When users come to my login page they have to enter their username and password, when they click on Login i call this checking script(below), but no matter what, it seems to be wrong as i always get redirected to "secured/error.asp" instead of the appropriate page. My database is called secretary and the field names are User_Name and Password. Can somebody please help?

<% Option Explicit %>
<%
Dim DBConn
Dim driverstring
Dim user
Dim password
Dim sql, RS

User = Trim(Request.Form("User_Name"))
Password = Trim(Request.Form("Password"))

Set DBConn = Server.CreateObject("ADODB.Connection")
DBConn.Open("DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("../db") & "\secretary.mdb")

sql = "SELECT * FROM Login WHERE User_Name='" & User & "'"
Set RS = DBConn.Execute(sql)

If RS.EOF Then

Response.Redirect "secured/error.asp"
Response.End

Else

DataPass = RS("Password")

If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
Else
Response.Redirect "secured/error.asp"
Response.End
End If

End If
%>

Change your line of code that contains

DataPass = RS("Password")

to

DataPass = Trim(RS("Password"))


Tell me if that works.

The suggestions that you made unfortunately do not work. It continues to go to the error page regardless of the user entering the correct password and username - as specified in the database. It is getting on my nerves now so if anyone could help it would be appreciated very much.

Many thx in advance.

karolmcauley,

I also responded to this post in the JS section.

I program in ASP and noticed one small piece of code that could be causing the problem. Your If statement looks like this:

If RS.EOF Then

Response.Redirect "secured/error.asp"
Response.End

Else

DataPass = RS("Password")

If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
Else
Response.Redirect "secured/error.asp"
Response.End
End If

End If

But it should look like this:

DataPass = RS("Password")

If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
Else
Response.Redirect "secured/error.asp"
Response.End
End If

I think your problem is in the fact that you are trying to detect the recordset's EOF before you ever check for the correct password. Forget the EOF and just retrieve the password from the database that matches the username, compare it to what the user entered into the password textbox, then make the decision of redirecting to error.asp based on whether the passwords match. Try replacing your If statement with the one above and see if it works.

Hope this helps.

Smeagol
http://www.javascriptsolutions.com

Password seems to be a reserved word in Access, as well.

what if there are no records returned in the recordset, it will throw an error.
Try this:

If not RS.EOF and not RS.BOF Then

DataPass = trim(RS("Password"))
If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
End If
End If

Response.Redirect "secured/error.asp"
Response.End



Originally posted by smeagol
karolmcauley,

I also responded to this post in the JS section.

I program in ASP and noticed one small piece of code that could be causing the problem. Your If statement looks like this:

If RS.EOF Then

Response.Redirect "secured/error.asp"
Response.End

Else

DataPass = RS("Password")

If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
Else
Response.Redirect "secured/error.asp"
Response.End
End If

End If

But it should look like this:

DataPass = RS("Password")

If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
Else
Response.Redirect "secured/error.asp"
Response.End
End If

I think your problem is in the fact that you are trying to detect the recordset's EOF before you ever check for the correct password. Forget the EOF and just retrieve the password from the database that matches the username, compare it to what the user entered into the password textbox, then make the decision of redirecting to error.asp based on whether the passwords match. Try replacing your If statement with the one above and see if it works.

Hope this helps.

Smeagol
http://www.javascriptsolutions.com

Smeagol

I have tried as you suggest but to no avail, i get the following error message :
ADODB.Field error '800a0bcd'

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

/secretary/login.asp, line 25(line 25 is DataPass = (RS("login")
). I have sinced changed the database field name to login instead of password to take heed of whammy's advice. But still no joy. Any ideas?

Glenngv,

I have tried your suggestions also to no avail, i keep getting redirected to the secured/error.asp page every time i try to login. I have tried to leave the end if's at the end of the statement, but this only returns a blank screen as if nothing is even on the screen i want to firect users to when they successfully login!!!

Any ideas?

I don’t really know if it makes a difference but user is declared as
user and when u initialise it you use User. That’s probably nit picking and doesn’t make a difference but just thought I would say.

The only other thing I was gonna suggest is if you put into the sql command

WHERE User_Name='" & User & "' AND password='" & pass & "'"

Then I would use

if ( !oRecordSet.EOF )

or the equivalent in vbscript, something like

If not RS.EOF Then

The use of the that SQL statement would mean that you wouldn’t have to check for the password in the code you can straight away in the code say, if its at the end of the record set then that’s an invalid login ELSE set that values I wish to set and redirect the user

dont know if that’s any help but there ya go :)

Originally posted by karolmcauley
Glenngv,

I have tried your suggestions also to no avail, i keep getting redirected to the secured/error.asp page every time i try to login. I have tried to leave the end if's at the end of the statement, but this only returns a blank screen as if nothing is even on the screen i want to firect users to when they successfully login!!!

Any ideas?

are you sure there is one record returned in the sql query?
to test if there is one record, try this:

If not RS.EOF and not RS.BOF Then
response.write "Has record<br>"
DataPass = trim(RS("Password"))
response.write "Password from db: " & DataPass & "<br>"
response.write "Password from form: " & Password & "<br>"
If DataPass = Password Then
Response.Cookies("cus_user")= User
Response.Cookies("cus_pass")= Password
Response.Redirect "sinfo-addcomment.asp"
response.end
End If
else
response.write "No record<br>"
End If

'comment this first to test where the execution goes
'Response.Redirect "secured/error.asp"
Response.End


gibby, if you try to include the password in the WHERE clause, it would be not case-sensitive, not a good way to check password.

ok then i better change the code on my site, i havnt had that much experience with sql and im fairly new to asp so uve gotta let me off :)