|
 |
access_asp thread: Loop Problems
Message #1 by "michael shulman" <mikeinapo@h...> on Tue, 19 Feb 2002 01:35:38 -0500
|
|
Im trying to learn password protection, and my loop for checking a username
against the database and a password has a flaw. I cant find it though. Help
would be appreciated (it times out)
user=request.form("user")
pass=request.form("pass")
Do While Not rst.EOF 'rst is where im dumping my records into from a
SELECT *
If user <> rst.Fields("user").Value then 'check the username against the
fields in the database
response.write("hi") 'errorchecking
rst.MoveNext 'keep going until it finds something
else
if pass <> rst.Fields("pass").Value then 'If username is found, and
password does not match
response.write("Passuser") 'more errorchecking
else
response.write("PASS") 'everything works
end if
end if
Loop
This times out, and i dont know why.
thanks in advance
shulman
Message #2 by "Owain Williams" <email@o...> on Tue, 19 Feb 2002 15:02:57
|
|
If the username is found then the MoveNext statement never executes and
you are trapped in an infinite loop. You should always use the MoveNext
method either at the beginning or at the end of a loop, never in a flow
control section. This way the MoveNext method is always getting executed.
Here is an example of how you could do this:
user=request.form("user")
pass=request.form("pass")
Do While Not rst.EOF
If user = rst.Fields("user").Value Then
If pass = rst.Fields("pass").Value then
'Successfully Logged In
Else
'Password is incorrect
End If
Else
'Username does not match current record
'Check username in next iteration
End If
rst.MoveNext
Loop
An even better way would be to use the FindFirst method of the recordset
with the 'user' field as your criteria, or build the 'user' variable into
your SQL statement, this way you don't even have to loop through any
records and you just need to check the rst.EOF property to see if the user
was found and then check the password.
Message #3 by "michael shulman" <mikeinapo@h...> on Tue, 19 Feb 2002 18:33:25 -0500
|
|
thanks, it works perfectly!
Michael Shulman
----- Original Message -----
From: "Owain Williams" <email@o...>
To: "Access ASP" <access_asp@p...>
Sent: Tuesday, February 19, 2002 3:02 PM
Subject: [access_asp] Re: Loop Problems
> If the username is found then the MoveNext statement never executes and
> you are trapped in an infinite loop. You should always use the MoveNext
> method either at the beginning or at the end of a loop, never in a flow
> control section. This way the MoveNext method is always getting executed.
> Here is an example of how you could do this:
>
> user=request.form("user")
> pass=request.form("pass")
>
> Do While Not rst.EOF
>
> If user = rst.Fields("user").Value Then
> If pass = rst.Fields("pass").Value then
> 'Successfully Logged In
> Else
> 'Password is incorrect
> End If
> Else
> 'Username does not match current record
> 'Check username in next iteration
> End If
> rst.MoveNext
>
> Loop
>
> An even better way would be to use the FindFirst method of the recordset
> with the 'user' field as your criteria, or build the 'user' variable into
> your SQL statement, this way you don't even have to loop through any
> records and you just need to check the rst.EOF property to see if the user
> was found and then check the password.
$subst('Email.Unsub').
>
Message #4 by "michael shulman" <mikeinapo@h...> on Tue, 19 Feb 2002 18:38:22 -0500
|
|
Sorry,, forgot one last question: how do I make it so certain pages check to
see if a user is logged in?
Shulman
----- Original Message -----
From: "Owain Williams" <email@o...>
To: "Access ASP" <access_asp@p...>
Sent: Tuesday, February 19, 2002 3:02 PM
Subject: [access_asp] Re: Loop Problems
> If the username is found then the MoveNext statement never executes and
> you are trapped in an infinite loop. You should always use the MoveNext
> method either at the beginning or at the end of a loop, never in a flow
> control section. This way the MoveNext method is always getting executed.
> Here is an example of how you could do this:
>
> user=request.form("user")
> pass=request.form("pass")
>
> Do While Not rst.EOF
>
> If user = rst.Fields("user").Value Then
> If pass = rst.Fields("pass").Value then
> 'Successfully Logged In
> Else
> 'Password is incorrect
> End If
> Else
> 'Username does not match current record
> 'Check username in next iteration
> End If
> rst.MoveNext
>
> Loop
>
> An even better way would be to use the FindFirst method of the recordset
> with the 'user' field as your criteria, or build the 'user' variable into
> your SQL statement, this way you don't even have to loop through any
> records and you just need to check the rst.EOF property to see if the user
> was found and then check the password.
$subst('Email.Unsub').
>
Message #5 by "Ken Schaefer" <ken@a...> on Wed, 20 Feb 2002 12:13:46 +1100
|
|
You will need to setup some kind of state maintenance system. The easiest
system (to get you started) would be to set a session variable when someone
has sucessfully logged in.
Then, at the top of each page you want to protect, see if this session
variable is set. If not, then redirect to the logon page:
<%
If session("authenticated") <> 1 then
Response.Redirect("/login.asp")
End If
%>
Cheers
Ken
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "michael shulman" <mikeinapo@h...>
Subject: [access_asp] Re: Loop Problems
: Sorry,, forgot one last question: how do I make it so certain pages check
to
: see if a user is logged in?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.
Message #6 by "Sean Dillon" <sdillon@b...> on Wed, 20 Feb 2002 08:57:00 -0000
|
|
____________________________________________
I have one problem with that code and that is in my situation the user is
not prompted to enter in a username. I just have to navigate through the
records by use of buttons. Do u have any ideas on how this could be done
E-Mail: sdillon@b... <mailto:sdillon@b...>
-----Original Message-----
From: michael shulman [mailto:mikeinapo@h...]
Sent: 19 February 2002 23:33
To: Access ASP
Subject: [access_asp] Re: Loop Problems
thanks, it works perfectly!
Michael Shulman
----- Original Message -----
From: "Owain Williams" <email@o...>
To: "Access ASP" <access_asp@p...>
Sent: Tuesday, February 19, 2002 3:02 PM
Subject: [access_asp] Re: Loop Problems
> If the username is found then the MoveNext statement never executes and
> you are trapped in an infinite loop. You should always use the MoveNext
> method either at the beginning or at the end of a loop, never in a flow
> control section. This way the MoveNext method is always getting executed.
> Here is an example of how you could do this:
>
> user=request.form("user")
> pass=request.form("pass")
>
> Do While Not rst.EOF
>
> If user = rst.Fields("user").Value Then
> If pass = rst.Fields("pass").Value then
> 'Successfully Logged In
> Else
> 'Password is incorrect
> End If
> Else
> 'Username does not match current record
> 'Check username in next iteration
> End If
> rst.MoveNext
>
> Loop
>
> An even better way would be to use the FindFirst method of the recordset
> with the 'user' field as your criteria, or build the 'user' variable into
> your SQL statement, this way you don't even have to loop through any
> records and you just need to check the rst.EOF property to see if the user
> was found and then check the password.
$subst('Email.Unsub').
>
Message #7 by "michael shulman" <mikeinapo@h...> on Fri, 22 Feb 2002 14:24:33 -0500
|
|
sorry it took me so long to respond.
as long as you are using a sessionvariable, put this on top of your files
<!-- #INCLUDE FILE="security.asp" -->
----- Original Message -----
From: "Sean Dillon" <sdillon@b...>
To: "Access ASP" <access_asp@p...>
Sent: Wednesday, February 20, 2002 3:57 AM
Subject: [access_asp] Re: Loop Problems
>
>
>
>
> ____________________________________________
> I have one problem with that code and that is in my situation the user is
> not prompted to enter in a username. I just have to navigate through the
> records by use of buttons. Do u have any ideas on how this could be done
>
> E-Mail: sdillon@b... <mailto:sdillon@b...>
>
>
>
>
>
> -----Original Message-----
> From: michael shulman [mailto:mikeinapo@h...]
> Sent: 19 February 2002 23:33
> To: Access ASP
> Subject: [access_asp] Re: Loop Problems
>
>
> thanks, it works perfectly!
>
> Michael Shulman
> ----- Original Message -----
> From: "Owain Williams" <email@o...>
> To: "Access ASP" <access_asp@p...>
> Sent: Tuesday, February 19, 2002 3:02 PM
> Subject: [access_asp] Re: Loop Problems
>
>
> > If the username is found then the MoveNext statement never executes and
> > you are trapped in an infinite loop. You should always use the MoveNext
> > method either at the beginning or at the end of a loop, never in a flow
> > control section. This way the MoveNext method is always getting
executed.
> > Here is an example of how you could do this:
> >
> > user=request.form("user")
> > pass=request.form("pass")
> >
> > Do While Not rst.EOF
> >
> > If user = rst.Fields("user").Value Then
> > If pass = rst.Fields("pass").Value then
> > 'Successfully Logged In
> > Else
> > 'Password is incorrect
> > End If
> > Else
> > 'Username does not match current record
> > 'Check username in next iteration
> > End If
> > rst.MoveNext
> >
> > Loop
> >
> > An even better way would be to use the FindFirst method of the recordset
> > with the 'user' field as your criteria, or build the 'user' variable
into
> > your SQL statement, this way you don't even have to loop through any
> > records and you just need to check the rst.EOF property to see if the
user
> > was found and then check the password.
> $subst('Email.Unsub').
> >
>
$subst('Email.Unsub').
>
>
$subst('Email.Unsub').
>
|
|
|
View Cart
