...

View Full Version : Comparing Values Does Not Yield Results



Gavric
09-10-2005, 07:32 AM
Maybe the title is a little off the mark.

I've got a login page that submits to a hidden page for validation. The login form reads:

<FORM ACTION="rmgr.asp" METHOD=post>
<TR>
<TD ALIGN=right WIDTH="35%"><FONT STYLE="color: #000080; font-size: 10pt; font-weight: bold">User Name</FONT></TD>
<TD ALIGN=left><INPUT TYPE=text NAME="user" SIZE=20 MAXLENGTH=12></TD></TR>
<TR>
<TD ALIGN=right WIDTH="35%" STYLE="padding-bottom: 20px"><FONT STYLE="color: #000080; font-size: 10pt; font-weight: bold">Password</FONT></TD>
<TD ALIGN=left STYLE="padding-bottom: 20px"><INPUT TYPE=password NAME="auth" SIZE=20 MAXLENGTH=8></TD></TR>
<TR>
<TD ALIGN=center COLSPAN=2 STYLE="padding-bottom: 8px"><INPUT TYPE=reset NAME="reset" VALUE="Clear"> <INPUT TYPE=submit NAME="Login" VALUE="Log In"></TD></TR>
</FORM>

The validator reads:

<%@LANGUAGE="JavaScript"%>
<HTML>
<HEAD>

<%
var id = new String(Request.Form("user"))
var key = new String(Request.Form("auth"))

var DBConn = Server.CreateObject("ADODB.Connection")
DBConn.Open(Application("HDNewsConnStr"))
var PassKey = Server.CreateObject("ADODB.Recordset")
IDQuery = "SELECT Password FROM UserData WHERE UserID='"+ id +"';"
PassKey.Open(IDQuery, DBConn)

%>
</HEAD>

<BODY>
<%Response.Write(id)%>
<BR>
<%Response.Write(key)%>
<BR>
<%Response.Write(PassKey("Password"))%>
<BR>
<%
if (key == PassKey("Password")) {document.open("lead.asp", _self, true)}
else {Response.Write("Try Again")};
PassKey.Close();
DBConn.Close();
PassKey = "";
DBConn = ""
%>
</BODY>
</HTML>

I get the following output when testing against my default user account:


jdough
password
password
Try Again

The last time I checked, "password" is equal to "password"...

if (key == PassKey("Password")) {document.open("lead.asp", _self, true)}
else {Response.Write("Try Again")};

I'm looking for a code knight upon a debug steed so I don't have to toss and turn tonight and dream of what I need.

(corny, I know...)

TheShaner
09-10-2005, 04:09 PM
You can't compare strings in that way. You must use the StrComp() function. Check here:

http://www.winguides.com/scripting/reference.php?id=96

-Shane

Gavric
09-10-2005, 06:04 PM
Thank you for the advice, Shaner, but I'm programming in JavaScript. The link you sent me describes a VBScript function. It's not compatible with my code.

According to the books I bought on JavaScript, such a function should not be necessary. I tried it anyway, and met with failure. I tried,
if (StrComp(key, PassKey("Password")) == 0) {document.open("lead.asp", _self, true)}
else {Response.Write("Try Again")}...and...
var comp = StrComp(key, PassKey("Password"))
if (comp == 0) {document.open("lead.asp", _self, true)}
else {Response.Write("Try Again")}

I get an Object Expected error on the line containing the StrComp() function.

Any other ideas?

miranda
09-12-2005, 01:04 AM
Maybe the title is a little off the mark.

I've got a login page that submits to a hidden page for validation. The login form reads:

<FORM ACTION="rmgr.asp" METHOD=post>
<TR>
<TD ALIGN=right WIDTH="35%"><FONT STYLE="color: #000080; font-size: 10pt; font-weight: bold">User Name</FONT></TD>
<TD ALIGN=left><INPUT TYPE=text NAME="user" SIZE=20 MAXLENGTH=12></TD></TR>
<TR>
<TD ALIGN=right WIDTH="35%" STYLE="padding-bottom: 20px"><FONT STYLE="color: #000080; font-size: 10pt; font-weight: bold">Password</FONT></TD>
<TD ALIGN=left STYLE="padding-bottom: 20px"><INPUT TYPE=password NAME="auth" SIZE=20 MAXLENGTH=8></TD></TR>
<TR>
<TD ALIGN=center COLSPAN=2 STYLE="padding-bottom: 8px"><INPUT TYPE=reset NAME="reset" VALUE="Clear"> <INPUT TYPE=submit NAME="Login" VALUE="Log In"></TD></TR>
</FORM>

The validator reads:

<%@LANGUAGE="JavaScript"%>
<HTML>
<HEAD>

<%
var id = new String(Request.Form("user"))
var key = new String(Request.Form("auth"))

var DBConn = Server.CreateObject("ADODB.Connection")
DBConn.Open(Application("HDNewsConnStr"))
var PassKey = Server.CreateObject("ADODB.Recordset")
IDQuery = "SELECT Password FROM UserData WHERE UserID='"+ id +"';"
PassKey.Open(IDQuery, DBConn)

%>
</HEAD>

<BODY>
<%Response.Write(id)%>
<BR>
<%Response.Write(key)%>
<BR>
<%Response.Write(PassKey("Password"))%>
<BR>
<%
if (key == PassKey("Password")) {document.open("lead.asp", _self, true)}
else {Response.Write("Try Again")};
PassKey.Close();
DBConn.Close();
PassKey = "";
DBConn = ""
%>
</BODY>
</HTML>

I get the following output when testing against my default user account:



The last time I checked, "password" is equal to "password"...

if (key == PassKey("Password")) {document.open("lead.asp", _self, true)}
else {Response.Write("Try Again")};

I'm looking for a code knight upon a debug steed so I don't have to toss and turn tonight and dream of what I need.

(corny, I know...)

how about a code damsel?

Anyway you are trying to use a client-side function on the server-side again. You cannot use the document object on the server-side. It doesnt exist on the server..... Why not use the response objects redirect property?
if (key == PassKey("Password")) { Response.Redirect"lead.asp";}
else {Response.Write("Try Again")};If you do useresponse.redirect remober to close the objects and set them to nothing before the redirect.

Another choice is to make the document.open call using client-side code, like so
if (key == PassKey("Password")) { %>
<script type="text/javascript">document.open("lead.asp", _self, true)</script><%}
else {Response.Write("Try Again")};

TheShaner
09-12-2005, 02:36 AM
Oops, haha. I had assumed you were using vbscript and didn't notice you had assigned javascript as your ASP language, hehe. Sorry about that.

Miranda is right though. Need to use the Response.Redirect command.

-Shane

Gavric
09-12-2005, 06:44 AM
I just love damsels (http://www.rensites.com/gallery/Scarb572005) , Miranda. You can see the whole gallery (http://www.rensites.com/gallery/gavric) if you'd like.

To business...the product of the if/then is not the issue. It's in the comparison. No matter what I set the if/then to do, it returns false for the comparison. Obviously the comparison is not false, but the procedure returns a false result. I'm not sure what the cause is.

The password I input is "password". The password in the database record is "password". Any sane individual would tell you the two words are identical...equal. The function doesn't agree.

TheShaner
09-12-2005, 06:49 PM
I'm a little lost too on why it would not compare correctly either. There are a few things I would do to attempt to debug this.

First, cast the Password("Password") as a string object when comparing just to be sure that there isn't a conflict between the two.


var strPass = new String(PassKey("Password"));
if (key == strPass) {Response.Redirect("lead.asp")}
else {Response.Write("Try Again")}

If that doesn't work, don't cast key as a string object:



var key = Request.Form("auth");
if (key == PassKey("Password")) {Response.Redirect("lead.asp")}
else {Response.Write("Try Again")}

Or other variations where you use the .toString() method to be sure they're returning strings. If all those fail, then do something obvious like:



if (key == "password") {Response.Redirect("lead.asp")}
else {Response.Write("Try Again")}

Or even dumber:



if ("password" == "password") {Response.Redirect("lead.asp")}
else {Response.Write("Try Again")}

Then let us know how those results turn out so that you can start eliminating possibilities. Hopefully this helps, but definitely not guaranteeing you'll find anything new with those debugs, hehe.

Oh, and on a side note, you have a semicolon on the outside of the last bracket on else (which I removed in my code examples). It shouldn't be there. Plus, in programming etiquette, if you start to use semicolons at the end of every line of command, continue to do so throughout your code. If not, then don't have semicolons after any of them. I have found that sometimes Javascript can be a little buggy if there isn't consistency. Not sure if anyone else has run into that before or not.

-Shane

Gavric
09-12-2005, 10:34 PM
Okay...no matter what I do, if I compare two variables it returns false. If I compare "key", "PassKey("Password")", or the alternate string versions to the value, "password", I get a successful redirect. I'm totally stumped. I'm not sure what to do to resolve this. In the mean time, I'm going to write a plain form and forget about the authentication.

TheShaner
09-12-2005, 10:51 PM
Then you've got me stumped also without being able to fully test myself. Sorry I can't help. Hope you figure it out.

-Shane

neocool00
09-13-2005, 03:44 PM
Um...why not do the comparison in your sql statement?

<%
var id = new String(Request.Form("user"))
var key = new String(Request.Form("auth"))

var DBConn = Server.CreateObject("ADODB.Connection")
DBConn.Open(Application("HDNewsConnStr"))
var PassKey = Server.CreateObject("ADODB.Recordset")
IDQuery = "SELECT COUNT(*) FROM UserData WHERE UserID='"+ id +"' AND Password = '" + key + "';"
PassKey.Open(IDQuery, DBConn)

%>

Then check to see how many records are returned. Obviously, it should only be 1 or 0 (1 being success and 0 being failed).

Gavric
09-14-2005, 12:05 AM
Got advice on how to check how many records are returned? I'm going into a meeting--and i'll look it up for myself when I get out--and if you have a quick answer...

neocool00
09-14-2005, 02:25 PM
I think the changes in red are what you are looking for, or some slight variation thereof.

<%
var id = new String(Request.Form("user"))
var key = new String(Request.Form("auth"))

var DBConn = Server.CreateObject("ADODB.Connection")
DBConn.Open(Application("HDNewsConnStr"))
var PassKey = Server.CreateObject("ADODB.Recordset")
IDQuery = "SELECT COUNT(*) AS Authenticated FROM UserData WHERE UserID='"+ id +"' AND Password = '" + key + "';"
PassKey.Open(IDQuery, DBConn)
If PassKey("Authenticated") > 1 Then...
%>

Gavric
09-27-2005, 11:22 AM
Thanks to all that helped me on this. I know it's been some time since the last post. My wife and I just moved into our first house. If you've ever bought a house, you'll understand the tardiness of my final reply.

I always like to give credit where it's due and let everyone know what the final outcome was. I hate going to forums and seeing posts left unfinished. It's hard to figure out how to solve your problems through forums if there's no closure.

In the end I used NeoCool's idea of checking for the number of records in the database that had the exact user name and password submit through my form. I then compared and provided a new page or an error page.


<%@ LANGUAGE="JavaScript"%>
<HTML>
<HEAD>
<LINK REL="stylesheet" TYPE="text/css" HREF="infinet.css">
<%
var task = new String(Request.Form("action"))
var id = new String(Request.Form("user"))
var key = new String(Request.Form("auth"))
var contract = new String(Request.Form("helpdesk"))

var DBConn = Server.CreateObject("ADODB.Connection")
DBConn.Open(Application("HDNewsConnStr"))
var PassKey = Server.CreateObject("ADODB.Recordset")
IDQuery = "SELECT COUNT(*) AS PassCheck FROM UserData WHERE UserID='"+id+"' AND Password='"+key+"';"
PassKey.Open(IDQuery, DBConn)
%>
<TITLE><%Response.Write(contract+" Helpdesk Update Archive")%></TITLE>
</HEAD>

<%
if (PassKey("PassCheck") > 0){Response.Write("<FRAMESET COLS='25%, *'>\r<FRAME SRC='formlist.asp?UserID="+id+"&Helpdesk="+contract+"' NAME='Menu'>\r<FRAME SRC='form.asp?UserID="+id+"&Helpdesk="+contract+"' NAME='Display'>\r</FRAMESET>")}
else {Response.Write("<BODY>\r<H1 STYLE='margin: 200px 0px; color: #FF0000; font-family: Helvetica; font-size: 36pt; font-weight: bold; text-align: center'>Invalid Login!</H1>\r</BODY>")}

PassKey.Close()
DBConn.Close()
PassKey = ""
DBConn = ""
%>

</HTML>

Thanks, again, to everyone who helped out. This page has really exceeded even my own expectations.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum