Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    New Coder
    Join Date
    Sep 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Comparing Values Does Not Yield Results

    Maybe the title is a little off the mark.

    I've got a login page that submits to a hidden page for validation. The login form reads:
    Code:
    <FORM ACTION="rmgr.asp" METHOD=post>
      <TR>
        <TD ALIGN=right WIDTH="35%"><FONT STYLE="color: #000080; font-size: 10pt; font-weight: bold">User Name</FONT></TD>
        <TD ALIGN=left><INPUT TYPE=text NAME="user" SIZE=20 MAXLENGTH=12></TD></TR>
      <TR>
        <TD ALIGN=right WIDTH="35%" STYLE="padding-bottom: 20px"><FONT STYLE="color: #000080; font-size: 10pt; font-weight: bold">Password</FONT></TD>
        <TD ALIGN=left STYLE="padding-bottom: 20px"><INPUT TYPE=password NAME="auth" SIZE=20 MAXLENGTH=8></TD></TR>
      <TR>
        <TD ALIGN=center COLSPAN=2 STYLE="padding-bottom: 8px"><INPUT TYPE=reset NAME="reset" VALUE="Clear">   <INPUT TYPE=submit NAME="Login" VALUE="Log In"></TD></TR>
    </FORM>
    The validator reads:
    Code:
    <%@LANGUAGE="JavaScript"%>
    <HTML>
    <HEAD>
    
    <%
    var id = new String(Request.Form("user"))
    var key = new String(Request.Form("auth"))
    
    var DBConn = Server.CreateObject("ADODB.Connection")
    DBConn.Open(Application("HDNewsConnStr"))
    var PassKey = Server.CreateObject("ADODB.Recordset")
    IDQuery = "SELECT Password FROM UserData WHERE UserID='"+ id +"';"
    PassKey.Open(IDQuery, DBConn)
    
    %>
    </HEAD>
    
    <BODY>
    <%Response.Write(id)%>
    <BR>
    <%Response.Write(key)%>
    <BR>
    <%Response.Write(PassKey("Password"))%>
    <BR>
    <%
    if (key == PassKey("Password")) {document.open("lead.asp", _self, true)}
      else {Response.Write("Try Again")};
    PassKey.Close();
    DBConn.Close();
    PassKey = "";
    DBConn = ""
    %>
    </BODY>
    </HTML>
    I get the following output when testing against my default user account:

    jdough
    password
    password
    Try Again
    The last time I checked, "password" is equal to "password"...
    Code:
    if (key == PassKey("Password")) {document.open("lead.asp", _self, true)}
      else {Response.Write("Try Again")};
    I'm looking for a code knight upon a debug steed so I don't have to toss and turn tonight and dream of what I need.

    (corny, I know...)

  • #2
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    You can't compare strings in that way. You must use the StrComp() function. Check here:

    http://www.winguides.com/scripting/reference.php?id=96

    -Shane

  • #3
    New Coder
    Join Date
    Sep 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you for the advice, Shaner, but I'm programming in JavaScript. The link you sent me describes a VBScript function. It's not compatible with my code.

    According to the books I bought on JavaScript, such a function should not be necessary. I tried it anyway, and met with failure. I tried,
    Code:
    if (StrComp(key, PassKey("Password")) == 0) {document.open("lead.asp", _self, true)}
      else {Response.Write("Try Again")}
    ...and...
    Code:
    var comp = StrComp(key, PassKey("Password"))
    if (comp == 0) {document.open("lead.asp", _self, true)}
      else {Response.Write("Try Again")}
    I get an Object Expected error on the line containing the StrComp() function.

    Any other ideas?

  • #4
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,065
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Quote Originally Posted by Gavric
    Maybe the title is a little off the mark.

    I've got a login page that submits to a hidden page for validation. The login form reads:
    Code:
    <FORM ACTION="rmgr.asp" METHOD=post>
      <TR>
        <TD ALIGN=right WIDTH="35%"><FONT STYLE="color: #000080; font-size: 10pt; font-weight: bold">User Name</FONT></TD>
        <TD ALIGN=left><INPUT TYPE=text NAME="user" SIZE=20 MAXLENGTH=12></TD></TR>
      <TR>
        <TD ALIGN=right WIDTH="35%" STYLE="padding-bottom: 20px"><FONT STYLE="color: #000080; font-size: 10pt; font-weight: bold">Password</FONT></TD>
        <TD ALIGN=left STYLE="padding-bottom: 20px"><INPUT TYPE=password NAME="auth" SIZE=20 MAXLENGTH=8></TD></TR>
      <TR>
        <TD ALIGN=center COLSPAN=2 STYLE="padding-bottom: 8px"><INPUT TYPE=reset NAME="reset" VALUE="Clear">   <INPUT TYPE=submit NAME="Login" VALUE="Log In"></TD></TR>
    </FORM>
    The validator reads:
    Code:
    <%@LANGUAGE="JavaScript"%>
    <HTML>
    <HEAD>
    
    <%
    var id = new String(Request.Form("user"))
    var key = new String(Request.Form("auth"))
    
    var DBConn = Server.CreateObject("ADODB.Connection")
    DBConn.Open(Application("HDNewsConnStr"))
    var PassKey = Server.CreateObject("ADODB.Recordset")
    IDQuery = "SELECT Password FROM UserData WHERE UserID='"+ id +"';"
    PassKey.Open(IDQuery, DBConn)
    
    %>
    </HEAD>
    
    <BODY>
    <%Response.Write(id)%>
    <BR>
    <%Response.Write(key)%>
    <BR>
    <%Response.Write(PassKey("Password"))%>
    <BR>
    <%
    if (key == PassKey("Password")) {document.open("lead.asp", _self, true)}
      else {Response.Write("Try Again")};
    PassKey.Close();
    DBConn.Close();
    PassKey = "";
    DBConn = ""
    %>
    </BODY>
    </HTML>
    I get the following output when testing against my default user account:



    The last time I checked, "password" is equal to "password"...
    Code:
    if (key == PassKey("Password")) {document.open("lead.asp", _self, true)}
      else {Response.Write("Try Again")};
    I'm looking for a code knight upon a debug steed so I don't have to toss and turn tonight and dream of what I need.

    (corny, I know...)
    how about a code damsel?

    Anyway you are trying to use a client-side function on the server-side again. You cannot use the document object on the server-side. It doesnt exist on the server..... Why not use the response objects redirect property?
    Code:
    if (key == PassKey("Password")) { Response.Redirect"lead.asp";}
      else {Response.Write("Try Again")};
    If you do useresponse.redirect remober to close the objects and set them to nothing before the redirect.

    Another choice is to make the document.open call using client-side code, like so
    Code:
    if (key == PassKey("Password")) { %>
    <script type="text/javascript">document.open("lead.asp", _self, true)</script><%}
      else {Response.Write("Try Again")};

  • #5
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    Oops, haha. I had assumed you were using vbscript and didn't notice you had assigned javascript as your ASP language, hehe. Sorry about that.

    Miranda is right though. Need to use the Response.Redirect command.

    -Shane

  • #6
    New Coder
    Join Date
    Sep 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I just love damsels , Miranda. You can see the whole gallery if you'd like.

    To business...the product of the if/then is not the issue. It's in the comparison. No matter what I set the if/then to do, it returns false for the comparison. Obviously the comparison is not false, but the procedure returns a false result. I'm not sure what the cause is.

    The password I input is "password". The password in the database record is "password". Any sane individual would tell you the two words are identical...equal. The function doesn't agree.

  • #7
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    I'm a little lost too on why it would not compare correctly either. There are a few things I would do to attempt to debug this.

    First, cast the Password("Password") as a string object when comparing just to be sure that there isn't a conflict between the two.

    Code:
    var strPass = new String(PassKey("Password"));
    if (key == strPass) {Response.Redirect("lead.asp")}
      else {Response.Write("Try Again")}
    If that doesn't work, don't cast key as a string object:

    Code:
    var key = Request.Form("auth");
    if (key == PassKey("Password")) {Response.Redirect("lead.asp")}
      else {Response.Write("Try Again")}
    Or other variations where you use the .toString() method to be sure they're returning strings. If all those fail, then do something obvious like:

    Code:
    if (key == "password") {Response.Redirect("lead.asp")}
      else {Response.Write("Try Again")}
    Or even dumber:

    Code:
    if ("password" == "password") {Response.Redirect("lead.asp")}
      else {Response.Write("Try Again")}
    Then let us know how those results turn out so that you can start eliminating possibilities. Hopefully this helps, but definitely not guaranteeing you'll find anything new with those debugs, hehe.

    Oh, and on a side note, you have a semicolon on the outside of the last bracket on else (which I removed in my code examples). It shouldn't be there. Plus, in programming etiquette, if you start to use semicolons at the end of every line of command, continue to do so throughout your code. If not, then don't have semicolons after any of them. I have found that sometimes Javascript can be a little buggy if there isn't consistency. Not sure if anyone else has run into that before or not.

    -Shane
    Last edited by TheShaner; 09-12-2005 at 05:51 PM.

  • #8
    New Coder
    Join Date
    Sep 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Okay...no matter what I do, if I compare two variables it returns false. If I compare "key", "PassKey("Password")", or the alternate string versions to the value, "password", I get a successful redirect. I'm totally stumped. I'm not sure what to do to resolve this. In the mean time, I'm going to write a plain form and forget about the authentication.

  • #9
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    Then you've got me stumped also without being able to fully test myself. Sorry I can't help. Hope you figure it out.

    -Shane

  • #10
    Regular Coder
    Join Date
    Sep 2004
    Posts
    152
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Um...why not do the comparison in your sql statement?
    Code:
    <%
    var id = new String(Request.Form("user"))
    var key = new String(Request.Form("auth"))
    
    var DBConn = Server.CreateObject("ADODB.Connection")
    DBConn.Open(Application("HDNewsConnStr"))
    var PassKey = Server.CreateObject("ADODB.Recordset")
    IDQuery = "SELECT COUNT(*) FROM UserData WHERE UserID='"+ id +"' AND Password = '" + key + "';"
    PassKey.Open(IDQuery, DBConn)
    
    %>
    Then check to see how many records are returned. Obviously, it should only be 1 or 0 (1 being success and 0 being failed).

  • #11
    New Coder
    Join Date
    Sep 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Got advice on how to check how many records are returned? I'm going into a meeting--and i'll look it up for myself when I get out--and if you have a quick answer...

  • #12
    Regular Coder
    Join Date
    Sep 2004
    Posts
    152
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I think the changes in red are what you are looking for, or some slight variation thereof.
    Code:
    <%
    var id = new String(Request.Form("user"))
    var key = new String(Request.Form("auth"))
    
    var DBConn = Server.CreateObject("ADODB.Connection")
    DBConn.Open(Application("HDNewsConnStr"))
    var PassKey = Server.CreateObject("ADODB.Recordset")
    IDQuery = "SELECT COUNT(*) AS Authenticated FROM UserData WHERE UserID='"+ id +"' AND Password = '" + key + "';"
    PassKey.Open(IDQuery, DBConn)
    If PassKey("Authenticated") > 1 Then...
    %>

  • #13
    New Coder
    Join Date
    Sep 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks to all that helped me on this. I know it's been some time since the last post. My wife and I just moved into our first house. If you've ever bought a house, you'll understand the tardiness of my final reply.

    I always like to give credit where it's due and let everyone know what the final outcome was. I hate going to forums and seeing posts left unfinished. It's hard to figure out how to solve your problems through forums if there's no closure.

    In the end I used NeoCool's idea of checking for the number of records in the database that had the exact user name and password submit through my form. I then compared and provided a new page or an error page.

    Code:
    <%@ LANGUAGE="JavaScript"%>
    <HTML>
    <HEAD>
    <LINK REL="stylesheet" TYPE="text/css" HREF="infinet.css">
    <%
    var task = new String(Request.Form("action"))
    var id = new String(Request.Form("user"))
    var key = new String(Request.Form("auth"))
    var contract = new String(Request.Form("helpdesk"))
    
    var DBConn = Server.CreateObject("ADODB.Connection")
    DBConn.Open(Application("HDNewsConnStr"))
    var PassKey = Server.CreateObject("ADODB.Recordset")
    IDQuery = "SELECT COUNT(*) AS PassCheck FROM UserData WHERE UserID='"+id+"' AND Password='"+key+"';"
    PassKey.Open(IDQuery, DBConn)
    %>
    <TITLE><%Response.Write(contract+" Helpdesk Update Archive")%></TITLE>
    </HEAD>
    
    <%
    if (PassKey("PassCheck") > 0){Response.Write("<FRAMESET COLS='25%, *'>\r<FRAME SRC='formlist.asp?UserID="+id+"&Helpdesk="+contract+"' NAME='Menu'>\r<FRAME SRC='form.asp?UserID="+id+"&Helpdesk="+contract+"' NAME='Display'>\r</FRAMESET>")}
      else {Response.Write("<BODY>\r<H1 STYLE='margin: 200px 0px; color: #FF0000; font-family: Helvetica; font-size: 36pt; font-weight: bold; text-align: center'>Invalid Login!</H1>\r</BODY>")}
    
    PassKey.Close()
    DBConn.Close()
    PassKey = ""
    DBConn = ""
    %>
    
    </HTML>
    Thanks, again, to everyone who helped out. This page has really exceeded even my own expectations.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •