Hi guys I've been beeting my head against the wall over this for the last 16 hours. Only a small error but nothing I try seems to be working.
I'm trying to create an admin log in form that takes the variables from a sign in form. Scrambles the password, checks both the username and the password against the database and if they're both correct signs me in and adds the username and IDNumber of the user to a session, if they're wrong (the username or password) it kicks me back to the login page and activates a variable that causes red text to pop up on the window.

Now the problem is that it all works except the error handling, it takes the password, it scrambles it, if everything's right then it goes through it's fine. If the details are wrong however instead of doing a Response.Redirect it gives me a Server 500 error.

Here's the code of my verifier (might aswell distribute it since it's just something meant for a project nothing important).
As I said everything works fine except redirecting (the if statement down the end) me if there's an error. Any one have any ideas?


<% @language = vbscript %>
<!--#include file="dbconn.inc" -->
<%
if request("TheUsername") = "" OR request("ThePass") = "" then
response.redirect "index.asp?info=wrong"
end if
%>
<%
Dim UNEncryptPassword, vEncryptPassword(), Letter
UNEncryptPassword = UCase(Request.Form("ThePass"))

Redim Preserve vEncryptPassword( Len(UNEncryptPassword) )
for Letter = 1 to Len(UNEncryptPassword)
vEncryptPassword( Letter ) = Mid( UNEncryptPassword, Letter, 1 )
next

Dim ASCLetter, vASCPassword(), ScrambledPassword
Redim vASCPassword( UBound(vEncryptPassword) )
for Letter = 1 to UBound(vEncryptPassword)
ASCLetter = ASC(vEncryptPassword(Letter))
vASCPassword(Letter) = Chr(ASCLetter + 3)
next
ScrambledPassword = Join(vASCPassword)
%>
<%
querystring = "SELECT * FROM users WHERE Username='" & request("TheUsername") & "' AND Password='" & (ScrambledPassword) & "'"
Set RS = conn.execute(querystring)
username=request("TheUsername")
password=(ScrambledPassword)
IDNumber=RS("ID")

if not RS.EOF then
SESSION("Username")= username
SESSION("IDNumber")= IDNumber
Response.Redirect("admin.asp")
else
Response.Redirect ("index.asp?info=wrong")
end if
%>

Do you use Response.Buffer = True at the top of your page? Response.Redirect is only possible if nothing is written to the browser yet. At the position in your code where the Response.Redirect should take place, the http headers might have been written to the client already, so Response.Redirect is no longer possible

Use Response.Buffer at the top of your page and after a check which allows the page to show, and not redirect, do a Response.Flush

<% @language = vbscript %>
<!--#include file="dbconn.inc" -->
<%
if request.form("TheUsername") = "" OR request.form("ThePass") = "" then
response.redirect "index.asp?info=wrong"
end if
%>

Nope I tried both of those.
The page will still redirect if the variables are blank in this script here:
<% @language = vbscript %>
<!--#include file="dbconn.inc" -->
<%
if request("TheUsername") = "" OR request("ThePass") = "" then
response.redirect "index.asp?info=wrong"
end if
%>
That works fine.
The problem seems to be in the if statement here:
if not RS.EOF then
SESSION("Username")= username
SESSION("IDNumber")= IDNumber
Response.Redirect("admin.asp")
else
Response.Redirect ("index.asp?info=wrong")
end if

When it goes ot pass the URL in the else it seems to crash.

I suddenly had the idea that erhaps it's passing back variables to the form page that are already defined on there, that would account for the server 500 error. I'll keep trying if anyone else has any ideas please let me know.

Is there a code that clears all variables?

Well none of my ideas worked and I'm completely stuck again, any one else up for it?

Turn off friendly error messages in IE and you'll get a description of the error.
IE -> Tools -> Internet Options -> Advanced -> uncheck Show friendly HTTP error messages.

Then post the error message.

Good luck;

ADODB.Field error '800a0bcd'

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

/Deekman/news/check.asp, line 30
----

As I said if it's correct it will log me in, if it's not that's when it kicks me. I don't know what record it's trying to find since this is supposed to be for when it can't find anything.

strange, the codeline doesn't require a record of any kind...

try to do some response.write instead of a response.redirect

I think your problem is here:
IDNumber = RS("ID")

It's trying to set your IDNumber variable to the ID from your table, but when it doesn't find a match, there is no value to assign to it. So, in your if statement where you set your sessions, put this:

SESSION("IDNumber") = RS("ID")

Good luck;

Thanks for still trying at it but it's still not playing, it was aready assigning a variable for it here:
<%
querystring = "SELECT * FROM users WHERE Username='" & request("TheUsername") & "' AND Password='" & (ScrambledPassword) & "'"
Set RS = conn.execute(querystring)
username=request("TheUsername")
password=(ScrambledPassword)
IDNumber=RS("ID")

if not RS.EOF then
SESSION("Username")= username
SESSION("IDNumber")= IDNumber
Response.Redirect("admin.asp")
else
Response.Redirect ("index.asp?info=wrong")
end if
%>

I'm at my wits end here guys i'm starting to think it might just be easier to scrap it.

<%
querystring = "SELECT * FROM users WHERE Username='" & request("TheUsername") & "' AND Password='" & (ScrambledPassword) & "'"
Set RS = conn.execute(querystring)
username=request("TheUsername")
password=(ScrambledPassword)

if not RS.EOF then
IDNumber=RS("ID")
SESSION("Username")= username
SESSION("IDNumber")= IDNumber
Response.Redirect("admin.asp")
else
Response.Redirect ("index.asp?info=wrong")
end if
%>

YES!
You sir are my hero of the day!

That got it and it works perfectly. Can't believe it was something so simple it doesn't make any sene to me either because wouldn't it still get the same error because of the username=request("TheUsername") just below the query?
So if not that one how come the IDNumber one causes it to throw an error?

I think your problem is here:
IDNumber = RS("ID")

It's trying to set your IDNumber variable to the ID from your table, but when it doesn't find a match, there is no value to assign to it. So, in your if statement where you set your sessions, put this:

SESSION("IDNumber") = RS("ID")

Good luck;

This post says what the problem is. You're setting IDNumber to RS("ID"), before your if statement that checks EOF. Therefore, when you don't login with the correct information, it's STILL going to try to find RS("ID") becuase it's not in your if statement. Thats why I suggested you change your assignment to be in the if statement.

No Deekman, that's not what Brandoe85 meant. Barrman also wrote another version of the same thing. You were attempting to set the ID every time, even if no records were returned. When no records were returned, you got an error because of RS("ID").

<%
querystring = "SELECT * FROM users WHERE Username='" & request("TheUsername") & "' AND Password='" & (ScrambledPassword) & "'"
Set RS = conn.Execute(querystring)
username=Request("TheUsername")
password=(ScrambledPassword)

If Not RS.EOF Then
Session("Username")= username
SESSION("IDNumber")= RS("ID")
Response.Redirect("admin.asp")
Else
Response.Redirect ("index.asp?info=wrong")
End If
%>
-Shane

Ah I get it now, the username one doesn't have a problem because the variable for it is being set from the form itself not from the database there for it works while the ID doesn't.

Thanks alot for the help guys I'll understand this language even if it kills me.