Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Jan 2004
    Posts
    67
    Thanks
    0
    Thanked 0 Times in 0 Posts

    ASP validation script

    hi all this is my validation script. It produces no errors but it cannot redirect and reject bad user details:

    <%
    Response.Expires = -1000 'Makes the browser not cache this page
    Response.Buffer = True 'Buffers the content so our Response.Redirect will work

    Dim Error_Msg

    login = Request.Form("login")
    If login = "logout" Then
    Session("UserLoggedIn") = ""
    ShowLogin
    Else
    If Session("UserLoggedIn") = "true" Then
    AlreadyLoggedIn
    Else
    If login = "true" Then
    CheckLogin
    Else
    ShowLogin
    End If
    End If
    End If

    Sub ShowLogin
    Response.Write(Error_Msg & "<br>")
    %>
    <%
    End Sub

    Sub AlreadyLoggedIn
    %>

    <%
    End Sub

    Sub CheckLogin
    Dim Conn, cStr, sql, RS, username, userpwd
    username = Request.Form("username")
    userpwd = Request.Form("userpwd")
    Set Conn = Server.CreateObject("ADODB.Connection")
    cStr = "DRIVER={Microsoft Access Driver (*.mdb)};"
    cStr = cStr & "DBQ=" & Server.MapPath("netteh.mdb") & ";"
    Conn.Open(cStr)
    sql = "select username from UserTable where username = '" & LCase(username) & "'"
    sql = sql & " and userpwd = '" & LCase(userpwd) & "'"
    Set RS = Conn.Execute(sql)
    If RS.BOF And RS.EOF Then
    Error_Msg = "Login Failed. Try Again."
    ShowLogin
    Else
    Session("UserLoggedIn") = "true"

    Response.redirect "frontpage.asp"

    End If
    End Sub
    %>

  • #2
    Senior Coder A1ien51's Avatar
    Join Date
    Jun 2002
    Location
    Between DC and Baltimore In a Cave
    Posts
    2,717
    Thanks
    1
    Thanked 94 Times in 88 Posts
    when you call a sub shouldn't it be

    ShowLogin()

    Eric
    Tech Author [Ajax In Action, JavaScript: Visual Blueprint]

  • #3
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,072
    Thanks
    4
    Thanked 8 Times in 8 Posts
    A1ien51 if he had used the keyword Call when calling the sub, then yes he would have had to use the parenthesis . However to call it by just using the name like so ShowLogin is fine. had he used Call ShowLogin() then he would have needed the parenthesis.

    Now on to sagat's code. I see one thing that makes me wonder if it is even getting to the showlogin code. try commenting out the code like I show and let me know if it gets there. Notice that I removed some code as it is redundant and it isnt needed.

    Code:
    login = Request.Form("login")
    If login = "logout" Then
       Session("UserLoggedIn") = ""
       ShowLogin
    Else
       'If Session("UserLoggedIn") = "true" Then
       '   AlreadyLoggedIn
       'Else 
            CheckLogin
       'End If
    End If
    Now I have a question. Why would you check for username and password in one statement? It would be more user friendly to check for username in the SQL statement and then if that matches check to see that the password given is the same as the password stored. Also why limit your security by using the lCase function on the password??? I would think that you would want your users to use a combination of upper and lowercase as well as digits and exclamation to make passwords harder to guess.

  • #4
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,074
    Thanks
    0
    Thanked 256 Times in 252 Posts
    Actually Access (and also MS SQL) is case-insensitive so doing LCase doesn't matter. And I agree that you should not include the password in the WHERE clause.
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •