
    	' Clean Up
    	rstLogin.Close
    	Set rstLogin = Nothing
    	cnnLogin.Close
    	Set cnnLogin = Nothing
    End If
    %>
             </div>
             </div>
          </div>
          <div id="footer">
             For comments, questions or report dead links - Please E-Mail <a href="mailto:webmaster@ridleyinc.com&amp;subject=Web%20Page%20Request&amp;Body=Line%20Please%20enter%20your%20request%20here" style="color: #FFFFFF">Webmaster</a>
          </div>
       </div>
    </body>
    </html>

  • #7
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,068
    Thanks
    0
    Thanked 256 Times in 252 Posts
    Quote Originally Posted by newkid
    Hey Raf, Morgoth
    Would you guys take a look at code I'm using pls does this also suffer from being insecure and inefficient, any suggestions appreciated.

    Thanks
    J.C
    Learn more about SQL Injection Attack
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________

  • #8
    Senior Coder Morgoth's Avatar
    Join Date
    Jun 2002
    Location
    Ontario, Canada Remaining Brain Cells: 6
    Posts
    1,402
    Thanks
    2
    Thanked 1 Time in 1 Post
    Quote Originally Posted by glenngv
    Learn more about SQL Injection Attack
    There is a pdf file of the white papers some where, I will see if I can find it.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •