View Single Post
  #5 (permalink)  
Old January 10th, 2008, 12:39 PM
peterh peterh is offline
Authorized User
Join Date: Jan 2008
Location: Suwanee, GA, USA.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts

Well, it turns out that the vendor wanted to simply pass the login info in the querystring, figuring it's safe enough since you need to be logged in prior anyway.

When a user logs in, all their user info is stored into session, and on the next page after a successful login(inside_home.asp), there is a link calling a javascript function to post to the vendor.
<a href='' onClick='JavaScript:AppointmentPlusLogin();return false;' target=_top>blah blah</a>
the javascript function is simply
function AppointmentPlusLogin() {
window.location.href = document.form1.submit();
        Set dc = Server.CreateObject("ADODB.Connection")
        dc.ConnectionTimeout = Session("dc_ConnectionTimeout")
        dc.CommandTimeout = Session("dc_CommandTimeout")
        dc.Open Session("dc_ConnectionString"), Session("dc_RuntimeUserName"), Session("dc_RuntimePassword")
        Set cmdTemp = Server.CreateObject("ADODB.Command")
        Set dcUser = Server.CreateObject("ADODB.Recordset")
        cmdTemp.CommandText = "SELECT * FROM login LEFT JOIN person ON login.login_id = person.login_id WHERE (person.person_id = " & Session("person_id") & ") AND person.hide_record <> 1"
        cmdTemp.CommandType = 1
        Set cmdTemp.ActiveConnection = dc
        dcUser.Open cmdTemp, , 0, 1

        dim pw
        pw = dcUser("last_name")

        dim pw2
        pw2 = trim(left(pw,3))

            Set cmdTemp = Nothing
            Set dcUser = Nothing
            Set dc = Nothing

And here's the form telling the javascript function AppointmentPlusLogin what to do.
<form name="form1" id="form1" method="post" action="<%= pw %>&password=<%= pw2 & Session("login_name") %>">

Please note that I don't recommend passing login info through the querystring if it can be avoided.

Peter Hansen
Software Developer
AtHomeNet, Inc.
Reply With Quote