Login Page [Archive] - CodingForums.com

View Full Version : Login Page

plasterx

11-19-2005, 03:32 AM

Hi all,as usual i've got tonnes of problems,so sorry because i'm really lousy at asp. my problem now is on the Login process... i wanna know how do i check if the login name actually exists in the database? and not some tom dick or harry can just login . I mean,users are actually required to register first (their information wil be stored in the db) before they can login.

I've got this on my Login.asp:

<script language="Javascript">
function chck( Frm ) {
if ( !Frm.loginname.value ) {
alert("Alert: Please enter your User Name.");
Frm.loginname.focus();
return false;
}
if ( !Frm.password.value) {
alert("Alert: Please enter your Password.");
Frm.password.focus();
return false;
}
return true;
}
</script>
</head>

<body>
<p>
<center>
<form name="Login" method="post" action="loginSuccess.asp" onSubmit="return chck( this );">
<table width="560">
<p><img src="images/dinologo.bmp" width="620" height="100">
<p>
<font size="+2">Administrator Login</font>
<p>
<p>
<tr>
<td>Login Name: </td>
<td width="466"><input type="text" name="loginname"></td>
</tr>
<p>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<p>
<tr>
<td><input type="Submit" value="Login"></td>
</tr>
</center>
</table>
</form>

and this on LoginSuccess.asp:

<%
Set Conn = Server.CreateObject("ADODB.Connection")
Set RS = Server.CreateObject("ADODB.RecordSet")
strConn = "DSN=FYP_Actual;DRIVER={SQL SERVER};UID=sa;PWD=;"
Conn.Open strConn

Dim strLoginName
strLoginName = Request.Form("LoginName")

Set Conn = Server.CreateObject("ADODB.Connection")
Set RS = Server.CreateObject("ADODB.RecordSet")
strConn = "DSN=FYP_Actual;DRIVER={SQL SERVER};UID=sa;PWD=;"
Conn.Open strConn

Dim SQL
SQL = "Select * from Login where LoginName = '" & Request.Form("loginName") &"' and password = '" &Request.Form("password")&"'"
Set RS = Conn.Execute(sql)

Response.Write(RS.recordCount)

Response.Write SQL
%>

I'm like stuck halfway after the SQL statement. I know i'm supposed to do like a recordCount to check if there are firstly any records in the db,and then whether the user name i keyed in exists... it's like an if else statement?????

HELP !!! Thanks again ..

Brandoe85

11-19-2005, 03:37 AM

If your record count returns 1, that means they entered in the right information, if you don't get any records returned then they entered the wrong information.

Good luck;

plasterx

11-19-2005, 03:52 AM

my recordCount returns -1 !!! =(( now i'm STUCK .. gosh.

Brandoe85

11-19-2005, 04:18 AM

Look here for info on the RecordCount property, http://www.asp101.com/samples/db_count.asp
It's kind of iffy, you could aslo just use a count() and get the number of returned rows. Give that a try and see how it goes.

Good luck

plasterx

11-19-2005, 05:36 AM

Dim strFullName
Dim strLoginName
Dim strPassword

strFullName = Request.Form("FullName")
strLoginName = Request.Form("LoginName")
strPassword = Request.Form("password")

Dim SQL
SQL = "Select Loginname from AdminRegister where LoginName = '" & Request.Form("loginName") &"'"
Set RS = Conn.Execute(sql)

if Request.QueryString("loginName") <> "" then
Response.Write("Login Name unavailable, please use another login name.")
else
SQL = "Insert into AdminRegister (FullName,LoginName,Password) values ('"&strFullName&"','"&strLoginName&"','"&strPassword&"')"
end if
%>

I've got this code,now it runs,but the info isn't going into the db! what is wrong here.. ?

Freon22

11-19-2005, 05:59 AM

Your doing a post and a querystring at the same time? You may want to do a response.write(sql) just after your insert statement to make sure your variables are being filled from your post method. Also are you doing a Conn.Execute(sql) after your insert statement I don't see it.

plasterx

11-19-2005, 06:10 AM

i'm such a nut freon. No wonder nothing went into the database. I didn't put the Conn.Execute SQL !!!! lol. Now more errors are going to be on the way though this problem will be solved.However, i printed out the recordCount but it still returned 0. Now this is what my code looks like. Please help me amend it because i know there're plenty and plenty of errors:

Dim SQL
SQL = "Select Loginname from AdminRegister where LoginName = '" & Request.Form("loginName") &"'"
Set RS = Conn.Execute(sql)

if Request.QueryString("loginName") = Request.Form("loginName") then
Response.Write("Login Name unavailable, please use another login name.")
else
SQL = "Insert into AdminRegister (FullName,LoginName,Password) values ('"&strFullName&"','"&strLoginName&"','"&strPassword&"')"
end if
Conn.Execute SQL
Response.Write(Request.QueryString("loginName").Count)
%>

honestly i don't know if that part in bold is right - whether i can code it like that? I wanna check if there is a duplicate login name. Like if that login name exists the user wil have to choose another login name.

plasterx

11-19-2005, 06:14 AM

oh yes,by the way i did a response.write on my insert statement and yes it's passing in the correct values.

plasterx

11-21-2005, 07:04 AM

BarrMan

11-21-2005, 02:11 PM

this is what i have - latest on loginsuccess.asp. i wanna check that that person must be a registered user before he can login. how do i do that??

Dim strLoginName
strLoginName = Request.Form("loginName")

......<connection to db>

Dim SQL
SQL = "Select * from Login where LoginName = '"&Request.Form("loginName") & "' and password = '"&Request.form("password")&"'"
Set RS = Conn.Execute(sql)

if not RS.EOF then
Response.Redirect("loginSuccess.asp")
else
blankError = "Invalid UserName"
end if

what am i missing out???
Why do you want to execute the user settings? you just want to verify that the username and password are correct.
I'd do it like this:

Dim SQL
SQL = "SELECT * FROM login WHERE LoginName=" & request.form("LoginName")
If request.form("password") = rs("password") Then
response.redirect "LoginSuccess.asp"
Else
response.write "User name or password are incorrect."
End If

plasterx

11-22-2005, 01:41 AM

ahh. i think i got it .. =) thanks !!