PDA

View Full Version : login script

karolmcauley
08-24-2002, 03:16 PM
I know this is not JS, but could someone please assist with the asp below?
When users come to my login page they have to enter their username and password, when they click on Login i call this checking script(below), but no matter what, it seems to be wrong as i always get redirected to "secured/error.asp" instead of the appropriate page. My database is called secretary and the field names are User_Name and Password. Can somebody please help?

<% Option Explicit %>
<%
Dim DBConn
Dim driverstring
Dim user
Dim password
Dim sql, RS

User = Trim(Request.Form("User_Name"))
Password = Trim(Request.Form("Password"))

Set DBConn = Server.CreateObject("ADODB.Connection")
DBConn.Open("DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("../db") & "\secretary.mdb")

sql = "SELECT * FROM Login WHERE User_Name='" & User & "'"
Set RS = DBConn.Execute(sql)

If RS.EOF Then

Response.Redirect "secured/error.asp"
Response.End

Else

DataPass = RS("Password")

If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
Else
Response.Redirect "secured/error.asp"
Response.End
End If

End If
%>
x_goose_x
08-24-2002, 04:05 PM
You know ASP has it's own forum?

http://www.codingforums.com/forumdisplay.php?s=&forumid=8
smeagol
08-25-2002, 03:12 PM
karolmcauley,

I program in ASP and noticed one small piece of code that could be causing the problem. Your If statement looks like this:

If RS.EOF Then

Response.Redirect "secured/error.asp"
Response.End

Else

DataPass = RS("Password")

If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
Else
Response.Redirect "secured/error.asp"
Response.End
End If

End If

But it should look like this:

DataPass = RS("Password")

If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
Else
Response.Redirect "secured/error.asp"
Response.End
End If

I think your problem is in the fact that you are trying to detect the recordset's EOF before you ever check for the correct password. Forget the EOF and just retrieve the password from the database that matches the username, compare it to what the user entered into the password textbox, then make the decision of redirecting to error.asp based on whether the passwords match. Try replacing your If statement with the one above and see if it works.

Hope this helps.

Smeagol
http://www.javascriptsolutions.com