Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3

Thread: login script

  1. #1
    New Coder
    Join Date
    Aug 2002
    Location
    Ballymena, N.Ireland
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts

    login script

    I know this is not JS, but could someone please assist with the asp below?
    When users come to my login page they have to enter their username and password, when they click on Login i call this checking script(below), but no matter what, it seems to be wrong as i always get redirected to "secured/error.asp" instead of the appropriate page. My database is called secretary and the field names are User_Name and Password. Can somebody please help?

    <% Option Explicit %>
    <%
    Dim DBConn
    Dim driverstring
    Dim user
    Dim password
    Dim sql, RS

    User = Trim(Request.Form("User_Name"))
    Password = Trim(Request.Form("Password"))

    Set DBConn = Server.CreateObject("ADODB.Connection")
    DBConn.Open("DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("../db") & "\secretary.mdb")

    sql = "SELECT * FROM Login WHERE User_Name='" & User & "'"
    Set RS = DBConn.Execute(sql)

    If RS.EOF Then

    Response.Redirect "secured/error.asp"
    Response.End

    Else

    DataPass = RS("Password")

    If DataPass = Password Then
    Response.Cookies("cus_user")= User
    Response.Cookies("cus_pass")= Password
    Response.Redirect "sinfo-addcomment.asp"
    Else
    Response.Redirect "secured/error.asp"
    Response.End
    End If

    End If
    %>

  • #2
    Regular Coder
    Join Date
    Jun 2002
    Location
    Montreal, Canada
    Posts
    644
    Thanks
    0
    Thanked 0 Times in 0 Posts

  • #3
    Regular Coder
    Join Date
    Jul 2002
    Location
    Kentucky
    Posts
    133
    Thanks
    0
    Thanked 1 Time in 1 Post
    karolmcauley,

    I program in ASP and noticed one small piece of code that could be causing the problem. Your If statement looks like this:

    If RS.EOF Then

    Response.Redirect "secured/error.asp"
    Response.End

    Else

    DataPass = RS("Password")

    If DataPass = Password Then
    Response.Cookies("cus_user")= User
    Response.Cookies("cus_pass")= Password
    Response.Redirect "sinfo-addcomment.asp"
    Else
    Response.Redirect "secured/error.asp"
    Response.End
    End If

    End If

    But it should look like this:

    DataPass = RS("Password")

    If DataPass = Password Then
    Response.Cookies("cus_user")= User
    Response.Cookies("cus_pass")= Password
    Response.Redirect "sinfo-addcomment.asp"
    Else
    Response.Redirect "secured/error.asp"
    Response.End
    End If

    I think your problem is in the fact that you are trying to detect the recordset's EOF before you ever check for the correct password. Forget the EOF and just retrieve the password from the database that matches the username, compare it to what the user entered into the password textbox, then make the decision of redirecting to error.asp based on whether the passwords match. Try replacing your If statement with the one above and see if it works.

    Hope this helps.

    Smeagol
    http://www.javascriptsolutions.com


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •