Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP Databases Discuss using ASP 3 to work with data in databases, including ASP Database Setup issues from the old P2P forum on this specific subtopic. See also the book forum Beginning ASP.NET Databases for questions specific to that book. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Databases section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 14th, 2012, 02:09 AM
Registered User
Points: 51, Level: 1
Points: 51, Level: 1 Points: 51, Level: 1 Points: 51, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2012
Location: Philippines
Posts: 14
Thanks: 5
Thanked 0 Times in 0 Posts
Unhappy Help in Log in.. please

Hi.. Please help me.. I tried to login using correct username and password and the needed page appeared.. I also tried wrong username and password and the needed still appeared..

here's my code:

<script type = "text/javascript">




<%
Sub CheckLogin
Dim Conn, rs, sql


set Conn = server.createobject("adodb.connection")
Conn = "Provider=sqloledb;Data Source=datasource;" & _
"Initial Catalog=catalog;User Id=user;Password=password;"
Set rs = Server.CreateObject( "ADODB.Recordset" )

sql = "SELECT * FROM CarInfo WHERE EmpID = '"&username&"'"

Set rs = conn.executed(sql)

rs.Open sql, Conn
Session("UserLoggedIn") = "false"
Do While Not rs.EOF
If Request.myform("username") = rs("EmpID") And Request.myform("pword") = rs("Password") Then
Session("UserLoggedIn") = "true"
Exit Do
End If
rs.MoveNext
Loop
rs.Close
Conn.Close



If Session("UserLoggedIn") = "true" Then
Response.Redirect ("password1.asp")
Else
Response.Write("Login Failed.<br><br>")
ShowLogin
End If


End Sub

%>



</script>
<body background="back.jpg">

<form action= "car.asp" method="post" name="login" id="login>

<h1><center> Company Name </center></h1>
<h2><center> Project System </center></h2>
<br/><br/><br/><p> <Center> Enter Username and Password </center> </p> <br/>
<p><center> USER NAME <input type="text" name="username"> <br/><br/> PASSWORD <input type="password" name="pword"><br/><br/>
<input type="submit" value="Login" onclick= "UserLoggedIn()">
</center> </p>

</form>


</body>

somebody.. PLEASE HELP ME.. :(
Reply With Quote
  #2 (permalink)  
Old June 14th, 2012, 02:29 AM
Registered User
Points: 51, Level: 1
Points: 51, Level: 1 Points: 51, Level: 1 Points: 51, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2012
Location: Philippines
Posts: 14
Thanks: 5
Thanked 0 Times in 0 Posts
Default car.asp

If Session("UserLoggedIn") = "true" Then
Response.Redirect ("password1.asp")


the "password1.asp" is supposed to be "car.asp"

sorry for that mistake.. help me please.. :l
Reply With Quote
  #3 (permalink)  
Old June 14th, 2012, 02:51 AM
Imar's Avatar
Wrox Author
Points: 72,038, Level: 100
Points: 72,038, Level: 100 Points: 72,038, Level: 100 Points: 72,038, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,080
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi there,

It doesn't look like this is all the code in your page, is it? Can you post the complete code?

Also, there are a lot of issues with your code:

1. First, it's open to SQL Injection. You need to use parameterized queries, or people will be able to submit arbitrary SQL statements to your database. Search Google for "SQL Injection" to learn more.

2. Where does Request.myform come from? That should be Request.Form in normal ASP pages.

3. You're submitting to Car.asp. Could it just be that your login code never runs but simply returns Car.asp?

4. When do you call CheckLogin? You define it as a Sub, but I don't see you call it.

5. Where is the code for UserLoggedIn that you call from the client?

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
Reply With Quote
  #4 (permalink)  
Old June 14th, 2012, 03:31 AM
Registered User
Points: 51, Level: 1
Points: 51, Level: 1 Points: 51, Level: 1 Points: 51, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2012
Location: Philippines
Posts: 14
Thanks: 5
Thanked 0 Times in 0 Posts
Unhappy code

Thank you for your reply..
I really need some help.. i'm so confused on my codes..

how about this one?.. is this correct?.. this is my first codes..

<%
Response.Expires = -1000
Response.Buffer = True
Session("UserLoggedIn") = ""
If Request.Form("login") = "true" Then
CheckLogin
Else
ShowLogin
End If

Sub ShowLogin
%>



<body background="back.jpg">

<form name="login" id="login>

<<h1><center> Company Name </center></h1>
<h2><center> Project System </center></h2>
<br/><br/><br/><p> <Center> Enter Username and Password </center> </p> <br/>
<p><center> USER NAME <input type="text" name="username"> <br/><br/> PASSWORD <input type="password" name="pword"><br/><br/>
<input type="submit" value="Login" >
</center> </p>

</form>


</body>



<%
End Sub

Sub CheckLogin
Dim Conn, rs, sql


set Conn = server.createobject("adodb.connection")
Conn = "Provider=sqloledb;Data Source=datasource;" & _
"Initial Catalog=catalog;User Id=user;Password=password;"
Set rs = Server.CreateObject( "ADODB.Recordset" )

sql = "SELECT * FROM CarInfo WHERE EmpID = '"&username&"'"

Set rs = conn.execute(sql)

rs.Open sql, Conn
Session("UserLoggedIn") = "false"
Do While Not rs.EOF
If Request.form("username") = rs("EmpID") And Request.form("pword") = rs("Password") Then
Session("UserLoggedIn") = "true"
Exit Do
End If
rs.MoveNext
Loop
rs.Close
Conn.Close



If Session("UserLoggedIn") = "true" Then
Response.Redirect "protectedpage.asp"
Else
Response.Write("Login Failed.<br><br>")
ShowLogin
End If


End Sub

%>
Reply With Quote
  #5 (permalink)  
Old June 14th, 2012, 04:25 AM
Imar's Avatar
Wrox Author
Points: 72,038, Level: 100
Points: 72,038, Level: 100 Points: 72,038, Level: 100 Points: 72,038, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,080
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Quote:
is this correct?..
Does it work? Then it is correct. If it doesn't, it's not ;-)

In other words, you need to provide more information. What happens, what do you see when you log in, that kind of information.

I think CheckLogin is never called because this will never be true:

If Request.Form("login") = "true" Then

With the currenty code, I see no reason why this would redirect to protectedpage.asp unless the login page is the protecte page (can't tell because I don't know the name of the page you posted, but I assume it isn't), so it looks like your problem has changed by now.

Also, your code is still open to SQL Injection. Put this page on a live server and someone evil can take over your server in a few hours if you're unlucky.

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
Reply With Quote
The Following User Says Thank You to Imar For This Useful Post:
paulapaupau (June 14th, 2012)
  #6 (permalink)  
Old June 14th, 2012, 04:51 AM
Registered User
Points: 51, Level: 1
Points: 51, Level: 1 Points: 51, Level: 1 Points: 51, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2012
Location: Philippines
Posts: 14
Thanks: 5
Thanked 0 Times in 0 Posts
Question not working

Hi Imar,

This still isn't working.. It only shows the Password label, the password text box and the submit button..

Yes, i will try the SQL injection, but I would like to make this login page work first.. Thank you so much for this advice..

What do you think is missing in this code?..

By the way, the name of the page that I posted is password.asp.. :) I'm sorry for the lack of information.

Thank you so much,
Paula
Reply With Quote
  #7 (permalink)  
Old June 14th, 2012, 04:54 AM
Imar's Avatar
Wrox Author
Points: 72,038, Level: 100
Points: 72,038, Level: 100 Points: 72,038, Level: 100 Points: 72,038, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,080
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Quote:
It only shows the Password label, the password text box and the submit button..
When? On page load, or also after you try to login? Please be as specific as you can.

Also, did you fix this:

Code:
 
If Request.Form("login") = "true" Then
This is never true, and thus the code never runs. Change it to something like:

Code:
 
If Request.Form("username") <> "" Then
Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
Reply With Quote
The Following User Says Thank You to Imar For This Useful Post:
paulapaupau (June 14th, 2012)
  #8 (permalink)  
Old June 14th, 2012, 05:20 AM
Registered User
Points: 51, Level: 1
Points: 51, Level: 1 Points: 51, Level: 1 Points: 51, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2012
Location: Philippines
Posts: 14
Thanks: 5
Thanked 0 Times in 0 Posts
Question

I did this

If Request.Form("username") <> "" & Request.Form("pword")<>"" Then
CheckLogin

the Password label, the password text box and the submit button appears on page load. I also tried to type a correct password on the password textbox, but nothing happens..


Thanks again,
Paula
Reply With Quote
  #9 (permalink)  
Old June 14th, 2012, 06:03 AM
Imar's Avatar
Wrox Author
Points: 72,038, Level: 100
Points: 72,038, Level: 100 Points: 72,038, Level: 100 Points: 72,038, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,080
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

& !- And

& concatenates; you need to use And instead....
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
Reply With Quote
The Following User Says Thank You to Imar For This Useful Post:
paulapaupau (June 14th, 2012)
  #10 (permalink)  
Old June 14th, 2012, 08:28 PM
Registered User
Points: 51, Level: 1
Points: 51, Level: 1 Points: 51, Level: 1 Points: 51, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2012
Location: Philippines
Posts: 14
Thanks: 5
Thanked 0 Times in 0 Posts
Unhappy

Hi lmar,

I tried the And.. but still, nothing happens..

the Password label, the password text box and the submit button appears on page load. I also tried to type a correct password on the password textbox, but nothing happens..


Thank you,
Paula
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot log in brianrodda ASP.NET 2.0 Basics 1 July 15th, 2008 09:02 AM
How to log to server's event log LenexaKS Access VBA 4 March 11th, 2008 12:49 PM
Can't get Log to write the Log.txt file jnbutler BOOK: Professional XNA Game Programming: For Xbox 360 and Windows ISBN: 978-0-470-12677-6 3 July 31st, 2007 04:04 AM
Log out neil.abachi07 Classic ASP Basics 67 March 9th, 2007 07:02 AM
AppException Class -Log Error to Event Log bekim BOOK: ASP.NET Website Programming Problem-Design-Solution 7 December 7th, 2004 01:01 PM



All times are GMT -4. The time now is 04:37 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.