Wrox Programmer Forums
|
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old May 3rd, 2005, 07:47 AM
Registered User
 
Join Date: May 2005
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Future,

I think that is probably a better way of doing a session than I am currently doing. Currently the session only cares if the user/pass is authenticated. This doesn't truly distinguish one validated user from the other ALTHOUGH they don't get directed to their page without being uniquely authenticated for that page. Make sense? Probably makes more sense to you than to me. lol :) Thanks a ton for the help. The code I'm using is below. I haven't gotten the function that is there to work properly because I'm not sure of the way I should do it but it was meant to stop sql injection.

<%

Dim adoCon
Dim strCon
Dim rsCheckUser
Dim strMySqlDB
Dim strSQL
Dim strSQL1
Dim strUrl
Dim strUserName
Dim strPassword
Dim rstemp

function SQLComply (Term)

 Term = trim (Term)
 if Term <> "" then
  Term = Replace (Term, chr (39), chr (39) & chr (39))
 end if
 SQLComply = Term

end function

strUserName = Request.Form("txtUserName")
strPassword = Request.Form ("txtUserPass")
strMySqlDB = "users"

Set adoCon = Server.CreateObject("ADODB.Connection")

strCon = "Driver={MySQL ODBC 3.51
Driver};uid=root;password=lookout;Server=localhost ;Option=16834;Database=CheckUser;"

adoCon.Open strCon

Set rsCheckUser =
Server.CreateObject("ADODB.Recordset")

strSQL = "SELECT tblUsers.Url FROM tblUsers WHERE
tblUsers.UserID ='" & strUserName & "' and
tblUsers.Password ='" & strPassword & "'"
rsCheckUser.Open strSQL, strCon

If rsCheckUser.EOF and rsCheckUser.BOF then
     response.Write("Incorrect Login, please try again.")
Else
     strUrl=rsCheckUser("Url")
     Session("blnIsUserGood") = True
     Response.Redirect(strUrl)
End If
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
Set rsCheckUser = Nothing
Session("blnIsUserGood") = False
Response.Redirect"Unauthorized_user_page.htm"

%>


See, my current session only cares about true or false for the user/pass failing or not.






Similar Threads
Thread Thread Starter Forum Replies Last Post
User name is blank in Login Page subhsam ASP.NET 1.0 and 1.1 Professional 0 March 14th, 2007 06:17 PM
login script: user can't hit "return" for login dmerrill Java Basics 13 July 14th, 2006 07:25 PM
login failed for user nt authority\anonymous login rj1406 Classic ASP Databases 1 October 24th, 2004 09:15 AM
unique login names and incremental user IDs krstofer Classic ASP Basics 8 March 11th, 2004 10:55 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.