...

View Full Version : useing if then with true or false in database



Crash1hd
02-13-2003, 02:18 PM
I am having trouble in figureing out where i can put the if then statement for a true or false field in the following code


'******************************* REQUEST VARIABLES

username = RequestFormat(Request.Form("username"))
pass = RequestFormat(Request.Form("pass"))
rememberme = Request.Form("rememberme")
submitnumber = Request.Form("submitnumber")

'************************************ MAIN PROGRAM

If Request.Cookies("login") = "OK" Then Response.Redirect("members.asp")

submitnumber = submitnumber + 1

If username <> "" AND pass <> "" Then
Call OpenConnection()
Dim MemberQuery
MemberQuery = "SELECT username, pass FROM members WHERE username = '" & SQLFormat(Left(username,255)) & "' AND pass = '" & SQLFormat(Left(pass,255)) & "'"
Set rs = Conn.Execute(MemberQuery)
If NOT rs.EOF Then
Response.Cookies("login") = "OK"
Response.Redirect("members.asp")
Else
Call DisplayLoginForm()
End If
Call CloseConnection()
Else
Call DisplayLoginForm()
End If

'******************************** END MAIN PROGRAM


p.s. whammy will find this code to be very familiar as it is from one of his zipped files :) Thankyou again whammy :)

but what I found missing is that when you are logging in whether you have confirmed the email or not you can log in! as there is no if then statement for the confirmed field that I have noticed! I figured I was missing something so playing with the query tool that came with it I also found out that trying to put the following into the text box Select * From members WHERE confirmed = "True" doesnt work but if I change the confirmed field in the database file to a txt file instead of a true or false file it does work?? why would that be :)

Thanks in advance

Adam

arnyinc
02-13-2003, 06:31 PM
What database are you using?

You might just need to remove the quotes from about "True".

Select * From members WHERE confirmed=true

Crash1hd
02-13-2003, 09:20 PM
It figures I tried like every other combination I could think of :) lol

I am useing Access Database right now! I was wondering how I would change the script above so that it would check for the combined to be either true or false

:)

whammy
02-14-2003, 02:03 AM
You didn't take the tutorial I recommended. Hehe.

I have some field in there called "confirmed" I think... basically you need to check when they login to make sure that confirmed is "1" or "true".

whammy
02-14-2003, 02:11 AM
The reason that is weird is because that is a "Bit" field. When you are using that in a SQL statement with access, you need to say True or False (with no quotes)... in the database itself it has a value of 0 (false) or 1 (true).

Crash1hd
02-14-2003, 03:06 AM
Actually just finished doing the tutorial and now I understand how the query tool works :) much better :thumbsup: however the confirmed query actualy puts either a 0 or a -1 in the field but in the query it returns true or false now I think I clicked on something in the database that changed it from showing 0 and -1 to True and false in the database :cool:

However I will look for the confirmed field in the database file for now I get to clean up the basement so it will have to wait :( lol

whammy
02-14-2003, 03:11 AM
As long as you get it working... lol.

Whether it's -1 or NOT, or 0 or 1, I'm not sure I totally understand the bit field myself, but I seem to be able to query it successfully, at any rate, using a boolean value. It seems to be different depending upon which database you're using... ;)

Crash1hd
02-14-2003, 05:36 AM
Ok so what am I doing wrong with this script! lol pulling my hear out lol


'************************************ MAIN PROGRAM

If Request.Cookies("login") = "OK" Then Response.Redirect("members.asp")

submitnumber = submitnumber + 1

If username <> "" AND pass <> "" Then
Call OpenConnection()
Dim Member1Query
Dim Member2Query
Member1Query = "SELECT username, pass FROM members WHERE username = '" & SQLFormat(Left(username,255)) & "' AND pass = '" & SQLFormat(Left(pass,255)) & "'"
Member2Query = "SELECT confirmed FROM members"
Set RS1 = Conn.Execute(Member1Query)
Set RS2 = Conn.Execute(Member2Query)
If NOT RS1.EOF AND RS2("confirmed") = True Then
Response.Cookies("login") = "OK"
Response.Redirect("members.asp")
Else
Call DisplayLoginForm()
End If
Call CloseConnection()
Else
Call DisplayLoginForm()
End If

'******************************** END MAIN PROGRAM

Crash1hd
02-14-2003, 07:54 AM
Yeah for me determination always pans out lol :) the following seems to work perfectly :)


'************************************ MAIN PROGRAM

If Request.Cookies("login") = "OK" Then Response.Redirect("members.asp")

submitnumber = submitnumber + 1

If username <> "" AND pass <> "" Then
Call OpenConnection()
Dim Member1Query
Member1Query = "SELECT username, pass, confirmed FROM members WHERE username = '" & SQLFormat(Left(username,255)) & "' AND pass = '" & SQLFormat(Left(pass,255)) & "' AND confirmed = True"
Set RS1 = Conn.Execute(Member1Query)
If NOT RS1.EOF Then
Response.Cookies("login") = "OK"
Response.Redirect("members.asp")
Else
Call DisplayLoginForm()
End If
Call CloseConnection()
Else
Call DisplayLoginForm()
End If

'******************************** END MAIN PROGRAM


Now I just have to figure out how to make it say something different on the screen when its an invaled login as in bad password or username or check email confirmation so that they know to check there email :)

Crash1hd
02-14-2003, 09:55 AM
I get an error when I try to do the following


'************************************ MAIN PROGRAM

If Request.Cookies("login") = "OK" Then Response.Redirect("members.asp")

submitnumber = submitnumber + 1

If username <> "" AND pass <> "" Then
Call OpenConnection()
Dim Member1Query
Member1Query = "SELECT username, pass, confirmed FROM members WHERE username = '" & SQLFormat(Left(username,255)) & "' AND pass = '" & SQLFormat(Left(pass,255)) & "' AND confirmed = True"
Set RS = Conn.Execute(Member1Query)
If NOT RS.EOF Then
Response.Cookies("login") = "OK"
Response.Redirect("members.asp")
Else
Call DisplayLoginForm()
End If
Call CloseConnection()
Else
Call DisplayLoginForm()
End If

'******************************** END MAIN PROGRAM


'************************************* SUBROUTINES

Sub OpenConnection() '''''''''''''''''''''''''''''
sConnString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & _
Mid(Server.MapPath("\"), 1, InStrRev(Server.MapPath("\"),"\")-1) & "\database\Login website users.mdb;" & _
"Persist Security Info=False;"
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open sConnString
End Sub ''''''''''''''''''''''''''''''''''''''''''

Sub CloseConnection() ''''''''''''''''''''''''''''
Conn.Close
Set Conn = Nothing
End Sub ''''''''''''''''''''''''''''''''''''''''''
%>
<% Sub DisplayLoginForm() '''''''''''''''''''''''' %>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Login</title>
</head>
<body>
<div>
<% If submitnumber > 1 AND username <> "" AND pass <> "" Then %>
<h1>Invalid Login.</h1>
<%End If %>
<% If RS.fields("confirmed") = False Then %>
<h1>Check Email</h1>
<%End If %>

I am trying to make it so that when the reason the login is invaled due to email not being confirmed then it will tell them to check there email but when the login is invaled due to invaled username or password it wont tell them to check there email the error I get is the following

Invalid Login.
error '80020009'
Exception occurred.

/ASP Testing/Login Stuff/Login website/default.asp, line 110


Thanks in advance

whammy
02-15-2003, 12:56 AM
Instead of doing it there, I'd do something like that in the "Main Program", like:

Dim ConfirmedError
ConfirmedError = False

If NOT rs.EOF [b]AND rs("confirmed") = True Then
Response.Cookies("login") = "OK"
Response.Redirect("members.asp")
Else
ConfirmedError = True
'...

...

If ConfirmedError = True Then Response.Write("Oh man! You didn't answer your email!")

whammy
02-15-2003, 12:59 AM
However, I already built that functionality into the program... in order to have someone confirm their account, all they have to do is go to register.asp with this in the querystring:


confirm=theiremailaddress@theirdomain.com

for instance:

http://www.solidscripts.com/register/register.asp?confirm=bob@bob.com

would confirm them... I have updloaded the script to demonstrate the results. Try using the path above, but a different email address, to see what happens now. :)

whammy
02-15-2003, 01:09 AM
P.S. I just rewrote the database path for login.asp and register.asp as they should have been pointing to /database/ instead of /wwwroot/

Crash1hd
02-15-2003, 08:15 AM
Ok but your still at the same problem you are asking the person to confirm there email address yet you are still alowing them access to the website without confirming the email address which really defietes the purpose of having a confirmation! I mean dont get me wrong the rest of the script works great minus that part :) lol

try it you can log in even though you haven't confirmed your email address which would be a security hole if you ask me :) cause then people could put nothing@none.com or what ever they want and still login and now have completly bypassed the point of having a email confirmation :) Hmm makes me wonder how many other sites are out there that are like that will have to check that out sometime :)

Adam

whammy
02-15-2003, 12:57 PM
OMG! You're right, I left that part out. LOL.

I rewrote the script somewhat. Check it out now. ;)

http://www.solidscripts.com/register/logout.asp

That will alter your login cookie...

whammy
02-15-2003, 01:33 PM
Ok, I think I got all the bugs worked out, thanks to you.

It now checks correctly for confirmed status, etc. and does everything it's supposed to do. :)

http://www.solidscripts.com/downloads/register.zip

:o

Crash1hd
02-15-2003, 04:27 PM
ok now that we are on the same page :) What I am trying to do is I want to be able to tell the user the reason they cant log in is that they have to check their email vrs they just have an invaled log in so that if someone just trys joe smith and password it will say invaled login but if someone has registered it says please make sure you confirm your email before loging in I had solved the previous problem doh silly me I guess I could have posted that but I guess I figured you would find a different way then they way I did it and will see if I can change your way when I get home tonight to add that if then statement!

whammy
02-15-2003, 04:30 PM
Yeah, I added that functionality as well:

http://www.solidscripts.com/register/login.asp

Type in:

rob
rules

Crash1hd
02-16-2003, 08:07 AM
Doh that figures! Never write a post as you are running out the door lol never really got a chance to try the new script but I thought I had tried to do the login thing on your site and it didnt work :) doh :):thumbsup:

Well I am glad that we where able to clear up the problem :D

Hey whammy another thing you might want to change not sure completly optional but the following in the password fields

<input type="password" name="pass" value="<% = Server.HTMLEncode(pass) %>" size="20" />
<% If submitnumber > 1 AND pass = "" Then Response.Write("<span style=""color:#cc0000""> * Required</span>") %>

instead of the following

<input type="text" name="pass" value="<% = Server.HTMLEncode(pass) %>" size="20" />
<% If submitnumber > 1 AND pass = "" Then Response.Write("<span style=""color:#cc0000""> * Required</span>") %>

Again just a thought :o

whammy
02-16-2003, 04:39 PM
Good catch... I wrote that really fast. Probably why it had bugs.
Making it a password field doesn't affect the functionality though... I'll leave that up to the user to change it perhaps... ;)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum