I am trying to make a login script but i keep getting the error: error '80020009'
/login2.asp, line 57
The page before (login.asp)contains a form called Username, and one called Password, it also has radio buttons called autologin. The access database has fields called Username, Password and AutoLogin. The database is called mainuser, and the table is called userdetails.
What I am trying to do is check the password with the database and if they match make a session variable with there username and that they are authenicated. Also if they want, store the username and password in a cookie and then record there choice in the database. Code below:
<html>
<head>
<title>Logining you in...</title>
<%
'Declare variables
Dim strUsername 'Holds the username
Dim strPassword 'Holds the password
Dim blnautologin 'Whether the person wants autologin turned on or off
Dim objConn 'Connection details
Dim objRS 'Recordset object
Dim objComm
Dim strConnectionDetails 'Holds connection details
Dim strDatabaseUsername 'Holds the username in the database
Dim strDatabasePassword 'Holds the password in the database
Dim blnDatabaseAutoLogin 'Holds the recorded autologin settings
Dim blnPasswordMatch 'Whether the entered password matches the stored password
Dim strSQLQuery 'Holds the SQL Query

'Request forms
strUsername = Request.Form("Username")
strPassword = Request.Form("Password")
blnautologin = Request.Form("autologin")

'Set Constants
Const adOpenForwardOnly = 0
Const adOpenKeyset = 1
Const adOpenDynamic = 2
Const adOpenStatic = 3
Const adLockReadOnly = 1
Const adLockPessimistic = 2
Const adLockOptimistic = 3
Const adLockBatchOptimistic = 4

'Open Database Connection
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.Recordset")

strConnectionDetails = "DBQ=" & Server.MapPath("mainuser.mdb")

'Make SQL Query
strSQLQuery = "Select * From UserDetails Where Username='" & strUsername & "';"

'Open the connection
objConn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; " & strConnectionDetails

'Open the recordset
objRS.Open strSQLQuery, objConn, adOpenKeyset

'Check User Details
strDatabaseUsername = strUsername

'Update database
If blnAutoLogin = objRS("AutoLogin") Then
Response.Write ""
Else
objComm.CommandText = "UPDATE Userdetails SET AutoLogin = blnAutoLogin WHERE Username LIKE strUsername"
End If

'Set/Remove Cookies
If blnAutoLogin = Yes Then
Response.Cookies("LoginDetails")("Username") = strUsername
Response.Cookies("LoginDetails")("Password") = strPassword
Else
Response.Cookies("LoginDetails") = ""
End If

'Check that the password match
If strPassword = objRS("Password") Then
Session("Username") = strUsername
Session("Authenicated") = True
'Close database connection
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
Response.Redirect "members.asp"
Else
'Close database connection
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
Response.Redirect "wrongpassword.asp"
End If
%>
</head>
<body>
</body>
</html>

Any help would be appreciated
Thanks

Hi there,

What line is line 57? It would helpful if you'd add that, so we don't have to count. Same is true for a more verbose error message, if available.

Anyway, here are a few things you could change in your code:

1. objComm is undefined / undeclared. What is it? An ADO Command object?

2. You should check for EOF when you open the recordset, because you can't be sure that the query has returned one or more records, e.g.:

objRS.Open strSQLQuery, objConn, adOpenKeyset
If Not objRS.EOF Then
  ' Record(s) Found
Else
  ' No Record Found
End If

3. Your connection to your database is a bit old-fashioned, and not recommended anymore. Check here for a more updated version.

4. Storing passwords as clear text in a cookie seems like a bad security practice to me.....

5. You may want to look here to find out why SELECT * is bad.

6. What is strDatabaseUsername used for? It gets a value, but is never used afterwards.

7. Personally, I would pass the password in the WHERE clause to the database, instead of comparing the password with the database value in ASP code. Makes it easier to see if you have a valid user or not, with less code.

This may not solve your error directly, but it might help improve your page anyway.

Cheers,

Imar



---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

Line 57 is
'Set/Remove Cookies
If blnAutoLogin = Yes Then
Response.Cookies("LoginDetails")("Username") = strUsername
Response.Cookies("LoginDetails")("Password") = strPassword
Else
Response.Cookies("LoginDetails") = ""
End If
objComm is declared at the top of the page
i know about storing passwords as text, but before i want to get into making it sercure i want to make the page work
strDatabase was a variable i made but then decided not to use

sorry that its a bit messy, this is my first attempt at accessing databases

Right, the dreaded "The HTTP headers are already written to the client browser" error, right?

This error occurs when you try to write cookies to the HTTP header, when you have already send some content (html) to the browser.

There are basically two ways to avoid this:

1. Use buffering. In IIS you can enable buffering for the entire site, or you can use Response.Buffer = True at the top of your page.

2. Change your coding logic, so all business logic decisions are made at the top of your page before you output any content to the client e.g.:

<%
  ' Check user
  ' Write cookies or redirect, whatever is applicable
%>


<html>
etc etc

This way, your code is easier to maintain (IMO) because all your logic is at one place.

No need to apologize for writing messy code; especially when you're new to this stuff. But because you didn't provide an error message, I was trying to find every possible cause for your error.

objComm *is* declared at the top of your page, but you never do anything with it, e.g. Set objComm = Server.CreateObject(ADODB.Command") for example, just as you do with the Connection and Recordset objects.


Cheers,

Imar



---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

I think that is probably the problem, only the error message gives no description just the number. Also buffering is enabled for the whole site anyway

If buffering is enabled, this problem shouldn't occur. Error 80020009 can also indicate a EOF or BOF problem, where you are trying to read from a recordset that has no records.

I think the easiest thing to do is uncomment most of your code, and then enable it line by line until the error occurs.

Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

after fiddling around i have got another error:
Microsoft VBScript runtime error '800a01a8'

Object required: '"'

/login2.asp, line 54

line 54 is
objComm.CommandText = "UPDATE Userdetails SET AutoLogin = blnAutoLogin WHERE Username LIKE strUsername"

I found that the form on the last page method was set to post not put

Well, that's what I said: objComm is not an object yet; all it is now is a variable, but it is not referencing an object in memory. You'll need to use a Server.CreateObject for that.

Not sure what you mean with Put Vs Post. The form's method should be set to post if you want to read from it it using Request.Form. When using GET, it should be Request.QueryString.....

Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

Thanks for all your help I have managed to get it to work now, so I will work on making it secure i.e. password encryption

Great, you're welcome. You fixed it quick.....
Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.