Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Jul 2002
    Location
    51 03' -78" N -114 05' 72" W
    Posts
    617
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Trouble With login Rerouting

    I am having trouble with the following useing access database and this code so that when the user logs in it goes through as long as they have confirmed email registration but if they havent then it stops them from entering for some reason it still alows them to enter the site as long as the login name and password are valed like its ignoring the first if then statement

    '************************************ MAIN PROGRAM

    If Request.Cookies("login") = "OK" Then Response.Redirect("members.asp")

    submitnumber = submitnumber + 1

    If username <> "" AND pass <> "" Then
    Call OpenConnection()
    Dim Member1Query
    Dim Member2Query
    Member1Query = "SELECT * FROM members WHERE confirmed = True"
    Member2Query = "SELECT username, pass, confirmed FROM members WHERE username = '" & SQLFormat(Left(username,255)) & "' AND pass = '" & SQLFormat(Left(pass,255)) & "
    Set RS1 = Conn.Execute(Member1Query)
    Set RS2 = Conn.Execute(Member2Query)
    If NOT RS1.EOF Then
    If NOT RS2.EOF Then
    Response.Cookies("login") = "OK"
    Response.Redirect("members.asp")
    Else
    Call DisplayLoginForm()
    End If
    Else
    Call Response.Redirect("Register.asp")
    End If
    Call CloseConnection()
    Else
    Call DisplayLoginForm()
    End If

    '******************************** END MAIN PROGRAM

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    41 8' 52" N -95 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You need to include the "checklogin" script in every page, like:

    <!-- #include file="register/checklogin.asp" -->

    at the beginning of every asp page that's protected (EXCEPT for register.asp!), after the

    <% @Language="VBScript" %>
    Last edited by whammy; 02-15-2003 at 12:41 AM.
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #3
    Senior Coder
    Join Date
    Jun 2002
    Location
    41 8' 52" N -95 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    <% If Request.Cookies("login") <> "OK" Then Response.Redirect("login.asp") %>

    The above is exactly what's in "checklogin.asp", which is what you should be "including" on your protected pages, using:

    <!-- #include file="checklogin.asp" -->

    That redirects them to the login page if no cookie is set on their machine.

    Edit: I am an idiot!


    LOL
    Last edited by whammy; 02-15-2003 at 12:46 PM.
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #4
    Regular Coder
    Join Date
    Jul 2002
    Location
    51 03' -78" N -114 05' 72" W
    Posts
    617
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Great info as always but not what I am trying to achieve!

    hmm ok here is the senario are subjects name will be joe say joe joins the website fills in everything he needs to fill in and gets the page that tells him check your email for a confirmation now say joe ignores this and goes back to the login page and logs in should joe be allowed access to the secure pages even though he has not confirmed his email account! I dont think he should but with this code he is able to log in as if he has already confirmed which is a type of security hole with the script doh

    Just trying to figure out a way to correct the hole

    Adam

  • #5
    Senior Coder
    Join Date
    Jun 2002
    Location
    41 8' 52" N -95 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts

    !

    When someone logs in, I set a cookie... therefore you have to check for that cookie first, in order to "protect" the page.

    But, you found some bugs in my script!

    I have rewritten it to correct the bugs, and it now does everything you were previously having trouble with with ease... test it out here:

    http://www.solidscripts.com/register

    And thanks!
    Last edited by whammy; 02-15-2003 at 12:45 PM.
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •