Trying to set up a membership login site but for some reason after loging in as a valed user entering username and password and clicking submit it goes to a page that says "you are now logged in" and at this point it should say the users name here is the script what am I doing wrong

members.asp
<%@Language="VBScript"%>
<!-- #include file="checklogin.asp" -->
<html><head><title>title</title>
<body>

<br>
<P Class=title>You are now logged in, <%=login%>. Yay!</p>

</body>

checklogin.asp
<% If Request.Cookies("login") <> "OK" Then Response.Redirect("login.asp") %>


login.asp
<% @Language="VBScript" %>
<% Option Explicit %>
<% Response.CacheControl="Private" %>
<% Response.Expires= -1 %>
<%

'*************************************** FUNCTIONS

Function SQLFormat(byVal str)
If IsNull(str) Then str = ""
SQLFormat = Replace(str,"'","''")
End Function

Function RemoveExtraSpaces(byVal str)
If IsNull(str) Then str = ""
Dim resRegEx
Set resRegEx = New RegExp
resRegEx.Pattern = "\s+"
resRegEx.Global = True
RemoveExtraSpaces = resRegEx.Replace(str," ")
End Function

Function RequestFormat(str)
If IsNull(str) Then str = ""
RequestFormat = Trim(RemoveExtraSpaces(Replace(str,vbTab,"")))
End Function


'***************************** DIMENSION VARIABLES

' Connection variables
Dim Conn, RS, sConnString, sMapPath

Dim username ' user is a reserved word in Access
Dim pass ' password is a reserved word in Access
Dim submitnumber ' This is used to determine whether the form has been submitted
Dim rememberme ' Set a cookie expiration date (we'll use a year for now) otherwise cookie will expire when session is over
Dim confirmed ' Use this to check if they have been confirmed

'******************************* REQUEST VARIABLES

username = RequestFormat(Request.Form("username"))
pass = RequestFormat(Request.Form("pass"))
rememberme = Request.Form("rememberme")
submitnumber = Request.Form("submitnumber")
confirmed = True

'************************************ MAIN PROGRAM

If Request.Cookies("login") = "OK" Then Response.Redirect("login/members.asp")

submitnumber = submitnumber + 1

If username <> "" AND pass <> "" Then
Call OpenConnection()
Dim Member1Query
Member1Query = "SELECT username, pass, confirmed FROM members WHERE username = '" & SQLFormat(Left(username,255)) & "' AND pass = '" & SQLFormat(Left(pass,255)) & "'"
Set RS = Conn.Execute(Member1Query)
If NOT RS.EOF Then
confirmed = rs("confirmed")
If confirmed = True Then
Response.Cookies("login") = "OK"
If rememberme = "1" Then
Response.Cookies("login").Expires = Date + 365
End If
Call CloseConnection()
Response.Redirect("login/members.asp")
Else
Call DisplayLoginForm()
End If
Else
Call DisplayLoginForm()
End If
Else
Call DisplayLoginForm()
End If

'******************************** END MAIN PROGRAM


'************************************* SUBROUTINES

Sub OpenConnection() '''''''''''''''''''''''''''''
sConnString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & _
Mid(Server.MapPath("\"), 1, InStrRev(Server.MapPath("\"),"\")-1) & "\AR DbFiles\AR.mdb;" & _
"Persist Security Info=False;"
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open sConnString
End Sub ''''''''''''''''''''''''''''''''''''''''''

Sub CloseConnection() ''''''''''''''''''''''''''''
Conn.Close
Set Conn = Nothing
End Sub ''''''''''''''''''''''''''''''''''''''''''
%>
<% Sub DisplayLoginForm() '''''''''''''''''''''''' %>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>title</title>
<LINK href="style.css" rel="stylesheet" type="text/css">
<script language="JavaScript" src="Header.js"></script></head>
<body>
<div>
<% If submitnumber > 1 AND username <> "" AND pass <> "" AND confirmed = True Then %>
<h1>Invalid Login.</h1>
<% ElseIf confirmed = False Then %>
<P class=title>Please make sure to check your email, and confirm registration before loging in!</p>
<% End If %>
<form name="login" action="login.asp" method="post">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="30%">&nbsp;</td>
<td width="40%">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="50%">
<p align="right">Username:&nbsp;&nbsp;</p></td>
<td width="50%"><input type="text" name="username" value="<% = Server.HTMLEncode(username) %>" size="20" />
<% If submitnumber > 1 AND username = "" Then Response.Write("<span style=""color:#cc0000""> * Required</span>") %></td>
</tr>
<tr>
<td width="50%">
<p align="right">Password:&nbsp;&nbsp;</p></td>
<td width="50%"><input type="password" name="pass" value="<% = Server.HTMLEncode(pass) %>" size="20" />
<% If submitnumber > 1 AND pass = "" Then Response.Write("<span style=""color:#cc0000""> * Required</span>") %></td>
</tr>
<tr>
<td width="100%" colspan="2"><p align="center"><input type="checkbox" name="rememberme" value="1" /> Remember my username and password</p></td>
</tr>
</table>
</td>
<td width="34%">&nbsp;</td>
</tr>
<tr>
<td width="30%">&nbsp;</td>
<td width="40%">
<p align="center">
<input type="hidden" name="submitnumber" value="<% = submitnumber %>" />
<input type="submit" value="Submit" />
<br /><br /><a href="register.asp">New Members Register Here</a>
</p>
</td>
<td width="34%">&nbsp;</td>
</tr>
</table>
</form>
</body>
</html>
<% End Sub ''''''''''''''''''''''''''''''''''''''' %>

i'm a bit confused by your code and validation-logic, but about you username question:

<P Class=title>You are now logged in, <%=login%>. Yay!</p>

well, this will print the value of variable login which is probably still empty (don't see any code that picks up a value for this variable somewhere.

Since you have a cookie-variable called login, it would probably be a good id to choose another name + to store the username in the cookie when you validate it. Like

Response.Cookies("username") = RequestFormat(Request.Form("username"))


and then read the value in members.asp


But since you make a db connection, and validate against the db, i don't understand why you use cookies ????? (not save, not everyone accepts cookies, you already make e db-connection)
maybe check out this
http://www.codingforums.com/showthread.php?s=&threadid=7161&highlight=profile+profiles

Ok well looks like I am back to the drawing boards, I thought that the cookie was only for if people wanted to stay logged in!when they click the checkmark. I would rather have it all be based on the db file! Maybe some sort of example could help!

P.s. I will be checking out the link as well!

Crash1hd :)

Maybe some sort of example could help!

Well, that link contains a post with all code you need.
I always validate against the db, and then store a value in a sessionvariable if validation is passed succesful. I also register the securitylevel of the user.

On top of each page, i then check if the user has sufficient permissions to view the page.

All code you need is in that post.

Just ask if anything is not clear.

Ok I was able to get it to work with the username on the cookie! but if I want to do this without the cookie, I just dont understand how the global.asa works! Does it work like the cookie just serverside for that user! cause what I liked about this script was that all I had to add to the head of a page to make it password protected was the following

<%@Language="VBScript"%>
<!-- #include file="checklogin.asp" -->

So if there is a way to do the above without a cookie please let me know! :)

Sure. You can store the check into an include (in fact, that is what i do) and then have that include on top of each page.

like
<!--#include file='logincheck1.inc'-->

the code inthere is

<%
if session("securityprofile") >= "1" then
response.redirect("exit.asp")
end if
%>

Suppose you have three userprofiles:
1 = webuser
2 = web poweruser
3 = web admin

If you have a page that should be available to everyone, then just include this at the top of the pages body
<!--#include file='logincheck1.inc'-->

if this page should only be available to an admin, then include
<!--#include file='logincheck3.inc'-->

which point to another inlude where you have

<%
if session("securityprofile") >= "3" then
response.redirect("exit.asp")
end if
%>


The global.asa is a page you should have for each site. Needs to be stored in the root of the site. The first time an asp page from the site is called, this file is processed.
What is does her, is make sure that the profilevariable is reset to 0 when the session ends.

I sorta understand what you are trying to show me! The only problem is, is that the demo files are in dutch and well personally dont speak dutch well enough to translate (online translaters suck) and I dont speak asp well enough to get through it all

Is there anyway that you could resubmit that zip file but in english! :)

Just checking!


P.s. I am really tired at the moment so that also could be part of it and so far today I have had about a total of 40 mins to look it over lol :)

I posted code form an anglish app of mine here :

http://www.codingforums.com/showthread.php?s=&threadid=18372&highlight=login+code+dutch

just read through it from my post on 04-17-2003 02:37 PM on. Contains all code with english massages + some aditional info (based on others their questions)

Just ask if you have additional questions or need some more info.

Excelent! I was wondering if you could post what is in the inc file!

:)

need my creditcard number to ? :D

it something similar to what i said in one of my previous posts

<%
if session("securityprofile") >= "3" then
response.redirect("exit.asp")
end if
%>

(the asp-tags need to be included !!) But you can make it more complex and in stead of redirecting, you could open a loginform, or display a message, or write something to the logfile. Or you could check on additional variables (extra sessionvariables or values from the querystring or whatever). Depends on ho tight you want your security and how userfriendly it needs to be.

I believe that in this particular app, it included some code to replace the rightmousmenu with my own navigation-menu. (with only the options somebody with that profile had in it)

Credit card number would be useful lol! JK :D

I was wondering, ok when someone goes from a password protected page to a non password protected page and then back to the password protected page how do I make it so that they dont have to log back in, but if they are gone for more then say 10 mins then they have to log back in!

Originally posted by Crash1hd
Credit card number would be useful lol! JK :D

I was wondering, ok when someone goes from a password protected page to a non password protected page and then back to the password protected page how do I make it so that they dont have to log back in, but if they are gone for more then say 10 mins then they have to log back in!

Session variables automatically expire after a certain amount of time that you specify in the IIS configuration.

This is how I do it on Win XP, IIS 5. It's probably the same for you if you're using IIS. If you have access to the server and want to adjust the timeout, open up the IIS config from Control Panel. Right click on your website and pick Properties. Click the Home Directory Tab, then the Configuration Button, then the Options Tab and the Session Timeout is listed there. It's 20 minutes by default.

Ok excelent! Thankyou

I forgot to add the following to the login page

If Session("allow") = true Then Response.Redirect("/login/members.asp")

so that when they click on the login that they would automatically go back in!

Back to the cookie question:

The cookie uses "keys" that are defined when the user logs in, probably in some file named "login.asp" or something.

like

Response.Cookies("login")("username") = user

or something of the sort.

In order to retrieve the value, you'd need to do the same thing in reverse

Welcome to the site, <% = Request.Cookies("login")("username") %>!

This is all covered in "Beginning ASP 3.0" by Wrox.com - I recommend that book to any ASP beginner. :)